Loading ...

Play interactive tourEdit tour

Linux Analysis Report x86

Overview

General Information

Sample Name:x86
Analysis ID:553313
MD5:7a4f14429f8c54d68656cfafc8528a34
SHA1:d892fbd509b99745ee003ed803bc582b9b190ce9
SHA256:146bbed5eaaf63f99842e41f64ac4771c3622ff9f6db8712a89a0731d4ec6a95
Tags:elf
Infos:

Detection

Mirai
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Yara signature match
Sample has stripped symbol table
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:553313
Start date:14.01.2022
Start time:16:48:19
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 5s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:x86
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal76.troj.lin@0/1@0/0
Warnings:
Show All
  • Report size exceeded maximum capacity and may have missing network information.

Process Tree

  • system is lnxubuntu20
  • dash New Fork (PID: 5207, Parent: 4331)
  • cat (PID: 5207, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.jjJ0hUD84m
  • dash New Fork (PID: 5208, Parent: 4331)
  • head (PID: 5208, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5209, Parent: 4331)
  • tr (PID: 5209, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5210, Parent: 4331)
  • cut (PID: 5210, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5211, Parent: 4331)
  • cat (PID: 5211, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.jjJ0hUD84m
  • dash New Fork (PID: 5212, Parent: 4331)
  • head (PID: 5212, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5213, Parent: 4331)
  • tr (PID: 5213, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5214, Parent: 4331)
  • cut (PID: 5214, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5217, Parent: 4331)
  • rm (PID: 5217, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.jjJ0hUD84m /tmp/tmp.W8UIKPggkC /tmp/tmp.KmcGhooTuj
  • x86 (PID: 5244, Parent: 5129, MD5: 7a4f14429f8c54d68656cfafc8528a34) Arguments: /tmp/x86
    • x86 New Fork (PID: 5245, Parent: 5244)
    • x86 New Fork (PID: 5246, Parent: 5244)
    • x86 New Fork (PID: 5247, Parent: 5244)
      • x86 New Fork (PID: 5248, Parent: 5247)
      • x86 New Fork (PID: 5249, Parent: 5247)
      • x86 New Fork (PID: 5250, Parent: 5247)
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
x86SUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
  • 0xefc4:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0xf034:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0xf0a4:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0xf114:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0xf184:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0xf3f4:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0xf448:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0xf49c:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0xf4f0:$xo1: oMXKNNC\x0D\x17\x0C\x12
  • 0xf544:$xo1: oMXKNNC\x0D\x17\x0C\x12
x86Mirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
  • 0xe9e0:$x1: POST /cdn-cgi/
  • 0xee2b:$s1: LCOGQGPTGP
x86JoeSecurity_Mirai_9Yara detected MiraiJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    5249.1.00000000df678f20.00000000de9fc6d2.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
    • 0x598:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x610:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x688:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x700:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x778:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xa08:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xa60:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xab8:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xb10:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xb68:$xo1: oMXKNNC\x0D\x17\x0C\x12
    5245.1.00000000df678f20.00000000de9fc6d2.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
    • 0x598:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x610:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x688:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x700:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x778:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xa08:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xa60:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xab8:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xb10:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xb68:$xo1: oMXKNNC\x0D\x17\x0C\x12
    5246.1.00000000df678f20.00000000de9fc6d2.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
    • 0x598:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x610:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x688:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x700:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x778:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xa08:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xa60:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xab8:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xb10:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xb68:$xo1: oMXKNNC\x0D\x17\x0C\x12
    5244.1.00000000df678f20.00000000de9fc6d2.rw-.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
    • 0x598:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x610:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x688:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x700:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0x778:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xa08:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xa60:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xab8:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xb10:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xb68:$xo1: oMXKNNC\x0D\x17\x0C\x12
    5244.1.000000001a887bdc.00000000328ec990.r-x.sdmpSUSP_XORed_MozillaDetects suspicious XORed keyword - Mozilla/5.0Florian Roth
    • 0xefc4:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xf034:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xf0a4:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xf114:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xf184:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xf3f4:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xf448:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xf49c:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xf4f0:$xo1: oMXKNNC\x0D\x17\x0C\x12
    • 0xf544:$xo1: oMXKNNC\x0D\x17\x0C\x12
    Click to see the 11 entries

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: x86Virustotal: Detection: 58%Perma Link
    Source: x86ReversingLabs: Detection: 62%
    Machine Learning detection for sampleShow sources
    Source: x86Joe Sandbox ML: detected

    Networking:

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
    Source: TrafficSnort IDS: 716 INFO TELNET access 185.190.45.22:23 -> 192.168.2.23:38984
    Source: TrafficSnort IDS: 716 INFO TELNET access 116.214.36.17:23 -> 192.168.2.23:56264
    Source: TrafficSnort IDS: 716 INFO TELNET access 116.214.36.17:23 -> 192.168.2.23:56288
    Source: TrafficSnort IDS: 716 INFO TELNET access 116.214.36.17:23 -> 192.168.2.23:56338
    Source: TrafficSnort IDS: 716 INFO TELNET access 185.190.45.22:23 -> 192.168.2.23:39066
    Source: TrafficSnort IDS: 716 INFO TELNET access 116.214.36.17:23 -> 192.168.2.23:56352
    Source: TrafficSnort IDS: 716 INFO TELNET access 116.214.36.17:23 -> 192.168.2.23:56368
    Source: TrafficSnort IDS: 716 INFO TELNET access 116.214.36.17:23 -> 192.168.2.23:56388
    Source: TrafficSnort IDS: 716 INFO TELNET access 185.190.45.22:23 -> 192.168.2.23:39116
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 74.84.112.153:23 -> 192.168.2.23:35498
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 74.84.112.153:23 -> 192.168.2.23:35498
    Source: TrafficSnort IDS: 716 INFO TELNET access 116.214.36.17:23 -> 192.168.2.23:56402
    Source: TrafficSnort IDS: 716 INFO TELNET access 116.214.36.17:23 -> 192.168.2.23:56408
    Source: TrafficSnort IDS: 716 INFO TELNET access 116.214.36.17:23 -> 192.168.2.23:56448
    Source: TrafficSnort IDS: 716 INFO TELNET access 185.190.45.22:23 -> 192.168.2.23:39188
    Source: TrafficSnort IDS: 716 INFO TELNET access 116.214.36.17:23 -> 192.168.2.23:56472
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:45900 -> 107.189.12.189:1791
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 107.189.12.189
    Source: unknownTCP traffic detected without corresponding DNS query: 243.37.169.55
    Source: unknownTCP traffic detected without corresponding DNS query: 35.136.197.55
    Source: unknownTCP traffic detected without corresponding DNS query: 89.212.117.85
    Source: unknownTCP traffic detected without corresponding DNS query: 251.241.205.121
    Source: unknownTCP traffic detected without corresponding DNS query: 250.157.118.1
    Source: unknownTCP traffic detected without corresponding DNS query: 98.122.69.132
    Source: unknownTCP traffic detected without corresponding DNS query: 24.87.252.192
    Source: unknownTCP traffic detected without corresponding DNS query: 198.219.62.200
    Source: unknownTCP traffic detected without corresponding DNS query: 202.222.25.214
    Source: unknownTCP traffic detected without corresponding DNS query: 183.23.73.201
    Source: unknownTCP traffic detected without corresponding DNS query: 165.207.214.42
    Source: unknownTCP traffic detected without corresponding DNS query: 119.79.202.102
    Source: unknownTCP traffic detected without corresponding DNS query: 48.75.93.136
    Source: unknownTCP traffic detected without corresponding DNS query: 197.34.228.50
    Source: unknownTCP traffic detected without corresponding DNS query: 191.20.42.9
    Source: unknownTCP traffic detected without corresponding DNS query: 161.87.247.228
    Source: unknownTCP traffic detected without corresponding DNS query: 107.227.7.215
    Source: unknownTCP traffic detected without corresponding DNS query: 203.114.238.6
    Source: unknownTCP traffic detected without corresponding DNS query: 164.142.229.195
    Source: unknownTCP traffic detected without corresponding DNS query: 119.162.103.213
    Source: unknownTCP traffic detected without corresponding DNS query: 191.8.159.234
    Source: unknownTCP traffic detected without corresponding DNS query: 109.22.115.235
    Source: unknownTCP traffic detected without corresponding DNS query: 135.138.75.14
    Source: unknownTCP traffic detected without corresponding DNS query: 60.232.21.233
    Source: unknownTCP traffic detected without corresponding DNS query: 254.170.80.221
    Source: unknownTCP traffic detected without corresponding DNS query: 4.135.61.101
    Source: unknownTCP traffic detected without corresponding DNS query: 174.126.40.176
    Source: unknownTCP traffic detected without corresponding DNS query: 42.24.90.226
    Source: unknownTCP traffic detected without corresponding DNS query: 81.165.92.42
    Source: unknownTCP traffic detected without corresponding DNS query: 78.222.25.18
    Source: unknownTCP traffic detected without corresponding DNS query: 184.201.199.67
    Source: unknownTCP traffic detected without corresponding DNS query: 69.251.93.46
    Source: unknownTCP traffic detected without corresponding DNS query: 142.122.144.133
    Source: unknownTCP traffic detected without corresponding DNS query: 182.178.24.227
    Source: unknownTCP traffic detected without corresponding DNS query: 88.24.163.118
    Source: unknownTCP traffic detected without corresponding DNS query: 150.170.142.115
    Source: unknownTCP traffic detected without corresponding DNS query: 101.247.37.89
    Source: unknownTCP traffic detected without corresponding DNS query: 84.234.37.29
    Source: unknownTCP traffic detected without corresponding DNS query: 190.146.146.14
    Source: unknownTCP traffic detected without corresponding DNS query: 144.3.114.9
    Source: unknownTCP traffic detected without corresponding DNS query: 90.16.177.238
    Source: unknownTCP traffic detected without corresponding DNS query: 196.82.139.146
    Source: unknownTCP traffic detected without corresponding DNS query: 27.181.160.181
    Source: unknownTCP traffic detected without corresponding DNS query: 165.201.208.107
    Source: unknownTCP traffic detected without corresponding DNS query: 126.20.91.40
    Source: unknownTCP traffic detected without corresponding DNS query: 213.76.55.61
    Source: unknownTCP traffic detected without corresponding DNS query: 106.165.195.45
    Source: unknownTCP traffic detected without corresponding DNS query: 45.209.44.157
    Source: unknownTCP traffic detected without corresponding DNS query: 31.252.239.67
    Source: motd-news.17.drString found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation

    System Summary:

    barindex
    Malicious sample detected (through community Yara rule)Show sources
    Source: x86, type: SAMPLEMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
    Source: 5244.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
    Source: 5246.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
    Source: 5245.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
    Source: 5249.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
    Source: x86, type: SAMPLEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: x86, type: SAMPLEMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
    Source: 5249.1.00000000df678f20.00000000de9fc6d2.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: 5245.1.00000000df678f20.00000000de9fc6d2.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: 5246.1.00000000df678f20.00000000de9fc6d2.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: 5244.1.00000000df678f20.00000000de9fc6d2.rw-.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: 5244.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: 5244.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
    Source: 5246.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: 5246.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
    Source: 5245.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: 5245.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
    Source: 5249.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
    Source: 5249.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: /tmp/x86 (PID: 5245)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/x86 (PID: 5248)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/x86 (PID: 5248)SIGKILL sent: pid: 5245, result: successfulJump to behavior
    Source: /tmp/x86 (PID: 5248)SIGKILL sent: pid: 759, result: successfulJump to behavior
    Source: classification engineClassification label: mal76.troj.lin@0/1@0/0
    Source: /tmp/x86 (PID: 5245)File opened: /proc/491/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/793/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/772/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/796/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/774/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/797/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/777/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/799/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/658/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/912/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/759/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/936/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/918/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/1/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/761/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/785/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/884/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/720/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/721/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/788/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/789/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/800/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/801/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/847/fdJump to behavior
    Source: /tmp/x86 (PID: 5245)File opened: /proc/904/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2033/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2033/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1582/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1582/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2275/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1612/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1612/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1579/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1579/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1699/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1699/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1335/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1335/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1698/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1698/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2028/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2028/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1334/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1334/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1576/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1576/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2302/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/3236/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2025/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2025/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2146/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2146/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/910/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/912/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/912/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/912/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/759/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/759/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/759/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/517/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2307/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/918/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/918/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/918/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1594/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1594/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2285/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2281/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1349/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1349/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1623/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1623/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/761/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/761/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/761/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1622/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1622/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/884/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/884/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/884/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1983/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1983/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2038/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2038/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1586/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1586/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1465/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1465/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1344/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1344/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1860/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1860/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1463/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1463/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/2156/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/800/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/800/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/800/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/801/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/801/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/801/exeJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1629/fdJump to behavior
    Source: /tmp/x86 (PID: 5248)File opened: /proc/1629/exeJump to behavior
    Source: /usr/bin/dash (PID: 5217)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.jjJ0hUD84m /tmp/tmp.W8UIKPggkC /tmp/tmp.KmcGhooTujJump to behavior

