Linux Analysis Report
armv7l.elf

Overview

General Information

Sample name: armv7l.elf
Analysis ID: 1580226
MD5: 76e4de6ff162ce56ee63724b400397a4
SHA1: bbe1d118c4b750c75cff8a8d11eee9944cf3e3e2
SHA256: 0b28b1a6fadf0429784f76bdcf763b09960e84ea5793ec9cd783b37bd7897181
Tags: elfuser-abuse_ch
Infos:

Detection

Score: 72
Range: 0 - 100
Whitelisted: false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Connects to many ports of the same IP (likely port scanning)
Opens /sys/class/net/* files useful for querying network interface information
Performs DNS TXT record lookups
Sample deletes itself
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample contains strings indicative of password brute-forcing capabilities
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)

Classification

AV Detection

barindex
Source: armv7l.elf Avira: detected
Source: armv7l.elf ReversingLabs: Detection: 42%
Source: armv7l.elf Virustotal: Detection: 47% Perma Link

Networking

barindex
Source: global traffic TCP traffic: 91.151.168.143 ports 63210,0,1,2,3,6
Source: global traffic TCP traffic: 17.8.135.5 ports 63210,0,1,2,3,6
Source: /tmp/armv7l.elf (PID: 6279) Opens: /sys/class/net/ Jump to behavior
Source: /tmp/armv7l.elf (PID: 6279) Opens: /sys/class/net/ens160/address Jump to behavior
Source: /tmp/armv7l.elf (PID: 6279) Opens: /sys/class/net/ens160/flags Jump to behavior
Source: /tmp/armv7l.elf (PID: 6279) Opens: /sys/class/net/ens160/carrier Jump to behavior
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 179.79.120.146:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 151.164.119.174:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 48.185.182.238:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 142.7.3.40:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 81.167.236.161:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 181.190.204.91:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 142.182.176.173:2601
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 19.105.68.28:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 202.104.208.222:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 91.151.168.143:63210
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 149.0.72.10:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 135.175.71.245:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 20.56.138.170:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 84.60.209.142:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 51.235.252.92:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 103.202.207.145:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 109.28.139.9:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 50.213.149.148:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 132.36.247.230:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 86.141.177.41:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 48.63.211.49:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 131.253.120.59:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 138.237.236.146:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 142.31.33.88:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 75.92.18.209:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 169.181.65.178:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 17.8.135.5:63210
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 34.145.175.128:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 182.118.106.73:10001
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 137.170.243.48:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 143.46.159.225:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 34.66.198.129:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 200.70.51.122:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 94.240.57.49:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 198.3.235.184:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 152.218.209.11:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 42.73.196.250:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 66.155.26.96:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 168.166.83.11:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 166.228.182.169:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 46.2.240.37:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 68.254.207.237:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 196.2.9.191:254
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 119.140.152.212:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 103.49.205.108:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 206.242.45.22:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 203.37.155.126:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 162.0.91.217:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 208.34.87.180:30003
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 162.203.138.137:10001
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 200.46.1.231:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 126.39.152.244:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 107.125.163.237:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 205.175.238.231:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 106.254.114.117:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 167.176.124.238:30003
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 191.200.114.128:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 42.214.202.130:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 200.100.213.114:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 155.133.204.140:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 14.7.172.185:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 52.144.57.87:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 134.24.223.90:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 13.192.52.177:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 68.132.2.0:7777
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 158.166.237.252:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 117.80.2.221:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 53.82.220.39:523
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 24.194.42.55:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 191.168.125.21:2601
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 50.172.255.118:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 182.237.89.185:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 210.69.142.35:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 75.47.212.9:10001
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 166.130.131.193:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 52.159.188.88:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 54.40.75.232:2332
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 69.198.60.225:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 50.5.203.154:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 194.152.179.214:2223
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 139.24.156.43:30003
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 133.30.105.7:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 91.41.34.136:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 24.113.194.90:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 174.154.24.106:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 59.211.206.126:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 61.120.170.93:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 102.190.72.168:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 31.60.227.147:7777
