Loading ...

Play interactive tourEdit tour

Linux Analysis Report 52lN2HSY7O

Overview

General Information

Sample Name:52lN2HSY7O
Analysis ID:553492
MD5:e0db3c63694e83c4ea4187a6fd40c9d2
SHA1:d04a564f43e9ed664478443199b196d6cb191580
SHA256:da6d168edfc190ef5f7a8ae9ad40de97ea559989c3f7421af1c9a0909522dbf4
Tags:32elfmiraimotorola
Infos:

Detection

Mirai
Score:68
Range:0 - 100
Whitelisted:false

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Mirai
Multi AV Scanner detection for submitted file
Uses known network protocols on non-standard ports
Sample has stripped symbol table
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Sample listens on a socket
Sample tries to kill a process (SIGKILL)

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. Likely the sample is an old dropper which does no longer work
Static ELF header machine description suggests that the sample might not execute correctly on this machine

General Information

Joe Sandbox Version:34.0.0 Boulder Opal
Analysis ID:553492
Start date:15.01.2022
Start time:01:33:11
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 34s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:52lN2HSY7O
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal68.troj.lin@0/1@0/0
Warnings:
Show All
  • Report size exceeded maximum capacity and may have missing network information.

Process Tree

  • system is lnxubuntu20
  • dash New Fork (PID: 5186, Parent: 4331)
  • cat (PID: 5186, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.JmXH35JStJ
  • dash New Fork (PID: 5187, Parent: 4331)
  • head (PID: 5187, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5188, Parent: 4331)
  • tr (PID: 5188, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5189, Parent: 4331)
  • cut (PID: 5189, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5190, Parent: 4331)
  • cat (PID: 5190, Parent: 4331, MD5: 7e9d213e404ad3bb82e4ebb2e1f2c1b3) Arguments: cat /tmp/tmp.JmXH35JStJ
  • dash New Fork (PID: 5191, Parent: 4331)
  • head (PID: 5191, Parent: 4331, MD5: fd96a67145172477dd57131396fc9608) Arguments: head -n 10
  • dash New Fork (PID: 5192, Parent: 4331)
  • tr (PID: 5192, Parent: 4331, MD5: fbd1402dd9f72d8ebfff00ce7c3a7bb5) Arguments: tr -d \\000-\\011\\013\\014\\016-\\037
  • dash New Fork (PID: 5193, Parent: 4331)
  • cut (PID: 5193, Parent: 4331, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -c -80
  • dash New Fork (PID: 5194, Parent: 4331)
  • rm (PID: 5194, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.JmXH35JStJ /tmp/tmp.AdZnWFxIG7 /tmp/tmp.Bef8J1nfzZ
  • cleanup

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security

    Jbx Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for submitted fileShow sources
    Source: 52lN2HSY7OVirustotal: Detection: 55%Perma Link
    Source: 52lN2HSY7OReversingLabs: Detection: 62%

    Networking:

    barindex
    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 85.175.217.161:23 -> 192.168.2.23:57604
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 85.175.217.161:23 -> 192.168.2.23:57616
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 85.175.217.161:23 -> 192.168.2.23:57634
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 85.175.217.161:23 -> 192.168.2.23:57638
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 85.175.217.161:23 -> 192.168.2.23:57642
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 85.175.217.161:23 -> 192.168.2.23:57646
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 85.175.217.161:23 -> 192.168.2.23:57652
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 85.175.217.161:23 -> 192.168.2.23:57658
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 85.175.217.161:23 -> 192.168.2.23:57662
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 85.175.217.161:23 -> 192.168.2.23:57668
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 221.238.165.150:23 -> 192.168.2.23:53576
    Source: TrafficSnort IDS: 716 INFO TELNET access 201.158.35.70:23 -> 192.168.2.23:56276
    Source: TrafficSnort IDS: 716 INFO TELNET access 166.140.137.60:23 -> 192.168.2.23:56718
    Source: TrafficSnort IDS: 716 INFO TELNET access 188.190.101.172:23 -> 192.168.2.23:41962
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 120.199.27.22:23 -> 192.168.2.23:35216
    Source: TrafficSnort IDS: 716 INFO TELNET access 201.158.35.70:23 -> 192.168.2.23:56440
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 120.199.27.22:23 -> 192.168.2.23:35240
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 123.174.127.152:23 -> 192.168.2.23:44742
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.76.20.170:23 -> 192.168.2.23:49324
    Source: TrafficSnort IDS: 716 INFO TELNET access 188.190.101.172:23 -> 192.168.2.23:42106
    Source: TrafficSnort IDS: 716 INFO TELNET access 166.140.137.60:23 -> 192.168.2.23:56866
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 120.199.27.22:23 -> 192.168.2.23:35274
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.76.20.170:23 -> 192.168.2.23:49368
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 83.221.206.253:23 -> 192.168.2.23:39260
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 120.199.27.22:23 -> 192.168.2.23:35354
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.76.20.170:23 -> 192.168.2.23:49476
    Source: TrafficSnort IDS: 716 INFO TELNET access 201.158.35.70:23 -> 192.168.2.23:56628
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 120.199.27.22:23 -> 192.168.2.23:35436
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.76.20.170:23 -> 192.168.2.23:49536
    Source: TrafficSnort IDS: 716 INFO TELNET access 188.190.101.172:23 -> 192.168.2.23:42322
    Source: TrafficSnort IDS: 716 INFO TELNET access 166.140.137.60:23 -> 192.168.2.23:57088
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 120.199.27.22:23 -> 192.168.2.23:35484
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.76.20.170:23 -> 192.168.2.23:49562
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 120.199.27.22:23 -> 192.168.2.23:35532
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.76.20.170:23 -> 192.168.2.23:49632
    Source: TrafficSnort IDS: 716 INFO TELNET access 201.158.35.70:23 -> 192.168.2.23:56782
    Source: TrafficSnort IDS: 716 INFO TELNET access 1.218.117.174:23 -> 192.168.2.23:46416
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 125.117.143.234:23 -> 192.168.2.23:52834
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 125.117.143.234:23 -> 192.168.2.23:52834
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 120.199.27.22:23 -> 192.168.2.23:35614
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.25.35.103:23 -> 192.168.2.23:34854
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.25.35.103:23 -> 192.168.2.23:34854
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.76.20.170:23 -> 192.168.2.23:49700
    Source: TrafficSnort IDS: 716 INFO TELNET access 2.187.187.80:23 -> 192.168.2.23:58690
    Source: TrafficSnort IDS: 716 INFO TELNET access 166.140.137.60:23 -> 192.168.2.23:57260
    Source: TrafficSnort IDS: 716 INFO TELNET access 2.187.187.80:23 -> 192.168.2.23:58720
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.88.134.147:23 -> 192.168.2.23:41730
    Source: TrafficSnort IDS: 716 INFO TELNET access 2.187.187.80:23 -> 192.168.2.23:58750
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 120.199.27.22:23 -> 192.168.2.23:35690
    Source: TrafficSnort IDS: 716 INFO TELNET access 2.187.187.80:23 -> 192.168.2.23:58770
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.88.134.147:23 -> 192.168.2.23:41760
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.76.20.170:23 -> 192.168.2.23:49804
    Source: TrafficSnort IDS: 716 INFO TELNET access 2.187.187.80:23 -> 192.168.2.23:58790
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 178.87.101.219:23 -> 192.168.2.23:50744
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 178.87.101.219:23 -> 192.168.2.23:50744
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 125.117.143.234:23 -> 192.168.2.23:52940
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 125.117.143.234:23 -> 192.168.2.23:52940
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.88.134.147:23 -> 192.168.2.23:41820
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 178.87.101.219:23 -> 192.168.2.23:50762
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 178.87.101.219:23 -> 192.168.2.23:50762
    Source: TrafficSnort IDS: 716 INFO TELNET access 2.187.187.80:23 -> 192.168.2.23:58822
    Source: TrafficSnort IDS: 716 INFO TELNET access 93.95.190.14:23 -> 192.168.2.23:38270
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 178.87.101.219:23 -> 192.168.2.23:50798
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 178.87.101.219:23 -> 192.168.2.23:50798
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 207.188.71.177:23 -> 192.168.2.23:42754
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 207.188.71.177:23 -> 192.168.2.23:42754
    Source: TrafficSnort IDS: 716 INFO TELNET access 2.187.187.80:23 -> 192.168.2.23:58868
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 93.95.190.14:23 -> 192.168.2.23:38270
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 178.87.101.219:23 -> 192.168.2.23:50812
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 178.87.101.219:23 -> 192.168.2.23:50812
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.88.134.147:23 -> 192.168.2.23:41848
    Source: TrafficSnort IDS: 716 INFO TELNET access 2.187.187.80:23 -> 192.168.2.23:58884
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.76.20.170:23 -> 192.168.2.23:49902
    Source: TrafficSnort IDS: 716 INFO TELNET access 93.95.190.14:23 -> 192.168.2.23:38304
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 14.232.178.241:23 -> 192.168.2.23:57582
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 14.232.178.241:23 -> 192.168.2.23:57582
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 120.199.27.22:23 -> 192.168.2.23:35830
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.88.134.147:23 -> 192.168.2.23:41892
    Source: TrafficSnort IDS: 716 INFO TELNET access 201.158.35.70:23 -> 192.168.2.23:57080
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 93.95.190.14:23 -> 192.168.2.23:38304
    Source: TrafficSnort IDS: 716 INFO TELNET access 2.187.187.80:23 -> 192.168.2.23:58942
    Source: TrafficSnort IDS: 2023443 ET TROJAN Possible Linux.Mirai Login Attempt (klv123) 192.168.2.23:49658 -> 89.145.206.38:23
    Source: TrafficSnort IDS: 2023448 ET TROJAN Possible Linux.Mirai Login Attempt (ubnt) 192.168.2.23:53146 -> 125.117.143.234:23
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.88.134.147:23 -> 192.168.2.23:41964
    Source: TrafficSnort IDS: 716 INFO TELNET access 1.218.117.174:23 -> 192.168.2.23:46770
    Source: TrafficSnort IDS: 716 INFO TELNET access 2.187.187.80:23 -> 192.168.2.23:58986
    Source: TrafficSnort IDS: 716 INFO TELNET access 93.95.190.14:23 -> 192.168.2.23:38402
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.88.134.147:23 -> 192.168.2.23:42002
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 93.95.190.14:23 -> 192.168.2.23:38402
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 125.117.143.234:23 -> 192.168.2.23:53146
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 125.117.143.234:23 -> 192.168.2.23:53146
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 218.76.20.170:23 -> 192.168.2.23:50046
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.88.134.147:23 -> 192.168.2.23:42026
    Source: TrafficSnort IDS: 716 INFO TELNET access 93.95.190.14:23 -> 192.168.2.23:38452
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 93.95.190.14:23 -> 192.168.2.23:38452
    Source: TrafficSnort IDS: 404 ICMP Destination Unreachable Protocol Unreachable 158.174.171.132: -> 192.168.2.23:
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.88.134.147:23 -> 192.168.2.23:42092
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 14.232.178.241:23 -> 192.168.2.23:57746
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 14.232.178.241:23 -> 192.168.2.23:57746
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 99.159.222.174:23 -> 192.168.2.23:43534
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 99.159.222.174:23 -> 192.168.2.23:43534
    Source: TrafficSnort IDS: 716 INFO TELNET access 93.95.190.14:23 -> 192.168.2.23:38622
    Source: TrafficSnort IDS: 716 INFO TELNET access 176.178.175.26:23 -> 192.168.2.23:50634
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 93.95.190.14:23 -> 192.168.2.23:38622
    Source: TrafficSnort IDS: 716 INFO TELNET access 166.140.137.60:23 -> 192.168.2.23:57834
    Source: TrafficSnort IDS: 716 INFO TELNET access 200.88.134.147:23 -> 192.168.2.23:42228
    Source: TrafficSnort IDS: 716 INFO TELNET access 93.95.190.14:23 -> 192.168.2.23:38706
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 99.159.222.174:23 -> 192.168.2.23:43624
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 99.159.222.174:23 -> 192.168.2.23:43624
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 176.178.175.26:23 -> 192.168.2.23:50634
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 176.178.175.26:23 -> 192.168.2.23:50634
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 123.25.35.103:23 -> 192.168.2.23:35464
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 123.25.35.103:23 -> 192.168.2.23:35464
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 93.95.190.14:23 -> 192.168.2.23:38706
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 125.117.143.234:23 -> 192.168.2.23:53434
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 125.117.143.234:23 -> 192.168.2.23:53434
    Source: TrafficSnort IDS: 716 INFO TELNET access 93.95.190.14:23 -> 192.168.2.23:38772
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 99.159.222.174:23 -> 192.168.2.23:43688
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 99.159.222.174:23 -> 192.168.2.23:43688
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 93.95.190.14:23 -> 192.168.2.23:38772
    Source: TrafficSnort IDS: 2404314 ET CNC Feodo Tracker Reported CnC Server TCP group 8 192.168.2.23:46644 -> 178.153.86.181:23
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 14.232.178.241:23 -> 192.168.2.23:58050
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 14.232.178.241:23 -> 192.168.2.23:58050
    Source: TrafficSnort IDS: 716 INFO TELNET access 93.95.190.14:23 -> 192.168.2.23:38824
    Source: TrafficSnort IDS: 716 INFO TELNET access 176.178.175.26:23 -> 192.168.2.23:50838
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 99.159.222.174:23 -> 192.168.2.23:43756
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 99.159.222.174:23 -> 192.168.2.23:43756
    Source: TrafficSnort IDS: 492 INFO TELNET login failed 93.95.190.14:23 -> 192.168.2.23:38824
    Source: TrafficSnort IDS: 716 INFO TELNET access 216.12.124.74:23 -> 192.168.2.23:59688
    Source: TrafficSnort IDS: 716 INFO TELNET access 93.95.190.14:23 -> 192.168.2.23:38894
    Source: TrafficSnort IDS: 716 INFO TELNET access 216.12.124.74:23 -> 192.168.2.23:59730
    Source: TrafficSnort IDS: 1251 INFO TELNET Bad Login 176.178.175.26:23 -> 192.168.2.23:50838
    Source: TrafficSnort IDS: 718 INFO TELNET login incorrect 176.178.175.26:23 -> 192.168.2.23:50838
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59876
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59888
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59894
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59902
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59906
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59912
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59914
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59918
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59920
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59922
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59488
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59490
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59492
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59496
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59500
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59502
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59504
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59508
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59512
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59514
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55390
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55394
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55396
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55402
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55404
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55406
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55408
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55412
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55416
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55418
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60652
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60662
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60670
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60684
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60698
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60710
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60728
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60732
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60738
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60744
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45898
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45902
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45912
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45920
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45928
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45960
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 46004
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 46030
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 46048
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 46066
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47888
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47894
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47902
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47910
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47916
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47920
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47922
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47928
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47940
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47942
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:51422 -> 136.144.41.15:1312
    Source: /tmp/52lN2HSY7O (PID: 5244)Socket: 0.0.0.0::0Jump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)Socket: 0.0.0.0::0Jump to behavior
    Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
    Source: unknownTCP traffic detected without corresponding DNS query: 136.144.41.15
    Source: unknownTCP traffic detected without corresponding DNS query: 197.131.18.136
    Source: unknownTCP traffic detected without corresponding DNS query: 183.85.98.136
    Source: unknownTCP traffic detected without corresponding DNS query: 245.189.161.108
    Source: unknownTCP traffic detected without corresponding DNS query: 193.3.170.183
    Source: unknownTCP traffic detected without corresponding DNS query: 141.17.39.237
    Source: unknownTCP traffic detected without corresponding DNS query: 32.241.98.250
    Source: unknownTCP traffic detected without corresponding DNS query: 188.227.153.6
    Source: unknownTCP traffic detected without corresponding DNS query: 185.208.44.48
    Source: unknownTCP traffic detected without corresponding DNS query: 37.232.147.235
    Source: unknownTCP traffic detected without corresponding DNS query: 142.140.84.111
    Source: unknownTCP traffic detected without corresponding DNS query: 99.185.159.252
    Source: unknownTCP traffic detected without corresponding DNS query: 97.2.161.202
    Source: unknownTCP traffic detected without corresponding DNS query: 145.167.228.105
    Source: unknownTCP traffic detected without corresponding DNS query: 212.13.252.233
    Source: unknownTCP traffic detected without corresponding DNS query: 24.113.182.154
    Source: unknownTCP traffic detected without corresponding DNS query: 218.178.63.174
    Source: unknownTCP traffic detected without corresponding DNS query: 169.23.59.31
    Source: unknownTCP traffic detected without corresponding DNS query: 242.240.117.66
    Source: unknownTCP traffic detected without corresponding DNS query: 44.132.233.126
    Source: unknownTCP traffic detected without corresponding DNS query: 251.220.119.233
    Source: unknownTCP traffic detected without corresponding DNS query: 186.190.71.94
    Source: unknownTCP traffic detected without corresponding DNS query: 63.0.99.123
    Source: unknownTCP traffic detected without corresponding DNS query: 65.156.248.103
    Source: unknownTCP traffic detected without corresponding DNS query: 23.1.141.169
    Source: unknownTCP traffic detected without corresponding DNS query: 182.183.59.95
    Source: unknownTCP traffic detected without corresponding DNS query: 118.172.199.129
    Source: unknownTCP traffic detected without corresponding DNS query: 253.95.218.176
    Source: unknownTCP traffic detected without corresponding DNS query: 67.163.223.123
    Source: unknownTCP traffic detected without corresponding DNS query: 32.34.80.49
    Source: unknownTCP traffic detected without corresponding DNS query: 216.199.76.79
    Source: unknownTCP traffic detected without corresponding DNS query: 140.235.190.158
    Source: unknownTCP traffic detected without corresponding DNS query: 221.123.92.204
    Source: unknownTCP traffic detected without corresponding DNS query: 70.104.99.105
    Source: unknownTCP traffic detected without corresponding DNS query: 118.112.129.241
    Source: unknownTCP traffic detected without corresponding DNS query: 44.156.118.140
    Source: unknownTCP traffic detected without corresponding DNS query: 13.158.255.149
    Source: unknownTCP traffic detected without corresponding DNS query: 185.244.161.172
    Source: unknownTCP traffic detected without corresponding DNS query: 193.51.99.20
    Source: unknownTCP traffic detected without corresponding DNS query: 86.171.75.89
    Source: unknownTCP traffic detected without corresponding DNS query: 118.147.81.187
    Source: unknownTCP traffic detected without corresponding DNS query: 73.42.183.6
    Source: unknownTCP traffic detected without corresponding DNS query: 250.140.113.44
    Source: unknownTCP traffic detected without corresponding DNS query: 19.126.125.138
    Source: unknownTCP traffic detected without corresponding DNS query: 12.6.21.161
    Source: unknownTCP traffic detected without corresponding DNS query: 118.17.175.67
    Source: unknownTCP traffic detected without corresponding DNS query: 243.54.114.224
    Source: unknownTCP traffic detected without corresponding DNS query: 168.244.60.190
    Source: unknownTCP traffic detected without corresponding DNS query: 179.108.237.40
    Source: unknownTCP traffic detected without corresponding DNS query: 189.1.2.169
    Source: motd-news.18.drString found in binary or memory: https://ubuntu.com/blog/microk8s-memory-optimisation
    Source: ELF static info symbol of initial sample.symtab present: no
    Source: /tmp/52lN2HSY7O (PID: 5244)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)SIGKILL sent: pid: 936, result: successfulJump to behavior
    Source: classification engineClassification label: mal68.troj.lin@0/1@0/0
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/491/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/793/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/772/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/796/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/774/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/797/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/777/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/799/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/658/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/912/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/759/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/936/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/918/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/1/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/761/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/785/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/884/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/720/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/721/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/788/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/789/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/800/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/801/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/847/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5250)File opened: /proc/904/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/491/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/793/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/772/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/796/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/774/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/797/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/777/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/799/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/658/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/912/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/759/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/936/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/918/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/1/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/761/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/785/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/884/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/720/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/721/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/788/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/789/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/800/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/801/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/847/fdJump to behavior
    Source: /tmp/52lN2HSY7O (PID: 5244)File opened: /proc/904/fdJump to behavior
    Source: /usr/bin/dash (PID: 5194)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.JmXH35JStJ /tmp/tmp.AdZnWFxIG7 /tmp/tmp.Bef8J1nfzZJump to behavior