    Stealing of Sensitive Information:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: x86, type: SAMPLE
    Source: Yara matchFile source: 5244.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5246.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5245.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5249.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY

    Remote Access Functionality:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: x86, type: SAMPLE
    Source: Yara matchFile source: 5244.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5246.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5245.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY
    Source: Yara matchFile source: 5249.1.000000001a887bdc.00000000328ec990.r-x.sdmp, type: MEMORY

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionFile Deletion1OS Credential Dumping1System Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 553313 Sample: x86 Startdate: 14/01/2022 Architecture: LINUX Score: 76 28 155.132.163.192, 23 ZAMRENZM France 2->28 30 64.1.145.57, 23 XO-AS15US United States 2->30 32 98 other IPs or domains 2->32 34 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->34 36 Malicious sample detected (through community Yara rule) 2->36 38 Multi AV Scanner detection for submitted file 2->38 40 2 other signatures 2->40 8 dash rm x86 2->8         started        10 dash cat 2->10         started        12 dash tr 2->12         started        14 6 other processes 2->14 signatures3 process4 process5 16 x86 8->16         started        18 x86 8->18         started        20 x86 8->20         started        process6 22 x86 16->22         started        24 x86 16->24         started        26 x86 16->26         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    x8658%VirustotalBrowse
    x8663%ReversingLabsLinux.Trojan.Mirai
    x86100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://ubuntu.com/blog/microk8s-memory-optimisationmotd-news.17.drfalse
      high

      Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public

      IPDomainCountryFlagASNASN NameMalicious
      158.73.164.6
      unknownUnited States
      19050TIC-DHHS-INTERIORUSfalse
      183.213.103.251
      unknownChina
      56046CMNET-JIANGSU-APChinaMobilecommunicationscorporationCNfalse
      159.121.22.30
      unknownUnited States
      1798OREGONUSfalse
      155.132.163.192
      unknownFrance
      37532ZAMRENZMfalse
      97.199.8.160
      unknownUnited States
      6167CELLCO-PARTUSfalse
      180.224.232.196
      unknownKorea Republic of
      17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
      12.61.219.1
      unknownUnited States
      7018ATT-INTERNET4USfalse
      255.159.244.48
      unknownReserved
      unknownunknownfalse
      206.223.243.42
      unknownUnited States
      32204KPUNETUSfalse
      14.183.60.165
      unknownViet Nam
      45899VNPT-AS-VNVNPTCorpVNfalse
      82.22.24.220
      unknownUnited Kingdom
      5089NTLGBfalse
      88.86.153.238
      unknownFinland
      1759TSF-IP-CORETeliaFinlandOyjEUfalse
      125.166.6.7
      unknownIndonesia
      7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDfalse
      44.211.207.114
      unknownUnited States
      14618AMAZON-AESUSfalse
      202.132.246.96
      unknownTaiwan; Republic of China (ROC)
      9924TFN-TWTaiwanFixedNetworkTelcoandNetworkServiceProvifalse
      184.136.53.234
      unknownUnited States
      5778CENTURYLINK-LEGACY-EMBARQ-RCMTUSfalse
      76.35.148.229
      unknownUnited States
      18494CENTURYLINK-LEGACY-EMBARQ-WRBGUSfalse
      117.57.68.245
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      198.153.190.22
      unknownUnited States
      55221NPG-ASUSfalse
      88.236.99.235
      unknownTurkey
      9121TTNETTRfalse
      158.38.7.66
      unknownNorway
      224UNINETTUNINETTTheNorwegianUniversityResearchNetworkfalse
      133.152.175.194
      unknownJapan17819ASN-EQUINIX-APEquinixAsiaPacificSGfalse
      17.20.86.44
      unknownUnited States
      714APPLE-ENGINEERINGUSfalse
      217.249.44.246
      unknownGermany
      3320DTAGInternetserviceprovideroperationsDEfalse
      152.255.176.33
      unknownBrazil
      26599TELEFONICABRASILSABRfalse
      77.37.107.97
      unknownGermany
      8893ARTFILES-ASZirkusweg1DEfalse
      138.226.98.73
      unknownSwitzerland
      12980EMEAHostingAutonomousSystemEUfalse
      147.166.88.168
      unknownUnited States
      1452DNIC-ASBLK-01451-01456USfalse
      27.151.37.23
      unknownChina
      133774CHINATELECOM-FUJIAN-FUZHOU-IDC1FuzhouCNfalse
      12.164.149.163
      unknownUnited States
      7018ATT-INTERNET4USfalse
      76.225.145.21
      unknownUnited States
      7018ATT-INTERNET4USfalse
      172.245.6.39
      unknownUnited States
      55286SERVER-MANIACAfalse
      220.6.222.134
      unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
      67.58.76.64
      unknownUnited States
      27221ARDMORE-TELUSfalse
      80.222.97.33
      unknownFinland
      1759TSF-IP-CORETeliaFinlandOyjEUfalse
      216.218.72.80
      unknownUnited States
      20257FTC-INETUSfalse
      191.196.35.86
      unknownBrazil
      26599TELEFONICABRASILSABRfalse
      81.162.191.193
      unknownMoldova Republic of
      57598FIBERHOP-ASNMDfalse
      195.71.65.187
      unknownGermany
      6805TDDE-ASN1DEfalse
      106.94.251.255
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      195.64.154.153
      unknownUkraine
      197726UKRNAMES-ASUAfalse
      77.156.42.5
      unknownFrance
      15557LDCOMNETFRfalse
      152.196.192.223
      unknownUnited States
      701UUNETUSfalse
      93.161.25.227
      unknownDenmark
      3292TDCTDCASDKfalse
      159.37.110.25
      unknownUnited States
      30449AZSTATEUSfalse
      87.15.59.112
      unknownItaly
      3269ASN-IBSNAZITfalse
      64.1.145.57
      unknownUnited States
      2828XO-AS15USfalse
      108.22.97.108
      unknownUnited States
      701UUNETUSfalse
      62.35.61.113
      unknownFrance
      5410BOUYGTEL-ISPFRfalse
      240.55.97.156
      unknownReserved
      unknownunknownfalse
      147.171.34.38
      unknownFrance
      1942FR-TIGREToileInformatiqueGREnobloiseEUfalse
      104.15.73.28
      unknownUnited States
      7018ATT-INTERNET4USfalse
      83.97.13.148
      unknownNetherlands
      30879RAI-ASNLfalse
      18.41.244.81
      unknownUnited States
      3MIT-GATEWAYSUSfalse
      75.230.2.147
      unknownUnited States
      22394CELLCOUSfalse
      213.30.159.24
      unknownFrance
      12670AS-COMPLETELFRfalse
      89.189.111.208
      unknownRussian Federation
      41349MVMTECH-ASRUfalse
      35.129.6.125
      unknownUnited States
      20115CHARTER-20115USfalse
      241.213.38.46
      unknownReserved
      unknownunknownfalse
      160.217.211.17
      unknownCzech Republic
      2852CESNET2CZfalse
      220.229.198.13
      unknownTaiwan; Republic of China (ROC)
      9919NCIC-TWNewCenturyInfoCommTechCoLtdTWfalse
      147.200.14.160
      unknownAustralia
      55542RMSNET-AS-APRoadsandMaritimeServicesAUfalse
      150.170.142.115
      unknownUnited States
      26438MONROE-COMMUNITY-COLLEGEUSfalse
      76.2.64.79
      unknownUnited States
      14921CENTURYLINK-LEGACY-EMBARQ-HDRVUSfalse
      81.126.248.41
      unknownItaly
      3269ASN-IBSNAZITfalse
      253.211.173.107
      unknownReserved
      unknownunknownfalse
      31.119.40.0
      unknownUnited Kingdom
      12576EELtdGBfalse
      180.241.233.157
      unknownIndonesia
      7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDfalse
      20.82.204.32
      unknownUnited States
      8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      1.3.127.53
      unknownChina
      13335CLOUDFLARENETUSfalse
      95.76.74.187
      unknownRomania
      6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
      252.59.166.227
      unknownReserved
      unknownunknownfalse
      86.35.76.176
      unknownRomania
      9050RTDBucharestRomaniaROfalse
      63.59.220.25
      unknownUnited States
      701UUNETUSfalse
      39.162.123.35
      unknownChina
      24445CMNET-V4HENAN-AS-APHenanMobileCommunicationsCoLtdCNfalse
      147.100.61.19
      unknownFrance
      2200FR-RENATERReseauNationaldetelecommunicationspourlaTecfalse
      248.163.189.243
      unknownReserved
      unknownunknownfalse
      187.139.246.120
      unknownMexico
      8151UninetSAdeCVMXfalse
      195.113.110.44
      unknownCzech Republic
      2852CESNET2CZfalse
      177.249.48.53
      unknownMexico
      16960CablevisionRedSAdeCVMXfalse
      202.165.86.173
      unknownAustralia
      10113EFTEL-AS-APEftelLimitedAUfalse
      207.40.248.96
      unknownUnited States
      1239SPRINTLINKUSfalse
      206.230.26.182
      unknownUnited States
      1239SPRINTLINKUSfalse
      174.98.153.220
      unknownUnited States
      10796TWC-10796-MIDWESTUSfalse
      164.28.9.155
      unknownGermany
      29355KCELL-ASKZfalse
      175.8.178.190
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      73.11.175.211
      unknownUnited States
      7922COMCAST-7922USfalse
      117.7.194.187
      unknownViet Nam
      7552VIETEL-AS-APViettelGroupVNfalse
      77.247.70.31
      unknownDenmark
      31590RACKHOSTING-ASDKfalse
      2.78.150.211
      unknownKazakhstan
      29355KCELL-ASKZfalse
      104.156.200.250
      unknownUnited States
      21743ANL-36USfalse
      174.102.8.48
      unknownUnited States
      10796TWC-10796-MIDWESTUSfalse
      164.4.87.160
      unknownSweden
      44013SANDVIK-ASSEfalse
      197.50.232.231
      unknownEgypt
      8452TE-ASTE-ASEGfalse
      195.66.140.144
      unknownUkraine
      39027BATYEVKA-NET-ASUAfalse
      244.54.225.33
      unknownReserved
      unknownunknownfalse
      32.108.138.1
      unknownUnited States
      2688ATGS-MMD-ASUSfalse
      201.60.59.246
      unknownBrazil
      27699TELEFONICABRASILSABRfalse
      67.34.85.77
      unknownUnited States
      6389BELLSOUTH-NET-BLKUSfalse
      193.252.238.252
      unknownFrance
      3215FranceTelecom-OrangeFRfalse


      Runtime Messages

      Command:/tmp/x86
      Exit Code:0
      Exit Code Info:
      Killed:False
      Standard Output:
      lzrd cock fest'/proc/'/exe
      Standard Error:

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASN

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      TIC-DHHS-INTERIORUS5mlTMTv6DNGet hashmaliciousBrowse
      • 158.73.140.88
      OsFOXrPtJuGet hashmaliciousBrowse
      • 158.73.105.170
      tvUK6374iRGet hashmaliciousBrowse
      • 158.73.72.220
      qElEhirDBKGet hashmaliciousBrowse
      • 158.73.105.157
      sora.mipsGet hashmaliciousBrowse
      • 158.73.140.99
      UNNEIaOxVMGet hashmaliciousBrowse
      • 158.73.164.51
      peach.x86Get hashmaliciousBrowse
      • 158.73.164.42
      MpqBwoD6CmGet hashmaliciousBrowse
      • 158.73.188.32
      94VG.armGet hashmaliciousBrowse
      • 158.73.152.77
      cUfweIWt2xGet hashmaliciousBrowse
      • 158.73.115.93
      i01hLg63evGet hashmaliciousBrowse
      • 158.73.188.10
      FRENM1DCvXGet hashmaliciousBrowse
      • 158.73.164.67
      OREGONUSFourloko.x86Get hashmaliciousBrowse
      • 159.121.16.145
      zOBc8z4lpxGet hashmaliciousBrowse
      • 204.144.95.165
      sora.x86-20220109-2200Get hashmaliciousBrowse
      • 170.105.187.253
      xs8ZDCjaunGet hashmaliciousBrowse
      • 170.104.232.141
      b0Ht6p5D1JGet hashmaliciousBrowse
      • 159.121.70.232
      arm5-20211225-0506Get hashmaliciousBrowse
      • 170.104.2.10
      xn0eC7abrGGet hashmaliciousBrowse
      • 170.105.52.102
      YqHxQPdsKfGet hashmaliciousBrowse
      • 167.131.206.167
      MgxZMcbt68Get hashmaliciousBrowse
      • 170.104.190.121
      CRokHpfu6UGet hashmaliciousBrowse
      • 170.105.52.120
      qElEhirDBKGet hashmaliciousBrowse
      • 199.74.44.106
      1a2COTxMvUGet hashmaliciousBrowse
      • 170.104.144.145
      armGet hashmaliciousBrowse
      • 159.121.34.27
      BsXhIyIHzCGet hashmaliciousBrowse
      • 198.178.175.141
      fnC9RrzssKGet hashmaliciousBrowse
      • 159.121.5.136
      yE2Dyk0DcvGet hashmaliciousBrowse
      • 199.74.44.128
      Zot0D0dD8JGet hashmaliciousBrowse
      • 170.104.43.201
      meerkat.x86Get hashmaliciousBrowse
      • 159.121.5.111
      RIkJg4Hr71Get hashmaliciousBrowse
      • 159.121.238.194
      NvgmFQhNC0Get hashmaliciousBrowse
      • 167.131.85.139
      CMNET-JIANGSU-APChinaMobilecommunicationscorporationCN3Jxou3a3wmGet hashmaliciousBrowse
      • 112.23.171.187
      IhRNkXfMkBGet hashmaliciousBrowse
      • 112.22.109.101
      lpDpxl4PjJGet hashmaliciousBrowse
      • 112.20.229.185
      7FGyX6YAPZGet hashmaliciousBrowse
      • 112.2.226.23
      lAbrw2L5lmGet hashmaliciousBrowse
      • 112.0.59.33
      ap8oF4jVpqGet hashmaliciousBrowse
      • 112.2.251.17
      Aj49WWhBwyGet hashmaliciousBrowse
      • 112.23.65.230
      LpS8m2MdTqGet hashmaliciousBrowse
      • 183.206.73.27
      8NjgFrA0BQGet hashmaliciousBrowse
      • 223.107.227.116
      aIQgkd3d5AGet hashmaliciousBrowse
      • 223.105.211.78
      8I4YXRv374Get hashmaliciousBrowse
      • 114.133.28.27
      jew.arm7Get hashmaliciousBrowse
      • 110.115.145.182
      Aivc0CNceLGet hashmaliciousBrowse
      • 223.67.245.78
      TYfDfMYTuPGet hashmaliciousBrowse
      • 223.64.65.29
      Ybkk4CLvn2Get hashmaliciousBrowse
      • 223.113.218.95
      nhv56L031ZGet hashmaliciousBrowse
      • 223.107.90.158
      DEMONS.armGet hashmaliciousBrowse
      • 112.2.23.119
      sora.arm-20220109-2200Get hashmaliciousBrowse
      • 112.1.220.16
      Ioj3xaahaJGet hashmaliciousBrowse
      • 223.64.28.73
      armGet hashmaliciousBrowse
      • 112.4.118.178

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      /var/cache/motd-news
      Process:/usr/bin/cut
      File Type:ASCII text
      Category:dropped
      Size (bytes):191
      Entropy (8bit):4.515771857099866
      Encrypted:false
      SSDEEP:3:P2lnI+5MsqqzNLz+FRNScHUBfRau95++sZzR5woLB1Fh0VTGTl/X5kURn:OZ8uNLzDc0pR75+9Zz/woFmIT52URn
      MD5:DD514F892B5F93ED615D366E58AC58AF
      SHA1:BA75EDB3C2232CC260BC187F604DC8F25AA72C11
      SHA-256:F40D0DCE6E83DF74109FEF5E68E51CC255727783EEAE04C3E34677E23F7552CF
      SHA-512:9150BDE63F6C4850C5340D8877892B4D9BBF9EBDC98CDCF557A93FA304C1222CEE446418F5BE2ACCDBF38393778AFA5D4F3EDCB37A47BF57D3A4B2DEAD42A2D0
      Malicious:false
      Reputation:moderate, very likely benign file
      Preview: * Super-optimized for small spaces - read how we shrank the memory. footprint of MicroK8s to make it the smallest full K8s around... https://ubuntu.com/blog/microk8s-memory-optimisation.

      Static File Info

      General

      File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
      Entropy (8bit):6.4083584263947255
      TrID:
      • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
      • ELF Executable and Linkable format (generic) (4004/1) 49.84%
      File name:x86
      File size:66136
      MD5:7a4f14429f8c54d68656cfafc8528a34
      SHA1:d892fbd509b99745ee003ed803bc582b9b190ce9
      SHA256:146bbed5eaaf63f99842e41f64ac4771c3622ff9f6db8712a89a0731d4ec6a95
      SHA512:590fdae2eb9c336f5485ab46d7e50b7c5ac0363f293ccdb4c8d7ecc3a8adef67af54d606d33beb319904a1e4553f4944cfc0dd61c575d291e44bba5114b94d1e
      SSDEEP:1536:IoRC9170vwHbQXZ5+qXDEuXi90dSW7V/DjObeFt6PuQ4Zx:PC917iwHbQXZ5+qXA594SWZ/XObeb6G7
      File Content Preview:.ELF....................d...4...........4. ...(..................... ... ...........................................Q.td............................U..S.......w....h........[]...$.............U......=.....t..5....$......$.......u........t....h {..........

      Static ELF Info

      ELF header

      Class:ELF32
      Data:2's complement, little endian
      Version:1 (current)
      Machine:Intel 80386
      Version Number:0x1
      Type:EXEC (Executable file)
      OS/ABI:UNIX - System V
      ABI Version:0
      Entry Point Address:0x8048164
      Flags:0x0
      ELF Header Size:52
      Program Header Offset:52
      Program Header Size:32
      Number of Program Headers:3
      Section Header Offset:65736
      Section Header Size:40
      Number of Section Headers:10
      Header String Table Index:9

      Sections

      NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
      NULL0x00x00x00x00x0000
      .initPROGBITS0x80480940x940x1c0x00x6AX001
      .textPROGBITS0x80480b00xb00xe9060x00x6AX0016
      .finiPROGBITS0x80569b60xe9b60x170x00x6AX001
      .rodataPROGBITS0x80569e00xe9e00x11400x00x2A0032
      .ctorsPROGBITS0x80580000x100000x80x00x3WA004
      .dtorsPROGBITS0x80580080x100080x80x00x3WA004
      .dataPROGBITS0x80580200x100200x680x00x3WA004
      .bssNOBITS0x80580a00x100880x8600x00x3WA0032
      .shstrtabSTRTAB0x00x100880x3e0x00x0001

      Program Segments

      TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
      LOAD0x00x80480000x80480000xfb200xfb203.85660x5R E0x1000.init .text .fini .rodata
      LOAD0x100000x80580000x80580000x880x9001.08110x6RW 0x1000.ctors .dtors .data .bss
      GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

