Linux Analysis Report
czHBnd67gp.elf

Overview

General Information

Sample name:	czHBnd67gp.elf renamed because original name is a hash value
Original sample name:	2a928fae9511a9537360461c5994c20c.elf
Analysis ID:	1541860
MD5:	2a928fae9511a9537360461c5994c20c
SHA1:	36274a7cd6405f916d2b70ac70051863893ff28b
SHA256:	fa8311c4846c20dd163d7aa485d4d7e1cfb505cfbe51f57efa6af5f0c0ee0e9f
Tags:	32armelfmirai
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: czHBnd67gp.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: czHBnd67gp.elf

ReversingLabs: Detection: 68%

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:59504 -> 198.50.207.21:1024
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 18.125.123.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 52.129.150.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 151.128.226.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 57.69.232.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 208.227.68.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 152.124.219.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 166.34.229.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 102.241.224.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 27.145.57.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 95.45.197.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 202.37.141.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 147.123.24.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 130.47.97.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 81.157.92.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 126.96.187.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 209.103.51.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 18.49.58.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 75.95.19.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 186.203.18.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 171.146.92.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 128.242.37.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 1.70.33.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 18.0.241.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 93.114.118.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 98.240.39.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 68.72.230.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 49.97.127.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 176.98.115.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 174.113.53.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 123.150.187.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 99.225.83.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 209.190.102.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 54.38.182.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 113.30.181.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 101.126.195.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 221.220.85.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 179.228.101.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 182.189.33.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 200.45.176.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 19.218.187.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 75.135.4.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 19.223.20.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 135.251.135.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 182.76.11.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 134.231.121.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 77.219.178.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 84.171.103.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 98.89.64.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 106.144.35.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 14.27.173.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 183.58.252.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 156.234.41.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 107.95.24.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 71.174.112.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 25.255.250.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 130.191.62.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 96.132.45.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 91.186.52.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 73.188.246.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 132.162.245.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 149.5.158.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 65.73.252.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 70.56.34.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 201.80.61.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 9.165.167.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 132.246.10.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 131.235.118.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 75.3.62.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 102.199.161.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 88.126.204.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 49.28.229.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 23.114.159.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 118.194.131.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 167.193.60.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 14.136.132.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 86.169.31.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 12.92.42.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 1.117.244.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 204.94.144.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 173.225.106.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 36.53.110.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 132.208.225.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 51.27.17.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 67.201.54.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 40.228.170.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 117.115.163.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 179.101.66.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 147.74.69.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 201.222.126.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 206.227.143.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 154.49.111.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 8.218.47.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 101.18.56.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 79.132.108.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 94.49.191.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 159.91.50.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 218.4.222.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 205.65.144.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 188.232.74.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 20.94.190.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.36.206.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 17.27.71.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 162.12.143.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 104.91.147.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 49.147.15.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 122.158.241.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 206.19.109.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 117.133.12.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 23.230.192.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 98.185.80.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 47.133.68.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 83.41.98.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 107.23.249.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 148.220.26.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 223.143.237.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 4.36.220.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 81.62.79.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 93.35.190.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 166.34.100.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 218.126.50.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 159.11.1.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 27.68.233.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 96.178.223.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 98.133.219.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 185.101.173.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 152.25.144.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 53.194.55.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 157.147.235.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 145.28.67.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 125.253.223.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 194.202.128.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 52.105.196.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 34.225.219.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 107.45.143.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 69.34.87.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 196.79.204.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 59.231.148.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 72.135.132.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 134.181.170.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 205.184.254.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 148.50.241.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 159.235.167.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 5.179.204.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 73.87.249.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 62.1.62.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 14.106.179.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 222.31.248.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 176.255.43.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 70.63.86.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 151.149.85.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 88.107.30.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 170.51.237.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 193.87.223.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 68.136.91.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 143.219.106.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 31.122.18.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 146.53.102.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 61.90.134.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 126.37.235.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 196.36.195.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 95.89.185.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 117.21.248.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 118.190.109.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 130.103.237.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 41.36.117.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 178.209.112.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 221.41.235.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 32.240.233.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 212.114.64.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 44.43.70.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 50.163.63.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 165.233.50.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 217.60.35.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 112.135.81.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 196.206.54.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 178.170.139.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 166.20.86.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 64.96.255.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 91.126.54.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 218.205.243.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 46.53.175.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 136.22.152.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 20.2.161.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 20.46.57.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 31.44.239.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 184.47.47.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 77.125.7.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 193.208.59.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 61.168.8.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 34.241.17.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 106.93.166.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 165.170.232.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 111.38.140.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 25.90.40.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 62.73.88.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 101.181.10.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 43.110.245.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 108.173.36.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 102.90.48.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 58.0.30.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 144.73.47.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 34.34.209.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 128.220.155.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 17.212.177.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 207.222.18.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 189.93.99.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 136.86.190.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 208.161.171.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 133.255.156.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 70.204.47.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 180.173.232.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 141.73.97.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 148.156.32.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 165.185.14.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 44.12.130.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 53.73.174.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 65.69.164.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 125.140.193.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 51.168.99.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 145.219.100.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 86.164.141.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 31.229.93.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 206.250.99.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 207.233.56.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 176.97.190.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 211.238.140.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 190.228.196.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 126.43.180.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 207.123.42.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 152.39.152.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 92.60.228.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 125.245.85.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 50.4.37.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 81.39.194.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 148.205.179.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 35.220.34.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 79.102.178.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 193.60.160.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 167.208.171.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 17.130.179.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 90.168.105.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 173.134.155.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 117.67.226.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 220.114.104.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 107.194.75.