Linux Analysis Report
w18Ys8qKuX.elf

Overview

General Information

Sample name:	w18Ys8qKuX.elf renamed because original name is a hash value
Original sample name:	993d3aef83314b0c0f11483c03362a95.elf
Analysis ID:	1541905
MD5:	993d3aef83314b0c0f11483c03362a95
SHA1:	4f6a4ab5f9ea4cf7956231c07ff17c3a5afebf69
SHA256:	d89b67eda9721957881160216d3b2e809077ec28210c96b9d9c48483b0f0e4fb
Tags:	32elfmipsmirai
Infos:

Detection

Score:	60
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Sample tries to kill multiple processes (SIGKILL)

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Sample has stripped symbol table

Sample listens on a socket

Sample tries to kill a process (SIGKILL)

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: w18Ys8qKuX.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: w18Ys8qKuX.elf

ReversingLabs: Detection: 68%

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.13:57544 -> 198.50.207.21:1024
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 125.216.175.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 140.211.225.251:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 135.252.33.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 110.23.155.160:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 87.251.214.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 85.132.53.37:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 196.154.34.246:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 93.82.227.5:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 120.106.1.88:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 32.239.163.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 78.72.181.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 67.60.129.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 121.73.175.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 20.183.51.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 154.78.171.187:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 129.65.14.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 206.26.121.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 210.99.194.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 201.251.0.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 165.165.177.234:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 180.170.67.64:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 186.171.64.9:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 92.2.177.25:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 8.156.231.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 142.120.32.192:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 135.218.150.65:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 144.246.226.170:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 189.85.248.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 146.216.46.163:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 130.116.45.88:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 179.241.17.209:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 89.141.116.49:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 150.55.12.33:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 157.234.108.151:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 218.3.31.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 9.26.11.73:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.1.202.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 134.243.173.149:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 69.71.173.94:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 141.125.154.160:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 116.137.110.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 18.224.71.16:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 27.142.122.182:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 150.236.190.228:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 132.76.44.38:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 49.117.127.143:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 198.79.40.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 211.229.206.203:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 9.245.85.90:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 40.128.139.246:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 170.215.172.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 49.3.104.173:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 65.169.99.38:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 205.238.246.181:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 146.52.20.131:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 119.44.247.203:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 179.37.252.169:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 203.37.14.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 173.49.82.19:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 90.215.108.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 131.25.148.9:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 118.47.206.157:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 102.50.54.76:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 190.27.204.30:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 183.255.183.11:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 117.49.223.239:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.81.49.140:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 194.59.230.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 104.197.242.44:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 178.44.157.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 78.63.23.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 63.155.202.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 199.194.232.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 208.227.103.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 107.45.58.4:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 222.217.103.143:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 85.88.128.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 189.32.20.58:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 189.181.240.33:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 58.249.166.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 220.0.143.198:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 181.202.108.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 171.168.16.180:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 132.120.224.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 76.146.86.154:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 183.176.192.142:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 66.182.76.221:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 112.224.73.105:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 142.227.32.170:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 210.117.65.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 65.138.137.38:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 32.151.49.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 35.208.153.5:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 120.97.137.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 83.119.255.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 99.5.234.216:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 8.206.117.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 35.230.156.241:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 157.165.39.149:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 129.87.253.183:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 46.138.130.98:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 70.197.135.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 191.214.159.171:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 204.240.219.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 153.14.155.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 142.110.159.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 154.215.61.24:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 53.133.69.136:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 41.147.104.79:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 91.185.74.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 86.25.51.92:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 71.77.6.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 187.253.171.145:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 113.99.229.229:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 60.153.51.217:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 205.72.120.189:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 200.26.58.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 38.58.253.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 63.75.7.114:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 90.133.120.166:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 84.93.109.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 149.160.188.226:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 143.23.119.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 137.65.69.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 111.209.120.125:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 167.217.154.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 109.46.197.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 101.146.255.7:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 212.59.9.148:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 136.95.132.154:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 75.91.254.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 203.236.183.174:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 23.168.235.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 122.118.36.173:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 58.254.111.83:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 200.106.89.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 126.156.133.49:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 114.211.142.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 199.13.181.157:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 213.85.230.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 122.145.112.255:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 62.172.162.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 221.28.160.65:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 138.42.31.238:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 41.244.179.48:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 222.170.242.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 203.11.103.251:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 53.216.205.168:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 89.162.43.210:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 67.228.209.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 4.23.31.233:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 47.39.98.129:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 47.182.214.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 24.63.233.64:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 185.82.94.183:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 44.238.239.44:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 106.209.196.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 196.214.132.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 41.250.22.117:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 193.18.59.3:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 180.6.233.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 116.232.6.68:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 175.107.184.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 92.36.251.195:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 12.187.95.36:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 107.89.145.72:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 79.198.99.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 117.228.238.255:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 76.148.28.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 114.128.138.126:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 68.66.135.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.52.69.3:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 98.18.61.136:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 173.53.178.72:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 76.168.135.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 165.172.39.107:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 50.158.0.247:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 120.143.91.140:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 200.111.221.225:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 34.155.4.55:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 217.69.23.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 19.177.168.146:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 216.224.237.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 147.80.5.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 53.20.64.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 211.193.226.142:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 145.185.193.68:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 206.159.83.216:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 70.199.9.6:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 223.53.102.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 200.126.190.160:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 122.244.36.212:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 204.211.2.226:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 92.106.68.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 108.248.187.56:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 122.179.10.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 62.220.119.231:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 122.74.84.142:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 43.225.32.79:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 83.35.203.186:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 161.65.140.227:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 84.220.18.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 169.128.114.121:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 186.129.212.47:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 128.152.239.164:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 46.93.62.11:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 35.80.152.150:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 183.104.197.168:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 197.56.244.64:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 96.203.68.248:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 191.179.47.141:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 200.11.68.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 126.150.190.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 87.44.170.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 112.104.134.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 188.228.107.218:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.173.170.253:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 34.200.39.238:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 198.96.94.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 199.204.74.32:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 99.198.240.88:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.67.40.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 201.189.10.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 138.134.120.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 61.46.244.204:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 220.149.126.162:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 13.178.152.229:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 185.73.172.44:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 208.26.215.41:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 31.228.114.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 25.231.250.45:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 132.218.77.178:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 164.133.174.134:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 105.228.89.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.69.247.220:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.72.68.10:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 201.217.254.76:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 114.84.30.197:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 154.224.95.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 210.121.66.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 125.231.155.32:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 60.67.63.