Linux Analysis Report
GSVzm51Pg5.elf

Overview

General Information

Sample name:	GSVzm51Pg5.elf renamed because original name is a hash value
Original sample name:	3b709180264eb32bcc2dd5bfbe692388.elf
Analysis ID:	1541863
MD5:	3b709180264eb32bcc2dd5bfbe692388
SHA1:	9f0f93a53034594730e86d7e3c39a87e96f9e811
SHA256:	ded9a2a316eff957b5f490fe190d1971786a6c3d3e62d4ed6f5ffbdc18b927eb
Tags:	32elfmirairenesas
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Sample tries to kill multiple processes (SIGKILL)

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: GSVzm51Pg5.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: GSVzm51Pg5.elf

ReversingLabs: Detection: 68%

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 167.131.144.32:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 39.55.192.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 217.128.149.101:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 63.158.107.95:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 184.228.169.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 152.166.188.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 104.242.76.248:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 134.36.225.16:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 61.118.22.115:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 83.4.252.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 89.217.126.131:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 65.244.141.151:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 216.183.73.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 62.82.181.4:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 18.245.91.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 177.226.43.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 203.52.229.253:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 44.145.188.35:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 185.57.109.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 181.6.184.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 64.76.54.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 126.15.38.253:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 126.176.79.221:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 96.163.187.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 23.229.106.190:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 147.205.112.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 58.106.86.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 103.3.0.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 94.78.147.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 41.80.164.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 147.157.138.164:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 139.122.107.43:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 57.161.52.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 82.103.182.49:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 144.110.92.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 111.112.103.146:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 198.90.190.19:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 220.63.42.32:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 104.123.172.80:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 8.68.57.144:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 200.164.115.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 122.205.161.211:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 199.233.130.83:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 147.179.9.13:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 223.7.235.63:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 221.25.156.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 17.157.156.111:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 190.232.168.93:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 213.15.115.144:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 187.178.131.233:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 84.42.190.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 81.128.28.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 108.20.93.163:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 74.106.206.168:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 83.92.153.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.170.181.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 74.228.62.119:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 111.175.0.192:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 97.61.197.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 62.132.183.122:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 223.76.43.175:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.167.83.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 196.43.85.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 89.137.160.238:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 182.94.246.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 91.245.130.75:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 52.73.114.136:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 101.71.150.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 147.217.43.63:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 78.16.205.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 114.218.175.84:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 62.22.52.207:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 129.208.35.102:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 58.212.167.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 17.232.163.247:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 148.174.5.126:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 118.175.13.108:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 111.165.27.75:2323
Source: global traffic	TCP traffic: 192.168.2.13:57542 -> 198.50.207.21:1024
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 80.205.19.157:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 59.126.150.182:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.64.145.146:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 57.169.186.38:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 101.118.107.10:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 221.134.245.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 12.133.85.191:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 132.61.242.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 168.15.204.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 19.193.78.135:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 84.247.62.160:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 77.194.36.166:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 115.191.255.73:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 60.104.80.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 72.1.234.7:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 13.33.151.202:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 40.14.79.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 114.103.219.115:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 116.244.151.176:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 180.123.76.227:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 217.229.191.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 87.15.39.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 54.139.73.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 186.144.105.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 140.31.111.225:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 159.16.39.83:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 77.160.112.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 136.189.239.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 71.197.48.180:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.133.55.163:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 105.123.177.58:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 39.238.167.66:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 67.153.203.85:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 52.16.18.220:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 92.225.221.126:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 9.235.69.21:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 220.23.58.95:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 85.190.219.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 221.152.44.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.103.97.102:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 123.216.90.164:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 44.239.126.66:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.86.144.183:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 82.212.5.47:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 105.144.197.8:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 195.73.8.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 86.106.157.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 166.85.255.45:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 138.33.111.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 211.151.47.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 38.155.37.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 148.84.254.52:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 63.149.219.84:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 51.75.125.161:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 122.235.209.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 141.51.103.204:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 154.117.87.94:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 74.252.200.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 27.247.77.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 197.64.111.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 19.6.6.13:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 90.102.64.9:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 223.107.240.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 8.252.164.242:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 212.170.101.243:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 35.233.53.220:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 200.241.2.23:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 199.165.184.81:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 157.138.49.232:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 41.38.166.95:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 166.22.161.155:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 53.44.178.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 213.208.132.44:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 25.163.96.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 193.243.62.120:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 168.162.206.15:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 104.245.89.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 72.98.192.136:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 125.26.176.234:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 50.25.12.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 68.219.10.6:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 209.252.176.32:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 44.99.209.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 133.4.7.218:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 150.55.58.182:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 195.123.19.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 171.181.113.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 74.215.81.58:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 148.97.217.175:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 132.122.203.166:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 64.231.109.8:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 65.78.6.23:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 54.112.101.5:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 180.14.198.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 180.73.202.216:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 60.242.49.32:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 197.6.2.125:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.49.94.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.138.230.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 100.6.247.255:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 79.31.189.176:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 125.58.138.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 109.42.202.137:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 163.195.66.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 211.181.167.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 99.61.1.74:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 108.58.215.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 196.80.9.217:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 195.141.197.125:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 187.60.90.186:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 129.88.199.134:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 63.98.252.80:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 157.23.125.151:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 158.222.231.141:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 218.108.83.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 40.199.46.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 65.254.141.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.117.56.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 170.200.73.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 115.86.160.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 35.18.235.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 12.202.52.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 176.88.197.48:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 76.33.35.97:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.158.161.131:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 110.214.124.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 45.224.51.183:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 94.134.177.13:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 86.212.207.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 105.206.29.15:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 206.238.33.214:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 23.55.59.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 36.41.240.111:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 129.4.187.125:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 145.3.177.80:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 116.110.62.104:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 176.221.132.12:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 112.101.149.157:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 101.239.220.247:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 80.207.238.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 105.254.225.67:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 63.6.160.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 27.47.242.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 216.56.45.169:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 197.245.136.224:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 13.200.117.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 93.144.223.162:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 49.135.123.185:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 20.60.27.117:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 54.104.175.66:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 202.7.36.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 67.212.231.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 83.189.174.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 42.244.211.146:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 133.74.200.28:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 134.233.1.64:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 138.15.151.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 96.147.252.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 44.221.2.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 168.103.122.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 120.130.138.163:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 174.119.172.108:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 135.48.115.0:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 141.139.184.191:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 160.36.198.