Report #1622 check_circle

Binary
ABI
ELFOSABI_SYSV
Size
54.53KB
Type
ET_EXEC
trid
50.1% ELF Executable and Linkable format
49.8% ELF Executable and Linkable format
type
ELF
Wordsize
32
Architecture
x86
Hashes
md5
fec24491ddfe37af97829d948da8001b
sha1
df7d1564925507193d7db73a706ec2a01503f4db
crc32
0x5f7399de
sha224
8a7834139a5f77e34a0f265e0d79ee75c24c15bd8bb761484bc6ef35
sha256
5f43f2f307a7dd6f79760d956db62f7caeed7705d31011082c520e24a317af2e
sha384
2931d6614a2d0a1df60428f355b9850cff090583bb759c9db9f1c27c0fcec0a2ff0a218daeb7ba1d698b0413c50c1f32
sha512
ea54bb305359e77557b91002aa6fb765d86f00e0be9918c1a0808050f972caf264fdd2011bd272ee93b6bfa398df57a44e90808f43db96873bc5dfd3c2103d8d
ssdeep
1536:d6EwVWibZ6uzpNrmvFtWbFBiWCTZVZt+xc:QVWYZ6uzv4FKFBiWoZVZQq
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
maldoc_getEIP_method_1, domain, contentis_base64, is__elf, Mirai_3

Suspicious
True check_circle

Dwarf
List

Number
0
Files
Sys

Home

Proc
/proc/net/tcp
Password

Suspicious
True check_circle
Flags
Flags
0
Packer
List
None
Packed
False cancel
Network
IPs

URLs

Mails

Suspicious
False cancel
Strings
List
HTTP/1.1
User-Agent:
/proc/net/tcp
Cookie:
http
Host:
POST /cdn-cgi/
POST
AJWLIGF"
LAMPPGAV"
WPNGLAMFGF"
/dev/watchdog
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
cRRNGuG@iKV
.shstrtab
/dev/null
nmnlmevdm"
egvnmacnkr"
.rodata
QOACFOKL
GLAMFKLE
nCLEWCEG
jvvrdnmmf"
LCOGQGPTGP
aMLLGAVKML
AMLLGAVKML
ANMWFDNCPG
NMACVKML
HWCLVGAJ
CRRNKACVKML
CRRNKACVKML
CRRNKACVKML
AMLD"
uEzAs"
CLKOG"
PGCNVGI
assword
.init
.fini
KOCEG
DWAIGP
AMMIKG
jShtO
oMXKNNC
oMXKNNC
oMXKNNC
oMXKNNC
oMXKNNC
.ctors
.dtors
AtSB1
enter
aJPMOG
cAAGRV
cAAGRV
aJPMOG
aJPMOG
aJPMOG
NGLEVJ
WHoIM
WHoIM
eGAIM
eGAIM
eGAIM
eGAIM
eGAIM
CFOKL
CFOKL
CFOKL
CNKTG"
DMWLF"
,[^_]
FGDCWNV
RPMA
DMPO
CLIM
;ctYf
wet]
ogin
9|$$
CRRNGV
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[^_]
[[^_
^[^_
[^_]
[^_]
_[^_
[^_]
[^_]
[^_]

Symbols
List

Number
0
Reason
Stripped
Suspicious
True check_circle
Version
Version
EV_CURRENT
Foremost
Matches
None
Suspicious
False cancel
Sections
List
, .init, .text, .fini, .rodata, .ctors, .dtors, .data, .bss, .shstrtab
Number
10
Suspicious
False cancel
Segments
Number
3
Suspicious
False cancel
Compilers
List

Identified
0
Suspicious
False cancel
Functions
List

Present
True check_circle
Anti-Debug
Ptrace
False cancel
Anti-disasm
False cancel
Entry Point
Address
0x8048164
Suspicious
False cancel
Embedded ELF
List
None
Identified
0
Program Header
Size
32
Number
3
Offset
52
Section Header
Size
40
Number
10
Offset
55440
AVclass
mirai
1
VirusTotal
md5
fec24491ddfe37af97829d948da8001b
sha1
df7d1564925507193d7db73a706ec2a01503f4db
SCANS (DETECTION RATE = 54.24%)
AVG
result: ELF:Mirai-A [Trj]
update: 20180313
version: 18.2.3827.0
detected: True check_circle