      Network Behavior

      Network Port Distribution

      TCP Packets

      TimestampSource PortDest PortSource IPDest IP
      Jan 14, 2022 16:49:03.493927002 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.494188070 CET5605123192.168.2.23243.37.169.55
      Jan 14, 2022 16:49:03.494209051 CET5605123192.168.2.2335.136.197.55
      Jan 14, 2022 16:49:03.494227886 CET5605123192.168.2.2389.212.117.85
      Jan 14, 2022 16:49:03.494226933 CET5605123192.168.2.23251.241.205.121
      Jan 14, 2022 16:49:03.494237900 CET5605123192.168.2.23250.157.118.1
      Jan 14, 2022 16:49:03.494230986 CET5605123192.168.2.2398.122.69.132
      Jan 14, 2022 16:49:03.494237900 CET5605123192.168.2.2324.87.252.192
      Jan 14, 2022 16:49:03.494266987 CET5605123192.168.2.23198.219.62.200
      Jan 14, 2022 16:49:03.494275093 CET5605123192.168.2.23202.222.25.214
      Jan 14, 2022 16:49:03.494282007 CET5605123192.168.2.23183.23.73.201
      Jan 14, 2022 16:49:03.494287014 CET5605123192.168.2.23165.207.214.42
      Jan 14, 2022 16:49:03.494297981 CET5605123192.168.2.23119.79.202.102
      Jan 14, 2022 16:49:03.494297981 CET5605123192.168.2.2348.75.93.136
      Jan 14, 2022 16:49:03.494313955 CET5605123192.168.2.23197.34.228.50
      Jan 14, 2022 16:49:03.494311094 CET5605123192.168.2.23191.20.42.9
      Jan 14, 2022 16:49:03.494314909 CET5605123192.168.2.23161.87.247.228
      Jan 14, 2022 16:49:03.494322062 CET5605123192.168.2.23107.227.7.215
      Jan 14, 2022 16:49:03.494343996 CET5605123192.168.2.23203.114.238.6
      Jan 14, 2022 16:49:03.494353056 CET5605123192.168.2.23164.142.229.195
      Jan 14, 2022 16:49:03.494359016 CET5605123192.168.2.23119.162.103.213
      Jan 14, 2022 16:49:03.494362116 CET5605123192.168.2.23191.8.159.234
      Jan 14, 2022 16:49:03.495537043 CET5605123192.168.2.23109.22.115.235
      Jan 14, 2022 16:49:03.495554924 CET5605123192.168.2.23135.138.75.14
      Jan 14, 2022 16:49:03.495565891 CET5605123192.168.2.2360.232.21.233
      Jan 14, 2022 16:49:03.495565891 CET5605123192.168.2.23254.170.80.221
      Jan 14, 2022 16:49:03.495569944 CET5605123192.168.2.234.135.61.101
      Jan 14, 2022 16:49:03.495570898 CET5605123192.168.2.23174.126.40.176
      Jan 14, 2022 16:49:03.495578051 CET5605123192.168.2.2342.24.90.226
      Jan 14, 2022 16:49:03.495579004 CET5605123192.168.2.2381.165.92.42
      Jan 14, 2022 16:49:03.495587111 CET5605123192.168.2.2378.222.25.18
      Jan 14, 2022 16:49:03.495589018 CET5605123192.168.2.23184.201.199.67
      Jan 14, 2022 16:49:03.495594978 CET5605123192.168.2.2369.251.93.46
      Jan 14, 2022 16:49:03.495599031 CET5605123192.168.2.23142.122.144.133
      Jan 14, 2022 16:49:03.495600939 CET5605123192.168.2.23182.178.24.227
      Jan 14, 2022 16:49:03.495601892 CET5605123192.168.2.2388.24.163.118
      Jan 14, 2022 16:49:03.495610952 CET5605123192.168.2.23150.170.142.115
      Jan 14, 2022 16:49:03.495614052 CET5605123192.168.2.23101.247.37.89
      Jan 14, 2022 16:49:03.495635033 CET5605123192.168.2.2384.234.37.29
      Jan 14, 2022 16:49:03.495647907 CET5605123192.168.2.23190.146.146.14
      Jan 14, 2022 16:49:03.495659113 CET5605123192.168.2.23144.3.114.9
      Jan 14, 2022 16:49:03.495672941 CET5605123192.168.2.2390.16.177.238
      Jan 14, 2022 16:49:03.495675087 CET5605123192.168.2.23196.82.139.146
      Jan 14, 2022 16:49:03.495678902 CET5605123192.168.2.2327.181.160.181
      Jan 14, 2022 16:49:03.495682001 CET5605123192.168.2.23165.201.208.107
      Jan 14, 2022 16:49:03.495703936 CET5605123192.168.2.23126.20.91.40
      Jan 14, 2022 16:49:03.495708942 CET5605123192.168.2.23213.76.55.61
      Jan 14, 2022 16:49:03.495743036 CET5605123192.168.2.23106.165.195.45
      Jan 14, 2022 16:49:03.495752096 CET5605123192.168.2.2345.209.44.157
      Jan 14, 2022 16:49:03.495757103 CET5605123192.168.2.2331.252.239.67
      Jan 14, 2022 16:49:03.495769978 CET5605123192.168.2.23218.112.34.13
      Jan 14, 2022 16:49:03.495771885 CET5605123192.168.2.23133.109.206.58
      Jan 14, 2022 16:49:03.495773077 CET5605123192.168.2.23171.32.251.240
      Jan 14, 2022 16:49:03.495776892 CET5605123192.168.2.23169.130.138.123
      Jan 14, 2022 16:49:03.495810032 CET5605123192.168.2.23218.152.45.181
      Jan 14, 2022 16:49:03.495811939 CET5605123192.168.2.23115.205.230.231
      Jan 14, 2022 16:49:03.495822906 CET5605123192.168.2.2360.77.211.199
      Jan 14, 2022 16:49:03.495832920 CET5605123192.168.2.2378.104.112.106
      Jan 14, 2022 16:49:03.495839119 CET5605123192.168.2.23113.169.201.101
      Jan 14, 2022 16:49:03.495846987 CET5605123192.168.2.23172.227.121.106
      Jan 14, 2022 16:49:03.495855093 CET5605123192.168.2.23211.41.137.85
      Jan 14, 2022 16:49:03.495862007 CET5605123192.168.2.23110.13.0.233
      Jan 14, 2022 16:49:03.495862007 CET5605123192.168.2.23179.68.169.85
      Jan 14, 2022 16:49:03.495862961 CET5605123192.168.2.23157.44.38.200
      Jan 14, 2022 16:49:03.495863914 CET5605123192.168.2.23101.218.97.48
      Jan 14, 2022 16:49:03.495865107 CET5605123192.168.2.23101.150.163.235
      Jan 14, 2022 16:49:03.495867014 CET5605123192.168.2.23118.134.88.107
      Jan 14, 2022 16:49:03.495868921 CET5605123192.168.2.23204.24.236.48
      Jan 14, 2022 16:49:03.495882034 CET5605123192.168.2.23241.203.59.238
      Jan 14, 2022 16:49:03.495893955 CET5605123192.168.2.2377.249.181.147
      Jan 14, 2022 16:49:03.495902061 CET5605123192.168.2.23156.108.68.118
      Jan 14, 2022 16:49:03.495909929 CET5605123192.168.2.23119.24.8.255
      Jan 14, 2022 16:49:03.495917082 CET5605123192.168.2.23181.30.138.216
      Jan 14, 2022 16:49:03.495927095 CET5605123192.168.2.23177.254.1.206
      Jan 14, 2022 16:49:03.495932102 CET5605123192.168.2.23161.229.43.226
      Jan 14, 2022 16:49:03.495932102 CET5605123192.168.2.23218.242.245.21
      Jan 14, 2022 16:49:03.495933056 CET5605123192.168.2.23192.135.34.33
      Jan 14, 2022 16:49:03.495934010 CET5605123192.168.2.2378.151.203.223
      Jan 14, 2022 16:49:03.495932102 CET5605123192.168.2.23196.229.26.247
      Jan 14, 2022 16:49:03.495939970 CET5605123192.168.2.23179.26.100.88
      Jan 14, 2022 16:49:03.495944977 CET5605123192.168.2.2338.151.184.175
      Jan 14, 2022 16:49:03.495949030 CET5605123192.168.2.2353.124.0.146
      Jan 14, 2022 16:49:03.496011019 CET5605123192.168.2.23147.51.19.153
      Jan 14, 2022 16:49:03.496015072 CET5605123192.168.2.23155.251.203.58
      Jan 14, 2022 16:49:03.496020079 CET5605123192.168.2.23189.128.193.232
      Jan 14, 2022 16:49:03.496021032 CET5605123192.168.2.23164.39.119.160
      Jan 14, 2022 16:49:03.496023893 CET5605123192.168.2.23121.111.152.8
      Jan 14, 2022 16:49:03.496025085 CET5605123192.168.2.2345.132.3.167
      Jan 14, 2022 16:49:03.496023893 CET5605123192.168.2.2372.228.47.33
      Jan 14, 2022 16:49:03.496025085 CET5605123192.168.2.23208.80.104.231
      Jan 14, 2022 16:49:03.496031046 CET5605123192.168.2.2399.228.146.144
      Jan 14, 2022 16:49:03.496031046 CET5605123192.168.2.2371.244.230.226
      Jan 14, 2022 16:49:03.496033907 CET5605123192.168.2.23217.253.22.107
      Jan 14, 2022 16:49:03.496037960 CET5605123192.168.2.2362.160.128.68
      Jan 14, 2022 16:49:03.496048927 CET5605123192.168.2.2375.253.223.171
      Jan 14, 2022 16:49:03.496053934 CET5605123192.168.2.239.207.193.194
      Jan 14, 2022 16:49:03.496056080 CET5605123192.168.2.23116.230.228.53
      Jan 14, 2022 16:49:03.496062994 CET5605123192.168.2.23124.165.104.193
      Jan 14, 2022 16:49:03.496067047 CET5605123192.168.2.23196.19.177.106
      Jan 14, 2022 16:49:03.496071100 CET5605123192.168.2.23118.60.99.50
      Jan 14, 2022 16:49:03.496141911 CET5605123192.168.2.23220.188.86.190
      Jan 14, 2022 16:49:03.496144056 CET5605123192.168.2.23246.2.213.193
      Jan 14, 2022 16:49:03.496144056 CET5605123192.168.2.23142.237.40.107
      Jan 14, 2022 16:49:03.496149063 CET5605123192.168.2.2354.42.30.33
      Jan 14, 2022 16:49:03.496150017 CET5605123192.168.2.23203.129.2.125
      Jan 14, 2022 16:49:03.496150017 CET5605123192.168.2.2392.26.179.33
      Jan 14, 2022 16:49:03.496151924 CET5605123192.168.2.23154.179.96.210
      Jan 14, 2022 16:49:03.496153116 CET5605123192.168.2.23152.56.106.100
      Jan 14, 2022 16:49:03.496155024 CET5605123192.168.2.23251.123.182.237
      Jan 14, 2022 16:49:03.496155024 CET5605123192.168.2.2335.80.18.10
      Jan 14, 2022 16:49:03.496160030 CET5605123192.168.2.2347.119.164.81
      Jan 14, 2022 16:49:03.496164083 CET5605123192.168.2.2378.140.132.103
      Jan 14, 2022 16:49:03.496164083 CET5605123192.168.2.23194.195.183.180
      Jan 14, 2022 16:49:03.496165991 CET5605123192.168.2.23160.5.253.179
      Jan 14, 2022 16:49:03.496169090 CET5605123192.168.2.2378.17.211.206
      Jan 14, 2022 16:49:03.496172905 CET5605123192.168.2.23150.102.78.247
      Jan 14, 2022 16:49:03.496177912 CET5605123192.168.2.23122.239.252.239
      Jan 14, 2022 16:49:03.496180058 CET5605123192.168.2.2378.86.212.20
      Jan 14, 2022 16:49:03.496181011 CET5605123192.168.2.2373.45.181.39
      Jan 14, 2022 16:49:03.496184111 CET5605123192.168.2.2327.183.125.14
      Jan 14, 2022 16:49:03.496186972 CET5605123192.168.2.2318.52.86.86
      Jan 14, 2022 16:49:03.496190071 CET5605123192.168.2.2327.135.99.177
      Jan 14, 2022 16:49:03.496191978 CET5605123192.168.2.2369.162.72.168
      Jan 14, 2022 16:49:03.496195078 CET5605123192.168.2.23128.6.143.98
      Jan 14, 2022 16:49:03.496196985 CET5605123192.168.2.23125.77.151.244
      Jan 14, 2022 16:49:03.496202946 CET5605123192.168.2.23113.21.12.83
      Jan 14, 2022 16:49:03.496205091 CET5605123192.168.2.2386.70.198.247
      Jan 14, 2022 16:49:03.496206045 CET5605123192.168.2.239.254.202.92
      Jan 14, 2022 16:49:03.496208906 CET5605123192.168.2.23106.214.202.92
      Jan 14, 2022 16:49:03.496212959 CET5605123192.168.2.23106.56.115.9
      Jan 14, 2022 16:49:03.496216059 CET5605123192.168.2.23170.247.158.164
      Jan 14, 2022 16:49:03.496222019 CET5605123192.168.2.23195.87.158.46
      Jan 14, 2022 16:49:03.496223927 CET5605123192.168.2.2317.186.50.160