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 150.214.50.137:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 108.169.160.72:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 221.237.231.54:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 201.10.45.14:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 153.128.24.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 46.216.156.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 207.144.144.104:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 154.220.192.176:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 133.234.170.232:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 139.2.3.152:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 9.71.54.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 207.161.63.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 64.156.19.96:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 182.14.54.227:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 67.176.13.101:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 31.100.101.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 157.221.249.203:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 79.101.150.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 153.123.220.76:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 140.128.219.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 146.51.216.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 204.174.97.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 184.172.100.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 74.224.194.234:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 105.58.151.53:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 223.126.208.227:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 166.219.68.49:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 80.49.253.240:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 143.88.146.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.84.114.83:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 74.98.27.205:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 109.221.115.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 195.212.154.7:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 48.92.189.195:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 207.229.16.0:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 42.11.234.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 90.181.240.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 196.155.4.119:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 137.122.249.107:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 123.60.255.170:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 216.83.12.109:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 131.108.147.146:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 123.44.49.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 72.78.40.52:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 87.229.99.102:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 208.70.79.198:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 176.11.108.224:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 81.35.221.202:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 201.143.29.176:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.36.210.74:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 125.194.103.233:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 149.68.250.11:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 31.17.252.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 178.183.80.226:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 80.55.116.169:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 183.92.181.7:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 155.38.253.5:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 206.224.42.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 187.21.111.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.89.111.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 74.125.80.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 49.253.199.135:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 14.62.54.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 45.163.217.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 54.157.245.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 217.197.189.131:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 77.16.190.143:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 47.228.40.40:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 119.176.53.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 161.24.62.213:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 117.120.241.95:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 44.208.116.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 160.52.65.105:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 45.89.71.91:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 187.146.229.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 165.199.23.216:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 122.65.170.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 9.146.112.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 66.70.161.24:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 78.210.176.221:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 44.166.198.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 76.160.130.123:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 103.125.146.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 176.138.176.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 196.141.170.145:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 62.101.16.216:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 58.188.36.239:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 114.19.254.24:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 181.235.148.137:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 87.179.233.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 97.213.205.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 47.141.221.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 115.184.62.240:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 40.4.75.82:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 92.236.64.36:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 160.102.96.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 117.229.164.217:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 149.247.123.182:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 186.236.135.75:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 166.201.99.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 36.74.187.148:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.182.211.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 210.109.252.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 115.128.55.219:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 159.213.6.127:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 115.243.52.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 150.103.70.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 101.40.108.52:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 128.202.44.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 113.233.154.203:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 183.97.102.33:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 113.193.33.93:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 211.252.189.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 65.136.251.162:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 24.223.5.54:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 201.95.124.121:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 84.190.171.195:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 140.237.15.7:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 190.63.60.61:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 50.73.238.192:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 159.252.60.97:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 163.146.44.37:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 43.74.223.8:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 193.93.209.228:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 139.195.38.31:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 205.60.206.181:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 161.156.246.195:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 151.72.147.207:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 114.237.216.40:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 190.6.43.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 23.57.14.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 35.160.166.185:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 117.182.19.47:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 207.209.222.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 169.126.208.42:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 181.187.179.114:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 187.182.0.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 102.158.214.143:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 223.26.222.198:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 182.90.191.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.99.102.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 126.79.13.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 96.198.60.125:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 9.13.63.152:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 118.140.103.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 118.34.221.109:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 70.0.17.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 88.24.198.67:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.88.116.231:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 79.245.248.232:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 175.202.59.127:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 23.226.110.7:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 32.214.251.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 178.61.36.190:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 73.162.211.227:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 59.70.198.219:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 86.103.244.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 126.84.100.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 182.93.170.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 180.155.32.66:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 151.214.246.149:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 123.237.65.108:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 4.111.120.76:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 210.153.173.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 148.208.153.231:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 27.178.88.246:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 92.29.178.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 46.85.209.166:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 94.196.99.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 186.254.75.142:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 57.17.197.251:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 87.27.20.237:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 119.106.31.30:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 42.245.92.29:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 108.246.193.35:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 88.37.99.47:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 14.135.161.150:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 170.211.225.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 176.73.37.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 148.220.181.10:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 157.234.159.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 125.156.159.148:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 162.149.20.240:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 68.242.86.203:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 96.252.174.73:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 109.198.95.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 201.217.39.180:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 217.89.192.145:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 9.252.232.216:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 51.231.64.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 194.94.148.145:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 179.166.105.96:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 51.124.124.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 109.11.150.212:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 91.241.251.181:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 51.88.217.91:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 80.4.100.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 64.174.156.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 8.202.51.67:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 182.81.81.125:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 70.10.107.197:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 134.168.170.6:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 152.145.168.171:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 148.84.229.101:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 147.220.30.139:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 146.118.64.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 211.157.236.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 23.143.71.119:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 160.227.214.47:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 201.177.230.42:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 5.192.47.246:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 169.116.128.186:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 198.70.225.25:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 159.140.154.22:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 82.210.238.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 201.188.27.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 88.117.104.49:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 141.19.179.156:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 158.49.116.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 185.25.211.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 186.9.244.75:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 207.144.33.239:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 81.19.140.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 194.199.181.111:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 40.64.57.233:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 8.24.120.83:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 158.20.199.118:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 133.150.85.43:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 145.221.32.24:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 73.83.52.72:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 152.175.18.212:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 85.178.238.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.103.216.45:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 184.34.100.175:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 208.92.15.88:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 124.70.108.241:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 150.173.194.174:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 157.123.78.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 151.179.252.105:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 148.238.227.19:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 52.142.4.38:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 181.238.19.255:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 70.198.10.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 159.184.33.95:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 196.27.164.155:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 59.182.123.108:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 168.80.124.111:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 187.37.109.74:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 114.3.21.93:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 62.214.224.183:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 41.45.61.136:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 137.71.36.202:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 112.39.18.95:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 200.42.170.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 52.152.139.247:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 174.183.81.128:2323