CMC
update: 20180312
version: 1.1.0.977
detected: False cancel

MAX
result: malware (ai score=83)
update: 20180313
version: 2017.11.15.1
detected: True check_circle

Bkav
update: 20180312
version: 1.3.0.9466
detected: False cancel

K7GW
update: 20180313
version: 10.41.26473
detected: False cancel

ALYac
result: Trojan.Linux.Backdoor.C
update: 20180312
version: 1.1.1.5
detected: True check_circle

Avast
result: ELF:Mirai-A [Trj]
update: 20180313
version: 18.2.3827.0
detected: True check_circle

Avira
result: LINUX/Mirai.qqxic
update: 20180313
version: 8.3.3.6
detected: True check_circle

Baidu
update: 20180312
version: 1.0.0.2
detected: False cancel

Cyren
update: 20180313
version: 5.4.30.7
detected: False cancel

DrWeb
result: Linux.Mirai.754
update: 20180313
version: 7.0.28.2020
detected: True check_circle

GData
result: Linux.Trojan.Mirai.B
update: 20180313
version: A:25.16338B:25.11776
detected: True check_circle

Panda
update: 20180312
version: 4.6.4.2
detected: False cancel

VBA32
update: 20180312
version: 3.12.28.0
detected: False cancel

VIPRE
update: 20180312
version: 65218
detected: False cancel

Zoner
update: 20180313
version: 1.0
detected: False cancel

AVware
update: 20180313
version: 1.5.0.42
detected: False cancel

ClamAV
result: Unix.Trojan.Mirai-1
update: 20180313
version: 0.99.2.0
detected: True check_circle

Comodo
update: 20180313
detected: False cancel

F-Prot
update: 20180313
version: 4.7.1.166
detected: False cancel

Ikarus
result: Linux.Mirai
update: 20180312
version: 0.1.5.2
detected: True check_circle

McAfee
result: Linux/Mirai
update: 20180313
version: 6.0.6.653
detected: True check_circle

Rising
result: Backdoor.Mirai!1.AB17 (CLASSIC)
update: 20180312
version: 25.0.0.1
detected: True check_circle

Sophos
result: Linux/DDoS-CI
update: 20180312
version: 4.98.0
detected: True check_circle

Yandex
update: 20180308
version: 5.5.1.3
detected: False cancel

Zillya
update: 20180312
version: 2.0.0.3509
detected: False cancel

Arcabit
result: Trojan.Linux.Backdoor.C
update: 20180313
version: 1.0.0.830
detected: True check_circle

Tencent
result: Trojan.Linux.Mirai.c
update: 20180313
version: 1.0.0.1
detected: True check_circle

ViRobot
update: 20180313
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20180313
version: 1.0.0.400
detected: False cancel

Ad-Aware
result: Trojan.Linux.Backdoor.C
update: 20180313
version: 3.0.3.1010
detected: True check_circle

Emsisoft
result: Trojan.Linux.Backdoor.C (B)
update: 20180313
version: 4.0.2.899
detected: True check_circle

F-Secure
update: 20180307
version: 11.0.19100.45
detected: False cancel

Fortinet
result: ELF/Mirai.A!tr
update: 20180313
version: 5.4.247.0
detected: True check_circle

Jiangmin
result: Backdoor.Linux.gia
update: 20180313
version: 16.0.100
detected: True check_circle

Kingsoft
update: 20180313
version: 2013.8.14.323
detected: False cancel

Symantec
result: Linux.Mirai
update: 20180312
version: 1.5.0.0
detected: True check_circle

nProtect
update: 20180313
version: 2018-03-13.01
detected: False cancel

AhnLab-V3
result: Linux/Mirai.55840
update: 20180312
version: 3.12.0.20130
detected: True check_circle

Antiy-AVL
result: Trojan[Backdoor]/Linux.Gafgyt.x
update: 20180312
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.Linux.Mirai.n
update: 20180313
version: 15.0.1.13
detected: True check_circle

Microsoft
result: Backdoor:Linux/Mirai.B
update: 20180312
version: 1.1.14600.4
detected: True check_circle

Qihoo-360
result: virus.elf.mirai.b
update: 20180313
version: 1.0.0.1120
detected: True check_circle

TheHacker
update: 20180311
version: 6.8.0.5.2523
detected: False cancel

ZoneAlarm
result: HEUR:Backdoor.Linux.Mirai.n
update: 20180313
version: 1.0
detected: True check_circle