      Jan 14, 2022 16:49:03.496227026 CET5605123192.168.2.2389.13.5.239
      Jan 14, 2022 16:49:03.496229887 CET5605123192.168.2.23193.107.20.59
      Jan 14, 2022 16:49:03.496234894 CET5605123192.168.2.2374.252.155.56
      Jan 14, 2022 16:49:03.496237993 CET5605123192.168.2.23142.78.218.118
      Jan 14, 2022 16:49:03.496239901 CET5605123192.168.2.2373.55.168.107
      Jan 14, 2022 16:49:03.496256113 CET5605123192.168.2.2339.176.80.101
      Jan 14, 2022 16:49:03.496260881 CET5605123192.168.2.2370.12.97.84
      Jan 14, 2022 16:49:03.496263981 CET5605123192.168.2.23205.204.125.209
      Jan 14, 2022 16:49:03.496265888 CET5605123192.168.2.23211.38.199.104
      Jan 14, 2022 16:49:03.496272087 CET5605123192.168.2.23189.232.210.116
      Jan 14, 2022 16:49:03.496273041 CET5605123192.168.2.2359.98.0.34
      Jan 14, 2022 16:49:03.496274948 CET5605123192.168.2.2357.14.158.242
      Jan 14, 2022 16:49:03.496275902 CET5605123192.168.2.23148.231.186.187
      Jan 14, 2022 16:49:03.496282101 CET5605123192.168.2.2357.87.130.22
      Jan 14, 2022 16:49:03.496282101 CET5605123192.168.2.2327.220.129.83
      Jan 14, 2022 16:49:03.496285915 CET5605123192.168.2.23187.57.77.214
      Jan 14, 2022 16:49:03.496295929 CET5605123192.168.2.23142.188.166.159
      Jan 14, 2022 16:49:03.523283005 CET2356051196.19.177.106192.168.2.23
      Jan 14, 2022 16:49:03.524632931 CET179145900107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.524699926 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.524775028 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.529134989 CET235605181.165.92.42192.168.2.23
      Jan 14, 2022 16:49:03.553478003 CET179145900107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.553546906 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.581152916 CET179145900107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.583574057 CET179145900107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.583600998 CET179145900107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.583630085 CET179145900107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.583633900 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.583657026 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.583657980 CET179145900107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.583662987 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.583684921 CET179145900107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.583700895 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.583714962 CET179145900107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.583726883 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.583739042 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.583743095 CET179145900107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.583771944 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.583772898 CET179145900107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.583803892 CET179145900107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.583808899 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.583831072 CET179145900107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.583837986 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.583842993 CET459021791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.583854914 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.583872080 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.610733032 CET179145900107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.610800028 CET459001791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.610981941 CET179145902107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.611052036 CET459021791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.611112118 CET459021791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.635270119 CET179145902107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.635345936 CET459021791192.168.2.23107.189.12.189
      Jan 14, 2022 16:49:03.661145926 CET179145902107.189.12.189192.168.2.23
      Jan 14, 2022 16:49:03.702047110 CET2356051119.162.103.213192.168.2.23
      Jan 14, 2022 16:49:04.497119904 CET5605123192.168.2.23241.152.72.252
      Jan 14, 2022 16:49:04.497140884 CET5605123192.168.2.23212.161.77.45
      Jan 14, 2022 16:49:04.497181892 CET5605123192.168.2.2363.158.207.251
      Jan 14, 2022 16:49:04.497190952 CET5605123192.168.2.2362.155.41.22
      Jan 14, 2022 16:49:04.497200012 CET5605123192.168.2.2318.157.19.181
      Jan 14, 2022 16:49:04.497222900 CET5605123192.168.2.23151.120.184.172
      Jan 14, 2022 16:49:04.497224092 CET5605123192.168.2.23189.60.237.97
      Jan 14, 2022 16:49:04.497234106 CET5605123192.168.2.2373.38.79.250
      Jan 14, 2022 16:49:04.497243881 CET5605123192.168.2.2386.221.36.225
      Jan 14, 2022 16:49:04.497262955 CET5605123192.168.2.2375.144.3.98
      Jan 14, 2022 16:49:04.497268915 CET5605123192.168.2.23203.178.250.88
      Jan 14, 2022 16:49:04.497272968 CET5605123192.168.2.2360.201.27.244
      Jan 14, 2022 16:49:04.497273922 CET5605123192.168.2.2392.67.223.126
      Jan 14, 2022 16:49:04.497277021 CET5605123192.168.2.2374.104.133.136
      Jan 14, 2022 16:49:04.497279882 CET5605123192.168.2.2336.126.52.185
      Jan 14, 2022 16:49:04.497282982 CET5605123192.168.2.2386.152.199.125
      Jan 14, 2022 16:49:04.497284889 CET5605123192.168.2.23171.110.190.187
      Jan 14, 2022 16:49:04.497287035 CET5605123192.168.2.23176.149.105.79
      Jan 14, 2022 16:49:04.497294903 CET5605123192.168.2.23221.125.73.3
      Jan 14, 2022 16:49:04.497293949 CET5605123192.168.2.23161.205.104.67
      Jan 14, 2022 16:49:04.497297049 CET5605123192.168.2.2397.228.102.221
      Jan 14, 2022 16:49:04.497299910 CET5605123192.168.2.2375.93.194.41
      Jan 14, 2022 16:49:04.497311115 CET5605123192.168.2.2375.67.21.194
      Jan 14, 2022 16:49:04.497313976 CET5605123192.168.2.23253.11.98.190
      Jan 14, 2022 16:49:04.497319937 CET5605123192.168.2.23219.26.123.22
      Jan 14, 2022 16:49:04.497325897 CET5605123192.168.2.23209.110.96.226
      Jan 14, 2022 16:49:04.497333050 CET5605123192.168.2.23172.34.47.131
      Jan 14, 2022 16:49:04.497323990 CET5605123192.168.2.2366.191.131.119
      Jan 14, 2022 16:49:04.497335911 CET5605123192.168.2.23196.11.44.112
      Jan 14, 2022 16:49:04.497337103 CET5605123192.168.2.23184.99.120.212
      Jan 14, 2022 16:49:04.497339010 CET5605123192.168.2.23216.226.4.223
      Jan 14, 2022 16:49:04.497339964 CET5605123192.168.2.23172.75.117.231
      Jan 14, 2022 16:49:04.497342110 CET5605123192.168.2.23126.2.3.19
      Jan 14, 2022 16:49:04.497344971 CET5605123192.168.2.23110.179.128.164
      Jan 14, 2022 16:49:04.497349024 CET5605123192.168.2.23117.232.117.237
      Jan 14, 2022 16:49:04.497361898 CET5605123192.168.2.2378.171.9.54
      Jan 14, 2022 16:49:04.497364044 CET5605123192.168.2.23203.252.198.117
      Jan 14, 2022 16:49:04.497368097 CET5605123192.168.2.23116.14.199.59
      Jan 14, 2022 16:49:04.497375011 CET5605123192.168.2.23175.55.196.179
      Jan 14, 2022 16:49:04.497376919 CET5605123192.168.2.23174.53.149.158
      Jan 14, 2022 16:49:04.497380018 CET5605123192.168.2.23124.223.238.207
      Jan 14, 2022 16:49:04.497380972 CET5605123192.168.2.2342.96.132.58
      Jan 14, 2022 16:49:04.497387886 CET5605123192.168.2.23240.227.56.208
      Jan 14, 2022 16:49:04.497391939 CET5605123192.168.2.23103.136.59.40
      Jan 14, 2022 16:49:04.497395992 CET5605123192.168.2.2369.12.29.124
      Jan 14, 2022 16:49:04.497396946 CET5605123192.168.2.23193.81.57.89
      Jan 14, 2022 16:49:04.497401953 CET5605123192.168.2.23118.14.169.235
      Jan 14, 2022 16:49:04.497402906 CET5605123192.168.2.23207.139.90.21
      Jan 14, 2022 16:49:04.497404099 CET5605123192.168.2.23193.243.221.4
      Jan 14, 2022 16:49:04.497411013 CET5605123192.168.2.2320.226.238.169
      Jan 14, 2022 16:49:04.497412920 CET5605123192.168.2.2335.92.199.131
      Jan 14, 2022 16:49:04.497419119 CET5605123192.168.2.23138.2.195.139
      Jan 14, 2022 16:49:04.497423887 CET5605123192.168.2.2362.223.75.94
      Jan 14, 2022 16:49:04.497428894 CET5605123192.168.2.2323.211.42.126
      Jan 14, 2022 16:49:04.497431993 CET5605123192.168.2.2323.2.59.30
      Jan 14, 2022 16:49:04.497435093 CET5605123192.168.2.23250.234.9.102
      Jan 14, 2022 16:49:04.497436047 CET5605123192.168.2.23113.240.100.250
      Jan 14, 2022 16:49:04.497437954 CET5605123192.168.2.23158.234.7.234
      Jan 14, 2022 16:49:04.497437954 CET5605123192.168.2.23161.254.12.118
      Jan 14, 2022 16:49:04.497442961 CET5605123192.168.2.23164.187.191.57
      Jan 14, 2022 16:49:04.497443914 CET5605123192.168.2.23165.102.51.9
      Jan 14, 2022 16:49:04.497452974 CET5605123192.168.2.23153.92.110.208
      Jan 14, 2022 16:49:04.497452974 CET5605123192.168.2.2370.174.47.68
      Jan 14, 2022 16:49:04.497457981 CET5605123192.168.2.23241.46.137.51
      Jan 14, 2022 16:49:04.497457981 CET5605123192.168.2.23172.85.8.197
      Jan 14, 2022 16:49:04.497462034 CET5605123192.168.2.23124.30.74.54
      Jan 14, 2022 16:49:04.497464895 CET5605123192.168.2.23251.37.52.191
      Jan 14, 2022 16:49:04.497471094 CET5605123192.168.2.2357.130.238.220
      Jan 14, 2022 16:49:04.497474909 CET5605123192.168.2.2380.199.179.43
      Jan 14, 2022 16:49:04.497478962 CET5605123192.168.2.23199.104.0.97
      Jan 14, 2022 16:49:04.497483015 CET5605123192.168.2.23167.204.100.251
      Jan 14, 2022 16:49:04.497488022 CET5605123192.168.2.23125.184.223.97
      Jan 14, 2022 16:49:04.497488976 CET5605123192.168.2.2366.192.124.189
      Jan 14, 2022 16:49:04.497493982 CET5605123192.168.2.23163.222.40.77
      Jan 14, 2022 16:49:04.497499943 CET5605123192.168.2.23208.109.40.170
      Jan 14, 2022 16:49:04.497500896 CET5605123192.168.2.23187.172.19.2
      Jan 14, 2022 16:49:04.497509956 CET5605123192.168.2.23254.4.61.79
      Jan 14, 2022 16:49:04.497514963 CET5605123192.168.2.2365.37.75.85
      Jan 14, 2022 16:49:04.497525930 CET5605123192.168.2.2363.20.238.3
      Jan 14, 2022 16:49:04.497531891 CET5605123192.168.2.2395.166.129.222