    Hooking and other Techniques for Hiding and Protection:

    barindex
    Uses known network protocols on non-standard portsShow sources
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59876
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59888
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59894
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59902
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59906
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59912
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59914
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59918
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59920
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59922
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59488
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59490
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59492
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59496
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59500
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59502
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59504
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59508
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59512
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 59514
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55390
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55394
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55396
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55402
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55404
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55406
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55408
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55412
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55416
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 55418
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60652
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60662
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60670
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60684
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60698
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60710
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60728
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60732
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60738
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 60744
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45898
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45902
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45912
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45920
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45928
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 45960
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 46004
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 46030
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 46048
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 46066
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47888
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47894
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47902
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47910
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47916
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47920
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47922
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47928
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47940
    Source: unknownNetwork traffic detected: HTTP traffic on port 23 -> 47942
    Source: /tmp/52lN2HSY7O (PID: 5242)Queries kernel information via 'uname': Jump to behavior
    Source: 52lN2HSY7O, 5242.1.00000000c82da646.00000000f362cca0.rw-.sdmp, 52lN2HSY7O, 5244.1.00000000c82da646.00000000f362cca0.rw-.sdmp, 52lN2HSY7O, 5343.1.00000000c82da646.00000000f362cca0.rw-.sdmp, 52lN2HSY7O, 5359.1.00000000c82da646.00000000f362cca0.rw-.sdmp, 52lN2HSY7O, 5352.1.00000000c82da646.00000000f362cca0.rw-.sdmp, 52lN2HSY7O, 5245.1.00000000c82da646.00000000f362cca0.rw-.sdmp, 52lN2HSY7O, 5342.1.00000000c82da646.00000000f362cca0.rw-.sdmp, 52lN2HSY7O, 5251.1.00000000c82da646.00000000f362cca0.rw-.sdmpBinary or memory string: /usr/bin/qemu-m68k
    Source: 52lN2HSY7O, 5242.1.00000000c82da646.00000000f362cca0.rw-.sdmp, 52lN2HSY7O, 5244.1.00000000c82da646.00000000f362cca0.rw-.sdmp, 52lN2HSY7O, 5343.1.00000000c82da646.00000000f362cca0.rw-.sdmp, 52lN2HSY7O, 5359.1.00000000c82da646.00000000f362cca0.rw-.sdmp, 52lN2HSY7O, 5352.1.00000000c82da646.00000000f362cca0.rw-.sdmp, 52lN2HSY7O, 5245.1.00000000c82da646.00000000f362cca0.rw-.sdmp, 52lN2HSY7O, 5342.1.00000000c82da646.00000000f362cca0.rw-.sdmp, 52lN2HSY7O, 5251.1.00000000c82da646.00000000f362cca0.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-m68k/tmp/52lN2HSY7OSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/52lN2HSY7O
    Source: 52lN2HSY7O, 5242.1.00000000339dc745.00000000b9d6bab0.rw-.sdmp, 52lN2HSY7O, 5244.1.00000000339dc745.00000000b9d6bab0.rw-.sdmp, 52lN2HSY7O, 5343.1.00000000339dc745.00000000b9d6bab0.rw-.sdmp, 52lN2HSY7O, 5359.1.00000000339dc745.00000000b9d6bab0.rw-.sdmp, 52lN2HSY7O, 5352.1.00000000339dc745.00000000b9d6bab0.rw-.sdmp, 52lN2HSY7O, 5245.1.00000000339dc745.00000000b9d6bab0.rw-.sdmp, 52lN2HSY7O, 5342.1.00000000339dc745.00000000b9d6bab0.rw-.sdmp, 52lN2HSY7O, 5251.1.00000000339dc745.00000000b9d6bab0.rw-.sdmpBinary or memory string: DV!/etc/qemu-binfmt/m68k
    Source: 52lN2HSY7O, 5242.1.00000000339dc745.00000000b9d6bab0.rw-.sdmp, 52lN2HSY7O, 5244.1.00000000339dc745.00000000b9d6bab0.rw-.sdmp, 52lN2HSY7O, 5343.1.00000000339dc745.00000000b9d6bab0.rw-.sdmp, 52lN2HSY7O, 5359.1.00000000339dc745.00000000b9d6bab0.rw-.sdmp, 52lN2HSY7O, 5352.1.00000000339dc745.00000000b9d6bab0.rw-.sdmp, 52lN2HSY7O, 5245.1.00000000339dc745.00000000b9d6bab0.rw-.sdmp, 52lN2HSY7O, 5342.1.00000000339dc745.00000000b9d6bab0.rw-.sdmp, 52lN2HSY7O, 5251.1.00000000339dc745.00000000b9d6bab0.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/m68k

    Stealing of Sensitive Information:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Remote Access Functionality:

    barindex
    Yara detected MiraiShow sources
    Source: Yara matchFile source: dump.pcap, type: PCAP

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath InterceptionPath InterceptionFile Deletion1OS Credential Dumping1Security Software Discovery11Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

    Malware Configuration

    No configs have been found

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Number of created Files
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 553492 Sample: 52lN2HSY7O Startdate: 15/01/2022 Architecture: LINUX Score: 68 48 220.216.169.230 XEPHIONNTT-MECorporationJP Japan 2->48 50 58.6.149.98 WESTNET-AS-APWestnetInternetServicesAU Australia 2->50 52 98 other IPs or domains 2->52 54 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->54 56 Multi AV Scanner detection for submitted file 2->56 58 Yara detected Mirai 2->58 60 Uses known network protocols on non-standard ports 2->60 10 dash rm 52lN2HSY7O 2->10         started        12 dash cat 2->12         started        14 dash tr 2->14         started        16 6 other processes 2->16 signatures3 process4 process5 18 52lN2HSY7O 10->18         started        20 52lN2HSY7O 10->20         started        22 52lN2HSY7O 10->22         started        process6 24 52lN2HSY7O 18->24         started        26 52lN2HSY7O 18->26         started        28 52lN2HSY7O 20->28         started        30 52lN2HSY7O 20->30         started        32 52lN2HSY7O 20->32         started        process7 34 52lN2HSY7O 24->34         started        36 52lN2HSY7O 24->36         started        38 52lN2HSY7O 24->38         started        40 52lN2HSY7O 28->40         started        42 52lN2HSY7O 28->42         started        process8 44 52lN2HSY7O 34->44         started        46 52lN2HSY7O 34->46         started       

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    52lN2HSY7O56%VirustotalBrowse
    52lN2HSY7O63%ReversingLabsLinux.Trojan.Mirai

    Dropped Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    No contacted domains info

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://ubuntu.com/blog/microk8s-memory-optimisationmotd-news.18.drfalse
      high

      Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public

      IPDomainCountryFlagASNASN NameMalicious
      199.110.235.164
      unknownUnited States
      7018ATT-INTERNET4USfalse
      113.121.141.255
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      177.11.31.210
      unknownBrazil
      52754GRUPOSHARKBRfalse
      27.110.107.33
      unknownJapan23783CNACableNetworksAkitaColtdJPfalse
      80.24.212.170
      unknownSpain
      3352TELEFONICA_DE_ESPANAESfalse
      186.83.234.200
      unknownColombia
      10620TelmexColombiaSACOfalse
      207.56.160.227
      unknownUnited States
      2914NTT-COMMUNICATIONS-2914USfalse
      222.171.173.133
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      206.184.241.50
      unknownUnited States
      2914NTT-COMMUNICATIONS-2914USfalse
      207.116.49.21
      unknownUnited States
      6407PRIMUS-AS6407CAfalse
      81.255.86.163
      unknownFrance
      3215FranceTelecom-OrangeFRfalse
      101.128.206.180
      unknownJapan2497IIJInternetInitiativeJapanIncJPfalse
      58.6.149.98
      unknownAustralia
      9543WESTNET-AS-APWestnetInternetServicesAUfalse
      60.64.115.12
      unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
      72.191.168.77
      unknownUnited States
      11427TWC-11427-TEXASUSfalse
      134.2.145.161
      unknownGermany
      553BELWUEBelWue-KoordinationEUfalse
      88.190.10.46
      unknownFrance
      12322PROXADFRfalse
      189.230.128.7
      unknownMexico
      8151UninetSAdeCVMXfalse
      240.234.53.120
      unknownReserved
      unknownunknownfalse
      200.228.138.0
      unknownBrazil
      4230CLAROSABRfalse
      245.90.212.44
      unknownReserved
      unknownunknownfalse
      18.188.26.118
      unknownUnited States
      16509AMAZON-02USfalse
      121.55.215.27
      unknownGuam
      3605ERX-KUENTOS-ASGuamCablevisionLLCGUfalse
      175.240.25.72
      unknownKorea Republic of
      4766KIXS-AS-KRKoreaTelecomKRfalse
      247.205.244.162
      unknownReserved
      unknownunknownfalse
      164.42.74.234
      unknownPuerto Rico
      16649IUPR-ASPRfalse
      53.228.90.236
      unknownGermany
      31399DAIMLER-ASITIGNGlobalNetworkDEfalse
      96.25.164.173
      unknownUnited States
      16625AKAMAI-ASUSfalse
      99.10.28.76
      unknownUnited States
      7018ATT-INTERNET4USfalse
      116.40.43.10
      unknownKorea Republic of
      17858POWERVIS-AS-KRLGPOWERCOMMKRfalse
      159.52.118.79
      unknownAustralia
      4826VOCUS-BACKBONE-ASVocusConnectInternationalBackboneAUfalse
      201.233.213.54
      unknownColombia
      13489EPMTelecomunicacionesSAESPCOfalse
      169.243.206.141
      unknownUnited States
      47024THE-METROHEALTH-SYSTEMUSfalse
      109.44.45.243
      unknownGermany
      3209VODANETInternationalIP-BackboneofVodafoneDEfalse
      240.203.171.95
      unknownReserved
      unknownunknownfalse
      150.253.133.66
      unknownUnited States
      1344513445USfalse
      253.47.120.163
      unknownReserved
      unknownunknownfalse
      110.220.30.89
      unknownChina
      9394CTTNETChinaTieTongTelecommunicationsCorporationCNfalse
      43.8.221.27
      unknownJapan4249LILLY-ASUSfalse
      203.120.137.187
      unknownSingapore
      4628PACIFICINTERNET-AS-APPacificInternetPteLtdSGfalse
      218.181.74.60
      unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
      53.169.5.228
      unknownGermany
      31399DAIMLER-ASITIGNGlobalNetworkDEfalse
      75.125.11.254
      unknownUnited States
      36351SOFTLAYERUSfalse
      101.215.253.239
      unknownIndia
      58519CHINATELECOM-CTCLOUDCloudComputingCorporationCNfalse
      156.7.48.65
      unknownUnited States
      29975VODACOM-ZAfalse
      117.178.243.226
      unknownChina
      9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
      161.78.252.141
      unknownSwitzerland
      3303SWISSCOMSwisscomSwitzerlandLtdCHfalse
      240.160.53.154
      unknownReserved
      unknownunknownfalse
      108.28.236.159
      unknownUnited States
      701UUNETUSfalse
      195.249.101.245
      unknownDenmark
      3292TDCTDCASDKfalse
      148.56.211.54
      unknownSpain
      12430VODAFONE_ESESfalse
      159.106.135.52
      unknownUnited States
      16050REUTERS-DOCKLANDS-RES-ASReutersDocklandsresiliancyGBfalse
      80.97.224.172
      unknownRomania
      9050RTDBucharestRomaniaROfalse
      211.21.103.87
      unknownTaiwan; Republic of China (ROC)
      3462HINETDataCommunicationBusinessGroupTWfalse
      183.219.249.8
      unknownChina
      9808CMNET-GDGuangdongMobileCommunicationCoLtdCNfalse
      197.31.187.186
      unknownTunisia
      37492ORANGE-TNfalse
      156.146.203.249
      unknownUnited States
      1448UNITED-BROADBANDUSfalse
      220.216.169.230
      unknownJapan9595XEPHIONNTT-MECorporationJPfalse
      198.196.224.109
      unknownUnited States
      292ESNET-WESTUSfalse
      153.239.66.159
      unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
      220.216.56.40
      unknownJapan10010TOKAITOKAICommunicationsCorporationJPfalse
      124.225.208.91
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      105.143.72.239
      unknownMorocco
      6713IAM-ASMAfalse
      177.203.133.248
      unknownBrazil
      8167BrasilTelecomSA-FilialDistritoFederalBRfalse
      192.233.100.166
      unknownUnited States
      3356LEVEL3USfalse
      112.249.78.53
      unknownChina
      4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      220.0.129.208
      unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
      141.156.237.63
      unknownUnited States
      701UUNETUSfalse
      110.141.121.185
      unknownAustralia
      1221ASN-TELSTRATelstraCorporationLtdAUfalse
      83.138.58.49
      unknownunknown
      207642LEONIXDATACENTERFRfalse
      31.114.146.114
      unknownUnited Kingdom
      12576EELtdGBfalse
      17.234.124.225
      unknownUnited States
      714APPLE-ENGINEERINGUSfalse
      146.136.220.194
      unknownSwitzerland
      559SWITCHPeeringrequestspeeringswitchchEUfalse
      247.168.152.143
      unknownReserved
      unknownunknownfalse
      87.198.117.230
      unknownIreland
      34245MAGNET-ASIEfalse
      169.31.128.125
      unknownUnited States
      37611AfrihostZAfalse
      210.112.251.134
      unknownKorea Republic of
      4663ELIMNET-AS-KRELIMNETINCKRfalse
      58.114.227.42
      unknownTaiwan; Republic of China (ROC)
      9416MULTIMEDIA-AS-APHoshinMultimediaCenterIncTWfalse
      123.47.209.227
      unknownKorea Republic of
      6619SAMSUNGSDS-AS-KRSamsungSDSIncKRfalse
      243.219.250.131
      unknownReserved
      unknownunknownfalse
      195.136.103.120
      unknownPoland
      200539INTELLYSPJ-ASINTELLYPLfalse
      40.192.134.233
      unknownUnited States
      4249LILLY-ASUSfalse
      254.52.94.164
      unknownReserved
      unknownunknownfalse
      164.65.13.51
      unknownUnited States
      1778DNIC-AS-01778USfalse
      212.9.249.185
      unknownUkraine
      6703ALKAR-ASUAfalse
      186.170.17.43
      unknownColombia
      3816COLOMBIATELECOMUNICACIONESSAESPCOfalse
      133.27.156.188
      unknownJapan38635KEIO-NETKeioUniversityJPfalse
      155.232.197.139
      unknownSouth Africa
      2018TENET-1ZAfalse
      109.4.187.52
      unknownFrance
      15557LDCOMNETFRfalse
      99.189.112.218
      unknownUnited States
      7018ATT-INTERNET4USfalse
      184.6.30.97
      unknownUnited States
      209CENTURYLINK-US-LEGACY-QWESTUSfalse
      186.37.158.45
      unknownChile
      27925EntelPCSTelecomunicacionesSACLfalse
      109.1.194.240
      unknownFrance
      15557LDCOMNETFRfalse
      87.179.231.26
      unknownGermany
      3320DTAGInternetserviceprovideroperationsDEfalse
      151.75.212.221
      unknownItaly
      1267ASN-WINDTREIUNETEUfalse
      218.31.166.125
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      191.133.1.249
      unknownBrazil
      26615TIMSABRfalse
      186.235.64.46
      unknownBrazil
      262725RGSILVEIRALTDABRfalse
      158.197.0.29
      unknownSlovakia (SLOVAK Republic)
      2607SANETSlovakAcademicNetworkSKfalse
      154.145.140.146
      unknownMorocco
      6713IAM-ASMAfalse


      Runtime Messages

      Command:/tmp/52lN2HSY7O
      Exit Code:0
      Exit Code Info:
      Killed:False
      Standard Output:
      Connected To CNC
      Standard Error:

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      101.128.206.1807Pvt6Jni6pGet hashmaliciousBrowse
        164.42.74.234sora.x86Get hashmaliciousBrowse