ESET-NOD32
result: a variant of Linux/Mirai.A
update: 20180313
version: 17046
detected: True check_circle

TrendMicro
update: 20180313
version: 9.862.0.1074
detected: False cancel

WhiteArmor
update: 20180223
detected: False cancel

BitDefender
result: Trojan.Linux.Backdoor.C
update: 20180313
version: 7.2
detected: True check_circle

K7AntiVirus
update: 20180312
version: 10.41.26473
detected: False cancel

Avast-Mobile
result: ELF:Mirai-AH [Trj]
update: 20180312
version: 180312-02
detected: True check_circle

Malwarebytes
update: 20180312
version: 2.1.1.1115
detected: False cancel

TotalDefense
update: 20180312
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20180312
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Unix.Mirai.eorhre
update: 20180313
version: 1.0.100.21498
detected: True check_circle

MicroWorld-eScan
result: Trojan.Linux.Backdoor.C
update: 20180313
version: 14.0.297.0
detected: True check_circle

SUPERAntiSpyware
update: 20180313
version: 5.6.0.1032
detected: False cancel

McAfee-GW-Edition
result: Linux/Mirai
update: 20180313
version: v2015
detected: True check_circle

TrendMicro-HouseCall
result: ELF_MIRAI.SM1
update: 20180313
version: 9.950.0.1006
detected: True check_circle

total
59
sha256
5f43f2f307a7dd6f79760d956db62f7caeed7705d31011082c520e24a317af2e
scan_id
5f43f2f307a7dd6f79760d956db62f7caeed7705d31011082c520e24a317af2e-1520910617
resource
fec24491ddfe37af97829d948da8001b
positives
32
scan_date
2018-03-13 03:10:17
verbose_msg
Scan finished, information embedded
response_code
1
Ltrace
Trace