Sample listens on a socket

Source: /tmp/GSVzm51Pg5.elf (PID: 5428)	Socket: 127.0.0.1:38273	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	Socket: 0.0.0.0:0	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	Socket: 0.0.0.0:53413	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	Socket: 0.0.0.0:80	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	Socket: 0.0.0.0:0	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	Socket: 0.0.0.0:53413	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	Socket: 0.0.0.0:80	Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 221.163.234.226
Source: unknown	TCP traffic detected without corresponding DNS query: 167.131.144.32
Source: unknown	TCP traffic detected without corresponding DNS query: 34.129.187.146
Source: unknown	TCP traffic detected without corresponding DNS query: 161.75.176.189
Source: unknown	TCP traffic detected without corresponding DNS query: 39.55.192.130
Source: unknown	TCP traffic detected without corresponding DNS query: 98.240.141.162
Source: unknown	TCP traffic detected without corresponding DNS query: 113.156.175.175
Source: unknown	TCP traffic detected without corresponding DNS query: 77.246.0.246
Source: unknown	TCP traffic detected without corresponding DNS query: 1.206.236.50
Source: unknown	TCP traffic detected without corresponding DNS query: 178.24.186.60
Source: unknown	TCP traffic detected without corresponding DNS query: 176.26.12.40
Source: unknown	TCP traffic detected without corresponding DNS query: 129.60.180.54
Source: unknown	TCP traffic detected without corresponding DNS query: 222.194.25.31
Source: unknown	TCP traffic detected without corresponding DNS query: 47.250.225.1
Source: unknown	TCP traffic detected without corresponding DNS query: 117.132.33.124
Source: unknown	TCP traffic detected without corresponding DNS query: 18.81.191.198
Source: unknown	TCP traffic detected without corresponding DNS query: 59.114.205.15
Source: unknown	TCP traffic detected without corresponding DNS query: 219.242.196.19
Source: unknown	TCP traffic detected without corresponding DNS query: 87.178.249.205
Source: unknown	TCP traffic detected without corresponding DNS query: 104.93.146.8
Source: unknown	TCP traffic detected without corresponding DNS query: 174.214.66.181
Source: unknown	TCP traffic detected without corresponding DNS query: 180.135.200.62
Source: unknown	TCP traffic detected without corresponding DNS query: 217.128.149.101
Source: unknown	TCP traffic detected without corresponding DNS query: 63.240.22.223
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.135.170
Source: unknown	TCP traffic detected without corresponding DNS query: 70.94.90.122
Source: unknown	TCP traffic detected without corresponding DNS query: 169.234.16.78
Source: unknown	TCP traffic detected without corresponding DNS query: 158.201.235.77
Source: unknown	TCP traffic detected without corresponding DNS query: 63.158.107.95
Source: unknown	TCP traffic detected without corresponding DNS query: 125.113.147.241
Source: unknown	TCP traffic detected without corresponding DNS query: 178.29.41.70
Source: unknown	TCP traffic detected without corresponding DNS query: 13.11.130.43
Source: unknown	TCP traffic detected without corresponding DNS query: 166.86.255.112
Source: unknown	TCP traffic detected without corresponding DNS query: 130.252.13.188
Source: unknown	TCP traffic detected without corresponding DNS query: 150.191.148.66
Source: unknown	TCP traffic detected without corresponding DNS query: 124.248.249.30
Source: unknown	TCP traffic detected without corresponding DNS query: 98.148.195.150
Source: unknown	TCP traffic detected without corresponding DNS query: 94.254.28.149
Source: unknown	TCP traffic detected without corresponding DNS query: 108.50.194.202
Source: unknown	TCP traffic detected without corresponding DNS query: 135.154.120.90
Source: unknown	TCP traffic detected without corresponding DNS query: 74.83.186.154
Source: unknown	TCP traffic detected without corresponding DNS query: 217.219.216.172
Source: unknown	TCP traffic detected without corresponding DNS query: 108.218.129.39
Source: unknown	TCP traffic detected without corresponding DNS query: 94.111.254.41
Source: unknown	TCP traffic detected without corresponding DNS query: 105.248.234.32
Source: unknown	TCP traffic detected without corresponding DNS query: 174.223.253.171
Source: unknown	TCP traffic detected without corresponding DNS query: 119.146.79.209
Source: unknown	TCP traffic detected without corresponding DNS query: 184.228.169.130
Source: unknown	TCP traffic detected without corresponding DNS query: 152.166.188.179
Source: unknown	TCP traffic detected without corresponding DNS query: 1.96.48.216

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 792, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 803, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 855, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 1410, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3181, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3183, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3185, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3300, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3327, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3413, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3420, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3424, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3429, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3434, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 5430, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 5445, result: successful	Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 792, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 803, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 855, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 1410, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3181, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3183, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3185, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3300, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3327, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3413, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3420, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3424, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3429, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3434, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 5430, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 5445, result: successful	Jump to behavior

Source: classification engine

Classification label: mal60.spre.linELF@0/0@2/0

Enumerates processes within the "proc" file system

Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/790/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/792/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/795/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/778/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/855/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/914/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/816/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/780/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/660/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/783/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/765/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/802/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/726/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/727/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3122/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/5380/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3117/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3114/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/5414/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/5415/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/914/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/914/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/914/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/518/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/519/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/917/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/5274/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/5430/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3134/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3375/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3132/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3095/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1745/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1866/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1588/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/884/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1982/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/765/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/765/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/765/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3246/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/800/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/767/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1906/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/802/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/802/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/802/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/803/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1748/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/5443/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3420/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1482/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/490/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1480/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1755/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1238/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1875/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3413/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1751/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1872/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/2961/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1475/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/656/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/657/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/778/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/778/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/778/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/658/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/659/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/418/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/936/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/419/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/816/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/816/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/816/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1879/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1891/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3310/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3153/exe	Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/GSVzm51Pg5.elf (PID: 5428)