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 118.2.215.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 138.180.169.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 205.76.240.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 90.200.62.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 19.61.128.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 79.54.138.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 74.71.153.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 195.65.49.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 177.106.232.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 92.241.78.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 71.203.246.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 95.139.47.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 36.118.234.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 191.118.224.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 166.222.69.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 24.189.184.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 39.230.124.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 88.192.168.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 178.188.131.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 39.201.54.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 219.125.31.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 154.131.222.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 63.59.169.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 196.219.42.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 139.210.124.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 59.113.115.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 88.249.126.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 166.21.14.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 167.76.183.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 217.192.193.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 140.102.161.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 184.52.63.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 63.190.198.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 105.70.24.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 78.221.34.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 88.147.73.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 62.121.112.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 68.203.114.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 67.105.207.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 207.40.175.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 46.121.13.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 45.87.229.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 134.120.234.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 139.204.114.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 170.58.156.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 44.228.222.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 51.114.41.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 46.255.56.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 74.200.33.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 23.213.67.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 67.175.236.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 60.229.18.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 75.101.233.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 66.217.124.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 189.1.248.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 81.110.237.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 75.42.175.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 182.102.210.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 5.24.146.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 208.188.91.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 213.162.110.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 78.205.175.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 41.37.85.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 73.109.242.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 85.55.99.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 223.8.225.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 112.220.72.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 60.115.51.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 134.80.63.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 138.196.31.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 180.192.242.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 163.31.134.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 149.123.80.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 151.14.155.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 156.207.218.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 43.138.188.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 219.58.138.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 82.236.160.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 165.179.98.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 82.211.192.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 216.187.59.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 98.103.83.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 132.156.79.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 114.118.192.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 78.159.212.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 135.166.80.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 23.141.112.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.253.158.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 169.168.211.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 131.106.82.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 37.251.67.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.252.243.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 34.161.9.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 46.66.80.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 66.232.112.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 208.173.6.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 160.86.126.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 51.137.184.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 4.57.116.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 190.213.45.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 24.74.124.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 69.156.110.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 43.19.243.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 129.93.231.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 96.40.5.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 64.169.253.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 117.249.178.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 140.121.4.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 81.92.47.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 58.239.195.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 126.28.102.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 34.12.218.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 189.88.96.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 180.214.23.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 125.50.34.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 217.160.240.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 166.193.184.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 5.84.173.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 50.22.189.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 17.52.222.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 66.120.151.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 197.147.248.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 114.28.221.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 32.41.165.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 139.26.173.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 38.198.208.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 134.200.14.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 81.164.208.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 157.210.2.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 99.237.70.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 45.231.55.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 120.77.190.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 138.17.211.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 34.111.219.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 188.127.69.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 13.117.65.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.179.149.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 144.11.215.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 206.190.146.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 12.109.20.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 45.185.45.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 67.237.6.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 146.80.125.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 173.83.4.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 171.40.164.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.137.202.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 139.18.205.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 216.45.4.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 217.108.142.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 208.114.122.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 208.110.201.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 128.119.224.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 131.58.133.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 40.27.175.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 117.230.174.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 70.240.235.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 195.186.144.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 25.113.189.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 109.132.142.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.38.31.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 35.111.115.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 97.10.237.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 179.112.124.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 182.93.152.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 205.245.174.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 144.166.142.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 147.7.101.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 84.106.249.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 99.5.224.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 169.201.217.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 4.184.90.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 118.167.118.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 194.134.134.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 142.147.100.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 96.184.164.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 94.196.173.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 89.185.224.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 122.238.189.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 64.42.218.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 210.147.94.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 222.68.97.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 102.168.157.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 204.205.102.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 4.251.18.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 183.122.92.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 207.146.254.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 104.211.62.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 77.176.168.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 188.101.14.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 219.171.160.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 154.75.26.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 93.148.76.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 128.230.119.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 53.244.235.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 81.115.46.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 4.157.219.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 156.226.136.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 202.252.115.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 209.112.189.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 23.15.64.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 102.43.244.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 203.79.104.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 106.80.234.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 158.27.44.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 147.123.66.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 43.255.95.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 146.173.242.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 13.104.86.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 165.178.43.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 132.68.242.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 14.116.174.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 47.46.120.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 106.188.90.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 54.83.36.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 46.235.85.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 121.100.204.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 63.132.203.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 134.142.48.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 208.88.175.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 45.148.165.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 206.61.78.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 131.168.38.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 188.87.30.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.230.194.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 5.99.134.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 20.194.255.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 35.60.130.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 100.165.198.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 219.79.98.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 155.41.102.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 120.109.231.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 134.106.194.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 191.11.242.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 112.68.118.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 119.143.89.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 67.171.94.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 75.39.179.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 78.201.107.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 82.5.103.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 175.37.171.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 169.254.1.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 173.55.224.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 66.32.232.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 159.10.55.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.49.246.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 204.41.71.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 188.22.39.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 73.181.135.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 52.129.166.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 82.210.17.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 68.45.206.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 8.169.132.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 123.244.107.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 52.7.121.254:2323