Strace
Trace
4291execve"./malware"["./malware"][/* 15 vars */] 0
4291unlink"./malware" 0
4291rt_sigprocmaskSIG_BLOCK[INT]NULL8 0
4291rt_sigactionSIGCHLD{SIG_IGN, {SIG_IGN, [CHLD], [CHLD]SA_RESTORER|SA_RESTART0x80542d7}{SIG_DFL, {SIG_DFL, [], []0}8 0
4291rt_sigactionSIGTRAP{0x804e3f0, {0x804e3f0, [TRAP], [TRAP]SA_RESTORER|SA_RESTART0x80542d7}{SIG_DFL, {SIG_DFL, [], []0}8 0
4291open"/dev/watchdog"O_RDWR) = -1 ENOENT (No such file or directory -1 ENOENT (No such file or directory)
4291open"/dev/misc/watchdog"O_RDWR) = -1 ENOENT (No such file or directory -1 ENOENT (No such file or directory)
4291chdir"/" 0
4291socketPF_INETSOCK_DGRAMIPPROTO_IP 3
4291connect3{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(53), sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}sin_addr=inet_addr("8.8.8.8")}16 0
4291getsockname3{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(54082), sin_port=htons(54082), sin_addr=inet_addr("192.168.122.147")}sin_addr=inet_addr("192.168.122.147")}[16] 0
4291close3 0
4291socketPF_INETSOCK_STREAMIPPROTO_IP 3
4291setsockopt3SOL_SOCKETSO_REUSEADDR[1]4 0
4291fcntl3F_GETFL) = 0x2 (flags O_RDWR 0x2 (flags O_RDWR)
4291fcntl3F_SETFLO_RDWR|O_NONBLOCK 0
4291bind3{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(48101), sin_port=htons(48101), sin_addr=inet_addr("127.0.0.1")}sin_addr=inet_addr("127.0.0.1")}16 0
4291listen31 0
4291timeNULL 1571351693
4291getpid 4291
4291getppid 4289
4291times{tms_utime=0,{tms_utime=0, tms_stime=0, tms_stime=0, tms_cutime=134541545, tms_cutime=134541545, tms_cstime=577888399449391231}tms_cstime=577888399449391231} 1718516382
4291prctlPR_SET_NAME"it06ergs3qowtlkd" 0
4291write1NULL0 0
4291write1"\n"1 1
4291fork 4292
4291exit0 ?
4292setsid 4292
4292close0 0
4292close1 0
4292close2 0
4292brkNULL 0x858d000
4292brk0x858e000 0x858e000
4292timeNULL 1571351693
4292fork4292 fork(
4293open"/proc/net/tcp"O_RDONLY 0
4293read0" "1 1
4293read0" "1 1
4293read0"s"1 1
4293read0"l"1 1
4293read0" "1 1
4293read0" "1 1
4293read0"l"1 1
4293read0"o"1 1
4293read0"c"1 1
4293read0"a"1 1
4293read0"l"1 1
4293read0"_"1 1
4293read0"a"1 1
4293read0"d"1 1
4293read0"d"1 1
4293read0"r"1 1
4293read0"e"1 1
4293read0"s"1 1
4293read0"s"1 1
4293read0" "1 1
4293read0"r"1 1
4293read0"e"1 1
4293read0"m"1 1
4293read0"_"1 1
4293read0"a"1 1
4293read0"d"1 1
4293read0"d"1 1
4293read0"r"1 1
4293read0"e"1 1
4293read0"s"1 1
4293read0"s"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"s"1 1
4293read0"t"1 1
4293read0" "1 1
4293read0"t"1 1
4293read0"x"1 1
4293read0"_"1 1
4293read0"q"1 1
4293read0"u"1 1
4293read0"e"1 1
4293read0"u"1 1
4293read0"e"1 1
4293read0" "1 1
4293read0"r"1 1
4293read0"x"1 1
4293read0"_"1 1
4293read0"q"1 1
4293read0"u"1 1
4293read0"e"1 1
4293read0"u"1 1
4293read0"e"1 1
4293read0" "1 1
4293read0"t"1 1
4293read0"r"1 1
4293read0" "1 1
4293read0"t"1 1
4293read0"m"1 1
4293read0"-"1 1
4293read0">"1 1
4293read0"w"1 1
4293read0"h"1 1
4293read0"e"1 1
4293read0"n"1 1
4293read0" "1 1
4293read0"r"1 1
4293read0"e"1 1
4293read0"t"1 1
4293read0"r"1 1
4293read0"n"1 1
4293read0"s"1 1
4293read0"m"1 1
4293read0"t"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"u"1 1
4293read0"i"1 1
4293read0"d"1 1
4293read0" "1 1
4293read0" "1 1
4293read0"t"1 1
4293read0"i"1 1
4293read0"m"1 1
4293read0"e"1 1
4293read0"o"1 1
4293read0"u"1 1
4293read0"t"1 1
4293read0" "1 1
4293read0"i"1 1
4293read0"n"1 1
4293read0"o"1 1
4293read0"d"1 1
4293read0"e"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"\n"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"0"1 1
4293read0":"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"1"1 1
4293read0"0"1 1
4293read0"1"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"7"1 1
4293read0"F"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"3"1 1
4293read0"5"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"A"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0"8"1 1
4293read0"0"1 1
4293read0"2"1 1
4293read0"4"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"\n"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"1"1 1
4293read0":"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"1"1 1