          Domains

          No context

          ASN

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          CHINANET-BACKBONENo31Jin-rongStreetCN8p2APHSDxxGet hashmaliciousBrowse
          • 180.139.77.69
          gsf3z44v5sGet hashmaliciousBrowse
          • 183.5.95.66
          R7d8PPyLpgGet hashmaliciousBrowse
          • 61.157.167.110
          fVA3Q44QAKGet hashmaliciousBrowse
          • 60.186.225.153
          SLdtSSVlj2Get hashmaliciousBrowse
          • 222.93.139.47
          gJlt5ysY1JGet hashmaliciousBrowse
          • 116.26.34.117
          phantom.x86Get hashmaliciousBrowse
          • 182.137.131.110
          phantom.arm7Get hashmaliciousBrowse
          • 125.73.206.208
          01oHMcUgUMGet hashmaliciousBrowse
          • 106.6.195.143
          nSg5RM0w0dGet hashmaliciousBrowse
          • 113.112.4.109
          VAkpLB9NSDGet hashmaliciousBrowse
          • 183.41.240.98
          1xtO9V8ku8Get hashmaliciousBrowse
          • 223.15.201.231
          x86Get hashmaliciousBrowse
          • 175.8.178.190
          hWLlYv2MAXGet hashmaliciousBrowse
          • 175.10.90.22
          TudQawdlbFGet hashmaliciousBrowse
          • 125.171.111.165
          TaGQI2YsXqGet hashmaliciousBrowse
          • 218.64.214.57
          dx86Get hashmaliciousBrowse
          • 222.209.178.154
          s7vKdnDi77Get hashmaliciousBrowse
          • 182.37.50.95
          CK8BFmrJs3Get hashmaliciousBrowse
          • 183.70.96.226
          vEnkH2eeB8Get hashmaliciousBrowse
          • 42.100.221.229
          ATT-INTERNET4US8p2APHSDxxGet hashmaliciousBrowse
          • 108.232.93.2
          R7d8PPyLpgGet hashmaliciousBrowse
          • 12.50.176.184
          fVA3Q44QAKGet hashmaliciousBrowse
          • 12.239.5.98
          SLdtSSVlj2Get hashmaliciousBrowse
          • 12.51.215.185
          phantom.x86Get hashmaliciousBrowse
          • 75.8.57.219
          phantom.arm7Get hashmaliciousBrowse
          • 107.245.3.121
          phantom.armGet hashmaliciousBrowse
          • 207.104.139.112
          01oHMcUgUMGet hashmaliciousBrowse
          • 107.216.78.174
          nSg5RM0w0dGet hashmaliciousBrowse
          • 99.136.89.88
          VAkpLB9NSDGet hashmaliciousBrowse
          • 76.192.131.202
          1xtO9V8ku8Get hashmaliciousBrowse
          • 170.187.70.79
          x86Get hashmaliciousBrowse
          • 104.15.73.28
          hWLlYv2MAXGet hashmaliciousBrowse
          • 13.178.149.44
          TudQawdlbFGet hashmaliciousBrowse
          • 12.213.2.200
          s7vKdnDi77Get hashmaliciousBrowse
          • 64.216.75.5
          CK8BFmrJs3Get hashmaliciousBrowse
          • 172.10.105.121
          3Jxou3a3wmGet hashmaliciousBrowse
          • 172.3.166.95
          vEnkH2eeB8Get hashmaliciousBrowse
          • 172.188.213.92
          IhRNkXfMkBGet hashmaliciousBrowse
          • 172.17.126.2
          XwNZbpXHXmGet hashmaliciousBrowse
          • 172.129.40.104

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          /var/cache/motd-news
          Process:/usr/bin/cut
          File Type:ASCII text
          Category:dropped
          Size (bytes):191
          Entropy (8bit):4.515771857099866
          Encrypted:false
          SSDEEP:3:P2lnI+5MsqqzNLz+FRNScHUBfRau95++sZzR5woLB1Fh0VTGTl/X5kURn:OZ8uNLzDc0pR75+9Zz/woFmIT52URn
          MD5:DD514F892B5F93ED615D366E58AC58AF
          SHA1:BA75EDB3C2232CC260BC187F604DC8F25AA72C11
          SHA-256:F40D0DCE6E83DF74109FEF5E68E51CC255727783EEAE04C3E34677E23F7552CF
          SHA-512:9150BDE63F6C4850C5340D8877892B4D9BBF9EBDC98CDCF557A93FA304C1222CEE446418F5BE2ACCDBF38393778AFA5D4F3EDCB37A47BF57D3A4B2DEAD42A2D0
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview: * Super-optimized for small spaces - read how we shrank the memory. footprint of MicroK8s to make it the smallest full K8s around... https://ubuntu.com/blog/microk8s-memory-optimisation.

          Static File Info

          General

          File type:ELF 32-bit MSB executable, Motorola m68k, 68020, version 1 (SYSV), statically linked, stripped
          Entropy (8bit):6.214678185526423
          TrID:
          • ELF Executable and Linkable format (generic) (4004/1) 100.00%
          File name:52lN2HSY7O
          File size:53052
          MD5:e0db3c63694e83c4ea4187a6fd40c9d2
          SHA1:d04a564f43e9ed664478443199b196d6cb191580
          SHA256:da6d168edfc190ef5f7a8ae9ad40de97ea559989c3f7421af1c9a0909522dbf4
          SHA512:540dd1a5feed9777760399c626a0ce4dfcee4bf3d39c5631765a7b949fa2084495cb458ee31efe017a16171409049159d841abb5175df66ecbad22f53dcb7fbb
          SSDEEP:768:8CeKEfhe5XdrbejRIcfFMQ/5MdgFHj0iPuvWeffpqmUJTXr6Lu380D3:dsfIBZe5tJrFj0imvppqmUJP6Lc82
          File Content Preview:.ELF.......................D...4.........4. ...(.................................. ....................p.......... .dt.Q............................NV..a....da.....N^NuNV..J9...lf>"y.... QJ.g.X.#.....N."y.... QJ.f.A.....J.g.Hy....N.X........lN^NuNV..N^NuN

          Static ELF Info

          ELF header

          Class:ELF32
          Data:2's complement, big endian
          Version:1 (current)
          Machine:MC68000
          Version Number:0x1
          Type:EXEC (Executable file)
          OS/ABI:UNIX - System V
          ABI Version:0
          Entry Point Address:0x80000144
          Flags:0x0
          ELF Header Size:52
          Program Header Offset:52
          Program Header Size:32
          Number of Program Headers:3
          Section Header Offset:52652
          Section Header Size:40
          Number of Section Headers:10
          Header String Table Index:9

          Sections

          NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
          NULL0x00x00x00x00x0000
          .initPROGBITS0x800000940x940x140x00x6AX002
          .textPROGBITS0x800000a80xa80xc5d60x00x6AX004
          .finiPROGBITS0x8000c67e0xc67e0xe0x00x6AX002
          .rodataPROGBITS0x8000c68c0xc68c0x56c0x00x2A002
          .ctorsPROGBITS0x8000ebfc0xcbfc0x80x00x3WA004
          .dtorsPROGBITS0x8000ec040xcc040x80x00x3WA004
          .dataPROGBITS0x8000ec100xcc100x15c0x00x3WA004
          .bssNOBITS0x8000ed6c0xcd6c0x23c0x00x3WA004
          .shstrtabSTRTAB0x00xcd6c0x3e0x00x0001

          Program Segments

          TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
          LOAD0x00x800000000x800000000xcbf80xcbf84.23160x5R E0x2000.init .text .fini .rodata
          LOAD0xcbfc0x8000ebfc0x8000ebfc0x1700x3ac0.27750x6RW 0x2000.ctors .dtors .data .bss
          GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