Sample listens on a socket

Source: /tmp/czHBnd67gp.elf (PID: 6249)	Socket: 127.0.0.1:38273	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	Socket: 0.0.0.0:0	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	Socket: 0.0.0.0:0	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	Socket: 0.0.0.0:53413	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	Socket: 0.0.0.0:80	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	Socket: 0.0.0.0:37215	Jump to behavior

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 198.50.207.21
Source: unknown	TCP traffic detected without corresponding DNS query: 198.50.207.21
Source: unknown	TCP traffic detected without corresponding DNS query: 198.50.207.21
Source: unknown	TCP traffic detected without corresponding DNS query: 18.125.123.171
Source: unknown	TCP traffic detected without corresponding DNS query: 111.34.192.37
Source: unknown	TCP traffic detected without corresponding DNS query: 187.85.86.174
Source: unknown	TCP traffic detected without corresponding DNS query: 156.222.106.156
Source: unknown	TCP traffic detected without corresponding DNS query: 112.55.203.247
Source: unknown	TCP traffic detected without corresponding DNS query: 161.149.85.111
Source: unknown	TCP traffic detected without corresponding DNS query: 41.202.207.72
Source: unknown	TCP traffic detected without corresponding DNS query: 27.143.84.39
Source: unknown	TCP traffic detected without corresponding DNS query: 27.99.228.103
Source: unknown	TCP traffic detected without corresponding DNS query: 52.129.150.17
Source: unknown	TCP traffic detected without corresponding DNS query: 36.72.255.233
Source: unknown	TCP traffic detected without corresponding DNS query: 125.152.227.201
Source: unknown	TCP traffic detected without corresponding DNS query: 159.177.109.63
Source: unknown	TCP traffic detected without corresponding DNS query: 37.153.195.185
Source: unknown	TCP traffic detected without corresponding DNS query: 187.253.43.180
Source: unknown	TCP traffic detected without corresponding DNS query: 196.220.29.72
Source: unknown	TCP traffic detected without corresponding DNS query: 197.5.107.241
Source: unknown	TCP traffic detected without corresponding DNS query: 52.190.133.241
Source: unknown	TCP traffic detected without corresponding DNS query: 151.128.226.169
Source: unknown	TCP traffic detected without corresponding DNS query: 209.63.15.28
Source: unknown	TCP traffic detected without corresponding DNS query: 129.20.45.132
Source: unknown	TCP traffic detected without corresponding DNS query: 195.23.45.195
Source: unknown	TCP traffic detected without corresponding DNS query: 97.64.217.160
Source: unknown	TCP traffic detected without corresponding DNS query: 89.215.37.38
Source: unknown	TCP traffic detected without corresponding DNS query: 47.174.201.122
Source: unknown	TCP traffic detected without corresponding DNS query: 9.3.39.200
Source: unknown	TCP traffic detected without corresponding DNS query: 149.150.31.103
Source: unknown	TCP traffic detected without corresponding DNS query: 13.202.90.167
Source: unknown	TCP traffic detected without corresponding DNS query: 164.211.244.57
Source: unknown	TCP traffic detected without corresponding DNS query: 57.69.232.129
Source: unknown	TCP traffic detected without corresponding DNS query: 188.209.162.170
Source: unknown	TCP traffic detected without corresponding DNS query: 108.182.44.129
Source: unknown	TCP traffic detected without corresponding DNS query: 153.30.100.247
Source: unknown	TCP traffic detected without corresponding DNS query: 190.231.160.130
Source: unknown	TCP traffic detected without corresponding DNS query: 82.247.198.161
Source: unknown	TCP traffic detected without corresponding DNS query: 162.103.103.230
Source: unknown	TCP traffic detected without corresponding DNS query: 183.128.52.68
Source: unknown	TCP traffic detected without corresponding DNS query: 199.47.109.77
Source: unknown	TCP traffic detected without corresponding DNS query: 1.148.102.160
Source: unknown	TCP traffic detected without corresponding DNS query: 208.227.68.12
Source: unknown	TCP traffic detected without corresponding DNS query: 58.172.4.98
Source: unknown	TCP traffic detected without corresponding DNS query: 71.90.201.254
Source: unknown	TCP traffic detected without corresponding DNS query: 185.6.28.100
Source: unknown	TCP traffic detected without corresponding DNS query: 82.188.153.183
Source: unknown	TCP traffic detected without corresponding DNS query: 179.141.150.85
Source: unknown	TCP traffic detected without corresponding DNS query: 106.7.56.230
Source: unknown	TCP traffic detected without corresponding DNS query: 184.201.167.150

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/czHBnd67gp.elf (PID: 6251)	SIGKILL sent: pid: 936, result: successful			Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	SIGKILL sent: pid: 936, result: successful			Jump to behavior

Source: classification engine

Classification label: mal56.linELF@0/0@0/0

Enumerates processes within the "proc" file system

Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/720/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/721/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/847/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/904/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/720/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/721/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/847/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/904/fd	Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/czHBnd67gp.elf (PID: 6249)

Queries kernel information via 'uname':