      Jan 14, 2022 16:49:04.497544050 CET5605123192.168.2.23109.200.172.168
      Jan 14, 2022 16:49:04.497555971 CET5605123192.168.2.2399.13.251.60
      Jan 14, 2022 16:49:04.497567892 CET5605123192.168.2.2324.207.145.231
      Jan 14, 2022 16:49:04.497579098 CET5605123192.168.2.23253.139.157.63
      Jan 14, 2022 16:49:04.497591019 CET5605123192.168.2.23108.198.3.244
      Jan 14, 2022 16:49:04.497602940 CET5605123192.168.2.23116.59.141.205
      Jan 14, 2022 16:49:04.497613907 CET5605123192.168.2.23203.203.175.96
      Jan 14, 2022 16:49:04.497627020 CET5605123192.168.2.23136.36.27.211
      Jan 14, 2022 16:49:04.497637987 CET5605123192.168.2.2341.32.249.241
      Jan 14, 2022 16:49:04.497652054 CET5605123192.168.2.23123.244.1.53
      Jan 14, 2022 16:49:04.497653961 CET5605123192.168.2.23115.38.205.203
      Jan 14, 2022 16:49:04.497658968 CET5605123192.168.2.23109.150.84.186
      Jan 14, 2022 16:49:04.497659922 CET5605123192.168.2.2336.248.22.212
      Jan 14, 2022 16:49:04.497663021 CET5605123192.168.2.2318.39.65.115
      Jan 14, 2022 16:49:04.497663975 CET5605123192.168.2.23180.241.233.157
      Jan 14, 2022 16:49:04.497669935 CET5605123192.168.2.23110.201.98.45
      Jan 14, 2022 16:49:04.497675896 CET5605123192.168.2.23190.102.134.119
      Jan 14, 2022 16:49:04.497678041 CET5605123192.168.2.23175.195.86.197
      Jan 14, 2022 16:49:04.497679949 CET5605123192.168.2.23122.213.87.143
      Jan 14, 2022 16:49:04.497680902 CET5605123192.168.2.23252.73.159.149
      Jan 14, 2022 16:49:04.497688055 CET5605123192.168.2.23220.9.251.126
      Jan 14, 2022 16:49:04.497689009 CET5605123192.168.2.2357.253.130.203
      Jan 14, 2022 16:49:04.497693062 CET5605123192.168.2.23218.35.124.179
      Jan 14, 2022 16:49:04.497695923 CET5605123192.168.2.23135.196.122.142
      Jan 14, 2022 16:49:04.497697115 CET5605123192.168.2.23116.211.212.101
      Jan 14, 2022 16:49:04.497698069 CET5605123192.168.2.23174.185.96.50
      Jan 14, 2022 16:49:04.497701883 CET5605123192.168.2.2387.10.82.137
      Jan 14, 2022 16:49:04.497706890 CET5605123192.168.2.23112.73.244.196
      Jan 14, 2022 16:49:04.497709036 CET5605123192.168.2.23196.135.23.242
      Jan 14, 2022 16:49:04.497710943 CET5605123192.168.2.2346.96.42.186
      Jan 14, 2022 16:49:04.497714043 CET5605123192.168.2.231.54.107.135
      Jan 14, 2022 16:49:04.497714996 CET5605123192.168.2.235.70.88.7
      Jan 14, 2022 16:49:04.497716904 CET5605123192.168.2.23220.196.64.105
      Jan 14, 2022 16:49:04.497719049 CET5605123192.168.2.23205.196.119.203
      Jan 14, 2022 16:49:04.497721910 CET5605123192.168.2.23170.186.114.55
      Jan 14, 2022 16:49:04.497730970 CET5605123192.168.2.23173.161.149.137
      Jan 14, 2022 16:49:04.497735977 CET5605123192.168.2.23147.19.48.133
      Jan 14, 2022 16:49:04.497740030 CET5605123192.168.2.2393.251.216.56
      Jan 14, 2022 16:49:04.497745037 CET5605123192.168.2.23248.35.199.87
      Jan 14, 2022 16:49:04.497749090 CET5605123192.168.2.23169.110.26.94
      Jan 14, 2022 16:49:04.497752905 CET5605123192.168.2.23159.141.230.33
      Jan 14, 2022 16:49:04.497755051 CET5605123192.168.2.23182.154.129.220
      Jan 14, 2022 16:49:04.497761965 CET5605123192.168.2.2338.25.156.211
      Jan 14, 2022 16:49:04.497766018 CET5605123192.168.2.23144.27.186.91
      Jan 14, 2022 16:49:04.497766018 CET5605123192.168.2.23119.47.77.74
      Jan 14, 2022 16:49:04.497767925 CET5605123192.168.2.2335.39.199.135
      Jan 14, 2022 16:49:04.497770071 CET5605123192.168.2.2370.238.188.22
      Jan 14, 2022 16:49:04.497770071 CET5605123192.168.2.23166.62.248.236
      Jan 14, 2022 16:49:04.497772932 CET5605123192.168.2.23139.183.22.224
      Jan 14, 2022 16:49:04.497776985 CET5605123192.168.2.23201.232.237.244
      Jan 14, 2022 16:49:04.497778893 CET5605123192.168.2.2337.28.31.85
      Jan 14, 2022 16:49:04.497778893 CET5605123192.168.2.2370.122.160.254
      Jan 14, 2022 16:49:04.497781992 CET5605123192.168.2.2358.103.211.164
      Jan 14, 2022 16:49:04.497786045 CET5605123192.168.2.23154.102.190.54
      Jan 14, 2022 16:49:04.497790098 CET5605123192.168.2.23153.224.61.82
      Jan 14, 2022 16:49:04.497793913 CET5605123192.168.2.23220.106.24.61
      Jan 14, 2022 16:49:04.497800112 CET5605123192.168.2.23154.49.183.160
      Jan 14, 2022 16:49:04.497803926 CET5605123192.168.2.2373.125.170.162
      Jan 14, 2022 16:49:04.497807980 CET5605123192.168.2.2334.31.108.122
      Jan 14, 2022 16:49:04.497811079 CET5605123192.168.2.23213.138.228.10
      Jan 14, 2022 16:49:04.497817993 CET5605123192.168.2.23197.218.135.38
      Jan 14, 2022 16:49:04.497821093 CET5605123192.168.2.23251.18.49.100
      Jan 14, 2022 16:49:04.497826099 CET5605123192.168.2.2346.251.203.168
      Jan 14, 2022 16:49:04.497828960 CET5605123192.168.2.2334.113.56.38
      Jan 14, 2022 16:49:04.497845888 CET5605123192.168.2.23124.162.68.85
      Jan 14, 2022 16:49:04.497850895 CET5605123192.168.2.2370.96.241.185
      Jan 14, 2022 16:49:04.497854948 CET5605123192.168.2.2345.209.223.120
      Jan 14, 2022 16:49:04.497863054 CET5605123192.168.2.23187.252.25.104
      Jan 14, 2022 16:49:04.497863054 CET5605123192.168.2.23219.249.40.199
      Jan 14, 2022 16:49:04.497872114 CET5605123192.168.2.2316.138.40.229
      Jan 14, 2022 16:49:04.497874022 CET5605123192.168.2.23114.52.117.235
      Jan 14, 2022 16:49:04.497881889 CET5605123192.168.2.23252.137.185.182
      Jan 14, 2022 16:49:04.497885942 CET5605123192.168.2.23164.106.248.149
      Jan 14, 2022 16:49:04.497891903 CET5605123192.168.2.2393.130.84.60
      Jan 14, 2022 16:49:04.565790892 CET2356051193.243.221.4192.168.2.23
      Jan 14, 2022 16:49:04.690634966 CET2356051180.241.233.157192.168.2.23
      Jan 14, 2022 16:49:04.796267033 CET2356051196.82.139.146192.168.2.23
      Jan 14, 2022 16:49:05.348248959 CET42836443192.168.2.2391.189.91.43
      Jan 14, 2022 16:49:05.498486996 CET5605123192.168.2.23174.214.247.202
      Jan 14, 2022 16:49:05.498532057 CET5605123192.168.2.23205.173.124.195
      Jan 14, 2022 16:49:05.498550892 CET5605123192.168.2.23178.48.227.248
      Jan 14, 2022 16:49:05.498565912 CET5605123192.168.2.2353.227.91.229
      Jan 14, 2022 16:49:05.498569965 CET5605123192.168.2.2317.239.33.5
      Jan 14, 2022 16:49:05.498577118 CET5605123192.168.2.2331.250.143.213
      Jan 14, 2022 16:49:05.498579979 CET5605123192.168.2.2380.57.49.231
      Jan 14, 2022 16:49:05.498579979 CET5605123192.168.2.23252.245.89.51
      Jan 14, 2022 16:49:05.498588085 CET5605123192.168.2.238.13.139.203
      Jan 14, 2022 16:49:05.498598099 CET5605123192.168.2.23156.112.90.250
      Jan 14, 2022 16:49:05.498603106 CET5605123192.168.2.23220.2.29.189
      Jan 14, 2022 16:49:05.498610020 CET5605123192.168.2.23100.203.30.192
      Jan 14, 2022 16:49:05.498613119 CET5605123192.168.2.23116.53.198.187
      Jan 14, 2022 16:49:05.498616934 CET5605123192.168.2.23168.23.52.117
      Jan 14, 2022 16:49:05.498620987 CET5605123192.168.2.23193.213.40.247
      Jan 14, 2022 16:49:05.498629093 CET5605123192.168.2.23147.100.61.19
      Jan 14, 2022 16:49:05.498631954 CET5605123192.168.2.23165.102.102.223
      Jan 14, 2022 16:49:05.498632908 CET5605123192.168.2.2374.159.187.62
      Jan 14, 2022 16:49:05.498639107 CET5605123192.168.2.2327.173.38.81
      Jan 14, 2022 16:49:05.498642921 CET5605123192.168.2.23130.231.142.19
      Jan 14, 2022 16:49:05.498650074 CET5605123192.168.2.2392.125.220.192
      Jan 14, 2022 16:49:05.498651981 CET5605123192.168.2.2317.163.77.201
      Jan 14, 2022 16:49:05.498652935 CET5605123192.168.2.2399.24.166.91
      Jan 14, 2022 16:49:05.498662949 CET5605123192.168.2.23159.155.74.32
      Jan 14, 2022 16:49:05.498667002 CET5605123192.168.2.23167.88.118.211
      Jan 14, 2022 16:49:05.498673916 CET5605123192.168.2.2341.254.87.126
      Jan 14, 2022 16:49:05.498678923 CET5605123192.168.2.23222.94.174.38
      Jan 14, 2022 16:49:05.498682022 CET5605123192.168.2.23247.4.18.34
      Jan 14, 2022 16:49:05.498682976 CET5605123192.168.2.23186.185.205.128
      Jan 14, 2022 16:49:05.498689890 CET5605123192.168.2.23167.219.218.11
      Jan 14, 2022 16:49:05.498708963 CET5605123192.168.2.2368.67.116.101
      Jan 14, 2022 16:49:05.498810053 CET5605123192.168.2.23240.203.151.47
      Jan 14, 2022 16:49:05.498811007 CET5605123192.168.2.232.142.58.243
      Jan 14, 2022 16:49:05.498811007 CET5605123192.168.2.2360.165.64.172
      Jan 14, 2022 16:49:05.498811007 CET5605123192.168.2.23182.188.71.136
      Jan 14, 2022 16:49:05.498815060 CET5605123192.168.2.2318.165.18.6
      Jan 14, 2022 16:49:05.498815060 CET5605123192.168.2.2347.247.153.188
      Jan 14, 2022 16:49:05.498816967 CET5605123192.168.2.23221.34.72.141
      Jan 14, 2022 16:49:05.498817921 CET5605123192.168.2.2331.64.76.230
      Jan 14, 2022 16:49:05.498821974 CET5605123192.168.2.2318.73.49.225
      Jan 14, 2022 16:49:05.498823881 CET5605123192.168.2.2324.99.182.172
      Jan 14, 2022 16:49:05.498831034 CET5605123192.168.2.2346.199.130.116
      Jan 14, 2022 16:49:05.498831987 CET5605123192.168.2.2376.148.199.34
      Jan 14, 2022 16:49:05.498837948 CET5605123192.168.2.23123.245.80.86
      Jan 14, 2022 16:49:05.498840094 CET5605123192.168.2.2320.198.28.12
      Jan 14, 2022 16:49:05.498845100 CET5605123192.168.2.2378.171.9.38
      Jan 14, 2022 16:49:05.498846054 CET5605123192.168.2.23130.228.97.116
      Jan 14, 2022 16:49:05.498850107 CET5605123192.168.2.23204.22.230.108
      Jan 14, 2022 16:49:05.498856068 CET5605123192.168.2.2385.182.14.176
      Jan 14, 2022 16:49:05.498858929 CET5605123192.168.2.23217.154.25.159
      Jan 14, 2022 16:49:05.498862982 CET5605123192.168.2.23171.175.15.103
      Jan 14, 2022 16:49:05.498866081 CET5605123192.168.2.2374.149.113.95
      Jan 14, 2022 16:49:05.498867989 CET5605123192.168.2.2370.166.186.81
      Jan 14, 2022 16:49:05.498871088 CET5605123192.168.2.2376.167.191.179
      Jan 14, 2022 16:49:05.498876095 CET5605123192.168.2.23202.72.158.190
      Jan 14, 2022 16:49:05.498887062 CET5605123192.168.2.2380.222.97.33