          Network Behavior

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Jan 15, 2022 01:33:52.819207907 CET514221312192.168.2.23136.144.41.15
          Jan 15, 2022 01:33:52.835249901 CET751523192.168.2.23197.131.18.136
          Jan 15, 2022 01:33:52.835306883 CET751523192.168.2.23183.85.98.136
          Jan 15, 2022 01:33:52.835314989 CET751523192.168.2.23245.189.161.108
          Jan 15, 2022 01:33:52.835323095 CET751523192.168.2.23193.3.170.183
          Jan 15, 2022 01:33:52.835428953 CET751523192.168.2.23141.17.39.237
          Jan 15, 2022 01:33:52.835439920 CET751523192.168.2.2332.241.98.250
          Jan 15, 2022 01:33:52.835460901 CET751523192.168.2.23188.227.153.6
          Jan 15, 2022 01:33:52.835460901 CET751523192.168.2.23185.208.44.48
          Jan 15, 2022 01:33:52.835464001 CET751523192.168.2.2337.232.147.235
          Jan 15, 2022 01:33:52.835474968 CET751523192.168.2.23142.140.84.111
          Jan 15, 2022 01:33:52.835477114 CET751523192.168.2.2399.185.159.252
          Jan 15, 2022 01:33:52.835479021 CET751523192.168.2.2397.2.161.202
          Jan 15, 2022 01:33:52.835514069 CET751523192.168.2.23145.167.228.105
          Jan 15, 2022 01:33:52.835526943 CET751523192.168.2.23212.13.252.233
          Jan 15, 2022 01:33:52.835537910 CET751523192.168.2.2324.113.182.154
          Jan 15, 2022 01:33:52.835536957 CET751523192.168.2.23218.178.63.174
          Jan 15, 2022 01:33:52.835539103 CET751523192.168.2.23169.23.59.31
          Jan 15, 2022 01:33:52.835539103 CET751523192.168.2.23242.240.117.66
          Jan 15, 2022 01:33:52.835550070 CET751523192.168.2.2344.132.233.126
          Jan 15, 2022 01:33:52.835561991 CET751523192.168.2.23251.220.119.233
          Jan 15, 2022 01:33:52.835685015 CET751523192.168.2.23186.190.71.94
          Jan 15, 2022 01:33:52.835688114 CET751523192.168.2.2363.0.99.123
          Jan 15, 2022 01:33:52.835688114 CET751523192.168.2.2399.210.211.32
          Jan 15, 2022 01:33:52.835695028 CET751523192.168.2.2365.156.248.103
          Jan 15, 2022 01:33:52.835702896 CET751523192.168.2.2323.1.141.169
          Jan 15, 2022 01:33:52.835706949 CET751523192.168.2.23182.183.59.95
          Jan 15, 2022 01:33:52.835709095 CET751523192.168.2.23118.172.199.129
          Jan 15, 2022 01:33:52.835716009 CET751523192.168.2.23253.95.218.176
          Jan 15, 2022 01:33:52.835720062 CET751523192.168.2.2367.163.223.123
          Jan 15, 2022 01:33:52.835724115 CET751523192.168.2.2332.34.80.49
          Jan 15, 2022 01:33:52.835731983 CET751523192.168.2.23216.199.76.79
          Jan 15, 2022 01:33:52.835737944 CET751523192.168.2.23140.235.190.158
          Jan 15, 2022 01:33:52.835738897 CET751523192.168.2.23221.123.92.204
          Jan 15, 2022 01:33:52.835741043 CET751523192.168.2.2370.104.99.105
          Jan 15, 2022 01:33:52.835740089 CET751523192.168.2.23118.112.129.241
          Jan 15, 2022 01:33:52.835758924 CET751523192.168.2.2344.156.118.140
          Jan 15, 2022 01:33:52.835764885 CET751523192.168.2.2313.158.255.149
          Jan 15, 2022 01:33:52.835769892 CET751523192.168.2.23185.244.161.172
          Jan 15, 2022 01:33:52.835773945 CET751523192.168.2.23193.51.99.20
          Jan 15, 2022 01:33:52.835786104 CET751523192.168.2.2386.171.75.89
          Jan 15, 2022 01:33:52.835788965 CET751523192.168.2.23118.147.81.187
          Jan 15, 2022 01:33:52.835906029 CET751523192.168.2.2373.42.183.6
          Jan 15, 2022 01:33:52.835911989 CET751523192.168.2.23250.140.113.44
          Jan 15, 2022 01:33:52.835911989 CET751523192.168.2.2319.126.125.138
          Jan 15, 2022 01:33:52.835916042 CET751523192.168.2.2312.6.21.161
          Jan 15, 2022 01:33:52.835916042 CET751523192.168.2.23118.17.175.67
          Jan 15, 2022 01:33:52.835918903 CET751523192.168.2.23243.54.114.224
          Jan 15, 2022 01:33:52.835920095 CET751523192.168.2.23168.244.60.190
          Jan 15, 2022 01:33:52.835927010 CET751523192.168.2.23179.108.237.40
          Jan 15, 2022 01:33:52.835931063 CET751523192.168.2.23189.1.2.169
          Jan 15, 2022 01:33:52.835937023 CET751523192.168.2.23208.82.91.76
          Jan 15, 2022 01:33:52.835941076 CET751523192.168.2.23158.172.86.164
          Jan 15, 2022 01:33:52.835944891 CET751523192.168.2.2347.47.123.175
          Jan 15, 2022 01:33:52.835947990 CET751523192.168.2.23206.189.65.198
          Jan 15, 2022 01:33:52.835949898 CET751523192.168.2.23175.138.53.53
          Jan 15, 2022 01:33:52.835954905 CET751523192.168.2.2335.194.241.25
          Jan 15, 2022 01:33:52.835962057 CET751523192.168.2.23113.187.99.23
          Jan 15, 2022 01:33:52.835967064 CET751523192.168.2.2314.5.42.44
          Jan 15, 2022 01:33:52.835969925 CET751523192.168.2.23217.41.76.94
          Jan 15, 2022 01:33:52.835971117 CET751523192.168.2.23122.135.186.70
          Jan 15, 2022 01:33:52.835977077 CET751523192.168.2.2357.80.167.204
          Jan 15, 2022 01:33:52.835988998 CET751523192.168.2.23189.88.140.97
          Jan 15, 2022 01:33:52.835998058 CET751523192.168.2.23191.140.69.29
          Jan 15, 2022 01:33:52.836000919 CET751523192.168.2.23149.83.167.215
          Jan 15, 2022 01:33:52.836004019 CET751523192.168.2.23241.138.133.221
          Jan 15, 2022 01:33:52.836011887 CET751523192.168.2.23118.166.93.162
          Jan 15, 2022 01:33:52.836013079 CET751523192.168.2.2344.116.233.83
          Jan 15, 2022 01:33:52.836014032 CET751523192.168.2.23133.167.112.55
          Jan 15, 2022 01:33:52.836019039 CET751523192.168.2.23170.123.105.126
          Jan 15, 2022 01:33:52.836020947 CET751523192.168.2.23205.131.226.191
          Jan 15, 2022 01:33:52.836030960 CET751523192.168.2.2314.24.201.173
          Jan 15, 2022 01:33:52.836031914 CET751523192.168.2.23212.109.160.64
          Jan 15, 2022 01:33:52.836031914 CET751523192.168.2.2324.58.111.9
          Jan 15, 2022 01:33:52.836164951 CET751523192.168.2.23100.151.120.53
          Jan 15, 2022 01:33:52.836165905 CET751523192.168.2.2374.145.70.239
          Jan 15, 2022 01:33:52.836169958 CET751523192.168.2.23250.230.86.125
          Jan 15, 2022 01:33:52.836172104 CET751523192.168.2.23114.97.177.30
          Jan 15, 2022 01:33:52.836167097 CET751523192.168.2.23157.182.149.126
          Jan 15, 2022 01:33:52.836174965 CET751523192.168.2.2345.18.206.86
          Jan 15, 2022 01:33:52.836178064 CET751523192.168.2.23145.138.2.117
          Jan 15, 2022 01:33:52.836179972 CET751523192.168.2.231.94.55.174
          Jan 15, 2022 01:33:52.836184025 CET751523192.168.2.2392.79.246.244
          Jan 15, 2022 01:33:52.836188078 CET751523192.168.2.2377.104.162.229
          Jan 15, 2022 01:33:52.836199045 CET751523192.168.2.2323.60.97.65
          Jan 15, 2022 01:33:52.836199045 CET751523192.168.2.2331.162.39.204
          Jan 15, 2022 01:33:52.836201906 CET751523192.168.2.23164.86.231.75
          Jan 15, 2022 01:33:52.836214066 CET751523192.168.2.2388.155.82.253
          Jan 15, 2022 01:33:52.836218119 CET751523192.168.2.23146.159.111.220
          Jan 15, 2022 01:33:52.836218119 CET751523192.168.2.23186.42.164.246
          Jan 15, 2022 01:33:52.836225986 CET751523192.168.2.23221.127.221.225
          Jan 15, 2022 01:33:52.836240053 CET751523192.168.2.2334.206.55.137
          Jan 15, 2022 01:33:52.836353064 CET751523192.168.2.23115.208.161.238
          Jan 15, 2022 01:33:52.836359978 CET751523192.168.2.23247.248.100.9
          Jan 15, 2022 01:33:52.836369991 CET751523192.168.2.2344.39.151.33
          Jan 15, 2022 01:33:52.836374998 CET751523192.168.2.2383.10.73.161
          Jan 15, 2022 01:33:52.836376905 CET751523192.168.2.23196.15.177.6
          Jan 15, 2022 01:33:52.836384058 CET751523192.168.2.23124.187.238.46
          Jan 15, 2022 01:33:52.836390018 CET751523192.168.2.23208.133.193.153
          Jan 15, 2022 01:33:52.836390972 CET751523192.168.2.2371.6.127.245
          Jan 15, 2022 01:33:52.836396933 CET751523192.168.2.23160.82.175.32
          Jan 15, 2022 01:33:52.836412907 CET751523192.168.2.23161.243.76.78
          Jan 15, 2022 01:33:52.836421967 CET751523192.168.2.23202.213.40.187
          Jan 15, 2022 01:33:52.836455107 CET751523192.168.2.2318.48.31.82
          Jan 15, 2022 01:33:52.836591005 CET751523192.168.2.23197.41.97.186
          Jan 15, 2022 01:33:52.836596966 CET751523192.168.2.2385.95.140.136