Jump to behavior

Source: czHBnd67gp.elf, 6249.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6251.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6385.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6398.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6391.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6253.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6377.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6265.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/czHBnd67gp.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/czHBnd67gp.elf
Source: czHBnd67gp.elf, 6249.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6251.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6385.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6398.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6391.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6253.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6377.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6265.1.00005617698f0000.0000561769a1e000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: czHBnd67gp.elf, 6249.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6251.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6385.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6398.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6391.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6253.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6377.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6265.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: czHBnd67gp.elf, 6249.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6251.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6385.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6398.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6391.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6253.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6377.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6265.1.00005617698f0000.0000561769a1e000.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/arm

Screenshots

No Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
132.81.106.231	unknown	United States	306	DNIC-ASBLK-00306-00371US	false
105.78.90.83	unknown	Morocco	36884	MAROCCONNECTMA	false
164.132.129.125	unknown	France	16276	OVHFR	false
183.160.150.2	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
206.81.117.17	unknown	United States	8046	NAPANETUS	false
87.5.140.52	unknown	Italy	3269	ASN-IBSNAZIT	false
191.103.60.67	unknown	Argentina	28048	InternetParaTodos-GobiernodeLaRiojaAR	false
213.236.216.86	unknown	Norway	25400	TELIA-NORWAY-ASTeliaNorwayCoreNetworksNO	false
4.103.125.100	unknown	United States	3356	LEVEL3US	false
139.161.125.24	unknown	United States	1462	DNIC-ASBLK-01462-01463US	false
88.61.96.83	unknown	Italy	3269	ASN-IBSNAZIT	false
2.27.129.115	unknown	United Kingdom	12576	EELtdGB	false
200.186.104.31	unknown	Brazil	3549	LVLT-3549US	false
95.145.35.76	unknown	United Kingdom	12576	EELtdGB	false
172.41.213.141	unknown	United States	21928	T-MOBILE-AS21928US	false
62.131.13.114	unknown	Netherlands	1136	KPNKPNNationalEU	false
66.241.220.150	unknown	United States	20021	LNH-INCUS	false
175.71.56.13	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
99.185.61.58	unknown	United States	7018	ATT-INTERNET4US	false
151.166.60.237	unknown	United States	385	AFCONC-BLOCK1-ASUS	false
83.207.100.116	unknown	France	3215	FranceTelecom-OrangeFR	false
181.216.128.184	unknown	Brazil	21826	CorporacionTelemicCAVE	false
116.59.69.169	unknown	Taiwan; Republic of China (ROC)	17421	EMOME-NETMobileBusinessGroupTW	false
161.30.249.10	unknown	United Kingdom	31515	INMARSATGB	false
116.173.158.79	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
24.101.230.45	unknown	United States	27364	ACS-INTERNETUS	false
40.122.138.60	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
76.198.253.120	unknown	United States	7018	ATT-INTERNET4US	false
14.227.186.162	unknown	Viet Nam	45899	VNPT-AS-VNVNPTCorpVN	false
100.60.146.127	unknown	United States	701	UUNETUS	false
32.179.68.58	unknown	United States	20057	ATT-MOBILITY-LLC-AS20057US	false
217.0.251.134	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
165.222.29.135	unknown	Switzerland	3550	ERX-PHILNETAteneodeManilaUniversityPH	false
193.33.113.149	unknown	Italy	42372	DNETUA-ASGI	false