      Jan 14, 2022 16:49:05.498893023 CET5605123192.168.2.2314.156.193.103
      Jan 14, 2022 16:49:05.498893023 CET5605123192.168.2.2378.154.164.219
      Jan 14, 2022 16:49:05.498898029 CET5605123192.168.2.23114.254.182.175
      Jan 14, 2022 16:49:05.498903990 CET5605123192.168.2.23102.52.235.179
      Jan 14, 2022 16:49:05.498907089 CET5605123192.168.2.2314.89.5.160
      Jan 14, 2022 16:49:05.498914003 CET5605123192.168.2.23172.194.176.171
      Jan 14, 2022 16:49:05.498918056 CET5605123192.168.2.23218.95.55.70
      Jan 14, 2022 16:49:05.498922110 CET5605123192.168.2.2379.146.235.244
      Jan 14, 2022 16:49:05.498929977 CET5605123192.168.2.23195.25.4.231
      Jan 14, 2022 16:49:05.498931885 CET5605123192.168.2.23246.254.108.37
      Jan 14, 2022 16:49:05.498938084 CET5605123192.168.2.2386.231.132.42
      Jan 14, 2022 16:49:05.498943090 CET5605123192.168.2.23161.106.12.162
      Jan 14, 2022 16:49:05.498943090 CET5605123192.168.2.23112.205.242.37
      Jan 14, 2022 16:49:05.498951912 CET5605123192.168.2.2369.113.8.198
      Jan 14, 2022 16:49:05.498953104 CET5605123192.168.2.2384.160.231.37
      Jan 14, 2022 16:49:05.498953104 CET5605123192.168.2.2387.43.56.96
      Jan 14, 2022 16:49:05.498953104 CET5605123192.168.2.2340.15.60.184
      Jan 14, 2022 16:49:05.498955011 CET5605123192.168.2.23107.188.56.180
      Jan 14, 2022 16:49:05.498960018 CET5605123192.168.2.2384.205.109.111
      Jan 14, 2022 16:49:05.498960972 CET5605123192.168.2.2339.88.150.230
      Jan 14, 2022 16:49:05.498963118 CET5605123192.168.2.23213.232.105.139
      Jan 14, 2022 16:49:05.498964071 CET5605123192.168.2.2399.146.5.155
      Jan 14, 2022 16:49:05.498964071 CET5605123192.168.2.23123.182.186.114
      Jan 14, 2022 16:49:05.498965979 CET5605123192.168.2.23250.0.252.188
      Jan 14, 2022 16:49:05.498967886 CET5605123192.168.2.2318.236.25.34
      Jan 14, 2022 16:49:05.498969078 CET5605123192.168.2.23189.159.106.29
      Jan 14, 2022 16:49:05.498969078 CET5605123192.168.2.2369.26.47.173
      Jan 14, 2022 16:49:05.498972893 CET5605123192.168.2.23252.252.181.59
      Jan 14, 2022 16:49:05.498974085 CET5605123192.168.2.23242.127.85.131
      Jan 14, 2022 16:49:05.498975039 CET5605123192.168.2.23171.23.84.231
      Jan 14, 2022 16:49:05.498976946 CET5605123192.168.2.2357.107.219.139
      Jan 14, 2022 16:49:05.498976946 CET5605123192.168.2.23178.67.104.131
      Jan 14, 2022 16:49:05.498981953 CET5605123192.168.2.23254.137.176.53
      Jan 14, 2022 16:49:05.498982906 CET5605123192.168.2.2377.20.14.115
      Jan 14, 2022 16:49:05.498990059 CET5605123192.168.2.23152.194.222.136
      Jan 14, 2022 16:49:05.498991013 CET5605123192.168.2.2332.10.35.188
      Jan 14, 2022 16:49:05.498991966 CET5605123192.168.2.2342.39.129.146
      Jan 14, 2022 16:49:05.499002934 CET5605123192.168.2.23208.118.27.6
      Jan 14, 2022 16:49:05.499005079 CET5605123192.168.2.2347.80.233.222
      Jan 14, 2022 16:49:05.499007940 CET5605123192.168.2.2393.177.174.197
      Jan 14, 2022 16:49:05.499052048 CET5605123192.168.2.2392.130.149.133
      Jan 14, 2022 16:49:05.499063969 CET5605123192.168.2.23248.48.25.140
      Jan 14, 2022 16:49:05.499064922 CET5605123192.168.2.2390.229.238.163
      Jan 14, 2022 16:49:05.499073029 CET5605123192.168.2.23170.123.93.213
      Jan 14, 2022 16:49:05.499080896 CET5605123192.168.2.23154.87.228.76
      Jan 14, 2022 16:49:05.499082088 CET5605123192.168.2.23248.67.138.189
      Jan 14, 2022 16:49:05.499089956 CET5605123192.168.2.2396.6.43.220
      Jan 14, 2022 16:49:05.499093056 CET5605123192.168.2.23207.216.148.218
      Jan 14, 2022 16:49:05.499105930 CET5605123192.168.2.23114.225.203.139
      Jan 14, 2022 16:49:05.499106884 CET5605123192.168.2.23249.82.162.4
      Jan 14, 2022 16:49:05.499106884 CET5605123192.168.2.23101.24.79.233
      Jan 14, 2022 16:49:05.499108076 CET5605123192.168.2.23165.158.84.128
      Jan 14, 2022 16:49:05.499113083 CET5605123192.168.2.23118.110.77.229
      Jan 14, 2022 16:49:05.499114037 CET5605123192.168.2.2382.207.60.97
      Jan 14, 2022 16:49:05.499115944 CET5605123192.168.2.23144.88.241.102
      Jan 14, 2022 16:49:05.499121904 CET5605123192.168.2.23153.183.102.98
      Jan 14, 2022 16:49:05.499125004 CET5605123192.168.2.23244.93.132.170
      Jan 14, 2022 16:49:05.499125957 CET5605123192.168.2.23213.30.159.24
      Jan 14, 2022 16:49:05.499130011 CET5605123192.168.2.23220.219.5.237
      Jan 14, 2022 16:49:05.499135017 CET5605123192.168.2.23202.231.62.207
      Jan 14, 2022 16:49:05.499135971 CET5605123192.168.2.23122.135.93.176
      Jan 14, 2022 16:49:05.499139071 CET5605123192.168.2.2374.133.136.59
      Jan 14, 2022 16:49:05.499141932 CET5605123192.168.2.2344.211.207.114
      Jan 14, 2022 16:49:05.499145985 CET5605123192.168.2.23151.206.118.41
      Jan 14, 2022 16:49:05.499150991 CET5605123192.168.2.23121.114.80.201
      Jan 14, 2022 16:49:05.499152899 CET5605123192.168.2.23162.174.218.41
      Jan 14, 2022 16:49:05.499159098 CET5605123192.168.2.23213.114.110.21
      Jan 14, 2022 16:49:05.499162912 CET5605123192.168.2.231.234.223.17
      Jan 14, 2022 16:49:05.499166012 CET5605123192.168.2.2372.43.180.238
      Jan 14, 2022 16:49:05.499170065 CET5605123192.168.2.2393.110.123.159
      Jan 14, 2022 16:49:05.499178886 CET5605123192.168.2.23255.18.250.41
      Jan 14, 2022 16:49:05.499178886 CET5605123192.168.2.23178.204.255.205
      Jan 14, 2022 16:49:05.499191046 CET5605123192.168.2.2327.239.150.210
      Jan 14, 2022 16:49:05.499197960 CET5605123192.168.2.23130.15.113.72
      Jan 14, 2022 16:49:05.499270916 CET5605123192.168.2.23218.93.0.121
      Jan 14, 2022 16:49:05.499274015 CET5605123192.168.2.23200.74.172.184
      Jan 14, 2022 16:49:05.499277115 CET5605123192.168.2.2335.14.175.82
      Jan 14, 2022 16:49:05.499279022 CET5605123192.168.2.23211.74.215.53
      Jan 14, 2022 16:49:05.499281883 CET5605123192.168.2.2398.141.79.195
      Jan 14, 2022 16:49:05.499284029 CET5605123192.168.2.23101.182.146.186
      Jan 14, 2022 16:49:05.499284983 CET5605123192.168.2.23150.2.25.164
      Jan 14, 2022 16:49:05.499286890 CET5605123192.168.2.2378.151.27.191
      Jan 14, 2022 16:49:05.499288082 CET5605123192.168.2.2372.29.254.46
      Jan 14, 2022 16:49:05.499291897 CET5605123192.168.2.23151.221.120.21
      Jan 14, 2022 16:49:05.499294996 CET5605123192.168.2.23171.36.163.120
      Jan 14, 2022 16:49:05.499298096 CET5605123192.168.2.23223.129.54.222
      Jan 14, 2022 16:49:05.499300003 CET5605123192.168.2.2331.42.36.44
      Jan 14, 2022 16:49:05.499303102 CET5605123192.168.2.23198.153.190.22
      Jan 14, 2022 16:49:05.499304056 CET5605123192.168.2.2360.137.19.85
      Jan 14, 2022 16:49:05.499310017 CET5605123192.168.2.23149.179.125.154
      Jan 14, 2022 16:49:05.499319077 CET5605123192.168.2.23160.82.49.13
      Jan 14, 2022 16:49:06.116259098 CET4251680192.168.2.23109.202.202.202
      Jan 14, 2022 16:49:06.500247955 CET5605123192.168.2.23169.55.46.196
      Jan 14, 2022 16:49:06.500252008 CET5605123192.168.2.2319.129.240.255
      Jan 14, 2022 16:49:06.500271082 CET5605123192.168.2.23169.122.40.80
      Jan 14, 2022 16:49:06.500329018 CET5605123192.168.2.2344.121.140.218
      Jan 14, 2022 16:49:06.500377893 CET5605123192.168.2.2360.158.172.35
      Jan 14, 2022 16:49:06.500399113 CET5605123192.168.2.23162.42.196.45
      Jan 14, 2022 16:49:06.500453949 CET5605123192.168.2.23167.82.26.175
      Jan 14, 2022 16:49:06.500497103 CET5605123192.168.2.2372.183.76.90
      Jan 14, 2022 16:49:06.500498056 CET5605123192.168.2.23177.166.57.232
      Jan 14, 2022 16:49:06.500499010 CET5605123192.168.2.2374.111.115.73
      Jan 14, 2022 16:49:06.500514984 CET5605123192.168.2.23218.253.17.74
      Jan 14, 2022 16:49:06.500535965 CET5605123192.168.2.2392.81.58.81
      Jan 14, 2022 16:49:06.500539064 CET5605123192.168.2.231.251.124.198
      Jan 14, 2022 16:49:06.500598907 CET5605123192.168.2.23189.146.14.81
      Jan 14, 2022 16:49:06.500617981 CET5605123192.168.2.239.165.150.245
      Jan 14, 2022 16:49:06.500621080 CET5605123192.168.2.23112.117.160.7
      Jan 14, 2022 16:49:06.500622034 CET5605123192.168.2.23201.26.200.38
      Jan 14, 2022 16:49:06.500627041 CET5605123192.168.2.2389.15.171.163
      Jan 14, 2022 16:49:06.500639915 CET5605123192.168.2.23170.61.33.213
      Jan 14, 2022 16:49:06.500643015 CET5605123192.168.2.23111.241.188.168
      Jan 14, 2022 16:49:06.500653028 CET5605123192.168.2.23133.46.208.197
      Jan 14, 2022 16:49:06.500655890 CET5605123192.168.2.2360.88.87.171
      Jan 14, 2022 16:49:06.500659943 CET5605123192.168.2.23241.253.64.112
      Jan 14, 2022 16:49:06.500698090 CET5605123192.168.2.23147.205.186.187
      Jan 14, 2022 16:49:06.500749111 CET5605123192.168.2.2362.8.73.246
      Jan 14, 2022 16:49:06.500773907 CET5605123192.168.2.2341.115.119.71
      Jan 14, 2022 16:49:06.500804901 CET5605123192.168.2.2343.209.185.239
      Jan 14, 2022 16:49:06.500808954 CET5605123192.168.2.23205.201.75.230
      Jan 14, 2022 16:49:06.500817060 CET5605123192.168.2.2384.209.157.111
      Jan 14, 2022 16:49:06.500818968 CET5605123192.168.2.2334.117.115.133
      Jan 14, 2022 16:49:06.500821114 CET5605123192.168.2.23141.0.115.175
      Jan 14, 2022 16:49:06.500834942 CET5605123192.168.2.2313.163.236.71
      Jan 14, 2022 16:49:06.500840902 CET5605123192.168.2.2353.161.133.250
      Jan 14, 2022 16:49:06.500880957 CET5605123192.168.2.23173.238.115.90
      Jan 14, 2022 16:49:06.500920057 CET5605123192.168.2.2367.98.64.7
      Jan 14, 2022 16:49:06.500922918 CET5605123192.168.2.23244.56.123.86
      Jan 14, 2022 16:49:06.500927925 CET5605123192.168.2.23197.60.173.125
      Jan 14, 2022 16:49:06.500948906 CET5605123192.168.2.23248.94.75.25
      Jan 14, 2022 16:49:06.500951052 CET5605123192.168.2.2379.77.81.8
      Jan 14, 2022 16:49:06.500963926 CET5605123192.168.2.23119.36.154.109
      Jan 14, 2022 16:49:06.500969887 CET5605123192.168.2.2367.143.143.86
      Jan 14, 2022 16:49:06.500976086 CET5605123192.168.2.2368.211.160.130
      Jan 14, 2022 16:49:06.500982046 CET5605123192.168.2.23126.77.254.15