          Jan 15, 2022 01:33:52.836599112 CET751523192.168.2.23184.175.213.195
          Jan 15, 2022 01:33:52.836601019 CET751523192.168.2.23176.4.82.9
          Jan 15, 2022 01:33:52.836601973 CET751523192.168.2.23204.40.152.89
          Jan 15, 2022 01:33:52.836602926 CET751523192.168.2.2334.77.253.70
          Jan 15, 2022 01:33:52.836617947 CET751523192.168.2.23244.6.8.55
          Jan 15, 2022 01:33:52.836618900 CET751523192.168.2.23198.213.185.44
          Jan 15, 2022 01:33:52.836621046 CET751523192.168.2.23146.75.102.12
          Jan 15, 2022 01:33:52.836626053 CET751523192.168.2.2327.55.215.64
          Jan 15, 2022 01:33:52.836632013 CET751523192.168.2.23141.125.194.162
          Jan 15, 2022 01:33:52.836635113 CET751523192.168.2.2368.229.209.163
          Jan 15, 2022 01:33:52.836643934 CET751523192.168.2.2363.61.236.102
          Jan 15, 2022 01:33:52.836647034 CET751523192.168.2.2398.201.22.179
          Jan 15, 2022 01:33:52.836652994 CET751523192.168.2.23102.8.106.76
          Jan 15, 2022 01:33:52.836659908 CET751523192.168.2.2372.194.58.106
          Jan 15, 2022 01:33:52.836672068 CET751523192.168.2.2347.120.144.244
          Jan 15, 2022 01:33:52.836674929 CET751523192.168.2.2391.175.102.80
          Jan 15, 2022 01:33:52.836680889 CET751523192.168.2.2376.222.45.160
          Jan 15, 2022 01:33:52.836688995 CET751523192.168.2.239.153.156.175
          Jan 15, 2022 01:33:52.836818933 CET751523192.168.2.23216.118.2.98
          Jan 15, 2022 01:33:52.836829901 CET751523192.168.2.2332.201.193.115
          Jan 15, 2022 01:33:52.836833000 CET751523192.168.2.23125.106.29.23
          Jan 15, 2022 01:33:52.836833000 CET751523192.168.2.23248.142.78.30
          Jan 15, 2022 01:33:52.836834908 CET751523192.168.2.2338.218.37.82
          Jan 15, 2022 01:33:52.836838007 CET751523192.168.2.23181.24.52.80
          Jan 15, 2022 01:33:52.836848021 CET751523192.168.2.2384.120.125.218
          Jan 15, 2022 01:33:52.836849928 CET751523192.168.2.23139.219.202.189
          Jan 15, 2022 01:33:52.836853027 CET751523192.168.2.23170.109.70.49
          Jan 15, 2022 01:33:52.836855888 CET751523192.168.2.23141.205.12.9
          Jan 15, 2022 01:33:52.836859941 CET751523192.168.2.2399.254.144.101
          Jan 15, 2022 01:33:52.836862087 CET751523192.168.2.23113.106.31.43
          Jan 15, 2022 01:33:52.836864948 CET751523192.168.2.23123.74.112.235
          Jan 15, 2022 01:33:52.836867094 CET751523192.168.2.23153.70.26.133
          Jan 15, 2022 01:33:52.836872101 CET751523192.168.2.23162.21.166.44
          Jan 15, 2022 01:33:52.836874008 CET751523192.168.2.23121.137.140.10
          Jan 15, 2022 01:33:52.836879015 CET751523192.168.2.2363.87.96.73
          Jan 15, 2022 01:33:52.836879969 CET751523192.168.2.23157.244.122.35
          Jan 15, 2022 01:33:52.836883068 CET751523192.168.2.23245.127.105.211
          Jan 15, 2022 01:33:52.836888075 CET751523192.168.2.23213.82.121.159
          Jan 15, 2022 01:33:52.836889982 CET751523192.168.2.23102.222.159.77
          Jan 15, 2022 01:33:52.836893082 CET751523192.168.2.2394.125.142.230
          Jan 15, 2022 01:33:52.836899042 CET751523192.168.2.23193.166.226.118
          Jan 15, 2022 01:33:52.836900949 CET751523192.168.2.2344.172.232.245
          Jan 15, 2022 01:33:52.836900949 CET751523192.168.2.2389.232.200.60
          Jan 15, 2022 01:33:52.836903095 CET751523192.168.2.2372.143.76.190
          Jan 15, 2022 01:33:52.836904049 CET751523192.168.2.23119.141.22.252
          Jan 15, 2022 01:33:52.836906910 CET751523192.168.2.23207.135.221.196
          Jan 15, 2022 01:33:52.836915016 CET751523192.168.2.23223.14.224.70
          Jan 15, 2022 01:33:52.836919069 CET751523192.168.2.2334.43.61.218
          Jan 15, 2022 01:33:52.836920977 CET751523192.168.2.2380.114.15.187
          Jan 15, 2022 01:33:52.836935997 CET751523192.168.2.23240.142.249.227
          Jan 15, 2022 01:33:52.836935997 CET751523192.168.2.23250.31.39.147
          Jan 15, 2022 01:33:52.836941957 CET751523192.168.2.2399.14.121.44
          Jan 15, 2022 01:33:52.836944103 CET751523192.168.2.23201.194.131.46
          Jan 15, 2022 01:33:52.836957932 CET751523192.168.2.23168.46.89.219
          Jan 15, 2022 01:33:52.836961985 CET751523192.168.2.23108.239.13.125
          Jan 15, 2022 01:33:52.836968899 CET751523192.168.2.2395.148.239.166
          Jan 15, 2022 01:33:52.836972952 CET751523192.168.2.2377.164.142.80
          Jan 15, 2022 01:33:52.836978912 CET751523192.168.2.23211.75.76.189
          Jan 15, 2022 01:33:52.836987019 CET751523192.168.2.23195.191.33.121
          Jan 15, 2022 01:33:52.836997986 CET751523192.168.2.2353.9.112.172
          Jan 15, 2022 01:33:52.837004900 CET751523192.168.2.23113.71.33.163
          Jan 15, 2022 01:33:52.837102890 CET751523192.168.2.2362.211.106.70
          Jan 15, 2022 01:33:52.837110043 CET751523192.168.2.23139.210.137.45
          Jan 15, 2022 01:33:52.837110996 CET751523192.168.2.2380.146.86.62
          Jan 15, 2022 01:33:52.837114096 CET751523192.168.2.23182.137.89.254
          Jan 15, 2022 01:33:52.837116957 CET751523192.168.2.2366.132.137.223
          Jan 15, 2022 01:33:52.837121964 CET751523192.168.2.23118.58.241.243
          Jan 15, 2022 01:33:52.837126017 CET751523192.168.2.23136.240.106.115
          Jan 15, 2022 01:33:52.837127924 CET751523192.168.2.23189.169.15.71
          Jan 15, 2022 01:33:52.837130070 CET751523192.168.2.23106.28.212.35
          Jan 15, 2022 01:33:52.837135077 CET751523192.168.2.23221.194.97.50
          Jan 15, 2022 01:33:52.837141037 CET751523192.168.2.23164.125.165.251
          Jan 15, 2022 01:33:52.837141991 CET751523192.168.2.2363.177.218.4
          Jan 15, 2022 01:33:52.837145090 CET751523192.168.2.23219.183.78.32
          Jan 15, 2022 01:33:52.837146997 CET751523192.168.2.23135.80.22.89
          Jan 15, 2022 01:33:52.837147951 CET751523192.168.2.23166.115.161.230
          Jan 15, 2022 01:33:52.837152004 CET751523192.168.2.23219.62.111.50
          Jan 15, 2022 01:33:52.837153912 CET751523192.168.2.23191.62.180.146
          Jan 15, 2022 01:33:52.837160110 CET751523192.168.2.23106.92.43.109
          Jan 15, 2022 01:33:52.837162018 CET751523192.168.2.23244.188.189.62
          Jan 15, 2022 01:33:52.837162971 CET751523192.168.2.2360.131.168.185
          Jan 15, 2022 01:33:52.837168932 CET751523192.168.2.2384.211.223.30
          Jan 15, 2022 01:33:52.837172985 CET751523192.168.2.2320.179.254.16
          Jan 15, 2022 01:33:52.837174892 CET751523192.168.2.2331.112.52.162
          Jan 15, 2022 01:33:52.837177038 CET751523192.168.2.2360.59.73.225
          Jan 15, 2022 01:33:52.837177992 CET751523192.168.2.23107.168.196.76
          Jan 15, 2022 01:33:52.837178946 CET751523192.168.2.23243.45.128.120
          Jan 15, 2022 01:33:52.837188005 CET751523192.168.2.23168.76.105.143
          Jan 15, 2022 01:33:52.837191105 CET751523192.168.2.23159.8.41.3
          Jan 15, 2022 01:33:52.837198973 CET751523192.168.2.23171.255.47.236
          Jan 15, 2022 01:33:52.837207079 CET751523192.168.2.234.27.45.51
          Jan 15, 2022 01:33:52.837210894 CET751523192.168.2.23221.39.199.207
          Jan 15, 2022 01:33:52.837213039 CET751523192.168.2.23146.2.39.70
          Jan 15, 2022 01:33:52.837223053 CET751523192.168.2.23174.186.88.119
          Jan 15, 2022 01:33:52.837224960 CET751523192.168.2.23101.24.222.133
          Jan 15, 2022 01:33:52.837249041 CET751523192.168.2.23243.183.239.154
          Jan 15, 2022 01:33:52.837261915 CET751523192.168.2.23155.146.42.216
          Jan 15, 2022 01:33:52.837340117 CET751523192.168.2.23107.14.86.33
          Jan 15, 2022 01:33:52.837341070 CET751523192.168.2.2357.88.162.124
          Jan 15, 2022 01:33:52.837342024 CET751523192.168.2.2396.154.165.157
          Jan 15, 2022 01:33:52.837343931 CET751523192.168.2.23248.211.89.118
          Jan 15, 2022 01:33:52.837344885 CET751523192.168.2.23198.55.102.11
          Jan 15, 2022 01:33:52.837347031 CET751523192.168.2.23205.238.226.176
          Jan 15, 2022 01:33:52.837351084 CET751523192.168.2.23106.165.96.10
          Jan 15, 2022 01:33:52.837361097 CET751523192.168.2.23130.186.33.165
          Jan 15, 2022 01:33:52.837362051 CET751523192.168.2.23148.1.211.32
          Jan 15, 2022 01:33:52.837368011 CET751523192.168.2.23183.69.175.128