51.240.38.121	unknown	United States	2686	ATGS-MMD-ASUS	false
115.215.29.223	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
23.254.241.53	unknown	United States	54290	HOSTWINDSUS	false
59.172.124.77	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
49.23.108.168	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
197.128.22.126	unknown	Morocco	6713	IAM-ASMA	false
108.219.4.198	unknown	United States	7018	ATT-INTERNET4US	false
49.220.9.47	unknown	China	24158	TAIWANMOBILE-ASTaiwanMobileCoLtdTW	false
179.112.98.143	unknown	Brazil	26599	TELEFONICABRASILSABR	false
157.252.45.20	unknown	United States	3592	TRINCOLL-ASUS	false
208.147.97.65	unknown	United States	3561	CENTURYLINK-LEGACY-SAVVISUS	false
143.225.102.59	unknown	Italy	137	ASGARRConsortiumGARREU	false
153.60.45.193	unknown	United States	14962	NCR-252US	false
57.102.232.190	unknown	Belgium	2647	SITABE	false
2.156.138.46	unknown	Italy	24608	WINDTRE-ASIT	false
124.101.251.84	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
5.58.104.13	unknown	Ukraine	16223	LANET-TEUA	false
80.169.192.13	unknown	United Kingdom	8220	COLTCOLTTechnologyServicesGroupLimitedGB	false
96.80.99.1	unknown	United States	7922	COMCAST-7922US	false
121.229.221.162	unknown	China	23650	CHINANET-JS-AS-APASNumberforCHINANETjiangsuprovinceba	false
18.179.210.100	unknown	United States	16509	AMAZON-02US	false
155.22.88.252	unknown	United States	1541	DNIC-ASBLK-01534-01546US	false
183.124.154.122	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
168.92.42.13	unknown	United States	16399	FIRSTCOMM-AS2US	false
187.237.112.157	unknown	Mexico	8151	UninetSAdeCVMX	false
120.139.177.105	unknown	Malaysia	38322	WEBE-MY-AS-APWEBEDIGITALSDNBHDMY	false
144.139.77.56	unknown	Australia	1221	ASN-TELSTRATelstraCorporationLtdAU	false
103.94.15.26	unknown	China	131578	BFSUNETBeijingForeignStudiesUniversityCN	false
99.14.134.238	unknown	United States	7018	ATT-INTERNET4US	false
17.184.94.122	unknown	United States	714	APPLE-ENGINEERINGUS	false
71.191.246.234	unknown	United States	701	UUNETUS	false
200.121.166.132	unknown	Peru	6147	TelefonicadelPeruSAAPE	false
119.81.176.210	unknown	Singapore	36351	SOFTLAYERUS	false
4.191.205.38	unknown	United States	3356	LEVEL3US	false
105.58.15.77	unknown	Kenya	33771	SAFARICOM-LIMITEDKE	false
83.171.168.86	unknown	Germany	8767	MNET-ASGermanyDE	false
121.64.242.56	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
91.67.33.129	unknown	Germany	31334	KABELDEUTSCHLAND-ASDE	false
174.100.121.156	unknown	United States	10796	TWC-10796-MIDWESTUS	false
162.41.162.246	unknown	United States	53984	AS-WELLSTARUS	false
98.8.113.62	unknown	United States	11351	TWC-11351-NORTHEASTUS	false
181.254.185.151	unknown	Colombia	26611	COMCELSACO	false
97.203.125.168	unknown	United States	6167	CELLCO-PARTUS	false
157.166.126.254	unknown	United States	25802	MIT-PRODUCTION-ASNUS	false
97.211.35.119	unknown	United States	6167	CELLCO-PARTUS	false
73.229.138.44	unknown	United States	7922	COMCAST-7922US	false
63.72.64.147	unknown	United States	701	UUNETUS	false
1.17.85.185	unknown	Korea Republic of	45996	GNJ-AS-KRDAOUTECHNOLOGYKR	false
192.136.31.201	unknown	Portugal	8677	WORLDLINEFR	false
40.223.87.142	unknown	United States	4249	LILLY-ASUS	false
95.195.139.108	unknown	Sweden	3301	TELIANET-SWEDENTeliaCompanySE	false
115.178.90.208	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
87.76.68.6	unknown	Saudi Arabia	50716	TELECOMRUNETRU	false
202.142.190.211	unknown	Pakistan	135523	MULTINET-IE-AS-APMultinetBroadbandPK	false
31.103.60.106	unknown	United Kingdom	12576	EELtdGB	false
190.48.172.55	unknown	Argentina	22927	TelefonicadeArgentinaAR	false
121.226.140.127	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
155.200.140.235	unknown	United States	8698	NationwideBuildingSocietyGB	false
210.78.166.118	unknown	China	23724	CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporation	false
188.0.24.96	unknown	Russian Federation	57261	YARTV-ASRU	false
124.172.173.92	unknown	China	134764	CT-FOSHAN-IDCCHINANETGuangdongprovincenetworkCN	false
217.244.31.60	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
194.234.211.199	unknown	European Union	5403	AS5403AT	false
173.12.201.243	unknown	United States	7922	COMCAST-7922US	false
192.163.16.29	unknown	United States	136455	TII-AS-HKTexasInstrumentsIncUS	false
109.208.83.7	unknown	France	3215	FranceTelecom-OrangeFR	false

AV Detection

Antivirus / Scanner detection for submitted sample

Source: czHBnd67gp.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: czHBnd67gp.elf

ReversingLabs: Detection: 68%

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.23:59504 -> 198.50.207.21:1024
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 18.125.123.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 52.129.150.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 151.128.226.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 57.69.232.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 208.227.68.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 152.124.219.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 166.34.229.99:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 102.241.224.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 27.145.57.84:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 95.45.197.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 202.37.141.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 147.123.24.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 130.47.97.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 81.157.92.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 126.96.187.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 209.103.51.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 18.49.58.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 75.95.19.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 186.203.18.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 171.146.92.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 128.242.37.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 1.70.33.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 18.0.241.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 93.114.118.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 98.240.39.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 68.72.230.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 49.97.127.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 176.98.115.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 174.113.53.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 123.150.187.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 99.225.83.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 209.190.102.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 54.38.182.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 113.30.181.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 101.126.195.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 221.220.85.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 179.228.101.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 182.189.33.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 200.45.176.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 19.218.187.55:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 75.135.4.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 19.223.20.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 135.251.135.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 182.76.11.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 134.231.121.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 77.219.178.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 84.171.103.103:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 98.89.64.152:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 106.144.35.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 14.27.173.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 183.58.252.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 156.234.41.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 107.95.24.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 71.174.112.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 25.255.250.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 130.191.62.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 96.132.45.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 91.186.52.148:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 73.188.246.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 132.162.245.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 149.5.158.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 65.73.252.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 70.56.34.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 201.80.61.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 9.165.167.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 132.246.10.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 131.235.118.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 75.3.62.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 102.199.161.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 88.126.204.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 49.28.229.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 23.114.159.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 118.194.131.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 167.193.60.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 14.136.132.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 86.169.31.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 12.92.42.32:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 1.117.244.253:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 204.94.144.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 173.225.106.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 36.53.110.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 132.208.225.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 51.27.17.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 67.201.54.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 40.228.170.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 117.115.163.178:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 179.101.66.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 147.74.69.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 201.222.126.48:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 206.227.143.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 154.49.111.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 8.218.47.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 101.18.56.114:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 79.132.108.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 94.49.191.110:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 159.91.50.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 218.4.222.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 205.65.144.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 188.232.74.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 20.94.190.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.36.206.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 17.27.71.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 162.12.143.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 104.91.147.21:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 49.147.15.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 122.158.241.9:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 206.19.109.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 117.133.12.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 23.230.192.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 98.185.80.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 47.133.68.137:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 83.41.98.127:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 107.23.249.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 148.220.26.12:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 223.143.237.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 4.36.220.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 81.62.79.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 93.35.190.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 166.34.100.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 218.126.50.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 159.11.1.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 27.68.233.123:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 96.178.223.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 98.133.219.22:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 185.101.173.186:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 152.25.144.187:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 53.194.55.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 157.147.235.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 145.28.67.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 125.253.223.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 194.202.128.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 52.105.196.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 34.225.219.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 107.45.143.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 69.34.87.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 196.79.204.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 59.231.148.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 72.135.132.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 134.181.170.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 205.184.254.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 148.50.241.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 159.235.167.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 5.179.204.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 73.87.249.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 62.1.62.28:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 14.106.179.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 222.31.248.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 176.255.43.176:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 70.63.86.88:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 151.149.85.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 88.107.30.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 170.51.237.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 193.87.223.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 68.136.91.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 143.219.106.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 31.122.18.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 146.53.102.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 61.90.134.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 126.37.235.77:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 196.36.195.222:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 95.89.185.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 117.21.248.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 118.190.109.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 130.103.237.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 41.36.117.50:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 178.209.112.120:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 221.41.235.36:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 32.240.233.159:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 212.114.64.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 44.43.70.150:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 50.163.63.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 165.233.50.246:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 217.60.35.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 112.135.81.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 196.206.54.151:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 178.170.139.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 166.20.86.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 64.96.255.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 91.126.54.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 218.205.243.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 46.53.175.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 136.22.152.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 20.2.161.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 20.46.57.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 31.44.239.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 184.47.47.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 77.125.7.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 193.208.59.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 61.168.8.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 34.241.17.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 106.93.166.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 165.170.232.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 111.38.140.175:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 25.90.40.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 62.73.88.56:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 101.181.10.63:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 43.110.245.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 108.173.36.146:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 102.90.48.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 58.0.30.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 144.73.47.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 34.34.209.122:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 128.220.155.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 17.212.177.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 207.222.18.153:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 189.93.99.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 136.86.190.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 208.161.171.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 133.255.156.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 70.204.47.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 180.173.232.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 141.73.97.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 148.156.32.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 165.185.14.37:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 44.12.130.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 53.73.174.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 65.69.164.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 125.140.193.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 51.168.99.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 145.219.100.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 86.164.141.97:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 31.229.93.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 206.250.99.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 207.233.56.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 176.97.190.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 211.238.140.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 190.228.196.206:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 126.43.180.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 207.123.42.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 152.39.152.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 92.60.228.26:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 125.245.85.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 50.4.37.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 81.39.194.191:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 148.205.179.149:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 35.220.34.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 79.102.178.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 193.60.160.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 167.208.171.236:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 17.130.179.135:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 90.168.105.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 173.134.155.161:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 117.67.226.143:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 220.114.104.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 107.194.75.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 118.2.215.215:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 138.180.169.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 205.76.240.72:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 90.200.62.223:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 19.61.128.