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 204.149.48.71:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 160.142.130.41:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 181.63.79.2:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 107.193.98.1:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 155.199.240.105:7218
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 169.66.215.20:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 141.70.100.18:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 130.215.201.224:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 122.71.190.144:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 196.136.77.223:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 197.201.229.217:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 51.134.63.33:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 204.204.24.147:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 167.129.50.38:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 162.84.160.254:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 150.211.157.226:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 128.245.123.207:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 72.185.98.59:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 213.204.83.13:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 131.135.81.213:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 179.179.74.40:23023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 37.44.148.181:9001
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 50.172.233.141:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 169.100.238.25:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 133.144.132.199:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 88.93.253.120:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 85.130.242.177:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 118.212.222.219:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 195.30.4.24:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 70.249.200.184:2030
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 188.201.86.227:2601
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 18.175.146.49:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 179.177.162.75:9001
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 95.121.120.230:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 37.113.139.39:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 4.127.167.32:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 64.144.91.47:60009
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 169.100.122.105:17000
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 19.114.117.145:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 147.202.217.178:63256
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 212.104.120.35:5523
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 34.141.57.150:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 149.158.187.87:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 52.2.76.170:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 103.237.96.131:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 5.124.160.78:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 175.246.30.125:30003
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 118.195.15.79:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 202.28.154.113:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 117.14.92.50:63210
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 69.55.12.48:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 13.217.118.244:23023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 136.145.252.209:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 140.62.218.22:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 137.196.119.165:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 156.41.71.112:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 94.52.213.64:2601
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 216.79.96.246:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 136.251.96.54:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 168.129.203.45:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 84.184.226.11:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 163.146.133.21:63210
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 4.226.27.190:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 84.111.72.107:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 154.181.119.61:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 126.238.163.153:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 209.19.240.24:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 83.249.150.22:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 84.187.175.108:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 82.149.140.35:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 116.211.221.30:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 140.186.203.250:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 117.116.68.182:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 100.226.228.210:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 75.42.92.157:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 99.87.35.108:63210
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 43.36.19.3:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 201.22.109.142:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 92.18.21.99:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 72.221.83.7:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 89.214.92.133:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 123.138.234.5:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 92.217.113.16:30003
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 59.101.95.126:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 128.166.220.67:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 32.249.151.169:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 211.226.242.23:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 203.83.238.111:7777
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 138.80.21.140:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 76.154.148.245:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 89.228.198.70:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 146.202.52.154:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 146.177.13.175:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 181.174.27.96:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 200.133.150.37:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 87.43.27.43:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 41.66.15.171:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 46.80.0.185:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 204.228.7.250:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 109.53.115.166:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 147.183.166.230:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 120.1.62.58:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 80.7.155.116:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 51.105.131.74:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 155.37.48.4:2601
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 19.6.10.80:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 69.28.204.160:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 88.18.139.76:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 42.114.61.179:7218