4293read0"6"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"A"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"2"1 1
4293read0"8"1 1
4293read0"5"1 1
4293read0"6"1 1
4293read0"6"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"\n"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"2"1 1
4293read0":"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"1"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"7"1 1
4293read0"F"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"2"1 1
4293read0"7"1 1
4293read0"7"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"A"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0"6"1 1
4293read0"6"1 1
4293read0"4"1 1
4293read0"6"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"\n"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"3"1 1
4293read0":"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"1"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"7"1 1
4293read0"F"1 1
4293read0":"1 1
4293read0"B"1 1
4293read0"B"1 1
4293read0"E"1 1
4293read0"5"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"A"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0" "1 1
4293read0"1"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"3"1 1
4293read0"0"1 1
4293read0"9"1 1
4293read0"0"1 1
4293read0"5"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"\n"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"4"1 1
4293read0":"1 1
4293read0" "1 1
4293read0"9"1 1
4293read0"3"1 1
4293read0"7"1 1
4293read0"A"1 1
4293read0"A"1 1
4293read0"8"1 1
4293read0"C"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"1"1 1
4293read0"6"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"1"1 1
4293read0"7"1 1
4293read0"A"1 1
4293read0"A"1 1
4293read0"8"1 1
4293read0"C"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"8"1 1
4293read0"5"1 1
4293read0"2"1 1
4293read0"8"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"1"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"2"1 1
4293read0":"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"A"1 1
4293read0"F"1 1
4293read0"C"1 1
4293read0"5"1 1
4293read0"9"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"3"1 1
4293read0"0"1 1
4293read0"8"1 1
4293read0"9"1 1
4293read0"6"1 1
4293read0"7"1 1
4293read0" "1 1
4293read0"2"1 1
4293read0" "1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"2"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"4"1 1
4293read0" "1 1
4293read0"2"1 1
4293read0"1"1 1
4293read0" "1 1
4293read0"1"1 1
4293read0"0"1 1
4293read0" "1 1
4293read0"-"1 1
4293read0"1"1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0" "1 1
4293read0"\n"1 1
4293read0""1 0
4293close0 0
4293socketPF_INETSOCK_STREAMIPPROTO_IP 0
4293bind0{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(23), sin_port=htons(23), sin_addr=inet_addr("0.0.0.0")}sin_addr=inet_addr("0.0.0.0")}16) = -1 EACCES (Permission denied -1 EACCES (Permission denied)
4293listen01 0
4293open"/proc/net/tcp"O_RDONLY 1
4293read1" "1 1
4293read1" "1 1
4293read1"s"1 1
4293read1"l"1 1
4293read1" "1 1
4293read1" "1 1
4293read1"l"1 1
4293read1"o"1 1
4293read1"c"1 1
4293read1"a"1 1
4293read1"l"1 1
4293read1"_"1 1
4293read1"a"1 1
4293read1"d"1 1
4293read1"d"1 1
4293read1"r"1 1
4293read1"e"1 1
4293read1"s"1 1
4293read1"s"1 1
4293read1" "1 1
4293read1"r"1 1
4293read1"e"1 1
4293read1"m"1 1
4293read1"_"1 1
4293read1"a"1 1
4293read1"d"1 1
4293read1"d"1 1
4293read1"r"1 1
4293read1"e"1 1
4293read1"s"1 1
4293read1"s"1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1"s"1 1
4293read1"t"1 1
4293read1" "1 1
4293read1"t"1 1
4293read1"x"1 1
4293read1"_"1 1
4293read1"q"1 1
4293read1"u"1 1
4293read1"e"1 1
4293read1"u"1 1
4293read1"e"1 1
4293read1" "1 1
4293read1"r"1 1
4293read1"x"1 1
4293read1"_"1 1
4293read1"q"1 1
4293read1"u"1 1
4293read1"e"1 1
4293read1"u"1 1
4293read1"e"1 1
4293read1" "1 1
4293read1"t"1 1
4293read1"r"1 1
4293read1" "1 1
4293read1"t"1 1
4293read1"m"1 1
4293read1"-"1 1
4293read1">"1 1
4293read1"w"1 1
4293read1"h"1 1
4293read1"e"1 1
4293read1"n"1 1
4293read1" "1 1
4293read1"r"1 1
4293read1"e"1 1
4293read1"t"1 1
4293read1"r"1 1
4293read1"n"1 1
4293read1"s"1 1
4293read1"m"1 1