Queries kernel information via 'uname':

Jump to behavior

Source: GSVzm51Pg5.elf, 5428.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5432.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5568.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5568.1.000055664142e000.000055664144e000.rw-.sdmp, GSVzm51Pg5.elf, 5441.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5445.1.00007fffeec52000.00007fffeec73000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: GSVzm51Pg5.elf, 5568.1.000055664142e000.000055664144e000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: GSVzm51Pg5.elf, 5428.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5432.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5568.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5441.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5445.1.00005566413cb000.000055664142e000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: GSVzm51Pg5.elf, 5568.1.000055664142e000.000055664144e000.rw-.sdmp	Binary or memory string: dCAfU/sh4/0 /proc/490/fd/39!/proc/778/fd/1/sh4/pro1/proc/3162/exe/sh4/0!/proc/490/fd/40!/proc/778/fd/0/sh4/pro1/usr/bin/vmtoolsdh4/0!/proc/490/fd/41!/proc/778/fd/../sh4/pro1@cCAfUeCAfU/sh4/0 /proc/490/fd/42!/proc/778/fd/./sh4/pro1
Source: GSVzm51Pg5.elf, 5428.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5432.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5568.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5441.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5445.1.00007fffeec52000.00007fffeec73000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/GSVzm51Pg5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/GSVzm51Pg5.elf
Source: GSVzm51Pg5.elf, 5428.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5432.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5568.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5441.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5445.1.00005566413cb000.000055664142e000.rw-.sdmp	Binary or memory string: <AfU5!/etc/qemu-binfmt/sh4
Source: GSVzm51Pg5.elf, 5568.1.000055664142e000.000055664144e000.rw-.sdmp	Binary or memory string: CAfU/sh4/ro10 /usr/bin/qemu-sh4!/proc/800/fd/331

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
119.167.80.229	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
171.6.174.44	unknown	Thailand	45758	TRIPLETNET-AS-APTripleTInternetTripleTBroadbandTH	false
110.153.118.182	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
221.14.249.23	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
197.163.185.238	unknown	Egypt	24863	LINKdotNET-ASEG	false
108.118.252.198	unknown	United States	10507	SPCSUS	false
113.12.37.2	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
68.132.186.150	unknown	United States	701	UUNETUS	false
96.148.61.104	unknown	United States	7922	COMCAST-7922US	false
179.85.105.176	unknown	Brazil	26599	TELEFONICABRASILSABR	false
173.206.218.37	unknown	Canada	6407	PRIMUS-AS6407CA	false
210.152.140.15	unknown	Japan	4694	IDCFIDCFrontierIncJP	false
175.113.129.90	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
205.118.57.52	unknown	United States	210	WEST-NET-WESTUS	false
100.49.59.14	unknown	United States	701	UUNETUS	false
166.159.76.110	unknown	United States	22394	CELLCOUS	false
211.77.208.57	unknown	Taiwan; Republic of China (ROC)	9674	FET-TWFarEastToneTelecommunicationCoLtdTW	false
145.205.48.146	unknown	Netherlands	1101	IP-EEND-ASIP-EENDBVNL	false
205.127.158.59	unknown	United States	210	WEST-NET-WESTUS	false
120.69.247.16	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
66.189.62.142	unknown	United States	20115	CHARTER-20115US	false
76.137.238.131	unknown	United States	7922	COMCAST-7922US	false
221.215.154.75	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
117.190.177.205	unknown	China	9808	CMNET-GDGuangdongMobileCommunicationCoLtdCN	false
205.180.24.222	unknown	United States	3356	LEVEL3US	false
195.19.76.37	unknown	Russian Federation	47503	NTCITROSA-ASRU	false
57.203.208.147	unknown	Belgium	2686	ATGS-MMD-ASUS	false
4.158.176.101	unknown	United States	3356	LEVEL3US	false
147.14.149.62	unknown	Sweden	41076	POSTDK-ASDK	false
126.205.220.245	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
41.25.211.104	unknown	South Africa	36994	Vodacom-VBZA	false
167.121.106.239	unknown	United States	10662	NORFOLK-SOUTHERNUS	false
216.187.35.23	unknown	United States	11579	LANLINEUS	false
147.206.36.40	unknown	United States	55542	RMSNET-AS-APRoadsandMaritimeServicesAU	false
198.152.14.84	unknown	United States	18676	AVAYAUS	false
106.66.184.192	unknown	India	45271	ICLNET-AS-APIdeaCellularLimitedIN	false
138.216.197.99	unknown	Finland	1759	TSF-IP-CORETeliaFinlandOyjEU	false
110.182.28.120	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
67.74.52.240	unknown	United States	3549	LVLT-3549US	false
125.6.110.39	unknown	Japan	17707	DATAHOTEL-JPASforDATAHOTELwhichisoneofiDCinJapan	false
97.61.197.78	unknown	United States	22394	CELLCOUS	false
150.110.42.246	unknown	United States	32531	FORDHAM-UNIVERSITYUS	false
19.127.65.204	unknown	United States	3	MIT-GATEWAYSUS	false
211.13.16.102	unknown	Japan	2518	BIGLOBEBIGLOBEIncJP	false
132.211.184.68	unknown	Canada	376	RISQ-ASCA	false
122.223.193.115	unknown	Japan	2519	VECTANTARTERIANetworksCorporationJP	false
179.135.242.106	unknown	Brazil	26599	TELEFONICABRASILSABR	false
104.209.250.87	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
119.67.50.141	unknown	Korea Republic of	17858	POWERVIS-AS-KRLGPOWERCOMMKR	false
122.20.228.139	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
108.102.159.142	unknown	United States	10507	SPCSUS	false
117.184.218.190	unknown	China	24400	CMNET-V4SHANGHAI-AS-APShanghaiMobileCommunicationsCoLt	false
27.214.248.248	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
43.68.202.143	unknown	Japan	4249	LILLY-ASUS	false
198.196.224.117	unknown	United States	292	ESNET-WESTUS	false
31.215.73.144	unknown	United Arab Emirates	5384	EMIRATES-INTERNETEmiratesInternetAE	false
191.84.242.8	unknown	Argentina	22927	TelefonicadeArgentinaAR	false
144.200.42.237	unknown	Switzerland	559	SWITCHPeeringrequestspeeringswitchchEU	false
72.132.38.107	unknown	United States	20001	TWC-20001-PACWESTUS	false
180.24.66.31	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
46.35.106.9	unknown	Spain	199226	CABLEMEL-ASES	false
83.30.248.227	unknown	Poland	5617	TPNETPL	false
202.18.60.148	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
194.102.201.3	unknown	Romania	9064	IIRUC-DIGICOM-SASatelliteCommunicationsOperatorRO	false
209.64.95.203	unknown	United States	7018	ATT-INTERNET4US	false
161.115.250.12	unknown	United States	10545	LCOLUS	false
101.151.236.198	unknown	China	9394	CTTNETChinaTieTongTelecommunicationsCorporationCN	false
37.190.169.115	unknown	Poland	21021	MULTIMEDIA-ASCableDTVInternetVoiceProviderinPoland	false
13.255.9.70	unknown	United States	16509	AMAZON-02US	false
93.202.30.174	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
66.147.120.233	unknown	United States	7029	WINDSTREAMUS	false
175.156.184.15	unknown	Singapore	4773	MOBILEONELTD-AS-APMobileOneLtdMobileInternetServicePr	false
66.147.120.234	unknown	United States	7029	WINDSTREAMUS	false
129.107.185.1	unknown	United States	18515	UTARLINGTONUS	false
132.112.199.141	unknown	United States	306	DNIC-ASBLK-00306-00371US	false
86.42.184.195	unknown	Ireland	5466	EIRCOMInternetHouseIE	false
186.239.204.222	unknown	Brazil	10429	TELEFONICABRASILSABR	false
151.3.136.66	unknown	Italy	1267	ASN-WINDTREIUNETEU	false
152.17.230.59	unknown	United States	40245	WAKE-FOREST-UNIVERSITYUS	false
98.149.83.62	unknown	United States	20001	TWC-20001-PACWESTUS	false
211.32.41.124	unknown	Korea Republic of	10185	HNB-ASHanaBankCoKR	false
4.33.49.211	unknown	United States	3356	LEVEL3US	false
31.71.147.72	unknown	United Kingdom	12576	EELtdGB	false
85.43.244.42	unknown	Italy	3269	ASN-IBSNAZIT	false
113.147.104.117	unknown	Japan	2516	KDDIKDDICORPORATIONJP	false
166.148.219.233	unknown	United States	22394	CELLCOUS	false
134.66.160.145	unknown	United States	385	AFCONC-BLOCK1-ASUS	false
109.37.193.204	unknown	Netherlands	15480	VFNL-ASVodafoneNLAutonomousSystemNL	false
126.152.62.33	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
81.254.60.167	unknown	France	3215	FranceTelecom-OrangeFR	false
199.230.146.169	unknown	United States	22855	CARDINALHEALTH1US	false
165.52.124.135	unknown	South Africa	37053	RSAWEB-ASZA	false
38.144.99.75	unknown	United States	174	COGENT-174US	false
130.48.244.222	unknown	United States	15601	BaringInvestmentServicesGB	false
67.238.24.41	unknown	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
18.57.8.69	unknown	United States	3	MIT-GATEWAYSUS	false
133.202.32.75	unknown	Japan	2518	BIGLOBEBIGLOBEIncJP	false
60.24.162.231	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
41.196.116.105	unknown	Egypt	24863	LINKdotNET-ASEG	false
63.6.28.32	unknown	United States	701	UUNETUS	false