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 52.22.184.174:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 164.136.17.171:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 104.98.87.211:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 32.59.217.139:9001
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 99.100.51.123:7777
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 69.137.202.137:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 201.179.14.213:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 119.118.4.49:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 20.73.159.200:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 97.43.10.94:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 68.34.81.121:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 146.148.194.215:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 175.121.8.174:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 155.177.29.199:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 167.181.219.188:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 183.7.70.128:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 78.203.8.207:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 82.145.31.241:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 138.119.18.92:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 20.136.198.39:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 42.120.202.178:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 115.149.101.134:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 213.101.13.201:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 206.77.30.252:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 93.240.131.61:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 86.102.191.200:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 52.29.179.211:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 164.69.85.123:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 95.186.199.199:30003
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 46.0.13.23:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 45.67.52.198:1337
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 89.72.43.7:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 122.147.105.77:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 183.35.16.31:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 158.144.123.175:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 168.126.182.173:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 77.92.153.85:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 198.16.56.168:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 87.135.0.78:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 139.174.80.99:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 54.135.215.169:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 70.199.38.29:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 46.59.71.191:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 44.160.180.106:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 132.150.82.131:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 197.13.120.16:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 37.211.208.54:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 96.143.40.11:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 195.53.143.218:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 52.222.248.54:63210
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 209.140.3.122:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 64.255.97.142:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 19.115.157.138:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 84.211.179.26:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 92.87.248.237:1337
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 113.76.87.189:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 149.104.115.162:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 5.40.171.48:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 123.157.232.240:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 14.3.31.145:7777
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 70.57.6.142:1023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 59.221.14.215:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 52.147.197.109:30003
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 65.96.110.145:59494
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 41.162.123.10:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 126.91.4.225:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 164.5.247.208:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 58.20.59.19:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 73.63.178.207:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 34.220.132.194:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 38.119.57.113:1023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 217.184.152.166:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 203.122.233.230:2223
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 179.184.20.73:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 209.94.84.169:523
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 46.41.235.128:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 218.216.174.49:63256
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 63.84.75.32:63256
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 86.183.119.165:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 218.132.245.47:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 62.42.36.247:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 156.222.47.170:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 86.52.7.114:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 67.26.7.89:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 130.244.131.133:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 110.161.93.178:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 123.108.53.248:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 124.126.56.134:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 167.59.105.208:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 148.33.111.32:63256
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 91.110.80.126:63256
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 35.209.111.95:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 70.13.113.51:63256
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 186.230.227.87:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 163.78.216.78:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 183.235.198.249:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 96.249.22.178:63256
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 216.236.170.135:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 183.90.122.226:23023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 175.202.18.0:523
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 9.203.237.174:7777
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 122.126.101.234:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 133.56.203.31:9999
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 143.202.21.171:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 40.88.98.206:63210