4293read1"t"1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1"u"1 1
4293read1"i"1 1
4293read1"d"1 1
4293read1" "1 1
4293read1" "1 1
4293read1"t"1 1
4293read1"i"1 1
4293read1"m"1 1
4293read1"e"1 1
4293read1"o"1 1
4293read1"u"1 1
4293read1"t"1 1
4293read1" "1 1
4293read1"i"1 1
4293read1"n"1 1
4293read1"o"1 1
4293read1"d"1 1
4293read1"e"1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1"\n"1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1"0"1 1
4293read1":"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1":"1 1
4293read1"D"1 1
4293read1"8"1 1
4293read1"A"1 1
4293read1"7"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1":"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"A"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1":"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1":"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1" "1 1
4293read1"1"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"3"1 1
4293read1"0"1 1
4293read1"9"1 1
4293read1"0"1 1
4293read1"5"1 1
4293read1"3"1 1
4293read1" "1 1
4293read1"1"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"1"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"1"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1"\n"1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1"1"1 1
4293read1":"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"1"1 1
4293read1"0"1 1
4293read1"1"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"7"1 1
4293read1"F"1 1
4293read1":"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"3"1 1
4293read1"5"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1":"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"A"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1":"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1":"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1"0"1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"1"1 1
4293read1"8"1 1
4293read1"0"1 1
4293read1"2"1 1
4293read1"4"1 1
4293read1" "1 1
4293read1"1"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"1"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"1"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1"\n"1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1"2"1 1
4293read1":"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1":"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"1"1 1
4293read1"6"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1":"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"A"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1":"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1":"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1"0"1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"2"1 1
4293read1"8"1 1
4293read1"5"1 1
4293read1"6"1 1
4293read1"6"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"1"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"1"1 1
4293read1"0"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"1"1 1
4293read1"0"1 1
4293read1" "1 1
4293read1"0"1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1" "1 1
4293read1"\n"1 1
4293close1 0
4293openNULLO_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 EFAULT (Bad address -1 EFAULT (Bad address)
4293rt_sigprocmaskSIG_BLOCK[CHLD][INT]8 0
4293rt_sigactionSIGCHLDNULL{SIG_IGN, {SIG_IGN, [CHLD], [CHLD]SA_RESTORER|SA_RESTART0x80542d7}8 0
4293nanosleep{1,{1, 30064771072}30064771072}4293 nanosleep({1, 30064771072},
429242934292 <... fork resumed> 4293
4292fork4292 fork(
4294socketPF_INETSOCK_DGRAMIPPROTO_IP 0
4294connect0{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(53), sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}sin_addr=inet_addr("8.8.8.8")}16 0
4294getsockname0{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(40741), sin_port=htons(40741), sin_addr=inet_addr("192.168.122.147")}sin_addr=inet_addr("192.168.122.147")}[16] 0
4294close0 0
4294timeNULL 1571351693
4294getpid 4294
4294getppid 4292
4294times{tms_utime=0,{tms_utime=0, tms_stime=0, tms_stime=0, tms_cutime=134541545, tms_cutime=134541545, tms_cstime=2474289344}tms_cstime=2474289344} 1718516386
4294timeNULL 1571351693
4294brk0x8597000 0x8597000