      Jan 14, 2022 16:49:06.500987053 CET5605123192.168.2.2375.174.5.111
      Jan 14, 2022 16:49:06.500992060 CET5605123192.168.2.23216.96.4.200
      Jan 14, 2022 16:49:06.501005888 CET5605123192.168.2.23189.196.28.40
      Jan 14, 2022 16:49:06.501012087 CET5605123192.168.2.23202.59.2.165
      Jan 14, 2022 16:49:06.501018047 CET5605123192.168.2.2346.72.120.211
      Jan 14, 2022 16:49:06.501040936 CET5605123192.168.2.23147.21.21.153
      Jan 14, 2022 16:49:06.501050949 CET5605123192.168.2.23179.234.162.106
      Jan 14, 2022 16:49:06.501096010 CET5605123192.168.2.23166.235.82.120
      Jan 14, 2022 16:49:06.501107931 CET5605123192.168.2.2359.179.219.194
      Jan 14, 2022 16:49:06.501133919 CET5605123192.168.2.23156.93.127.46
      Jan 14, 2022 16:49:06.501138926 CET5605123192.168.2.23196.69.110.235
      Jan 14, 2022 16:49:06.501138926 CET5605123192.168.2.23158.229.154.126
      Jan 14, 2022 16:49:06.501154900 CET5605123192.168.2.23152.226.225.143
      Jan 14, 2022 16:49:06.501164913 CET5605123192.168.2.23174.238.9.155
      Jan 14, 2022 16:49:06.501172066 CET5605123192.168.2.23201.220.241.151
      Jan 14, 2022 16:49:06.501174927 CET5605123192.168.2.23172.131.249.216
      Jan 14, 2022 16:49:06.501190901 CET5605123192.168.2.23116.97.197.3
      Jan 14, 2022 16:49:06.501195908 CET5605123192.168.2.23197.255.7.117
      Jan 14, 2022 16:49:06.501205921 CET5605123192.168.2.23110.121.150.156
      Jan 14, 2022 16:49:06.501228094 CET5605123192.168.2.23163.80.217.81
      Jan 14, 2022 16:49:06.501234055 CET5605123192.168.2.2374.4.160.186
      Jan 14, 2022 16:49:06.501246929 CET5605123192.168.2.2345.235.84.155
      Jan 14, 2022 16:49:06.501255989 CET5605123192.168.2.23189.168.229.254
      Jan 14, 2022 16:49:06.501261950 CET5605123192.168.2.2347.148.93.238
      Jan 14, 2022 16:49:06.501274109 CET5605123192.168.2.23117.158.225.65
      Jan 14, 2022 16:49:06.501275063 CET5605123192.168.2.23152.230.125.143
      Jan 14, 2022 16:49:06.501282930 CET5605123192.168.2.23205.171.162.240
      Jan 14, 2022 16:49:06.501311064 CET5605123192.168.2.23188.95.216.230
      Jan 14, 2022 16:49:06.501317978 CET5605123192.168.2.23121.134.210.176
      Jan 14, 2022 16:49:06.501370907 CET5605123192.168.2.2360.212.76.140
      Jan 14, 2022 16:49:06.501403093 CET5605123192.168.2.23223.28.147.43
      Jan 14, 2022 16:49:06.501421928 CET5605123192.168.2.23203.196.40.1
      Jan 14, 2022 16:49:06.501425028 CET5605123192.168.2.23152.97.156.202
      Jan 14, 2022 16:49:06.501427889 CET5605123192.168.2.2384.209.225.240
      Jan 14, 2022 16:49:06.501436949 CET5605123192.168.2.23120.218.109.205
      Jan 14, 2022 16:49:06.501442909 CET5605123192.168.2.23161.62.224.117
      Jan 14, 2022 16:49:06.501442909 CET5605123192.168.2.23209.180.77.38
      Jan 14, 2022 16:49:06.501451969 CET5605123192.168.2.23103.46.189.242
      Jan 14, 2022 16:49:06.501485109 CET5605123192.168.2.23110.64.233.51
      Jan 14, 2022 16:49:06.501508951 CET5605123192.168.2.2369.35.47.134
      Jan 14, 2022 16:49:06.501538038 CET5605123192.168.2.23188.152.14.85
      Jan 14, 2022 16:49:06.501578093 CET5605123192.168.2.23249.67.213.251
      Jan 14, 2022 16:49:06.501580000 CET5605123192.168.2.23146.158.133.126
      Jan 14, 2022 16:49:06.501588106 CET5605123192.168.2.23195.119.158.179
      Jan 14, 2022 16:49:06.501600027 CET5605123192.168.2.23179.127.81.29
      Jan 14, 2022 16:49:06.501600981 CET5605123192.168.2.23162.2.104.251
      Jan 14, 2022 16:49:06.501614094 CET5605123192.168.2.23198.246.110.10
      Jan 14, 2022 16:49:06.501626015 CET5605123192.168.2.23179.54.10.53
      Jan 14, 2022 16:49:06.501660109 CET5605123192.168.2.23169.246.165.83
      Jan 14, 2022 16:49:06.501667023 CET5605123192.168.2.23145.161.48.154
      Jan 14, 2022 16:49:06.501684904 CET5605123192.168.2.2313.167.154.249
      Jan 14, 2022 16:49:06.501688004 CET5605123192.168.2.23106.123.172.12
      Jan 14, 2022 16:49:06.501691103 CET5605123192.168.2.232.63.250.254
      Jan 14, 2022 16:49:06.501699924 CET5605123192.168.2.2395.86.170.69
      Jan 14, 2022 16:49:06.501708984 CET5605123192.168.2.2313.18.71.202
      Jan 14, 2022 16:49:06.501744032 CET5605123192.168.2.2395.111.244.44
      Jan 14, 2022 16:49:06.501808882 CET5605123192.168.2.2369.255.197.66
      Jan 14, 2022 16:49:06.501811981 CET5605123192.168.2.23145.207.87.102
      Jan 14, 2022 16:49:06.501822948 CET5605123192.168.2.2346.205.36.157
      Jan 14, 2022 16:49:06.501827955 CET5605123192.168.2.23249.7.67.247
      Jan 14, 2022 16:49:06.501842976 CET5605123192.168.2.23161.144.91.103
      Jan 14, 2022 16:49:06.501844883 CET5605123192.168.2.23104.39.182.230
      Jan 14, 2022 16:49:06.501894951 CET5605123192.168.2.23177.114.215.22
      Jan 14, 2022 16:49:06.501908064 CET5605123192.168.2.23161.226.185.215
      Jan 14, 2022 16:49:06.501908064 CET5605123192.168.2.2336.199.200.165
      Jan 14, 2022 16:49:06.501925945 CET5605123192.168.2.2387.137.93.150
      Jan 14, 2022 16:49:06.501961946 CET5605123192.168.2.2337.19.127.229
      Jan 14, 2022 16:49:06.501979113 CET5605123192.168.2.2379.228.205.95
      Jan 14, 2022 16:49:06.501998901 CET5605123192.168.2.23198.225.120.143
      Jan 14, 2022 16:49:06.502018929 CET5605123192.168.2.23135.214.251.88
      Jan 14, 2022 16:49:06.502026081 CET5605123192.168.2.2378.3.82.95
      Jan 14, 2022 16:49:06.502048016 CET5605123192.168.2.23208.44.16.156
      Jan 14, 2022 16:49:06.502053022 CET5605123192.168.2.23251.194.116.148
      Jan 14, 2022 16:49:06.502058983 CET5605123192.168.2.2392.63.145.112
      Jan 14, 2022 16:49:06.502080917 CET5605123192.168.2.23202.108.9.220
      Jan 14, 2022 16:49:06.502094984 CET5605123192.168.2.2338.63.156.23
      Jan 14, 2022 16:49:06.502096891 CET5605123192.168.2.2386.3.227.123
      Jan 14, 2022 16:49:06.502137899 CET5605123192.168.2.23249.132.107.1
      Jan 14, 2022 16:49:06.502167940 CET5605123192.168.2.23162.239.181.84
      Jan 14, 2022 16:49:06.502172947 CET5605123192.168.2.23170.58.45.26
      Jan 14, 2022 16:49:06.502178907 CET5605123192.168.2.2369.224.102.108
      Jan 14, 2022 16:49:06.502193928 CET5605123192.168.2.23209.77.92.204
      Jan 14, 2022 16:49:06.502209902 CET5605123192.168.2.2367.21.69.106
      Jan 14, 2022 16:49:06.502216101 CET5605123192.168.2.2341.169.174.178
      Jan 14, 2022 16:49:06.502223969 CET5605123192.168.2.23221.129.89.42
      Jan 14, 2022 16:49:06.502263069 CET5605123192.168.2.23111.61.237.238
      Jan 14, 2022 16:49:06.502268076 CET5605123192.168.2.2363.81.76.120
      Jan 14, 2022 16:49:06.502274036 CET5605123192.168.2.23162.134.238.15
      Jan 14, 2022 16:49:06.502274036 CET5605123192.168.2.2357.2.157.89
      Jan 14, 2022 16:49:06.502343893 CET5605123192.168.2.23191.138.58.219
      Jan 14, 2022 16:49:06.502345085 CET5605123192.168.2.2331.200.99.135
      Jan 14, 2022 16:49:06.502346039 CET5605123192.168.2.23188.66.226.212
      Jan 14, 2022 16:49:06.502346992 CET5605123192.168.2.23124.195.156.174
      Jan 14, 2022 16:49:06.502361059 CET5605123192.168.2.2377.211.27.35
      Jan 14, 2022 16:49:06.502366066 CET5605123192.168.2.23141.255.179.204
      Jan 14, 2022 16:49:06.502373934 CET5605123192.168.2.23248.155.122.203
      Jan 14, 2022 16:49:06.502376080 CET5605123192.168.2.2361.20.223.155
      Jan 14, 2022 16:49:06.502403975 CET5605123192.168.2.23180.172.191.178
      Jan 14, 2022 16:49:06.502413988 CET5605123192.168.2.2373.72.110.174
      Jan 14, 2022 16:49:06.502441883 CET5605123192.168.2.23117.213.96.99
      Jan 14, 2022 16:49:06.502444983 CET5605123192.168.2.23142.90.67.33
      Jan 14, 2022 16:49:06.502464056 CET5605123192.168.2.23142.136.220.186
      Jan 14, 2022 16:49:06.502501965 CET5605123192.168.2.23168.39.53.236
      Jan 14, 2022 16:49:06.502526999 CET5605123192.168.2.23113.180.20.241
      Jan 14, 2022 16:49:06.552555084 CET235605192.81.58.81192.168.2.23
      Jan 14, 2022 16:49:06.645432949 CET2356051188.66.226.212192.168.2.23
      Jan 14, 2022 16:49:06.710834026 CET235605160.212.76.140192.168.2.23
      Jan 14, 2022 16:49:06.742646933 CET2356051179.234.162.106192.168.2.23
      Jan 14, 2022 16:49:06.776065111 CET2356051117.158.225.65192.168.2.23
      Jan 14, 2022 16:49:06.791538000 CET2356051126.77.254.15192.168.2.23
      Jan 14, 2022 16:49:07.503703117 CET5605123192.168.2.2396.188.15.122
      Jan 14, 2022 16:49:07.503710985 CET5605123192.168.2.23195.34.160.225
      Jan 14, 2022 16:49:07.503720999 CET5605123192.168.2.23219.85.26.191
      Jan 14, 2022 16:49:07.503765106 CET5605123192.168.2.2317.198.60.235
      Jan 14, 2022 16:49:07.503782988 CET5605123192.168.2.23247.17.92.193
      Jan 14, 2022 16:49:07.503787041 CET5605123192.168.2.2342.217.61.191
      Jan 14, 2022 16:49:07.503786087 CET5605123192.168.2.23251.163.198.226
      Jan 14, 2022 16:49:07.503806114 CET5605123192.168.2.2316.138.175.53
      Jan 14, 2022 16:49:07.503813028 CET5605123192.168.2.23177.7.4.232
      Jan 14, 2022 16:49:07.503817081 CET5605123192.168.2.23151.109.68.201
      Jan 14, 2022 16:49:07.503819942 CET5605123192.168.2.2337.73.162.118
      Jan 14, 2022 16:49:07.503837109 CET5605123192.168.2.2369.53.31.146
      Jan 14, 2022 16:49:07.503850937 CET5605123192.168.2.23197.206.223.200
      Jan 14, 2022 16:49:07.503865957 CET5605123192.168.2.238.217.103.159
      Jan 14, 2022 16:49:07.503871918 CET5605123192.168.2.23105.86.227.163
      Jan 14, 2022 16:49:07.503921032 CET5605123192.168.2.23255.45.153.178
      Jan 14, 2022 16:49:07.503931046 CET5605123192.168.2.23136.16.224.16
      Jan 14, 2022 16:49:07.503940105 CET5605123192.168.2.23116.174.150.87
      Jan 14, 2022 16:49:07.503947973 CET5605123192.168.2.23115.88.20.121
      Jan 14, 2022 16:49:07.503948927 CET5605123192.168.2.23172.53.147.83
      Jan 14, 2022 16:49:07.503954887 CET5605123192.168.2.23100.25.165.173
      Jan 14, 2022 16:49:07.503956079 CET5605123192.168.2.2318.134.57.187
      Jan 14, 2022 16:49:07.503957033 CET5605123192.168.2.2377.8.16.0
      Jan 14, 2022 16:49:07.503957987 CET5605123192.168.2.23246.182.219.207
      Jan 14, 2022 16:49:07.503957987 CET56051<