Contacted Domains

Name	IP	Active
daisy.ubuntu.com	162.213.35.25	true

AV Detection

Antivirus / Scanner detection for submitted sample

Source: GSVzm51Pg5.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: GSVzm51Pg5.elf

ReversingLabs: Detection: 68%

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 167.131.144.32:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 39.55.192.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 217.128.149.101:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 63.158.107.95:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 184.228.169.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 152.166.188.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 104.242.76.248:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 134.36.225.16:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 61.118.22.115:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 83.4.252.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 89.217.126.131:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 65.244.141.151:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 216.183.73.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 62.82.181.4:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 18.245.91.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 177.226.43.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 203.52.229.253:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 44.145.188.35:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 185.57.109.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 181.6.184.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 64.76.54.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 126.15.38.253:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 126.176.79.221:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 96.163.187.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 23.229.106.190:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 147.205.112.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 58.106.86.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 103.3.0.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 94.78.147.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 41.80.164.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 147.157.138.164:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 139.122.107.43:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 57.161.52.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 82.103.182.49:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 144.110.92.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 111.112.103.146:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 198.90.190.19:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 220.63.42.32:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 104.123.172.80:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 8.68.57.144:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 200.164.115.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 122.205.161.211:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 199.233.130.83:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 147.179.9.13:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 223.7.235.63:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 221.25.156.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 17.157.156.111:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 190.232.168.93:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 213.15.115.144:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 187.178.131.233:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 84.42.190.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 81.128.28.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 108.20.93.163:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 74.106.206.168:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 83.92.153.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.170.181.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 74.228.62.119:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 111.175.0.192:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 97.61.197.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 62.132.183.122:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 223.76.43.175:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.167.83.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 196.43.85.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 89.137.160.238:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 182.94.246.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 91.245.130.75:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 52.73.114.136:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 101.71.150.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 147.217.43.63:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 78.16.205.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 114.218.175.84:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 62.22.52.207:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 129.208.35.102:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 58.212.167.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 17.232.163.247:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 148.174.5.126:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 118.175.13.108:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 111.165.27.75:2323
Source: global traffic	TCP traffic: 192.168.2.13:57542 -> 198.50.207.21:1024
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 80.205.19.157:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 59.126.150.182:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.64.145.146:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 57.169.186.38:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 101.118.107.10:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 221.134.245.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 12.133.85.191:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 132.61.242.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 168.15.204.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 19.193.78.135:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 84.247.62.160:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 77.194.36.166:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 115.191.255.73:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 60.104.80.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 72.1.234.7:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 13.33.151.202:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 40.14.79.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 114.103.219.115:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 116.244.151.176:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 180.123.76.227:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 217.229.191.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 87.15.39.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 54.139.73.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 186.144.105.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 140.31.111.225:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 159.16.39.83:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 77.160.112.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 136.189.239.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 71.197.48.180:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.133.55.163:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 105.123.177.58:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 39.238.167.66:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 67.153.203.85:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 52.16.18.220:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 92.225.221.126:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 9.235.69.21:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 220.23.58.95:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 85.190.219.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 221.152.44.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.103.97.102:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 123.216.90.164:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 44.239.126.66:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.86.144.183:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 82.212.5.47:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 105.144.197.8:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 195.73.8.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 86.106.157.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 166.85.255.45:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 138.33.111.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 211.151.47.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 38.155.37.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 148.84.254.52:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 63.149.219.84:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 51.75.125.161:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 122.235.209.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 141.51.103.204:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 154.117.87.94:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 74.252.200.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 27.247.77.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 197.64.111.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 19.6.6.13:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 90.102.64.9:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 223.107.240.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 8.252.164.242:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 212.170.101.243:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 35.233.53.220:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 200.241.2.23:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 199.165.184.81:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 157.138.49.232:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 41.38.166.95:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 166.22.161.155:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 53.44.178.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 213.208.132.44:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 25.163.96.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 193.243.62.120:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 168.162.206.15:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 104.245.89.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 72.98.192.136:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 125.26.176.234:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 50.25.12.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 68.219.10.6:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 209.252.176.32:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 44.99.209.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 133.4.7.218:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 150.55.58.182:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 195.123.19.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 171.181.113.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 74.215.81.58:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 148.97.217.175:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 132.122.203.166:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 64.231.109.8:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 65.78.6.23:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 54.112.101.5:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 180.14.198.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 180.73.202.216:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 60.242.49.32:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 197.6.2.125:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.49.94.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.138.230.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 100.6.247.255:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 79.31.189.176:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 125.58.138.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 109.42.202.137:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 163.195.66.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 211.181.167.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 99.61.1.74:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 108.58.215.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 196.80.9.217:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 195.141.197.125:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 187.60.90.186:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 129.88.199.134:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 63.98.252.80:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 157.23.125.151:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 158.222.231.141:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 218.108.83.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 40.199.46.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 65.254.141.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.117.56.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 170.200.73.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 115.86.160.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 35.18.235.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 12.202.52.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 176.88.197.48:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 76.33.35.97:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.158.161.131:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 110.214.124.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 45.224.51.183:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 94.134.177.13:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 86.212.207.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 105.206.29.15:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 206.238.33.214:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 23.55.59.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 36.41.240.111:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 129.4.187.125:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 145.3.177.80:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 116.110.62.104:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 176.221.132.12:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 112.101.149.157:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 101.239.220.247:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 80.207.238.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 105.254.225.67:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 63.6.160.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 27.47.242.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 216.56.45.169:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 197.245.136.224:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 13.200.117.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 93.144.223.162:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 49.135.123.185:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 20.60.27.117:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 54.104.175.66:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 202.7.36.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 67.212.231.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 83.189.174.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 42.244.211.146:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 133.74.200.28:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 134.233.1.64:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 138.15.151.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 96.147.252.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 44.221.2.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 168.103.122.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 120.130.138.163:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 174.119.172.108:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 135.48.115.0:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 141.139.184.191:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 160.36.198.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 150.214.50.137:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 108.169.160.72:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 221.237.231.54:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 201.10.45.14:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 153.128.24.