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 79.54.138.87:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 74.71.153.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 195.65.49.205:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 177.106.232.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 92.241.78.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 71.203.246.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 95.139.47.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 36.118.234.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 191.118.224.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 166.222.69.213:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 24.189.184.126:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 39.230.124.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 88.192.168.185:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 178.188.131.41:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 39.201.54.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 219.125.31.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 154.131.222.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 63.59.169.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 196.219.42.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 139.210.124.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 59.113.115.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 88.249.126.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 166.21.14.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 167.76.183.235:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 217.192.193.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 140.102.161.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 184.52.63.154:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 63.190.198.232:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 105.70.24.130:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 78.221.34.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 88.147.73.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 62.121.112.217:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 68.203.114.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 67.105.207.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 207.40.175.0:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 46.121.13.18:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 45.87.229.16:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 134.120.234.45:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 139.204.114.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 170.58.156.17:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 44.228.222.117:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 51.114.41.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 46.255.56.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 74.200.33.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 23.213.67.61:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 67.175.236.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 60.229.18.112:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 75.101.233.229:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 66.217.124.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 189.1.248.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 81.110.237.91:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 75.42.175.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 182.102.210.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 5.24.146.34:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 208.188.91.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 213.162.110.70:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 78.205.175.220:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 41.37.85.188:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 73.109.242.13:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 85.55.99.195:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 223.8.225.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 112.220.72.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 60.115.51.82:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 134.80.63.140:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 138.196.31.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 180.192.242.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 163.31.134.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 149.123.80.221:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 151.14.155.11:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 156.207.218.139:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 43.138.188.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 219.58.138.60:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 82.236.160.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 165.179.98.219:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 82.211.192.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 216.187.59.160:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 98.103.83.198:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 132.156.79.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 114.118.192.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 78.159.212.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 135.166.80.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 23.141.112.125:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.253.158.76:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 169.168.211.10:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 131.106.82.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 37.251.67.245:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.252.243.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 34.161.9.214:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 46.66.80.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 66.232.112.247:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 208.173.6.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 160.86.126.20:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 51.137.184.227:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 4.57.116.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 190.213.45.238:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 24.74.124.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 69.156.110.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 43.19.243.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 129.93.231.118:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 96.40.5.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 64.169.253.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 117.249.178.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 140.121.4.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 81.92.47.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 58.239.195.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 126.28.102.226:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 34.12.218.69:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 189.88.96.147:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 180.214.23.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 125.50.34.231:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 217.160.240.6:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 166.193.184.86:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 5.84.173.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 50.22.189.100:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 17.52.222.131:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 66.120.151.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 197.147.248.40:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 114.28.221.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 32.41.165.237:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 139.26.173.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 38.198.208.96:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 134.200.14.58:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 81.164.208.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 157.210.2.4:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 99.237.70.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 45.231.55.71:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 120.77.190.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 138.17.211.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 34.111.219.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 188.127.69.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 13.117.65.172:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.179.149.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 144.11.215.225:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 206.190.146.164:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 12.109.20.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 45.185.45.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 67.237.6.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 146.80.125.252:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 173.83.4.241:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 171.40.164.64:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.137.202.47:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 139.18.205.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 216.45.4.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 217.108.142.194:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 208.114.122.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 208.110.201.1:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 128.119.224.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 131.58.133.2:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 40.27.175.157:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 117.230.174.44:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 70.240.235.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 195.186.144.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 25.113.189.133:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 109.132.142.80:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.38.31.108:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 35.111.115.74:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 97.10.237.196:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 179.112.124.162:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 182.93.152.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 205.245.174.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 144.166.142.168:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 147.7.101.67:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 84.106.249.228:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 99.5.224.109:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 169.201.217.92:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 4.184.90.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 118.167.118.23:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 194.134.134.24:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 142.147.100.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 96.184.164.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 94.196.173.95:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 89.185.224.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 122.238.189.115:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 64.42.218.158:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 210.147.94.179:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 222.68.97.107:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 102.168.157.128:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 204.205.102.51:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 4.251.18.218:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 183.122.92.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 207.146.254.193:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 104.211.62.197:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 77.176.168.105:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 188.101.14.192:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 219.171.160.65:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 154.75.26.42:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 93.148.76.19:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 128.230.119.199:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 53.244.235.210:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 81.115.46.46:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 4.157.219.38:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 156.226.136.30:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 202.252.115.54:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 209.112.189.132:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 23.15.64.251:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 102.43.244.254:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 203.79.104.233:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 106.80.234.165:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 158.27.44.89:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 147.123.66.39:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 43.255.95.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 146.173.242.166:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 13.104.86.209:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 165.178.43.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 132.68.242.78:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 14.116.174.25:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 47.46.120.250:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 106.188.90.136:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 54.83.36.124:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 46.235.85.94:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 121.100.204.142:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 63.132.203.216:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 134.142.48.113:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 208.88.175.73:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 45.148.165.174:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 206.61.78.201:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 131.168.38.49:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 188.87.30.5:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.230.194.171:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 5.99.134.190:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 20.194.255.33:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 35.60.130.119:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 100.165.198.59:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 219.79.98.211:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 155.41.102.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 120.109.231.53:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 134.106.194.93:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 191.11.242.81:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 112.68.118.180:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 119.143.89.129:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 67.171.94.173:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 75.39.179.104:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 78.201.107.8:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 82.5.103.75:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 175.37.171.121:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 169.254.1.106:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 173.55.224.169:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 66.32.232.181:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 159.10.55.3:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 110.49.246.57:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 204.41.71.141:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 188.22.39.207:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 73.181.135.101:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 52.129.166.43:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 82.210.17.248:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 68.45.206.200:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 8.169.132.102:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 123.244.107.234:2323
Source: global traffic	TCP traffic: 192.168.2.23:46298 -> 52.7.121.254:2323