4294socketPF_INETSOCK_RAWIPPROTO_TCP) = -1 EPERM (Operation not permitted -1 EPERM (Operation not permitted)
4294exit0 ?
429242944292 <... fork resumed> 4294
4292socketPF_INETSOCK_STREAMIPPROTO_IP 0
4292fcntl0F_GETFL) = 0x2 (flags O_RDWR 0x2 (flags O_RDWR)
4292fcntl0F_SETFLO_RDWR|O_NONBLOCK 0
4292socketPF_INETSOCK_DGRAMIPPROTO_IP 1
4292connect1{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(53), sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}sin_addr=inet_addr("8.8.8.8")}16 0
4292getsockname1{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(45405), sin_port=htons(45405), sin_addr=inet_addr("192.168.122.147")}sin_addr=inet_addr("192.168.122.147")}[16] 0
4292close1 0
4292connect0{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(80), sin_port=htons(80), sin_addr=inet_addr("65.222.202.53")}sin_addr=inet_addr("65.222.202.53")}16) = -1 EINPROGRESS (Operation now in progress -1 EINPROGRESS (Operation now in progress)
4292_newselect4[3][0]NULL4292 _newselect(4, [3], [0], NULL, {10, 0}
429304293 <... nanosleep resumed> 0xfffbc524 0
4293rt_sigprocmaskSIG_SETMASK[INT]NULL8 0
4293socketPF_INETSOCK_STREAMIPPROTO_IP 1
4293bind1{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(22), sin_port=htons(22), sin_addr=inet_addr("0.0.0.0")}sin_addr=inet_addr("0.0.0.0")}16) = -1 EACCES (Permission denied -1 EACCES (Permission denied)
4293listen11 0
4293rt_sigprocmaskSIG_BLOCK[CHLD][INT]8 0
4293rt_sigactionSIGCHLDNULL{SIG_IGN, {SIG_IGN, [CHLD], [CHLD]SA_RESTORER|SA_RESTART0x80542d7}8 0
4293nanosleep{5,{5, 1}1}0xfffbe784 0
4293rt_sigprocmaskSIG_SETMASK[INT]NULL8 0
4293brk0x858f000 0x858f000
4293---4293 --- SIGSEGV {si_signo=SIGSEGVsi_code=SEGV_MAPERRsi_addr=0} --0} ---
4293core dumped4293 +++ killed by SIGSEGV (core dumped) +++
4292Timeout 0 (Timeout)
4292send0"\0\0"2MSG_NOSIGNAL) = -1 EAGAIN (Resource temporarily unavailable -1 EAGAIN (Resource temporarily unavailable)
4292close0 0
4292rt_sigprocmaskSIG_BLOCK[CHLD][INT]8 0
4292rt_sigactionSIGCHLDNULL{SIG_IGN, {SIG_IGN, [CHLD], [CHLD]SA_RESTORER|SA_RESTART0x80542d7}8 0
4292nanosleep{1,{1, -1111687860318740}-1111687860318740}0xfffc0894 0
4292rt_sigprocmaskSIG_SETMASK[INT]NULL8 0
4292socketPF_INETSOCK_STREAMIPPROTO_IP 0
4292fcntl0F_GETFL) = 0x2 (flags O_RDWR 0x2 (flags O_RDWR)
4292fcntl0F_SETFLO_RDWR|O_NONBLOCK 0
4292socketPF_INETSOCK_DGRAMIPPROTO_IP 1
4292connect1{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(53), sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}sin_addr=inet_addr("8.8.8.8")}16 0
4292getsockname1{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(35520), sin_port=htons(35520), sin_addr=inet_addr("192.168.122.147")}sin_addr=inet_addr("192.168.122.147")}[16] 0
4292close1 0
4292connect0{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(80), sin_port=htons(80), sin_addr=inet_addr("65.222.202.53")}sin_addr=inet_addr("65.222.202.53")}16) = -1 EINPROGRESS (Operation now in progress -1 EINPROGRESS (Operation now in progress)
4292_newselect4[3][0]NULL 0 (Timeout)
4292close0 0
4292rt_sigprocmaskSIG_BLOCK[CHLD][INT]8 0
4292rt_sigactionSIGCHLDNULL{SIG_IGN, {SIG_IGN, [CHLD], [CHLD]SA_RESTORER|SA_RESTART0x80542d7}8 0
4292nanosleep{1,{1, -1111687860318740}-1111687860318740}0xfffc0894 0
4292rt_sigprocmaskSIG_SETMASK[INT]NULL8 0
4292socketPF_INETSOCK_STREAMIPPROTO_IP 0
4292fcntl0F_GETFL) = 0x2 (flags O_RDWR 0x2 (flags O_RDWR)
4292fcntl0F_SETFLO_RDWR|O_NONBLOCK 0
4292socketPF_INETSOCK_DGRAMIPPROTO_IP 1
4292connect1{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(53), sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}sin_addr=inet_addr("8.8.8.8")}16 0
4292getsockname1{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(48458), sin_port=htons(48458), sin_addr=inet_addr("192.168.122.147")}sin_addr=inet_addr("192.168.122.147")}[16] 0
4292close1 0
4292connect0{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(80), sin_port=htons(80), sin_addr=inet_addr("65.222.202.53")}sin_addr=inet_addr("65.222.202.53")}16) = -1 EINPROGRESS (Operation now in progress -1 EINPROGRESS (Operation now in progress)
4292_newselect4[3][0]NULL 0 (Timeout)
4292close0 0
4292rt_sigprocmaskSIG_BLOCK[CHLD][INT]8 0