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 46.216.156.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 207.144.144.104:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 154.220.192.176:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 133.234.170.232:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 139.2.3.152:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 9.71.54.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 207.161.63.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 64.156.19.96:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 182.14.54.227:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 67.176.13.101:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 31.100.101.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 157.221.249.203:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 79.101.150.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 153.123.220.76:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 140.128.219.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 146.51.216.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 204.174.97.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 184.172.100.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 74.224.194.234:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 105.58.151.53:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 223.126.208.227:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 166.219.68.49:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 80.49.253.240:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 143.88.146.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.84.114.83:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 74.98.27.205:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 109.221.115.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 195.212.154.7:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 48.92.189.195:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 207.229.16.0:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 42.11.234.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 90.181.240.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 196.155.4.119:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 137.122.249.107:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 123.60.255.170:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 216.83.12.109:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 131.108.147.146:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 123.44.49.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 72.78.40.52:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 87.229.99.102:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 208.70.79.198:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 176.11.108.224:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 81.35.221.202:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 201.143.29.176:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.36.210.74:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 125.194.103.233:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 149.68.250.11:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 31.17.252.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 178.183.80.226:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 80.55.116.169:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 183.92.181.7:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 155.38.253.5:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 206.224.42.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 187.21.111.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 75.89.111.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 74.125.80.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 49.253.199.135:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 14.62.54.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 45.163.217.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 54.157.245.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 217.197.189.131:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 77.16.190.143:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 47.228.40.40:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 119.176.53.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 161.24.62.213:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 117.120.241.95:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 44.208.116.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 160.52.65.105:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 45.89.71.91:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 187.146.229.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 165.199.23.216:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 122.65.170.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 9.146.112.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 66.70.161.24:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 78.210.176.221:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 44.166.198.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 76.160.130.123:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 103.125.146.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 176.138.176.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 196.141.170.145:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 62.101.16.216:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 58.188.36.239:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 114.19.254.24:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 181.235.148.137:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 87.179.233.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 97.213.205.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 47.141.221.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 115.184.62.240:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 40.4.75.82:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 92.236.64.36:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 160.102.96.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 117.229.164.217:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 149.247.123.182:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 186.236.135.75:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 166.201.99.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 36.74.187.148:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.182.211.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 210.109.252.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 115.128.55.219:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 159.213.6.127:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 115.243.52.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 150.103.70.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 101.40.108.52:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 128.202.44.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 113.233.154.203:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 183.97.102.33:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 113.193.33.93:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 211.252.189.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 65.136.251.162:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 24.223.5.54:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 201.95.124.121:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 84.190.171.195:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 140.237.15.7:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 190.63.60.61:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 50.73.238.192:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 159.252.60.97:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 163.146.44.37:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 43.74.223.8:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 193.93.209.228:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 139.195.38.31:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 205.60.206.181:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 161.156.246.195:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 151.72.147.207:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 114.237.216.40:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 190.6.43.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 23.57.14.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 35.160.166.185:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 117.182.19.47:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 207.209.222.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 169.126.208.42:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 181.187.179.114:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 187.182.0.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 102.158.214.143:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 223.26.222.198:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 182.90.191.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.99.102.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 126.79.13.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 96.198.60.125:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 9.13.63.152:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 118.140.103.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 118.34.221.109:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 70.0.17.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 88.24.198.67:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.88.116.231:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 79.245.248.232:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 175.202.59.127:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 23.226.110.7:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 32.214.251.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 178.61.36.190:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 73.162.211.227:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 59.70.198.219:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 86.103.244.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 126.84.100.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 182.93.170.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 180.155.32.66:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 151.214.246.149:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 123.237.65.108:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 4.111.120.76:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 210.153.173.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 148.208.153.231:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 27.178.88.246:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 92.29.178.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 46.85.209.166:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 94.196.99.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 186.254.75.142:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 57.17.197.251:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 87.27.20.237:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 119.106.31.30:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 42.245.92.29:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 108.246.193.35:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 88.37.99.47:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 14.135.161.150:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 170.211.225.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 176.73.37.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 148.220.181.10:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 157.234.159.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 125.156.159.148:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 162.149.20.240:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 68.242.86.203:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 96.252.174.73:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 109.198.95.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 201.217.39.180:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 217.89.192.145:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 9.252.232.216:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 51.231.64.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 194.94.148.145:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 179.166.105.96:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 51.124.124.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 109.11.150.212:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 91.241.251.181:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 51.88.217.91:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 80.4.100.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 64.174.156.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 8.202.51.67:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 182.81.81.125:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 70.10.107.197:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 134.168.170.6:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 152.145.168.171:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 148.84.229.101:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 147.220.30.139:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 146.118.64.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 211.157.236.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 23.143.71.119:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 160.227.214.47:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 201.177.230.42:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 5.192.47.246:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 169.116.128.186:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 198.70.225.25:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 159.140.154.22:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 82.210.238.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 201.188.27.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 88.117.104.49:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 141.19.179.156:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 158.49.116.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 185.25.211.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 186.9.244.75:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 207.144.33.239:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 81.19.140.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 194.199.181.111:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 40.64.57.233:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 8.24.120.83:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 158.20.199.118:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 133.150.85.43:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 145.221.32.24:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 73.83.52.72:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 152.175.18.212:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 85.178.238.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 142.103.216.45:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 184.34.100.175:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 208.92.15.88:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 124.70.108.241:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 150.173.194.174:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 157.123.78.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 151.179.252.105:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 148.238.227.19:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 52.142.4.38:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 181.238.19.255:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 70.198.10.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 159.184.33.95:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 196.27.164.155:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 59.182.123.108:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 168.80.124.111:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 187.37.109.74:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 114.3.21.93:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 62.214.224.183:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 41.45.61.136:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 137.71.36.202:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 112.39.18.95:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 200.42.170.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 52.152.139.247:2323
Source: global traffic	TCP traffic: 192.168.2.13:61279 -> 174.183.81.128:2323