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 129.84.157.67:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 38.196.187.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 142.82.246.126:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 138.119.53.220:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 143.177.179.24:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 95.68.155.41:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 31.25.121.79:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 161.235.13.163:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 174.70.162.44:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 54.62.49.14:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 194.192.116.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 154.63.210.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 1.226.188.144:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 89.67.173.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 125.11.126.10:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 101.206.49.219:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.47.5.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 87.201.131.139:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 126.107.135.141:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 38.74.105.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 131.127.102.245:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 50.207.11.104:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 108.216.25.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 68.42.161.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 54.231.165.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 45.110.67.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 64.43.218.251:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 89.122.173.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 126.108.225.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 178.46.100.16:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 85.100.182.92:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 110.145.14.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 108.132.209.94:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 179.20.192.28:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 211.18.108.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 34.199.26.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 40.92.156.141:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 25.214.69.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 109.150.108.178:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 183.172.245.150:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 135.228.106.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 121.71.246.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 201.188.137.215:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 210.155.218.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 179.244.71.216:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 61.187.9.203:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 50.15.136.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 167.133.142.35:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 50.118.36.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 185.221.43.145:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 175.112.193.121:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 46.249.19.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 177.114.28.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.188.7.207:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 76.248.238.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 158.38.219.32:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 198.93.18.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 42.71.17.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.129.47.40:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 153.216.151.251:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 133.10.121.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 78.170.139.115:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 46.36.190.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 119.142.181.156:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 148.138.9.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 8.237.200.248:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 57.21.121.189:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 218.199.157.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 54.207.26.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 131.91.247.134:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 147.161.220.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 100.11.20.9:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 189.157.227.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 43.222.235.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 188.157.57.202:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 102.151.3.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.122.130.42:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 9.19.235.137:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 117.109.12.52:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 46.209.229.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 130.228.137.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 93.50.36.187:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 108.70.80.29:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 194.83.197.41:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 205.82.8.84:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.208.60.162:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 23.183.153.217:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 161.161.188.26:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 166.7.127.6:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 48.117.26.3:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 118.48.19.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 99.109.237.91:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 193.107.164.228:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 86.97.58.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 200.13.119.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 159.135.162.137:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 152.224.122.48:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 210.173.166.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 180.255.55.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 13.67.101.119:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 142.91.203.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 183.96.19.178:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 209.223.88.226:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 73.21.234.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 99.53.89.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 143.184.240.25:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 156.76.169.28:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 137.140.32.111:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 156.113.143.251:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 53.240.169.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 108.16.28.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 157.55.218.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 57.165.73.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 84.64.189.93:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 2.59.136.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 95.124.210.211:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 58.161.233.228:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 115.54.24.165:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 67.27.200.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 156.213.53.7:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 103.135.162.146:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 12.48.247.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 155.147.175.161:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 219.194.191.220:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 80.156.16.124:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 134.253.86.218:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 133.253.142.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 41.143.144.219:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 163.247.58.114:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 166.99.146.15:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 168.133.17.229:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 121.91.247.45:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 186.185.223.33:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 66.19.157.158:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 141.69.167.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 148.57.6.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 135.201.101.3:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 175.0.177.64:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 84.92.30.161:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 162.237.122.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 5.79.247.44:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 170.59.248.225:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.87.9.115:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 61.217.85.25:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 24.135.15.224:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 42.216.35.165:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 9.91.215.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 101.10.177.226:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 81.192.121.178:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 12.200.68.40:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 186.57.21.117:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 179.139.204.10:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 25.128.143.233:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 144.150.162.36:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 79.112.130.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 135.110.166.225:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 165.217.181.182:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 4.190.214.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 42.79.87.212:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 211.245.208.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 104.47.7.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 132.87.212.48:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 128.78.9.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 46.0.34.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 210.96.48.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 19.110.102.120:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 60.74.217.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 208.4.133.13:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 121.125.47.54:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 188.72.55.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 107.9.216.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 37.214.235.24:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 63.247.46.239:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 77.22.246.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 123.63.127.139:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 182.59.249.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 196.126.148.214:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 66.197.76.56:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 100.193.54.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 140.77.160.74:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 71.206.6.169:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 17.194.185.4:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 19.153.106.120:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 23.205.115.14:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 123.30.50.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 44.180.132.37:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 103.252.184.218:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 202.106.123.218:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 193.129.223.251:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 184.201.252.198:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 166.147.228.246:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 92.149.182.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 189.15.100.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 199.140.205.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 78.202.238.105:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 203.109.212.176:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 200.249.57.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 40.35.199.74:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 139.242.151.45:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.57.112.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 130.126.22.31:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 44.206.159.176:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 218.79.123.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 207.38.138.22:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 171.215.126.40:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 12.187.126.169:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 199.66.165.104:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 151.168.13.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 181.238.37.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 196.212.9.81:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 41.225.85.52:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 47.5.61.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 39.92.202.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 31.228.4.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 220.247.216.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 113.63.244.166:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 138.157.123.85:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 182.102.235.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 4.109.79.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 65.73.103.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 46.204.100.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 125.113.107.42:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 144.160.111.83:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 113.135.239.101:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 170.204.115.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 173.219.234.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 168.88.30.81:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 59.140.24.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 130.160.52.239:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 184.246.63.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 190.77.86.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 178.213.141.85:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 126.189.80.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 221.36.113.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.80.125.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 190.235.244.111:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 2.67.92.243:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 89.157.147.9:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 157.47.4.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 146.21.21.84:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 160.183.30.8:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 44.132.47.104:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 197.106.58.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 54.206.194.178:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 97.157.93.143:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 61.6.93.190:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 87.31.63.156:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 150.67.124.139:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 144.210.147.40:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 156.170.80.107:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 98.127.193.43:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 51.88.6.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.145.165.197:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 129.184.143.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 121.232.94.182:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 65.9.139.4:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 61.145.91.24:2323

Sample listens on a socket

Source: /tmp/w18Ys8qKuX.elf (PID: 5434)	Socket: 127.0.0.1:38273	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	Socket: 0.0.0.0:0	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	Socket: 0.0.0.0:23	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	Socket: 0.0.0.0:53413	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	Socket: 0.0.0.0:80	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	Socket: 0.0.0.0:52869	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	Socket: 0.0.0.0:37215	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	Socket: 0.0.0.0:0	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	Socket: 0.0.0.0:23	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	Socket: 0.0.0.0:53413	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	Socket: 0.0.0.0:80	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	Socket: 0.0.0.0:52869	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	Socket: 0.0.0.0:37215	Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 198.50.207.21
Source: unknown	TCP traffic detected without corresponding DNS query: 198.50.207.21
Source: unknown	TCP traffic detected without corresponding DNS query: 198.50.207.21
Source: unknown	TCP traffic detected without corresponding DNS query: 125.216.175.188
Source: unknown	TCP traffic detected without corresponding DNS query: 129.7.92.250
Source: unknown	TCP traffic detected without corresponding DNS query: 140.70.112.25
Source: unknown	TCP traffic detected without corresponding DNS query: 118.190.182.34
Source: unknown	TCP traffic detected without corresponding DNS query: 139.168.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 36.116.232.153
Source: unknown	TCP traffic detected without corresponding DNS query: 136.250.162.22
Source: unknown	TCP traffic detected without corresponding DNS query: 2.244.181.188
Source: unknown	TCP traffic detected without corresponding DNS query: 162.157.70.254
Source: unknown	TCP traffic detected without corresponding DNS query: 140.211.225.251
Source: unknown	TCP traffic detected without corresponding DNS query: 197.218.167.253
Source: unknown	TCP traffic detected without corresponding DNS query: 58.157.226.217
Source: unknown	TCP traffic detected without corresponding DNS query: 74.227.32.169
Source: unknown	TCP traffic detected without corresponding DNS query: 119.98.70.26
Source: unknown	TCP traffic detected without corresponding DNS query: 158.199.107.1
Source: unknown	TCP traffic detected without corresponding DNS query: 88.78.5.254
Source: unknown	TCP traffic detected without corresponding DNS query: 91.186.176.13
Source: unknown	TCP traffic detected without corresponding DNS query: 135.252.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 106.69.14.198
Source: unknown	TCP traffic detected without corresponding DNS query: 99.53.67.186
Source: unknown	TCP traffic detected without corresponding DNS query: 205.62.206.115
Source: unknown	TCP traffic detected without corresponding DNS query: 75.149.19.212
Source: unknown	TCP traffic detected without corresponding DNS query: 167.65.175.172
Source: unknown	TCP traffic detected without corresponding DNS query: 81.111.39.128
Source: unknown	TCP traffic detected without corresponding DNS query: 65.97.136.41
Source: unknown	TCP traffic detected without corresponding DNS query: 191.238.1.67
Source: unknown	TCP traffic detected without corresponding DNS query: 98.217.119.110
Source: unknown	TCP traffic detected without corresponding DNS query: 42.122.243.46
Source: unknown	TCP traffic detected without corresponding DNS query: 98.50.189.161
Source: unknown	TCP traffic detected without corresponding DNS query: 178.11.121.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.120.36.55
Source: unknown	TCP traffic detected without corresponding DNS query: 145.182.238.193
Source: unknown	TCP traffic detected without corresponding DNS query: 14.47.201.44
Source: unknown	TCP traffic detected without corresponding DNS query: 87.251.214.106
Source: unknown	TCP traffic detected without corresponding DNS query: 48.83.52.231
Source: unknown	TCP traffic detected without corresponding DNS query: 199.68.142.230
Source: unknown	TCP traffic detected without corresponding DNS query: 114.211.27.201
Source: unknown	TCP traffic detected without corresponding DNS query: 131.219.231.104
Source: unknown	TCP traffic detected without corresponding DNS query: 49.46.34.87
Source: unknown	TCP traffic detected without corresponding DNS query: 85.132.53.37
Source: unknown	TCP traffic detected without corresponding DNS query: 111.164.82.140
Source: unknown	TCP traffic detected without corresponding DNS query: 43.28.69.69
Source: unknown	TCP traffic detected without corresponding DNS query: 152.79.151.47
Source: unknown	TCP traffic detected without corresponding DNS query: 141.246.229.73
Source: unknown	TCP traffic detected without corresponding DNS query: 169.73.78.237
Source: unknown	TCP traffic detected without corresponding DNS query: 161.193.194.169
Source: unknown	TCP traffic detected without corresponding DNS query: 120.44.45.118

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 5437, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 792, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 803, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 855, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 1410, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3181, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3183, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3185, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3300, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3327, result: successful	Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 5437, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 792, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 803, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 855, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 1410, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3181, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3183, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3185, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3300, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3327, result: successful	Jump to behavior

Source: classification engine

Classification label: mal60.spre.linELF@0/0@0/0

Enumerates processes within the "proc" file system

Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3122/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3122/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3117/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3117/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3114/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3114/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/914/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/914/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/914/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/518/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/519/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/5418/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/917/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/5419/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/5274/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3134/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3134/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3375/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3132/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3132/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3095/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3095/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1745/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1745/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1866/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1866/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1588/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1588/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/884/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1982/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1982/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/765/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/765/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/765/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3246/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3246/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/800/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/767/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1906/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1906/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/802/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/802/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/802/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/803/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1748/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1748/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3783/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3420/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1482/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1482/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/490/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1480/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1480/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1755/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1755/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1238/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1875/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1875/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/2964/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3413/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1751/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1751/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1872/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1872/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/2961/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/2961/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1475/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1475/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/656/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/778/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/778/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/778/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/657/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/658/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/659/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/5437/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/418/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/936/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/419/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/816/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/816/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/816/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1879/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1879/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1891/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1891/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3310/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3310/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3153/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3153/exe	Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/w18Ys8qKuX.elf (PID: 5434)

Queries kernel information via 'uname':

Jump to behavior

Source: w18Ys8qKuX.elf, 5434.1.000055f7c464d000.000055f7c46d4000.rw-.sdmp, w18Ys8qKuX.elf, 5439.1.000055f7c464d000.000055f7c46d4000.rw-.sdmp, w18Ys8qKuX.elf, 5445.1.000055f7c464d000.000055f7c46d4000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: w18Ys8qKuX.elf, 5434.1.00007ffebf013000.00007ffebf034000.rw-.sdmp, w18Ys8qKuX.elf, 5439.1.00007ffebf013000.00007ffebf034000.rw-.sdmp, w18Ys8qKuX.elf, 5445.1.00007ffebf013000.00007ffebf034000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/w18Ys8qKuX.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/w18Ys8qKuX.elf
Source: w18Ys8qKuX.elf, 5434.1.000055f7c464d000.000055f7c46d4000.rw-.sdmp, w18Ys8qKuX.elf, 5439.1.000055f7c464d000.000055f7c46d4000.rw-.sdmp, w18Ys8qKuX.elf, 5445.1.000055f7c464d000.000055f7c46d4000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: w18Ys8qKuX.elf, 5434.1.00007ffebf013000.00007ffebf034000.rw-.sdmp, w18Ys8qKuX.elf, 5439.1.00007ffebf013000.00007ffebf034000.rw-.sdmp, w18Ys8qKuX.elf, 5445.1.00007ffebf013000.00007ffebf034000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.116.115.2	unknown	United States	36351	SOFTLAYERUS	false
62.184.120.191	unknown	European Union	34456	RIALCOM-ASRU	false
167.97.33.13	unknown	United States	2055	LSU-1US	false
188.163.235.110	unknown	Ukraine	15895	KSNET-ASUA	false
14.67.40.223	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
143.10.100.91	unknown	United States	11003	PANDGUS	false
99.173.65.58	unknown	United States	7018	ATT-INTERNET4US	false
62.202.185.159	unknown	Switzerland	12684	SES-LUX-ASLU	false
180.3.93.202	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
94.137.71.224	unknown	Russian Federation	47645	STC-NET-ASRU	false
103.3.63.198	unknown	Singapore	63949	LINODE-APLinodeLLCUS	false
86.55.112.221	unknown	Iran (ISLAMIC Republic Of)	197207	MCCI-ASIR	false
61.25.66.207	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
123.157.6.100	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
117.47.205.211	unknown	Thailand	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
191.209.11.55	unknown	Brazil	27699	TELEFONICABRASILSABR	false
42.7.180.32	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
84.184.1.168	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
31.253.120.214	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
54.89.246.9	unknown	United States	14618	AMAZON-AESUS	false
125.24.137.200	unknown	Thailand	23969	TOT-NETTOTPublicCompanyLimitedTH	false
161.202.201.205	unknown	United States	36351	SOFTLAYERUS	false
140.65.45.98	unknown	United States	23700	FASTNET-AS-IDLinknet-FastnetASNID	false
58.236.72.72	unknown	Korea Republic of	9318	SKB-ASSKBroadbandCoLtdKR	false
100.158.114.198	unknown	United States	21928	T-MOBILE-AS21928US	false
183.24.157.184	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
102.39.2.52	unknown	South Africa	11845	Vox-TelecomZA	false
41.60.62.66	unknown	Mauritius	30969	ZOL-ASGB	false
65.72.49.21	unknown	United States	3491	BTN-ASNUS	false
121.120.253.60	unknown	Malaysia	9534	MAXIS-AS1-APBinariangBerhadMY	false
38.84.218.41	unknown	United States	174	COGENT-174US	false
72.188.139.246	unknown	United States	33363	BHN-33363US	false
66.170.150.214	unknown	Canada	21724	RADIANT-TORONTOCA	false
193.105.108.29	unknown	United Kingdom	207476	LV_IZSLV	false
102.110.181.131	unknown	Tunisia	37693	TUNISIANATN	false
139.156.139.202	unknown	Netherlands	2497	IIJInternetInitiativeJapanIncJP	false
65.203.183.63	unknown	United States	701	UUNETUS	false
217.121.200.193	unknown	Netherlands	33915	TNF-ASNL	false
71.6.121.60	unknown	United States	14265	US-TELEPACIFICUS	false
207.95.58.101	unknown	United States	7029	WINDSTREAMUS	false
178.84.62.108	unknown	Netherlands	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
88.190.10.20	unknown	France	12322	PROXADFR	false
120.91.116.214	unknown	China	45057	CNNIC-TIETONG-APCHINATIETONGSHANGHAICN	false
142.94.227.97	unknown	Canada	393952	GOANETCA	false
101.233.126.237	unknown	China	17816	CHINA169-GZChinaUnicomIPnetworkChina169Guangdongprovi	false
45.243.89.25	unknown	Egypt	24863	LINKdotNET-ASEG	false
153.128.79.106	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
136.65.10.249	unknown	United States	60311	ONEFMCH	false
66.85.119.78	unknown	United States	14265	US-TELEPACIFICUS	false
25.113.151.174	unknown	United Kingdom	7922	COMCAST-7922US	false
183.19.27.103	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
89.153.228.45	unknown	Portugal	2860	NOS_COMUNICACOESPT	false
52.52.139.168	unknown	United States	16509	AMAZON-02US	false
126.14.28.97	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
126.42.103.255	unknown	Japan	17676	GIGAINFRASoftbankBBCorpJP	false
49.7.70.74	unknown	China	23724	CHINANET-IDC-BJ-APIDCChinaTelecommunicationsCorporation	false
53.18.141.44	unknown	Germany	31399	DAIMLER-ASITIGNGlobalNetworkDE	false
164.91.229.1	unknown	United States	36075	SPACELABS-HEALTHCAREUS	false
168.215.50.172	unknown	United States	10753	LVLT-10753US	false
119.172.44.51	unknown	Japan	9824	JTCL-JP-ASJupiterTelecommunicationCoLtdJP	false
183.104.26.40	unknown	Korea Republic of	4766	KIXS-AS-KRKoreaTelecomKR	false
149.91.243.255	unknown	United States	174	COGENT-174US	false
5.198.240.144	unknown	Jordan	9038	BAT-AS9038JO	false
25.8.180.12	unknown	United Kingdom	7922	COMCAST-7922US	false
181.127.253.4	unknown	Paraguay	23201	TelecelSAPY	false
206.11.252.2	unknown	United States	5006	VOYANTUS	false
8.3.55.179	unknown	United States	63402	UCDP-ORLCORPUS	false
172.235.247.39	unknown	United States	20940	AKAMAI-ASN1EU	false
203.184.145.198	unknown	Hong Kong	10032	HGC-AS-APHGCGlobalCommunicationsLimitedHK	false
75.16.157.178	unknown	United States	7018	ATT-INTERNET4US	false
134.255.116.85	unknown	Hungary	5483	MAGYAR-TELEKOM-MAIN-ASMagyarTelekomNyrtHU	false
178.244.73.75	unknown	Turkey	16135	TURKCELL-ASTurkcellASTR	false
194.236.46.112	unknown	Sweden	3301	TELIANET-SWEDENTeliaCompanySE	false
89.176.39.57	unknown	Czech Republic	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
160.14.239.112	unknown	Japan	2907	SINET-ASResearchOrganizationofInformationandSystemsN	false
40.85.107.162	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
63.189.140.12	unknown	United States	1239	SPRINTLINKUS	false
118.194.247.43	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
77.97.157.230	unknown	United Kingdom	5089	NTLGB	false
191.184.146.242	unknown	Brazil	28573	CLAROSABR	false
124.53.84.243	unknown	Korea Republic of	17858	POWERVIS-AS-KRLGPOWERCOMMKR	false
202.158.51.51	unknown	Indonesia	4787	ASN-CBNPTCyberindoAditamaID	false
96.152.107.79	unknown	United States	7922	COMCAST-7922US	false
134.241.88.239	unknown	United States	1256	MASSNET-ASUS	false
78.137.136.94	unknown	Ireland	31122	DIGIWEB-ASIE	false
180.172.248.183	unknown	China	4812	CHINANET-SH-APChinaTelecomGroupCN	false
134.19.84.90	unknown	Germany	57353	VITROCONNECT-ASDE	false
220.97.71.181	unknown	Japan	4713	OCNNTTCommunicationsCorporationJP	false
183.73.33.236	unknown	Japan	9605	DOCOMONTTDOCOMOINCJP	false
83.164.180.20	unknown	Austria	35369	LINZAG-TELEKOM-ASAT	false
42.85.18.236	unknown	China	4837	CHINA169-BACKBONECHINAUNICOMChina169BackboneCN	false
25.239.201.59	unknown	United Kingdom	7922	COMCAST-7922US	false
89.74.94.202	unknown	Poland	6830	LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHolding	false
8.208.73.251	unknown	Singapore	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
36.138.89.150	unknown	China	56044	CMNET-AS-LIAONINGChinaMobilecommunicationscorporationC	false
95.187.48.183	unknown	Saudi Arabia	39891	ALJAWWALSTC-ASSA	false
220.243.135.144	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
152.2.60.13	unknown	United States	36850	UNC-CHUS	false
151.232.14.120	unknown	Iran (ISLAMIC Republic Of)	58224	TCIIR	false
109.239.104.162	unknown	United Kingdom	33920	AQLGB	false

AV Detection

Antivirus / Scanner detection for submitted sample

Source: w18Ys8qKuX.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: w18Ys8qKuX.elf

ReversingLabs: Detection: 68%

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.13:57544 -> 198.50.207.21:1024
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 125.216.175.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 140.211.225.251:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 135.252.33.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 110.23.155.160:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 87.251.214.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 85.132.53.37:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 196.154.34.246:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 93.82.227.5:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 120.106.1.88:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 32.239.163.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 78.72.181.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 67.60.129.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 121.73.175.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 20.183.51.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 154.78.171.187:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 129.65.14.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 206.26.121.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 210.99.194.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 201.251.0.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 165.165.177.234:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 180.170.67.64:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 186.171.64.9:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 92.2.177.25:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 8.156.231.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 142.120.32.192:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 135.218.150.65:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 144.246.226.170:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 189.85.248.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 146.216.46.163:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 130.116.45.88:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 179.241.17.209:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 89.141.116.49:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 150.55.12.33:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 157.234.108.151:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 218.3.31.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 9.26.11.73:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.1.202.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 134.243.173.149:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 69.71.173.94:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 141.125.154.160:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 116.137.110.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 18.224.71.16:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 27.142.122.182:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 150.236.190.228:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 132.76.44.38:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 49.117.127.143:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 198.79.40.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 211.229.206.203:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 9.245.85.90:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 40.128.139.246:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 170.215.172.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 49.3.104.173:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 65.169.99.38:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 205.238.246.181:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 146.52.20.131:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 119.44.247.203:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 179.37.252.169:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 203.37.14.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 173.49.82.19:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 90.215.108.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 131.25.148.9:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 118.47.206.157:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 102.50.54.76:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 190.27.204.30:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 183.255.183.11:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 117.49.223.239:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.81.49.140:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 194.59.230.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 104.197.242.44:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 178.44.157.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 78.63.23.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 63.155.202.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 199.194.232.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 208.227.103.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 107.45.58.4:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 222.217.103.143:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 85.88.128.177:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 189.32.20.58:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 189.181.240.33:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 58.249.166.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 220.0.143.198:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 181.202.108.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 171.168.16.180:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 132.120.224.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 76.146.86.154:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 183.176.192.142:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 66.182.76.221:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 112.224.73.105:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 142.227.32.170:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 210.117.65.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 65.138.137.38:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 32.151.49.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 35.208.153.5:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 120.97.137.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 83.119.255.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 99.5.234.216:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 8.206.117.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 35.230.156.241:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 157.165.39.149:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 129.87.253.183:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 46.138.130.98:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 70.197.135.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 191.214.159.171:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 204.240.219.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 153.14.155.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 142.110.159.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 154.215.61.24:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 53.133.69.136:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 41.147.104.79:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 91.185.74.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 86.25.51.92:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 71.77.6.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 187.253.171.145:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 113.99.229.229:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 60.153.51.217:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 205.72.120.189:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 200.26.58.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 38.58.253.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 63.75.7.114:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 90.133.120.166:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 84.93.109.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 149.160.188.226:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 143.23.119.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 137.65.69.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 111.209.120.125:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 167.217.154.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 109.46.197.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 101.146.255.7:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 212.59.9.148:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 136.95.132.154:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 75.91.254.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 203.236.183.174:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 23.168.235.179:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 122.118.36.173:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 58.254.111.83:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 200.106.89.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 126.156.133.49:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 114.211.142.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 199.13.181.157:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 213.85.230.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 122.145.112.255:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 62.172.162.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 221.28.160.65:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 138.42.31.238:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 41.244.179.48:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 222.170.242.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 203.11.103.251:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 53.216.205.168:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 89.162.43.210:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 67.228.209.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 4.23.31.233:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 47.39.98.129:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 47.182.214.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 24.63.233.64:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 185.82.94.183:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 44.238.239.44:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 106.209.196.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 196.214.132.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 41.250.22.117:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 193.18.59.3:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 180.6.233.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 116.232.6.68:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 175.107.184.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 92.36.251.195:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 12.187.95.36:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 107.89.145.72:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 79.198.99.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 117.228.238.255:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 76.148.28.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 114.128.138.126:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 68.66.135.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.52.69.3:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 98.18.61.136:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 173.53.178.72:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 76.168.135.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 165.172.39.107:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 50.158.0.247:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 120.143.91.140:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 200.111.221.225:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 34.155.4.55:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 217.69.23.78:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 19.177.168.146:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 216.224.237.236:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 147.80.5.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 53.20.64.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 211.193.226.142:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 145.185.193.68:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 206.159.83.216:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 70.199.9.6:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 223.53.102.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 200.126.190.160:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 122.244.36.212:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 204.211.2.226:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 92.106.68.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 108.248.187.56:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 122.179.10.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 62.220.119.231:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 122.74.84.142:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 43.225.32.79:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 83.35.203.186:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 161.65.140.227:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 84.220.18.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 169.128.114.121:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 186.129.212.47:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 128.152.239.164:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 46.93.62.11:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 35.80.152.150:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 183.104.197.168:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 197.56.244.64:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 96.203.68.248:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 191.179.47.141:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 200.11.68.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 126.150.190.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 87.44.170.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 112.104.134.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 188.228.107.218:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.173.170.253:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 34.200.39.238:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 198.96.94.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 199.204.74.32:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 99.198.240.88:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.67.40.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 201.189.10.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 138.134.120.172:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 61.46.244.204:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 220.149.126.162:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 13.178.152.229:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 185.73.172.44:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 208.26.215.41:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 31.228.114.188:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 25.231.250.45:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 132.218.77.178:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 164.133.174.134:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 105.228.89.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.69.247.220:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.72.68.10:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 201.217.254.76:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 114.84.30.197:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 154.224.95.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 210.121.66.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 125.231.155.32:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 60.67.63.244:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 129.84.157.67:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 38.196.187.100:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 142.82.246.126:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 138.119.53.220:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 143.177.179.24:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 95.68.155.41:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 31.25.121.79:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 161.235.13.163:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 174.70.162.44:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 54.62.49.14:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 194.192.116.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 154.63.210.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 1.226.188.144:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 89.67.173.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 125.11.126.10:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 101.206.49.219:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.47.5.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 87.201.131.139:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 126.107.135.141:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 38.74.105.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 131.127.102.245:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 50.207.11.104:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 108.216.25.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 68.42.161.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 54.231.165.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 45.110.67.147:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 64.43.218.251:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 89.122.173.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 126.108.225.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 178.46.100.16:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 85.100.182.92:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 110.145.14.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 108.132.209.94:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 179.20.192.28:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 211.18.108.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 34.199.26.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 40.92.156.141:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 25.214.69.113:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 109.150.108.178:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 183.172.245.150:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 135.228.106.1:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 121.71.246.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 201.188.137.215:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 210.155.218.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 179.244.71.216:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 61.187.9.203:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 50.15.136.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 167.133.142.35:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 50.118.36.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 185.221.43.145:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 175.112.193.121:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 46.249.19.89:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 177.114.28.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.188.7.207:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 76.248.238.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 158.38.219.32:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 198.93.18.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 42.71.17.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.129.47.40:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 153.216.151.251:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 133.10.121.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 78.170.139.115:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 46.36.190.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 119.142.181.156:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 148.138.9.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 8.237.200.248:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 57.21.121.189:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 218.199.157.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 54.207.26.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 131.91.247.134:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 147.161.220.17:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 100.11.20.9:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 189.157.227.87:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 43.222.235.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 188.157.57.202:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 102.151.3.153:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.122.130.42:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 9.19.235.137:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 117.109.12.52:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 46.209.229.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 130.228.137.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 93.50.36.187:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 108.70.80.29:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 194.83.197.41:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 205.82.8.84:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.208.60.162:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 23.183.153.217:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 161.161.188.26:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 166.7.127.6:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 48.117.26.3:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 118.48.19.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 99.109.237.91:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 193.107.164.228:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 86.97.58.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 200.13.119.112:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 159.135.162.137:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 152.224.122.48:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 210.173.166.50:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 180.255.55.70:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 13.67.101.119:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 142.91.203.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 183.96.19.178:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 209.223.88.226:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 73.21.234.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 99.53.89.230:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 143.184.240.25:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 156.76.169.28:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 137.140.32.111:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 156.113.143.251:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 53.240.169.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 108.16.28.138:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 157.55.218.59:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 57.165.73.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 84.64.189.93:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 2.59.136.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 95.124.210.211:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 58.161.233.228:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 115.54.24.165:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 67.27.200.235:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 156.213.53.7:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 103.135.162.146:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 12.48.247.20:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 155.147.175.161:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 219.194.191.220:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 80.156.16.124:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 134.253.86.218:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 133.253.142.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 41.143.144.219:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 163.247.58.114:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 166.99.146.15:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 168.133.17.229:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 121.91.247.45:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 186.185.223.33:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 66.19.157.158:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 141.69.167.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 148.57.6.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 135.201.101.3:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 175.0.177.64:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 84.92.30.161:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 162.237.122.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 5.79.247.44:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 170.59.248.225:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 14.87.9.115:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 61.217.85.25:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 24.135.15.224:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 42.216.35.165:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 9.91.215.133:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 101.10.177.226:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 81.192.121.178:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 12.200.68.40:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 186.57.21.117:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 179.139.204.10:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 25.128.143.233:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 144.150.162.36:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 79.112.130.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 135.110.166.225:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 165.217.181.182:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 4.190.214.200:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 42.79.87.212:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 211.245.208.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 104.47.7.254:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 132.87.212.48:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 128.78.9.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 46.0.34.34:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 210.96.48.222:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 19.110.102.120:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 60.74.217.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 208.4.133.13:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 121.125.47.54:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 188.72.55.57:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 107.9.216.39:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 37.214.235.24:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 63.247.46.239:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 77.22.246.86:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 123.63.127.139:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 182.59.249.116:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 196.126.148.214:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 66.197.76.56:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 100.193.54.18:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 140.77.160.74:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 71.206.6.169:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 17.194.185.4:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 19.153.106.120:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 23.205.115.14:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 123.30.50.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 44.180.132.37:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 103.252.184.218:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 202.106.123.218:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 193.129.223.251:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 184.201.252.198:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 166.147.228.246:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 92.149.182.51:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 189.15.100.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 199.140.205.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 78.202.238.105:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 203.109.212.176:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 200.249.57.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 40.35.199.74:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 139.242.151.45:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.57.112.60:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 130.126.22.31:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 44.206.159.176:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 218.79.123.194:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 207.38.138.22:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 171.215.126.40:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 12.187.126.169:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 199.66.165.104:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 151.168.13.2:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 181.238.37.252:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 196.212.9.81:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 41.225.85.52:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 47.5.61.193:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 39.92.202.249:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 31.228.4.250:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 220.247.216.201:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 113.63.244.166:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 138.157.123.85:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 182.102.235.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 4.109.79.62:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 65.73.103.128:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 46.204.100.46:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 125.113.107.42:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 144.160.111.83:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 113.135.239.101:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 170.204.115.184:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 173.219.234.71:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 168.88.30.81:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 59.140.24.103:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 130.160.52.239:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 184.246.63.130:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 190.77.86.69:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 178.213.141.85:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 126.189.80.208:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 221.36.113.206:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.80.125.223:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 190.235.244.111:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 2.67.92.243:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 89.157.147.9:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 157.47.4.77:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 146.21.21.84:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 160.183.30.8:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 44.132.47.104:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 197.106.58.159:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 54.206.194.178:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 97.157.93.143:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 61.6.93.190:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 87.31.63.156:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 150.67.124.139:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 144.210.147.40:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 156.170.80.107:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 98.127.193.43:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 51.88.6.27:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 88.145.165.197:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 129.184.143.106:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 121.232.94.182:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 65.9.139.4:2323
Source: global traffic	TCP traffic: 192.168.2.13:19377 -> 61.145.91.24:2323

Sample listens on a socket

Source: /tmp/w18Ys8qKuX.elf (PID: 5434)	Socket: 127.0.0.1:38273	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	Socket: 0.0.0.0:0	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	Socket: 0.0.0.0:23	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	Socket: 0.0.0.0:53413	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	Socket: 0.0.0.0:80	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	Socket: 0.0.0.0:52869	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	Socket: 0.0.0.0:37215	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	Socket: 0.0.0.0:0	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	Socket: 0.0.0.0:23	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	Socket: 0.0.0.0:53413	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	Socket: 0.0.0.0:80	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	Socket: 0.0.0.0:52869	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	Socket: 0.0.0.0:37215	Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 198.50.207.21
Source: unknown	TCP traffic detected without corresponding DNS query: 198.50.207.21
Source: unknown	TCP traffic detected without corresponding DNS query: 198.50.207.21
Source: unknown	TCP traffic detected without corresponding DNS query: 125.216.175.188
Source: unknown	TCP traffic detected without corresponding DNS query: 129.7.92.250
Source: unknown	TCP traffic detected without corresponding DNS query: 140.70.112.25
Source: unknown	TCP traffic detected without corresponding DNS query: 118.190.182.34
Source: unknown	TCP traffic detected without corresponding DNS query: 139.168.238.69
Source: unknown	TCP traffic detected without corresponding DNS query: 36.116.232.153
Source: unknown	TCP traffic detected without corresponding DNS query: 136.250.162.22
Source: unknown	TCP traffic detected without corresponding DNS query: 2.244.181.188
Source: unknown	TCP traffic detected without corresponding DNS query: 162.157.70.254
Source: unknown	TCP traffic detected without corresponding DNS query: 140.211.225.251
Source: unknown	TCP traffic detected without corresponding DNS query: 197.218.167.253
Source: unknown	TCP traffic detected without corresponding DNS query: 58.157.226.217
Source: unknown	TCP traffic detected without corresponding DNS query: 74.227.32.169
Source: unknown	TCP traffic detected without corresponding DNS query: 119.98.70.26
Source: unknown	TCP traffic detected without corresponding DNS query: 158.199.107.1
Source: unknown	TCP traffic detected without corresponding DNS query: 88.78.5.254
Source: unknown	TCP traffic detected without corresponding DNS query: 91.186.176.13
Source: unknown	TCP traffic detected without corresponding DNS query: 135.252.33.200
Source: unknown	TCP traffic detected without corresponding DNS query: 106.69.14.198
Source: unknown	TCP traffic detected without corresponding DNS query: 99.53.67.186
Source: unknown	TCP traffic detected without corresponding DNS query: 205.62.206.115
Source: unknown	TCP traffic detected without corresponding DNS query: 75.149.19.212
Source: unknown	TCP traffic detected without corresponding DNS query: 167.65.175.172
Source: unknown	TCP traffic detected without corresponding DNS query: 81.111.39.128
Source: unknown	TCP traffic detected without corresponding DNS query: 65.97.136.41
Source: unknown	TCP traffic detected without corresponding DNS query: 191.238.1.67
Source: unknown	TCP traffic detected without corresponding DNS query: 98.217.119.110
Source: unknown	TCP traffic detected without corresponding DNS query: 42.122.243.46
Source: unknown	TCP traffic detected without corresponding DNS query: 98.50.189.161
Source: unknown	TCP traffic detected without corresponding DNS query: 178.11.121.226
Source: unknown	TCP traffic detected without corresponding DNS query: 185.120.36.55
Source: unknown	TCP traffic detected without corresponding DNS query: 145.182.238.193
Source: unknown	TCP traffic detected without corresponding DNS query: 14.47.201.44
Source: unknown	TCP traffic detected without corresponding DNS query: 87.251.214.106
Source: unknown	TCP traffic detected without corresponding DNS query: 48.83.52.231
Source: unknown	TCP traffic detected without corresponding DNS query: 199.68.142.230
Source: unknown	TCP traffic detected without corresponding DNS query: 114.211.27.201
Source: unknown	TCP traffic detected without corresponding DNS query: 131.219.231.104
Source: unknown	TCP traffic detected without corresponding DNS query: 49.46.34.87
Source: unknown	TCP traffic detected without corresponding DNS query: 85.132.53.37
Source: unknown	TCP traffic detected without corresponding DNS query: 111.164.82.140
Source: unknown	TCP traffic detected without corresponding DNS query: 43.28.69.69
Source: unknown	TCP traffic detected without corresponding DNS query: 152.79.151.47
Source: unknown	TCP traffic detected without corresponding DNS query: 141.246.229.73
Source: unknown	TCP traffic detected without corresponding DNS query: 169.73.78.237
Source: unknown	TCP traffic detected without corresponding DNS query: 161.193.194.169
Source: unknown	TCP traffic detected without corresponding DNS query: 120.44.45.118