4292rt_sigactionSIGCHLDNULL{SIG_IGN, {SIG_IGN, [CHLD], [CHLD]SA_RESTORER|SA_RESTART0x80542d7}8 0
4292nanosleep{1,{1, -1111687860318740}-1111687860318740}0xfffc0894 0
4292rt_sigprocmaskSIG_SETMASK[INT]NULL8 0
4292socketPF_INETSOCK_STREAMIPPROTO_IP 0
4292fcntl0F_GETFL) = 0x2 (flags O_RDWR 0x2 (flags O_RDWR)
4292fcntl0F_SETFLO_RDWR|O_NONBLOCK 0
4292socketPF_INETSOCK_DGRAMIPPROTO_IP 1
4292connect1{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(53), sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}sin_addr=inet_addr("8.8.8.8")}16 0
4292getsockname1{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(59541), sin_port=htons(59541), sin_addr=inet_addr("192.168.122.147")}sin_addr=inet_addr("192.168.122.147")}[16] 0
4292close1 0
4292connect0{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(80), sin_port=htons(80), sin_addr=inet_addr("65.222.202.53")}sin_addr=inet_addr("65.222.202.53")}16) = -1 EINPROGRESS (Operation now in progress -1 EINPROGRESS (Operation now in progress)
4292_newselect4[3][0]NULL 0 (Timeout)
4292close0 0
4292rt_sigprocmaskSIG_BLOCK[CHLD][INT]8 0
4292rt_sigactionSIGCHLDNULL{SIG_IGN, {SIG_IGN, [CHLD], [CHLD]SA_RESTORER|SA_RESTART0x80542d7}8 0
4292nanosleep{1,{1, -1111687860318740}-1111687860318740}0xfffc0894 0
4292rt_sigprocmaskSIG_SETMASK[INT]NULL8 0
4292socketPF_INETSOCK_STREAMIPPROTO_IP 0
4292fcntl0F_GETFL) = 0x2 (flags O_RDWR 0x2 (flags O_RDWR)
4292fcntl0F_SETFLO_RDWR|O_NONBLOCK 0
4292socketPF_INETSOCK_DGRAMIPPROTO_IP 1
4292connect1{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(53), sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}sin_addr=inet_addr("8.8.8.8")}16 0
4292getsockname1{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(36001), sin_port=htons(36001), sin_addr=inet_addr("192.168.122.147")}sin_addr=inet_addr("192.168.122.147")}[16] 0
4292close1 0
4292connect0{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(80), sin_port=htons(80), sin_addr=inet_addr("65.222.202.53")}sin_addr=inet_addr("65.222.202.53")}16) = -1 EINPROGRESS (Operation now in progress -1 EINPROGRESS (Operation now in progress)
4292_newselect4[3][0]NULL 0 (Timeout)
4292close0 0
4292rt_sigprocmaskSIG_BLOCK[CHLD][INT]8 0
4292rt_sigactionSIGCHLDNULL{SIG_IGN, {SIG_IGN, [CHLD], [CHLD]SA_RESTORER|SA_RESTART0x80542d7}8 0
4292nanosleep{1,{1, -1111687860318740}-1111687860318740}0xfffc0894 0
4292rt_sigprocmaskSIG_SETMASK[INT]NULL8 0
4292socketPF_INETSOCK_STREAMIPPROTO_IP 0
4292fcntl0F_GETFL) = 0x2 (flags O_RDWR 0x2 (flags O_RDWR)
4292fcntl0F_SETFLO_RDWR|O_NONBLOCK 0
4292socketPF_INETSOCK_DGRAMIPPROTO_IP 1
4292connect1{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(53), sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}sin_addr=inet_addr("8.8.8.8")}16 0
4292getsockname1{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(34843), sin_port=htons(34843), sin_addr=inet_addr("192.168.122.147")}sin_addr=inet_addr("192.168.122.147")}[16] 0
4292close1 0
4292connect0{sa_family=AF_INET, {sa_family=AF_INET, sin_port=htons(80), sin_port=htons(80), sin_addr=inet_addr("65.222.202.53")}sin_addr=inet_addr("65.222.202.53")}16) = -1 EINPROGRESS (Operation now in progress -1 EINPROGRESS (Operation now in progress)
4292_newselect4[3][0]NULL4292 _newselect(4, [3], [0], NULL, {10, 0}

Analysis
Ltrace
Statically-compiled samples cannot be ltraced.

Reason
Timeout

Status
Sucess

Strace
Success

Results
True check_circle

DNS
Query

Response

TCP
Info
computer localhost:35392 arrow_forward 65.222.202.53:80
computer localhost:35386 arrow_forward 65.222.202.53:80
computer localhost:35388 arrow_forward 65.222.202.53:80
computer localhost:35384 arrow_forward 65.222.202.53:80
computer localhost:35390 arrow_forward 65.222.202.53:80
computer localhost:35394 arrow_forward 65.222.202.53:80

UDP
Info
computer localhost:5353 arrow_forward help_outline 224.0.0.251:5353

HTTP
Info

Summary
DNS
False cancel

TCP
True check_circle

UDP
True check_circle

HTTP
False cancel

Binary
RF
confidence: 100.00%
suspicious: True check_circle
MLP
confidence: 99.86%
suspicious: True check_circle
SVM
confidence: 95.80%
suspicious: True check_circle
Add to Collection
Download