Sample listens on a socket

Source: /tmp/GSVzm51Pg5.elf (PID: 5428)	Socket: 127.0.0.1:38273	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	Socket: 0.0.0.0:0	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	Socket: 0.0.0.0:53413	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	Socket: 0.0.0.0:80	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	Socket: 0.0.0.0:0	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	Socket: 0.0.0.0:53413	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	Socket: 0.0.0.0:80	Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 221.163.234.226
Source: unknown	TCP traffic detected without corresponding DNS query: 167.131.144.32
Source: unknown	TCP traffic detected without corresponding DNS query: 34.129.187.146
Source: unknown	TCP traffic detected without corresponding DNS query: 161.75.176.189
Source: unknown	TCP traffic detected without corresponding DNS query: 39.55.192.130
Source: unknown	TCP traffic detected without corresponding DNS query: 98.240.141.162
Source: unknown	TCP traffic detected without corresponding DNS query: 113.156.175.175
Source: unknown	TCP traffic detected without corresponding DNS query: 77.246.0.246
Source: unknown	TCP traffic detected without corresponding DNS query: 1.206.236.50
Source: unknown	TCP traffic detected without corresponding DNS query: 178.24.186.60
Source: unknown	TCP traffic detected without corresponding DNS query: 176.26.12.40
Source: unknown	TCP traffic detected without corresponding DNS query: 129.60.180.54
Source: unknown	TCP traffic detected without corresponding DNS query: 222.194.25.31
Source: unknown	TCP traffic detected without corresponding DNS query: 47.250.225.1
Source: unknown	TCP traffic detected without corresponding DNS query: 117.132.33.124
Source: unknown	TCP traffic detected without corresponding DNS query: 18.81.191.198
Source: unknown	TCP traffic detected without corresponding DNS query: 59.114.205.15
Source: unknown	TCP traffic detected without corresponding DNS query: 219.242.196.19
Source: unknown	TCP traffic detected without corresponding DNS query: 87.178.249.205
Source: unknown	TCP traffic detected without corresponding DNS query: 104.93.146.8
Source: unknown	TCP traffic detected without corresponding DNS query: 174.214.66.181
Source: unknown	TCP traffic detected without corresponding DNS query: 180.135.200.62
Source: unknown	TCP traffic detected without corresponding DNS query: 217.128.149.101
Source: unknown	TCP traffic detected without corresponding DNS query: 63.240.22.223
Source: unknown	TCP traffic detected without corresponding DNS query: 83.222.135.170
Source: unknown	TCP traffic detected without corresponding DNS query: 70.94.90.122
Source: unknown	TCP traffic detected without corresponding DNS query: 169.234.16.78
Source: unknown	TCP traffic detected without corresponding DNS query: 158.201.235.77
Source: unknown	TCP traffic detected without corresponding DNS query: 63.158.107.95
Source: unknown	TCP traffic detected without corresponding DNS query: 125.113.147.241
Source: unknown	TCP traffic detected without corresponding DNS query: 178.29.41.70
Source: unknown	TCP traffic detected without corresponding DNS query: 13.11.130.43
Source: unknown	TCP traffic detected without corresponding DNS query: 166.86.255.112
Source: unknown	TCP traffic detected without corresponding DNS query: 130.252.13.188
Source: unknown	TCP traffic detected without corresponding DNS query: 150.191.148.66
Source: unknown	TCP traffic detected without corresponding DNS query: 124.248.249.30
Source: unknown	TCP traffic detected without corresponding DNS query: 98.148.195.150
Source: unknown	TCP traffic detected without corresponding DNS query: 94.254.28.149
Source: unknown	TCP traffic detected without corresponding DNS query: 108.50.194.202
Source: unknown	TCP traffic detected without corresponding DNS query: 135.154.120.90
Source: unknown	TCP traffic detected without corresponding DNS query: 74.83.186.154
Source: unknown	TCP traffic detected without corresponding DNS query: 217.219.216.172
Source: unknown	TCP traffic detected without corresponding DNS query: 108.218.129.39
Source: unknown	TCP traffic detected without corresponding DNS query: 94.111.254.41
Source: unknown	TCP traffic detected without corresponding DNS query: 105.248.234.32
Source: unknown	TCP traffic detected without corresponding DNS query: 174.223.253.171
Source: unknown	TCP traffic detected without corresponding DNS query: 119.146.79.209
Source: unknown	TCP traffic detected without corresponding DNS query: 184.228.169.130
Source: unknown	TCP traffic detected without corresponding DNS query: 152.166.188.179
Source: unknown	TCP traffic detected without corresponding DNS query: 1.96.48.216