Sample listens on a socket

Source: /tmp/czHBnd67gp.elf (PID: 6249)	Socket: 127.0.0.1:38273	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	Socket: 0.0.0.0:0	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	Socket: 0.0.0.0:0	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	Socket: 0.0.0.0:53413	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	Socket: 0.0.0.0:80	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	Socket: 0.0.0.0:37215	Jump to behavior

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 198.50.207.21
Source: unknown	TCP traffic detected without corresponding DNS query: 198.50.207.21
Source: unknown	TCP traffic detected without corresponding DNS query: 198.50.207.21
Source: unknown	TCP traffic detected without corresponding DNS query: 18.125.123.171
Source: unknown	TCP traffic detected without corresponding DNS query: 111.34.192.37
Source: unknown	TCP traffic detected without corresponding DNS query: 187.85.86.174
Source: unknown	TCP traffic detected without corresponding DNS query: 156.222.106.156
Source: unknown	TCP traffic detected without corresponding DNS query: 112.55.203.247
Source: unknown	TCP traffic detected without corresponding DNS query: 161.149.85.111
Source: unknown	TCP traffic detected without corresponding DNS query: 41.202.207.72
Source: unknown	TCP traffic detected without corresponding DNS query: 27.143.84.39
Source: unknown	TCP traffic detected without corresponding DNS query: 27.99.228.103
Source: unknown	TCP traffic detected without corresponding DNS query: 52.129.150.17
Source: unknown	TCP traffic detected without corresponding DNS query: 36.72.255.233
Source: unknown	TCP traffic detected without corresponding DNS query: 125.152.227.201
Source: unknown	TCP traffic detected without corresponding DNS query: 159.177.109.63
Source: unknown	TCP traffic detected without corresponding DNS query: 37.153.195.185
Source: unknown	TCP traffic detected without corresponding DNS query: 187.253.43.180
Source: unknown	TCP traffic detected without corresponding DNS query: 196.220.29.72
Source: unknown	TCP traffic detected without corresponding DNS query: 197.5.107.241
Source: unknown	TCP traffic detected without corresponding DNS query: 52.190.133.241
Source: unknown	TCP traffic detected without corresponding DNS query: 151.128.226.169
Source: unknown	TCP traffic detected without corresponding DNS query: 209.63.15.28
Source: unknown	TCP traffic detected without corresponding DNS query: 129.20.45.132
Source: unknown	TCP traffic detected without corresponding DNS query: 195.23.45.195
Source: unknown	TCP traffic detected without corresponding DNS query: 97.64.217.160
Source: unknown	TCP traffic detected without corresponding DNS query: 89.215.37.38
Source: unknown	TCP traffic detected without corresponding DNS query: 47.174.201.122
Source: unknown	TCP traffic detected without corresponding DNS query: 9.3.39.200
Source: unknown	TCP traffic detected without corresponding DNS query: 149.150.31.103
Source: unknown	TCP traffic detected without corresponding DNS query: 13.202.90.167
Source: unknown	TCP traffic detected without corresponding DNS query: 164.211.244.57
Source: unknown	TCP traffic detected without corresponding DNS query: 57.69.232.129
Source: unknown	TCP traffic detected without corresponding DNS query: 188.209.162.170
Source: unknown	TCP traffic detected without corresponding DNS query: 108.182.44.129
Source: unknown	TCP traffic detected without corresponding DNS query: 153.30.100.247
Source: unknown	TCP traffic detected without corresponding DNS query: 190.231.160.130
Source: unknown	TCP traffic detected without corresponding DNS query: 82.247.198.161
Source: unknown	TCP traffic detected without corresponding DNS query: 162.103.103.230
Source: unknown	TCP traffic detected without corresponding DNS query: 183.128.52.68
Source: unknown	TCP traffic detected without corresponding DNS query: 199.47.109.77
Source: unknown	TCP traffic detected without corresponding DNS query: 1.148.102.160
Source: unknown	TCP traffic detected without corresponding DNS query: 208.227.68.12
Source: unknown	TCP traffic detected without corresponding DNS query: 58.172.4.98
Source: unknown	TCP traffic detected without corresponding DNS query: 71.90.201.254
Source: unknown	TCP traffic detected without corresponding DNS query: 185.6.28.100
Source: unknown	TCP traffic detected without corresponding DNS query: 82.188.153.183
Source: unknown	TCP traffic detected without corresponding DNS query: 179.141.150.85
Source: unknown	TCP traffic detected without corresponding DNS query: 106.7.56.230
Source: unknown	TCP traffic detected without corresponding DNS query: 184.201.167.150

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/czHBnd67gp.elf (PID: 6251)	SIGKILL sent: pid: 936, result: successful			Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	SIGKILL sent: pid: 936, result: successful			Jump to behavior

Source: classification engine

Classification label: mal56.linELF@0/0@0/0

Enumerates processes within the "proc" file system

Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/720/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/721/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/847/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6251)	File opened: /proc/904/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/772/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/796/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/774/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/777/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/799/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/658/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/785/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/720/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/721/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/788/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/789/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/847/fd	Jump to behavior
Source: /tmp/czHBnd67gp.elf (PID: 6257)	File opened: /proc/904/fd	Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/czHBnd67gp.elf (PID: 6249)

Queries kernel information via 'uname':

Jump to behavior

Source: czHBnd67gp.elf, 6249.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6251.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6385.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6398.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6391.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6253.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6377.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6265.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/czHBnd67gp.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/czHBnd67gp.elf
Source: czHBnd67gp.elf, 6249.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6251.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6385.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6398.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6391.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6253.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6377.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6265.1.00005617698f0000.0000561769a1e000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/arm
Source: czHBnd67gp.elf, 6249.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6251.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6385.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6398.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6391.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6253.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6377.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp, czHBnd67gp.elf, 6265.1.00007ffe93dac000.00007ffe93dcd000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-arm
Source: czHBnd67gp.elf, 6249.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6251.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6385.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6398.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6391.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6253.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6377.1.00005617698f0000.0000561769a1e000.rw-.sdmp, czHBnd67gp.elf, 6265.1.00005617698f0000.0000561769a1e000.rw-.sdmp	Binary or memory string: V!/etc/qemu-binfmt/arm

ID:	1541860
Product:	CloudBasic
Start time:	09:01:07
Start date:	25.10.2024
Sample:	czHBnd67gp.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	2a928fae9511a9537360461c5994c20c
SHA1:	36274a7cd6405f916d2b70ac70051863893ff28b
SHA256:	fa8311c4846c20dd163d7aa485d4d7e1cfb505cfbe51f57efa6af5f0c0ee0e9f
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
czHBnd67gp.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Linux Analysis Report czHBnd67gp.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Linux Analysis Report
czHBnd67gp.elf