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 14.8.132.92:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 177.135.63.48:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 12.30.0.89:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 203.81.1.149:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 18.214.35.89:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 130.63.138.60:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 134.98.234.149:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 77.223.206.80:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 155.57.78.18:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 117.208.221.198:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 181.213.97.243:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 23.168.218.168:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 184.149.24.69:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 220.128.101.149:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 181.212.163.160:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 81.249.27.97:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 139.225.155.130:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 47.30.196.109:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 100.178.101.49:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 183.140.65.25:10001
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 105.234.91.255:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 129.63.9.212:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 81.21.215.189:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 73.254.40.28:1023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 128.247.141.162:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 87.73.64.238:2601
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 130.6.168.111:2332
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 186.94.222.31:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 211.44.4.193:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 210.207.100.67:2332
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 87.63.105.35:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 177.202.48.193:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 142.79.39.168:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 42.97.122.9:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 209.83.18.145:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 157.84.1.111:9999
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 25.5.44.200:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 138.157.169.98:7777
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 153.15.40.228:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 140.136.190.227:254
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 170.117.166.179:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 165.227.79.189:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 209.17.248.250:60009
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 42.91.255.237:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 182.237.86.113:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 27.86.52.159:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 91.108.17.245:63210
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 197.199.243.196:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 173.7.20.128:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 168.31.85.129:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 193.0.123.74:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 189.63.121.164:2223
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 38.8.162.20:2601
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 110.65.153.59:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 77.10.39.1:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 79.222.37.21:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 217.219.74.118:23023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 164.150.205.177:2601
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 42.181.96.78:7218
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 160.123.236.209:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 32.223.145.220:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 190.217.196.236:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 72.116.229.233:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 75.61.133.0:2332
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 59.147.66.158:2332
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 110.166.145.212:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 137.141.123.169:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 138.169.94.253:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 75.63.214.209:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 61.65.247.157:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 207.197.159.12:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 158.234.168.168:23023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 41.4.232.234:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 54.113.94.103:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 150.189.220.114:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 113.61.50.176:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 141.205.133.126:2223
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 174.53.153.69:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 186.47.225.211:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 190.29.228.20:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 219.100.96.252:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 66.18.138.195:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 59.134.199.147:254
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 186.176.15.212:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 220.225.196.162:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 168.233.61.222:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 173.87.218.61:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 165.235.96.99:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 197.112.218.122:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 61.146.82.200:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 205.235.191.56:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 93.54.248.137:9999
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 48.97.126.34:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 170.47.213.35:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 186.227.22.93:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 213.95.242.146:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 61.86.54.202:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 76.238.142.40:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 89.61.140.81:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 68.69.77.119:2223
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 155.162.66.7:523
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 91.242.137.152:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 207.228.163.20:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 107.80.95.52:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 190.108.10.64:2030
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 155.141.10.147:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 128.119.94.28:2601
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 4.63.224.201:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 113.19.203.28:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 69.64.109.213:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 14.70.75.90:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 179.32.102.177:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 77.185.217.10:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 124.125.200.52:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 80.186.183.222:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 212.96.172.76:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 61.190.140.45:2332