Source: global traffic

DNS traffic detected: DNS query: daisy.ubuntu.com

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 792, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 803, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 855, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 1410, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3181, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3183, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3185, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3300, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3327, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3413, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3420, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3424, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3429, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3434, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 5430, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 5445, result: successful	Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 792, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 803, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 855, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 1410, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3181, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3183, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3185, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3300, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3327, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3413, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3420, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3424, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3429, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 3434, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 5430, result: successful	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	SIGKILL sent: pid: 5445, result: successful	Jump to behavior

Source: classification engine

Classification label: mal60.spre.linELF@0/0@2/0

Enumerates processes within the "proc" file system

Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/790/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/792/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/793/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/795/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/797/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/778/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/855/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/914/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/816/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/780/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/660/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/783/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/765/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/802/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/726/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5430)	File opened: /proc/727/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3122/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/5380/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3117/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3114/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/5414/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/5415/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/914/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/914/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/914/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/518/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/519/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/917/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/5274/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/5430/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3134/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3375/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3132/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3095/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1745/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1866/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1588/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/884/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1982/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/765/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/765/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/765/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3246/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/800/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/767/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1906/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/802/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/802/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/802/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/803/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1748/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/5443/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3420/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1482/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/490/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1480/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1755/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1238/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1875/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3413/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1751/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1872/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/2961/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1475/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/656/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/657/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/778/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/778/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/778/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/658/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/659/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/418/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/936/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/419/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/816/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/816/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/816/fd	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1879/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/1891/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3310/exe	Jump to behavior
Source: /tmp/GSVzm51Pg5.elf (PID: 5436)	File opened: /proc/3153/exe	Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/GSVzm51Pg5.elf (PID: 5428)

Queries kernel information via 'uname':

Jump to behavior

Source: GSVzm51Pg5.elf, 5428.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5432.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5568.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5568.1.000055664142e000.000055664144e000.rw-.sdmp, GSVzm51Pg5.elf, 5441.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5445.1.00007fffeec52000.00007fffeec73000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-sh4
Source: GSVzm51Pg5.elf, 5568.1.000055664142e000.000055664144e000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: GSVzm51Pg5.elf, 5428.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5432.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5568.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5441.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5445.1.00005566413cb000.000055664142e000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/sh4
Source: GSVzm51Pg5.elf, 5568.1.000055664142e000.000055664144e000.rw-.sdmp	Binary or memory string: dCAfU/sh4/0 /proc/490/fd/39!/proc/778/fd/1/sh4/pro1/proc/3162/exe/sh4/0!/proc/490/fd/40!/proc/778/fd/0/sh4/pro1/usr/bin/vmtoolsdh4/0!/proc/490/fd/41!/proc/778/fd/../sh4/pro1@cCAfUeCAfU/sh4/0 /proc/490/fd/42!/proc/778/fd/./sh4/pro1
Source: GSVzm51Pg5.elf, 5428.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5432.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5568.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5441.1.00007fffeec52000.00007fffeec73000.rw-.sdmp, GSVzm51Pg5.elf, 5445.1.00007fffeec52000.00007fffeec73000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-sh4/tmp/GSVzm51Pg5.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/GSVzm51Pg5.elf
Source: GSVzm51Pg5.elf, 5428.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5432.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5568.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5441.1.00005566413cb000.000055664142e000.rw-.sdmp, GSVzm51Pg5.elf, 5445.1.00005566413cb000.000055664142e000.rw-.sdmp	Binary or memory string: <AfU5!/etc/qemu-binfmt/sh4
Source: GSVzm51Pg5.elf, 5568.1.000055664142e000.000055664144e000.rw-.sdmp	Binary or memory string: CAfU/sh4/ro10 /usr/bin/qemu-sh4!/proc/800/fd/331

ID:	1541863
Product:	CloudBasic
Start time:	09:02:38
Start date:	25.10.2024
Sample:	GSVzm51Pg5.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	3b709180264eb32bcc2dd5bfbe692388
SHA1:	9f0f93a53034594730e86d7e3c39a87e96f9e811
SHA256:	ded9a2a316eff957b5f490fe190d1971786a6c3d3e62d4ed6f5ffbdc18b927eb
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
GSVzm51Pg5.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report GSVzm51Pg5.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Linux Analysis Report
GSVzm51Pg5.elf