System Summary

Sample tries to kill multiple processes (SIGKILL)

Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 5437, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 792, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 803, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 855, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 1410, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3181, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3183, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3185, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3300, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3327, result: successful	Jump to behavior

Sample has stripped symbol table

Source: ELF static info symbol of initial sample

.symtab present: no

Sample tries to kill a process (SIGKILL)

Source: /tmp/w18Ys8qKuX.elf (PID: 5437)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 936, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 5437, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 726, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 765, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 792, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 803, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 855, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 884, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 1410, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 1411, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 2935, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 2936, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3181, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3183, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3185, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3300, result: successful	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	SIGKILL sent: pid: 3327, result: successful	Jump to behavior

Source: classification engine

Classification label: mal60.spre.linELF@0/0@0/0

Enumerates processes within the "proc" file system

Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3122/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3122/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3117/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3117/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3114/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3114/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/914/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/914/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/914/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/518/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/519/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/5418/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/917/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/917/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/5419/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/5274/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3134/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3134/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3375/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3132/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3132/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3095/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3095/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1745/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1745/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1866/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1866/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1588/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1588/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/884/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1982/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1982/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/765/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/765/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/765/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3246/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3246/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/800/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/767/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/767/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1906/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1906/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/802/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/802/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/802/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/803/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/803/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1748/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1748/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3783/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3420/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1482/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1482/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/490/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/490/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1480/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1480/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1755/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1755/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1238/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1875/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1875/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/2964/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3413/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1751/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1751/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1872/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1872/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/2961/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/2961/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1475/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1475/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/656/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/778/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/778/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/778/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/657/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/658/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/659/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/5437/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/418/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/936/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/936/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/419/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/816/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/816/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/816/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1879/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1879/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1891/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/1891/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3310/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3310/exe	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3153/fd	Jump to behavior
Source: /tmp/w18Ys8qKuX.elf (PID: 5443)	File opened: /proc/3153/exe	Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /tmp/w18Ys8qKuX.elf (PID: 5434)

Queries kernel information via 'uname':

Jump to behavior

Source: w18Ys8qKuX.elf, 5434.1.000055f7c464d000.000055f7c46d4000.rw-.sdmp, w18Ys8qKuX.elf, 5439.1.000055f7c464d000.000055f7c46d4000.rw-.sdmp, w18Ys8qKuX.elf, 5445.1.000055f7c464d000.000055f7c46d4000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mipsel
Source: w18Ys8qKuX.elf, 5434.1.00007ffebf013000.00007ffebf034000.rw-.sdmp, w18Ys8qKuX.elf, 5439.1.00007ffebf013000.00007ffebf034000.rw-.sdmp, w18Ys8qKuX.elf, 5445.1.00007ffebf013000.00007ffebf034000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/w18Ys8qKuX.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/w18Ys8qKuX.elf
Source: w18Ys8qKuX.elf, 5434.1.000055f7c464d000.000055f7c46d4000.rw-.sdmp, w18Ys8qKuX.elf, 5439.1.000055f7c464d000.000055f7c46d4000.rw-.sdmp, w18Ys8qKuX.elf, 5445.1.000055f7c464d000.000055f7c46d4000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mipsel
Source: w18Ys8qKuX.elf, 5434.1.00007ffebf013000.00007ffebf034000.rw-.sdmp, w18Ys8qKuX.elf, 5439.1.00007ffebf013000.00007ffebf034000.rw-.sdmp, w18Ys8qKuX.elf, 5445.1.00007ffebf013000.00007ffebf034000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mipsel

ID:	1541905
Product:	CloudBasic
Start time:	09:53:07
Start date:	25.10.2024
Sample:	w18Ys8qKuX.elf
Cookbook:	defaultlinuxfilecookbook.jbs
System description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Architecture:	LINUX
MD5:	993d3aef83314b0c0f11483c03362a95
SHA1:	4f6a4ab5f9ea4cf7956231c07ff17c3a5afebf69
SHA256:	d89b67eda9721957881160216d3b2e809077ec28210c96b9d9c48483b0f0e4fb
Filetype:	ELF Executable and Linkable format (generic) (4004/1) 100.00%

Linux Analysis Report
w18Ys8qKuX.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Linux Analysis Report w18Ys8qKuX.elf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Screenshots

Network Map

Contacted Public IPs

Linux Analysis Report
w18Ys8qKuX.elf