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 177.215.163.15:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 153.74.152.112:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 152.154.2.212:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 148.51.41.32:2030
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 74.65.180.19:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 34.195.66.198:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 46.185.150.33:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 39.157.76.131:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 129.73.127.185:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 31.103.47.44:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 91.180.207.92:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 130.154.208.165:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 39.88.171.11:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 200.216.229.171:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 143.160.58.212:30002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 113.87.202.152:63256
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 18.195.223.61:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 41.93.152.171:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 156.135.174.194:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 118.240.166.53:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 43.144.230.26:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 116.4.237.234:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 202.89.43.29:63210
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 98.182.117.24:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 43.66.197.89:63210
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 167.103.224.86:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 46.60.166.216:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 207.106.159.146:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 143.185.129.52:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 188.174.224.193:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 114.211.193.26:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 166.106.103.31:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 74.36.90.17:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 103.5.169.228:6002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 105.140.9.33:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 77.166.183.67:7777
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 103.51.20.136:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 71.148.14.114:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 206.203.119.45:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 65.219.188.176:63210
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 59.31.0.144:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 70.244.133.220:63210
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 18.107.2.228:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 212.205.44.67:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 61.135.187.190:7777
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 175.128.72.96:2332
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 32.89.143.245:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 122.80.194.131:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 157.83.30.21:5523
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 149.192.182.79:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 81.212.22.99:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 96.78.146.87:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 110.233.237.202:9999
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 95.181.18.59:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 102.76.202.176:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 184.8.184.53:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 123.25.27.43:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 175.102.23.130:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 58.56.82.229:9999
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 218.168.10.225:2002
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 12.173.43.24:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 5.214.96.79:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 91.25.65.131:63210
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 166.6.99.56:63256
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 180.23.68.98:6962
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 35.154.181.37:30003
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 60.139.42.229:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 184.241.161.202:523
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 196.106.0.242:6023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 99.253.250.166:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 64.131.31.84:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 67.223.62.247:4719
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 75.76.135.202:10023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 49.186.37.147:5523
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 52.36.245.108:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 170.245.89.221:63256
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 61.91.5.126:2323
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 108.152.239.222:26
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 51.240.250.68:60023
Source: global traffic TCP traffic: 192.168.2.23:34134 -> 175.254.167.6:10023
Source: unknown TCP traffic detected without corresponding DNS query: 54.171.230.55
Source: unknown TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown TCP traffic detected without corresponding DNS query: 174.99.131.155
Source: unknown TCP traffic detected without corresponding DNS query: 115.133.174.17
Source: unknown TCP traffic detected without corresponding DNS query: 116.175.213.35
Source: unknown TCP traffic detected without corresponding DNS query: 188.183.172.126
Source: unknown TCP traffic detected without corresponding DNS query: 62.96.27.219
Source: unknown TCP traffic detected without corresponding DNS query: 13.49.247.104
Source: unknown TCP traffic detected without corresponding DNS query: 2.92.85.116
Source: unknown TCP traffic detected without corresponding DNS query: 179.79.120.146
Source: unknown TCP traffic detected without corresponding DNS query: 67.235.247.233
Source: unknown TCP traffic detected without corresponding DNS query: 112.127.64.240
Source: unknown TCP traffic detected without corresponding DNS query: 188.150.141.0
Source: unknown TCP traffic detected without corresponding DNS query: 113.192.128.43
Source: unknown TCP traffic detected without corresponding DNS query: 197.211.146.241
Source: unknown TCP traffic detected without corresponding DNS query: 90.1.211.41
Source: unknown TCP traffic detected without corresponding DNS query: 150.211.206.140
Source: unknown TCP traffic detected without corresponding DNS query: 178.255.136.49
Source: unknown TCP traffic detected without corresponding DNS query: 151.164.119.174
Source: unknown TCP traffic detected without corresponding DNS query: 153.55.27.61
Source: unknown TCP traffic detected without corresponding DNS query: 163.218.213.140
Source: unknown TCP traffic detected without corresponding DNS query: 113.137.36.30
Source: unknown TCP traffic detected without corresponding DNS query: 150.68.161.252
Source: unknown TCP traffic detected without corresponding DNS query: 85.171.49.119
Source: unknown TCP traffic detected without corresponding DNS query: 116.59.239.147