          Jan 15, 2022 01:33:52.837367058 CET751523192.168.2.2346.69.86.87
          Jan 15, 2022 01:33:52.837373972 CET751523192.168.2.2331.71.146.23
          Jan 15, 2022 01:33:52.837378025 CET751523192.168.2.23118.130.103.168
          Jan 15, 2022 01:33:52.837379932 CET751523192.168.2.23203.31.95.17
          Jan 15, 2022 01:33:52.837383032 CET751523192.168.2.238.157.251.125
          Jan 15, 2022 01:33:52.837387085 CET751523192.168.2.2343.68.127.3
          Jan 15, 2022 01:33:52.837392092 CET751523192.168.2.2324.156.164.235
          Jan 15, 2022 01:33:52.837395906 CET751523192.168.2.23168.126.91.174
          Jan 15, 2022 01:33:52.837399006 CET751523192.168.2.23167.148.110.241
          Jan 15, 2022 01:33:52.837400913 CET751523192.168.2.23166.18.205.98
          Jan 15, 2022 01:33:52.837404013 CET751523192.168.2.2380.218.86.146
          Jan 15, 2022 01:33:52.837407112 CET751523192.168.2.23210.35.162.32
          Jan 15, 2022 01:33:52.837409973 CET751523192.168.2.23203.132.59.92
          Jan 15, 2022 01:33:52.837410927 CET751523192.168.2.23124.33.138.100
          Jan 15, 2022 01:33:52.837419987 CET751523192.168.2.23241.253.40.89
          Jan 15, 2022 01:33:52.837423086 CET751523192.168.2.2365.194.114.145
          Jan 15, 2022 01:33:52.837434053 CET751523192.168.2.2392.190.8.246
          Jan 15, 2022 01:33:52.837435007 CET751523192.168.2.23180.40.92.168
          Jan 15, 2022 01:33:52.837441921 CET751523192.168.2.23241.83.222.63
          Jan 15, 2022 01:33:52.837456942 CET751523192.168.2.2353.180.163.95
          Jan 15, 2022 01:33:52.837476015 CET751523192.168.2.23189.75.184.133
          Jan 15, 2022 01:33:52.837522030 CET751523192.168.2.2341.184.13.126
          Jan 15, 2022 01:33:52.837529898 CET751523192.168.2.2344.167.87.245
          Jan 15, 2022 01:33:52.837533951 CET751523192.168.2.23138.223.83.83
          Jan 15, 2022 01:33:52.837534904 CET751523192.168.2.2385.233.133.218
          Jan 15, 2022 01:33:52.837534904 CET751523192.168.2.23156.230.197.197
          Jan 15, 2022 01:33:52.837553024 CET751523192.168.2.23153.155.202.86
          Jan 15, 2022 01:33:52.837554932 CET751523192.168.2.2372.63.169.140
          Jan 15, 2022 01:33:52.837557077 CET751523192.168.2.2385.54.166.89
          Jan 15, 2022 01:33:52.837557077 CET751523192.168.2.2369.249.121.183
          Jan 15, 2022 01:33:52.837558985 CET751523192.168.2.2380.33.31.129
          Jan 15, 2022 01:33:52.837565899 CET751523192.168.2.23181.185.48.33
          Jan 15, 2022 01:33:52.837568045 CET751523192.168.2.23209.69.118.78
          Jan 15, 2022 01:33:52.837569952 CET751523192.168.2.23181.15.88.112
          Jan 15, 2022 01:33:52.837575912 CET751523192.168.2.23172.155.135.234
          Jan 15, 2022 01:33:52.837578058 CET751523192.168.2.235.134.136.162
          Jan 15, 2022 01:33:52.837582111 CET751523192.168.2.23155.50.53.146
          Jan 15, 2022 01:33:52.837584019 CET751523192.168.2.23185.116.128.136
          Jan 15, 2022 01:33:52.837589979 CET751523192.168.2.2332.239.106.29
          Jan 15, 2022 01:33:52.837593079 CET751523192.168.2.2385.227.160.230
          Jan 15, 2022 01:33:52.837599993 CET751523192.168.2.23255.33.185.118
          Jan 15, 2022 01:33:52.837605000 CET751523192.168.2.23218.164.160.183
          Jan 15, 2022 01:33:52.837606907 CET751523192.168.2.2359.39.95.235
          Jan 15, 2022 01:33:52.837608099 CET751523192.168.2.2363.107.70.254
          Jan 15, 2022 01:33:52.837615013 CET751523192.168.2.23206.42.57.154
          Jan 15, 2022 01:33:52.837620974 CET751523192.168.2.2335.13.254.31
          Jan 15, 2022 01:33:52.837621927 CET751523192.168.2.2346.144.153.136
          Jan 15, 2022 01:33:52.837630033 CET751523192.168.2.2388.181.220.76
          Jan 15, 2022 01:33:52.837630033 CET751523192.168.2.2366.71.118.217
          Jan 15, 2022 01:33:52.837642908 CET751523192.168.2.23145.217.143.103
          Jan 15, 2022 01:33:52.837646961 CET751523192.168.2.23107.36.221.209
          Jan 15, 2022 01:33:52.837650061 CET751523192.168.2.23151.102.217.28
          Jan 15, 2022 01:33:52.837656021 CET751523192.168.2.23195.203.226.16
          Jan 15, 2022 01:33:52.837677002 CET751523192.168.2.2378.134.180.191
          Jan 15, 2022 01:33:52.837687969 CET751523192.168.2.23125.91.111.236
          Jan 15, 2022 01:33:52.837805986 CET751523192.168.2.23112.239.253.53
          Jan 15, 2022 01:33:52.837806940 CET751523192.168.2.23122.201.193.57
          Jan 15, 2022 01:33:52.837814093 CET751523192.168.2.2365.111.61.193
          Jan 15, 2022 01:33:52.837817907 CET751523192.168.2.23212.122.62.49
          Jan 15, 2022 01:33:52.837820053 CET751523192.168.2.23249.77.5.243
          Jan 15, 2022 01:33:52.837821960 CET751523192.168.2.2398.108.92.63
          Jan 15, 2022 01:33:52.837822914 CET751523192.168.2.23117.213.88.232
          Jan 15, 2022 01:33:52.837831020 CET751523192.168.2.23150.0.227.62
          Jan 15, 2022 01:33:52.837832928 CET751523192.168.2.23147.162.150.207
          Jan 15, 2022 01:33:52.837838888 CET751523192.168.2.2331.140.68.163
          Jan 15, 2022 01:33:52.837842941 CET751523192.168.2.23204.175.32.2
          Jan 15, 2022 01:33:52.837846041 CET751523192.168.2.2327.193.199.206
          Jan 15, 2022 01:33:52.837865114 CET751523192.168.2.2357.189.214.237
          Jan 15, 2022 01:33:52.837869883 CET751523192.168.2.2371.165.124.10
          Jan 15, 2022 01:33:52.837877035 CET751523192.168.2.2344.99.32.127
          Jan 15, 2022 01:33:52.837879896 CET751523192.168.2.23253.188.212.139
          Jan 15, 2022 01:33:52.837882042 CET751523192.168.2.23190.7.241.190
          Jan 15, 2022 01:33:52.837893963 CET751523192.168.2.23161.130.171.151
          Jan 15, 2022 01:33:52.837899923 CET751523192.168.2.238.84.204.91
          Jan 15, 2022 01:33:52.837902069 CET751523192.168.2.23150.28.191.224
          Jan 15, 2022 01:33:52.837908030 CET751523192.168.2.2386.241.213.133
          Jan 15, 2022 01:33:52.837908983 CET751523192.168.2.23172.137.7.103
          Jan 15, 2022 01:33:52.837918043 CET751523192.168.2.23103.229.184.75
          Jan 15, 2022 01:33:52.837920904 CET751523192.168.2.23222.62.202.146
          Jan 15, 2022 01:33:52.837922096 CET751523192.168.2.2320.115.200.26
          Jan 15, 2022 01:33:52.837924957 CET751523192.168.2.23223.157.159.5
          Jan 15, 2022 01:33:52.837924957 CET751523192.168.2.2377.225.8.28
          Jan 15, 2022 01:33:52.837927103 CET751523192.168.2.2370.23.161.54
          Jan 15, 2022 01:33:52.837938070 CET751523192.168.2.2332.137.86.115
          Jan 15, 2022 01:33:52.837951899 CET751523192.168.2.23102.161.179.203
          Jan 15, 2022 01:33:52.838068008 CET751523192.168.2.2371.147.249.14
          Jan 15, 2022 01:33:52.838071108 CET751523192.168.2.2343.22.45.198
          Jan 15, 2022 01:33:52.838073969 CET751523192.168.2.23198.250.132.209
          Jan 15, 2022 01:33:52.838074923 CET751523192.168.2.23110.114.173.4
          Jan 15, 2022 01:33:52.838077068 CET751523192.168.2.23191.237.75.70
          Jan 15, 2022 01:33:52.838082075 CET751523192.168.2.2382.64.104.110
          Jan 15, 2022 01:33:52.838083982 CET751523192.168.2.23102.46.108.232
          Jan 15, 2022 01:33:52.838083982 CET751523192.168.2.23184.135.245.61
          Jan 15, 2022 01:33:52.838089943 CET751523192.168.2.23169.14.124.62
          Jan 15, 2022 01:33:52.838089943 CET751523192.168.2.2346.21.22.89
          Jan 15, 2022 01:33:52.838099003 CET751523192.168.2.23184.125.180.225
          Jan 15, 2022 01:33:52.838103056 CET751523192.168.2.23218.38.245.241
          Jan 15, 2022 01:33:52.838115931 CET751523192.168.2.23100.158.6.96
          Jan 15, 2022 01:33:52.838293076 CET751523192.168.2.23159.108.215.8
          Jan 15, 2022 01:33:52.838296890 CET751523192.168.2.23186.8.129.102
          Jan 15, 2022 01:33:52.838301897 CET751523192.168.2.2320.220.159.103
          Jan 15, 2022 01:33:52.838301897 CET751523192.168.2.2382.10.201.212
          Jan 15, 2022 01:33:52.838304043 CET751523192.168.2.2381.235.195.240
          Jan 15, 2022 01:33:52.838305950 CET751523192.168.2.23255.125.164.189
          Jan 15, 2022 01:33:52.838310003 CET751523192.168.2.23173.98.35.80
          Jan 15, 2022 01:33:52.838315010 CET751523192.168.2.23120.154.62.188
          Jan 15, 2022 01:33:52.838320017 CET751523192.168.2