Source: unknown TCP traffic detected without corresponding DNS query: 178.143.94.10
Source: unknown TCP traffic detected without corresponding DNS query: 68.45.58.184
Source: unknown TCP traffic detected without corresponding DNS query: 120.21.245.69
Source: unknown TCP traffic detected without corresponding DNS query: 124.243.192.157
Source: unknown TCP traffic detected without corresponding DNS query: 48.185.182.238
Source: unknown TCP traffic detected without corresponding DNS query: 59.172.108.224
Source: unknown TCP traffic detected without corresponding DNS query: 31.159.181.167
Source: unknown TCP traffic detected without corresponding DNS query: 159.57.50.241
Source: unknown TCP traffic detected without corresponding DNS query: 152.126.204.106
Source: unknown TCP traffic detected without corresponding DNS query: 182.128.178.232
Source: unknown TCP traffic detected without corresponding DNS query: 57.169.121.160
Source: unknown TCP traffic detected without corresponding DNS query: 142.7.3.40
Source: unknown TCP traffic detected without corresponding DNS query: 96.230.138.206
Source: unknown TCP traffic detected without corresponding DNS query: 211.55.54.179
Source: unknown TCP traffic detected without corresponding DNS query: 27.23.239.179
Source: unknown TCP traffic detected without corresponding DNS query: 67.39.105.167
Source: unknown TCP traffic detected without corresponding DNS query: 160.211.232.102
Source: unknown TCP traffic detected without corresponding DNS query: 149.156.231.201
Source: unknown TCP traffic detected without corresponding DNS query: 111.242.238.28
Source: unknown TCP traffic detected without corresponding DNS query: 170.29.184.23
Source: unknown TCP traffic detected without corresponding DNS query: 81.167.236.161
Source: unknown TCP traffic detected without corresponding DNS query: 64.82.29.119
Source: unknown TCP traffic detected without corresponding DNS query: 195.151.94.23
Source: unknown TCP traffic detected without corresponding DNS query: 119.65.121.9
Source: global traffic DNS traffic detected: DNS query: pool.rentcheapcars.sbs
Source: global traffic DNS traffic detected: DNS query: iranistrash.libre
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 33606
Source: unknown Network traffic detected: HTTP traffic on port 33606 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 42836 -> 443
Source: Initial sample String containing 'busybox' found: /bin/busybox echo -en '
Source: Initial sample String containing 'busybox' found: .d && /bin/busybox echo -e '\x46\x49\x4e'
Source: Initial sample String containing 'busybox' found: /bin/busybox echo '
Source: Initial sample String containing 'busybox' found: /bin/busybox chmod 777 .d; ./.d > .b; /bin/busybox chmod 777 .b; ./.b matrix
Source: Initial sample String containing 'busybox' found: /bin/busybox echo -en ''>.d && /bin/busybox echo -e '\x46\x49\x4e'
Source: Initial sample String containing 'busybox' found: /bin/busybox echo '\c'>>/bin/busybox chmod 777 .d; ./.d > .b; /bin/busybox chmod 777 .b; ./.b matrix
Source: Initial sample String containing 'busybox' found: rm -rf .d; rm -rf .b; >.d; (chmod 777 .d || /bin/busybox chmod 777 .d || cp /bin/sh .d; >.d); >.b; (chmod 777 .b || /bin/busybox chmod 777 .b || cp /bin/sh .b; >.b)
Source: Initial sample String containing 'busybox' found: /bin/busybox cat /proc/self/exe || cat /bin/echo
Source: Initial sample String containing 'busybox' found: /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\x67\x61\x79\x66\x67\x74';
Source: Initial sample String containing 'busybox' found: /bin/busybox echo -e '\x53\x54\x41\x52\x54'; cat /proc/cpuinfo; /bin/busybox echo -e '\x45\x4e\x44'
Source: Initial sample String containing 'busybox' found: BusyBox on \S+ \wogin
Source: Initial sample String containing 'busybox' found: ELFsage: wgetsage: ftpgetgayfgt/bin/busybox echo -e '\x53\x54\x41\x52\x54'; cat /proc/cpuinfo; /bin/busybox echo -e '\x45\x4e\x44'
Source: Initial sample String containing 'busybox' found: /usr//mnt//var/run//dev/shm//etc//var//tmp//dev//var/home/user/fw/admin1231234666666ubnt888888klv12340000111111111111123451234561234567890admin12601hx4321543216543217ujMko0admin88888888a1sev5y7c39kAdminadmin123AdmiN*123admin1234adminHWadminpassBrAhMoS@15CalVxePV1! cat1029CenturyL1nkchzhdplconexantCTLsupport12cxx4dm1n5591epicrouterGeNeXiS@19gponAdminGPONALC#FGUgw1adminh@32LuyDho4uku6atadministratorAdministratorsupervisormeinsmmicrobusinessnology*/P@55w0rd!passpasswordplumeria0077QwestM0demripcode!roots2@We3%Dc#smcadminstdONU101systemtechTeleCom_1234telnetv2mprtve0RbANGXpon@Olt9417##xTaaA8jzhoneadtecadtecftpbinCMCCAdmine8telnetCUAdmindaemondefaulttluafedvhd1206e8ehome1e8ehomee8ehomeasbhi3518EpuseruserEpfliruser3vligftpvideoguestguest123!!Huawei@HuaweiHgwkeomeolnadminlnadmin0123456mg3500merlinmothernobodyontONTUSERSUGAR2A041rapportr@p8p0r+remotessh5SaP9I26!@#$qwer00000000000000000000059AnkJ070admin11001chin11111111234qwer1.oN%cpi2010vesta2011vesta207B16th23we98oi258025804uvdzKqBkj.jg5up/*6.=_ja7ujMko0vizxvadminp
Source: Initial sample String containing potential weak password found: admin
Source: Initial sample String containing potential weak password found: 12345
Source: Initial sample String containing potential weak password found: 123456
Source: Initial sample String containing potential weak password found: 54321
Source: Initial sample String containing potential weak password found: 654321
Source: Initial sample String containing potential weak password found: admin1234
Source: Initial sample String containing potential weak password found: administrator
Source: Initial sample String containing potential weak password found: supervisor
Source: Initial sample String containing potential weak password found: password
Source: Initial sample String containing potential weak password found: default
Source: Initial sample String containing potential weak password found: guest
Source: Initial sample String containing potential weak password found: service
Source: Initial sample String containing potential weak password found: support
Source: ELF static info symbol of initial sample .symtab present: no
Source: classification engine Classification label: mal72.troj.spyw.evad.linELF@0/0@2/0
Source: /usr/bin/dash (PID: 6258) Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.ARpjiAe7El /tmp/tmp.IEZ2vUM042 /tmp/tmp.OALouIcVUx Jump to behavior
Source: /usr/bin/dash (PID: 6259) Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.ARpjiAe7El /tmp/tmp.IEZ2vUM042 /tmp/tmp.OALouIcVUx Jump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Source: /tmp/armv7l.elf (PID: 6256) File: /tmp/armv7l.elf Jump to behavior
Source: /tmp/armv7l.elf (PID: 6256) Queries kernel information via 'uname': Jump to behavior
Source: /tmp/armv7l.elf (PID: 6279) Queries kernel information via 'uname': Jump to behavior
Source: armv7l.elf, 6256.1.00007ffd3d272000.00007ffd3d293000.rw-.sdmp Binary or memory string: x86_64/usr/bin/qemu-arm/tmp/armv7l.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/armv7l.elf
Source: armv7l.elf, 6256.1.00005574f39c6000.00005574f3b15000.rw-.sdmp Binary or memory string: /etc/qemu-binfmt/arm
Source: armv7l.elf, 6256.1.00007ffd3d272000.00007ffd3d293000.rw-.sdmp Binary or memory string: /usr/bin/qemu-arm
Source: armv7l.elf, 6256.1.00005574f39c6000.00005574f3b15000.rw-.sdmp Binary or memory string: tU!/etc/qemu-binfmt/arm

HIPS / PFW / Operating System Protection Evasion

barindex
Source: Traffic DNS traffic detected: queries for: pool.rentcheapcars.sbs
Source: Traffic DNS traffic detected: queries for: iranistrash.libre
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs