Edit tour

Windows Analysis Report
Autopoisk.exe

Overview

General Information

Sample name:	Autopoisk.exe
Analysis ID:	1417454
MD5:	e66d46d21cfd0eebfbfd8a1d5c5b66a7
SHA1:	3256594747ccde2486667a1ea617b2555fabb8d0
SHA256:	a9bda3e785367821be8aea456b52a3a722486dde3f5ab106e8b982a500850447
Infos:

Detection

Score:	5
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries keyboard layouts

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Classification

Analysis Advice

Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook

Sample may be VM or Sandbox-aware, try analysis on a native machine

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

System is w10x64

Autopoisk.exe (PID: 7600 cmdline: "C:\Users\user\Desktop\Autopoisk.exe" MD5: E66D46D21CFD0EEBFBFD8A1D5C5B66A7)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
Autopoisk.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.1616961805.0000000000401000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.Autopoisk.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Autopoisk.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: global traffic

HTTP traffic detected: GET /files/version HTTP/1.1Cache-control: no-cachePragma: no-cacheHost: upd.autopoisk.suAccept: text/html, */*Accept-Encoding: identityUser-Agent: Mozilla/3.0 (compatible; Indy Library)

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: unknown

DNS traffic detected: queries for: r3.autopoisk.vin

Source: Autopoisk.exe	String found in binary or memory: http://upd.autopoisk.su/files/Autopoisk-
Source: Autopoisk.exe	String found in binary or memory: http://upd.autopoisk.su/files/versionU
Source: Autopoisk.exe	String found in binary or memory: http://www.indyproject.org/
Source: Autopoisk.exe, 00000000.00000002.2886100080.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, Autopoisk.exe, 00000000.00000002.2886100080.0000000002E94000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://upd.autopoisk.su/files/version

Source: Autopoisk.exe

Static PE information: Number of sections : 11 > 10

Source: Autopoisk.exe, 00000000.00000000.1616961805.0000000000416000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilename vs Autopoisk.exe
Source: Autopoisk.exe, 00000000.00000000.1616961805.0000000000416000.00000020.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs Autopoisk.exe
Source: Autopoisk.exe	Binary or memory string: OriginalFilename vs Autopoisk.exe
Source: Autopoisk.exe	Binary or memory string: OriginalFileName vs Autopoisk.exe

Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Section loaded: winnsi.dll	Jump to behavior

Source: Autopoisk.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: clean5.winEXE@1/0@6/6

Source: Yara match	File source: Autopoisk.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Autopoisk.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1616961805.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\Autopoisk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Users\user\Desktop\Autopoisk.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Autopoisk.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Autopoisk.exe	String found in binary or memory: NATS-SEFI-ADD
Source: Autopoisk.exe	String found in binary or memory: NATS-DANO-ADD
Source: Autopoisk.exe	String found in binary or memory: JIS_C6229-1984-b-add
Source: Autopoisk.exe	String found in binary or memory: jp-ocr-b-add
Source: Autopoisk.exe	String found in binary or memory: JIS_C6229-1984-hand-add
Source: Autopoisk.exe	String found in binary or memory: jp-ocr-hand-add
Source: Autopoisk.exe	String found in binary or memory: ISO_6937-2-add

Source: C:\Users\user\Desktop\Autopoisk.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Autopoisk.exe

Window found: window name: TComboBox

Jump to behavior

Source: Autopoisk.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: Autopoisk.exe

Static file information: File size 13065007 > 1048576

Source: Autopoisk.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x259800
Source: Autopoisk.exe	Static PE information: Raw size of .debug is bigger than: 0x100000 < 0x98332f

Source: Autopoisk.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: Autopoisk.exe	Static PE information: section name: .didata
Source: Autopoisk.exe	Static PE information: section name: .debug

Source: C:\Users\user\Desktop\Autopoisk.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Autopoisk.exe	Window / User API: threadDelayed 507			Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Window / User API: threadDelayed 3135			Jump to behavior

Source: C:\Users\user\Desktop\Autopoisk.exe TID: 7716	Thread sleep time: -507000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe TID: 7708	Thread sleep time: -3135000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\Autopoisk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809			Jump to behavior
Source: C:\Users\user\Desktop\Autopoisk.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809			Jump to behavior

Source: C:\Users\user\Desktop\Autopoisk.exe

Last function: Thread delayed

Source: Autopoisk.exe	Binary or memory string: @Idassignednumbers@IdPORT_vmnet
Source: Autopoisk.exe	Binary or memory string: @Idassignednumbers@IdPORT_vmnet$@Idassignednumbers@IdPORT_genrad_mux
Source: Autopoisk.exe, 00000000.00000002.2885859929.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: Autopoisk.exe

Binary or memory string: @Winapi@Windows@DOF_PROGMAN

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	11 Virtualization/Sandbox Evasion	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	11 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	12 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	11 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Autopoisk.exe	0%	ReversingLabs
Autopoisk.exe	4%	Virustotal		Browse

Source	Detection	Scanner	Link
r2.autopoisk.vin	0%	Virustotal	Browse
r5.autopoisk.vin	0%	Virustotal	Browse
autopoisk.vin	0%	Virustotal	Browse
upd.autopoisk.su	0%	Virustotal	Browse
r4.autopoisk.vin	0%	Virustotal	Browse
r3.autopoisk.vin	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.indyproject.org/	0%	URL Reputation	safe
http://upd.autopoisk.su/files/version	0%	Avira URL Cloud	safe
http://upd.autopoisk.su/files/versionU	0%	Avira URL Cloud	safe
https://upd.autopoisk.su/files/version	0%	Avira URL Cloud	safe
http://upd.autopoisk.su/files/Autopoisk-	0%	Avira URL Cloud	safe
http://upd.autopoisk.su/files/version	0%	Virustotal		Browse
http://upd.autopoisk.su/files/Autopoisk-	0%	Virustotal		Browse
http://upd.autopoisk.su/files/versionU	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
r2.autopoisk.vin	38.180.38.136	true	false	0%, Virustotal, Browse	unknown
r5.autopoisk.vin	195.123.214.59	true	false	0%, Virustotal, Browse	unknown
autopoisk.vin	62.152.58.190	true	false	0%, Virustotal, Browse	unknown
upd.autopoisk.su	82.97.242.231	true	false	0%, Virustotal, Browse	unknown
r4.autopoisk.vin	45.84.0.32	true	false	0%, Virustotal, Browse	unknown
r3.autopoisk.vin	38.180.38.136	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://upd.autopoisk.su/files/version	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://upd.autopoisk.su/files/version	Autopoisk.exe, 00000000.00000002.2886100080.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, Autopoisk.exe, 00000000.00000002.2886100080.0000000002E94000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.indyproject.org/	Autopoisk.exe	false	URL Reputation: safe	unknown
http://upd.autopoisk.su/files/Autopoisk-	Autopoisk.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://upd.autopoisk.su/files/versionU	Autopoisk.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
8.8.8.8	unknown	United States	15169	GOOGLEUS	false
45.84.0.32	r4.autopoisk.vin	Russian Federation	200019	ALEXHOSTMD	false
62.152.58.190	autopoisk.vin	Russian Federation	3175	CITYTELECOM-MSKRU	false
38.180.38.136	r2.autopoisk.vin	United States	174	COGENT-174US	false
82.97.242.231	upd.autopoisk.su	Iran (ISLAMIC Republic Of)	58224	TCIIR	false
195.123.214.59	r5.autopoisk.vin	Bulgaria	50979	ITL-LV	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417454
Start date and time:	2024-03-29 10:31:48 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Autopoisk.exe
Detection:	CLEAN
Classification:	clean5.winEXE@1/0@6/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

Time	Type	Description
10:33:16	API Interceptor	3568x Sleep call for process: Autopoisk.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
45.84.0.32	https://upd.autopoisk.su/files/Autopoisk-1.0.0.12.zip	Get hash	malicious	Unknown	Browse
62.152.58.190	https://upd.autopoisk.su/files/Autopoisk-1.0.0.12.zip	Get hash	malicious	Unknown	Browse
38.180.38.136	https://upd.autopoisk.su/files/Autopoisk-1.0.0.12.zip	Get hash	malicious	Unknown	Browse
82.97.242.231	https://upd.autopoisk.su/files/Autopoisk-1.0.0.12.zip	Get hash	malicious	Unknown	Browse	upd.autopoisk.su/files/version
195.123.214.59	https://upd.autopoisk.su/files/Autopoisk-1.0.0.12.zip	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
r5.autopoisk.vin	https://upd.autopoisk.su/files/Autopoisk-1.0.0.12.zip	Get hash	malicious	Unknown	Browse	195.123.214.59
r2.autopoisk.vin	https://upd.autopoisk.su/files/Autopoisk-1.0.0.12.zip	Get hash	malicious	Unknown	Browse	38.180.38.136
upd.autopoisk.su	https://upd.autopoisk.su/files/Autopoisk-1.0.0.12.zip	Get hash	malicious	Unknown	Browse	82.97.242.231
autopoisk.vin	https://upd.autopoisk.su/files/Autopoisk-1.0.0.12.zip	Get hash	malicious	Unknown	Browse	38.180.38.136
r4.autopoisk.vin	https://upd.autopoisk.su/files/Autopoisk-1.0.0.12.zip	Get hash	malicious	Unknown	Browse	45.84.0.32
r3.autopoisk.vin	https://upd.autopoisk.su/files/Autopoisk-1.0.0.12.zip	Get hash	malicious	Unknown	Browse	38.180.38.136

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
COGENT-174US	NQkibO7Tgs.exe	Get hash	malicious	Unknown	Browse	38.180.94.8
	NQkibO7Tgs.exe	Get hash	malicious	Unknown	Browse	38.180.94.8
	Mcb5K3TOWT.exe	Get hash	malicious	Unknown	Browse	154.59.112.72
	arm.elf	Get hash	malicious	Mirai	Browse	38.46.59.85
	x86.elf	Get hash	malicious	Mirai	Browse	154.3.74.177
	https://depl.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	38.91.45.7
	https://attwebupdate.w3spaces.com/	Get hash	malicious	Unknown	Browse	143.244.220.80
	8lzQh5F8lt.elf	Get hash	malicious	Mirai	Browse	38.144.99.87
	http://apicachebot.com	Get hash	malicious	Unknown	Browse	154.29.75.236
ALEXHOSTMD	https://airdrop-online-altlayer-anniversary.s3.us-east-2.amazonaws.com/posten.html?cid=freetomfr@hotmail.com	Get hash	malicious	Phisher	Browse	176.123.0.55
	Mcb5K3TOWT.exe	Get hash	malicious	Unknown	Browse	176.123.3.222
	https://zoneimport.g3639.gleeze.com:8443/Bin/ScreenConnect.WindowsBackstageShell.exe	Get hash	malicious	Unknown	Browse	176.123.10.70
	https://zoneimport.g3639.gleeze.com:8443/Bin/support.Client.exe?h=zoneimport.g3639.gleeze.com&p=8041&k=BgIAAACkAABSU0ExAAgAAAEAAQC9E418YcI0GPCt6nL8JLXCrMVf52TCL6876nxAnRhTrORKZpQBP%2FOOMq8NyfwADFO5Cd84vRpMcQXSF3WH9nDCENT7s9bnfsiMfr4yv2tN2F2pLViDwga%2FKmuJQ4nHCHKP3ZiHxALI%2FiYFsUB3U7Kh29d9UfQXfO7h7RT3qvsSgosh64UPscMDajPw31sWFKkqxCX6dxsugjZn2HG3HyKdxKwdMqtEMkric02HfEdRRYE4tgBiOoxJ6Qqe%2F3Y6QGqI3ll8CZCAoPErr6Nyf%2F0mXkzkoUzaEZZ2ybUwNOgyikyAdK5HCgvcTJX%2BO4XTPvCcRTaQ8kadfT5nmEpZD7OS&s=8ca74fb1-50aa-4e0c-8369-bef89caa9168&i=Untitled%20Session&e=Support&y=Guest&r=	Get hash	malicious	ScreenConnect Tool	Browse	176.123.10.70
	qY7gbJZZEg.exe	Get hash	malicious	Socks5Systemz	Browse	45.142.214.240
	4sFJbsYtlZ.exe	Get hash	malicious	Socks5Systemz	Browse	45.142.214.240
	JkzAVzO10i.exe	Get hash	malicious	Socks5Systemz	Browse	45.142.214.240
	30BoW8L6li.exe	Get hash	malicious	Socks5Systemz	Browse	45.142.214.240
	TLjPBsFGBA.exe	Get hash	malicious	Socks5Systemz	Browse	45.142.214.240
	TsJIjW3BGG.exe	Get hash	malicious	Socks5Systemz	Browse	45.142.214.240
CITYTELECOM-MSKRU	https://upd.autopoisk.su/files/Autopoisk-1.0.0.12.zip	Get hash	malicious	Unknown	Browse	62.152.58.190
	http://flibusta.su	Get hash	malicious	Unknown	Browse	217.65.2.150
	https://faq-kak.ru/kak-najti-svoyu-biblioteku-v-steam/	Get hash	malicious	Unknown	Browse	217.65.2.150
	http://surghwk2953oc2.%D0%B0%D0%BD%D0%B0%D0%BF%D0%B0%D0%BC%D0%B0%D1%81%D1%82%D0%B5%D1%80.%D1%80%D1%84	Get hash	malicious	Unknown	Browse	217.65.2.150
	https://cs2buff.ru/	Get hash	malicious	Unknown	Browse	217.65.2.150
	http://flj.su/94xvqcl.htm	Get hash	malicious	Porn Scam	Browse	217.65.2.150
	doser.exe	Get hash	malicious	Unknown	Browse	62.152.39.7
	doser.exe	Get hash	malicious	Unknown	Browse	62.152.39.7
	https://vtome.ru/knigi/programming/590547-geometry-for-programmers-final-release.html	Get hash	malicious	Unknown	Browse	217.65.2.150
	http://reg.ru	Get hash	malicious	Unknown	Browse	217.65.2.150
TCIIR	AMP4qOxnnc.elf	Get hash	malicious	Mirai	Browse	5.232.251.194
	YWwcRHSpbw.exe	Get hash	malicious	SmokeLoader	Browse	2.180.10.7
	dj4jBpJkg6.elf	Get hash	malicious	Mirai	Browse	5.219.145.5
	i1crvbOZAP.exe	Get hash	malicious	Amadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse	37.255.238.137
	nFDpziNxlF.elf	Get hash	malicious	Mirai, Okiru	Browse	217.219.38.82
	vHpxL6E2sQ.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	151.233.51.166
	9fh0epPcJb.elf	Get hash	malicious	Mirai	Browse	151.232.224.196
	K7HXpfSHdt.elf	Get hash	malicious	Mirai, Moobot	Browse	217.219.3.190
	https://upd.autopoisk.su/files/Autopoisk-1.0.0.12.zip	Get hash	malicious	Unknown	Browse	82.97.242.231
	3o7fkhTBOv.elf	Get hash	malicious	Mirai, Moobot	Browse	5.235.236.155

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.723886204683176
TrID:	Win32 Executable (generic) a (10002005/4) 97.19% Windows ActiveX control (116523/4) 1.13% Inno Setup installer (109748/4) 1.07% Win32 EXE PECompact compressed (generic) (41571/9) 0.40% Win 9x/ME Control Panel applet (15529/13) 0.15%
File name:	Autopoisk.exe
File size:	13'065'007 bytes
MD5:	e66d46d21cfd0eebfbfd8a1d5c5b66a7
SHA1:	3256594747ccde2486667a1ea617b2555fabb8d0
SHA256:	a9bda3e785367821be8aea456b52a3a722486dde3f5ab106e8b982a500850447
SHA512:	0639c66828adf41820b56c06a12c1c6774b52ec9fc4e15055787d8bc103f2e1f02210525e502c15934e0d02e86f601304fe96fb57e93a9e21dbf2af006255c19
SSDEEP:	98304:qchUcqlvbBUYTTT3BwBitIsmTUpDpkrqRADalZLCwpokCFCxJD9LKpGHJXUA:qfcCqCXDDgiJ
TLSH:	81D62A15F3545E3AC1E8173A44AB0A60A331511E4FE3A74A12E8D9BCBC8D3A51F77B4B
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	03c4acacea7a8149

Static PE Info

General

Entrypoint:	0x65d3b0
Entrypoint Section:	.itext
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x62C69977 [Thu Jul 7 08:29:43 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	8d1c5b07035018860db0cbd18ba42413

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFF0h
mov eax, 0064F5A8h
call 00007F5E30896BF1h
mov eax, dword ptr [0067D15Ch]
mov eax, dword ptr [eax]
call 00007F5E309B8025h
mov eax, dword ptr [0067D15Ch]
mov eax, dword ptr [eax]
mov dl, 01h
call 00007F5E309B9D37h
mov ecx, dword ptr [0067D018h]
mov eax, dword ptr [0067D15Ch]
mov eax, dword ptr [eax]
mov edx, dword ptr [005FE644h]
call 00007F5E309B8017h
mov eax, dword ptr [0067D15Ch]
mov eax, dword ptr [eax]
call 00007F5E309B816Fh
call 00007F5E3089285Ah
nop
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x319000	0x3f76	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x353000	0x3fe00	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x320000	0x32340	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x393000	0x1	.debug
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x31f000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x319bb8	0x9c4	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x31d000	0x85e	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x259724	0x259800	c23fb59997100c05be505e9c3feb5e26	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0x25b000	0x2404	0x2600	fdf7cfbebefa43364936a24c67905c8f	False	0.5061677631578947	data	6.039565971823698	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x25e000	0x1f7cc	0x1f800	66235fa2544279bdea3060357663d418	False	0.371551029265873	data	5.808672520137256	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x27e000	0x9a750	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x319000	0x3f76	0x4000	56baf4a8280371e9158a1fcf4795ff1b	False	0.31280517578125	data	5.255613192749655	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didata	0x31d000	0x85e	0xa00	69577e5d382753cfbb4462191aa4a146	False	0.31484375	data	3.6649996528359354	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x31e000	0x50	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x31f000	0x18	0x200	b8a4d74014e101444b0fba328c0ac2f5	False	0.05078125	data	0.2108262677871819	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x320000	0x32340	0x32400	6564f7ba025d00af0d7ac91e8c1f41ab	False	0.552666355721393	data	6.6990552381759265	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x353000	0x3fe00	0x3fe00	36ce72253803e0ade7b1fe30565d8c5e	False	0.37018025318003916	data	5.360344782599061	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.debug	0x393000	0x98332f	0x98332f	305339cf5fad7f787c8551ee81ed6a95	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
UNICODEDATA	0x354284	0x723f	data			0.36769583205115053
UNICODEDATA	0x35b4c4	0x7ebd	data			0.42552011095700415
UNICODEDATA	0x363384	0x6a8	data			0.5985915492957746
UNICODEDATA	0x363a2c	0xaf7d	data			0.4191430161380078
UNICODEDATA	0x36e9ac	0xd3cf	data			0.4500857569666009
UNICODEDATA	0x37bd7c	0x14c5	data			0.6482979123565921
RT_CURSOR	0x37d244	0x134	data	English	United States	0.43506493506493504
RT_CURSOR	0x37d378	0x134	data	English	United States	0.4642857142857143
RT_CURSOR	0x37d4ac	0x134	data	English	United States	0.4805194805194805
RT_CURSOR	0x37d5e0	0x134	data	English	United States	0.38311688311688313
RT_CURSOR	0x37d714	0x134	data	English	United States	0.36038961038961037
RT_CURSOR	0x37d848	0x134	data	English	United States	0.4090909090909091
RT_CURSOR	0x37d97c	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	English	United States	0.4967532467532468
RT_CURSOR	0x37dab0	0x134	Targa image data 64 x 65536 x 1 +32 "\001"			0.3961038961038961
RT_CURSOR	0x37dbe4	0x134	Targa image data 64 x 65536 x 1 +32 "\001"			0.31493506493506496
RT_CURSOR	0x37dd18	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"	English	United States	0.38636363636363635
RT_ICON	0x37de4c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m	English	United States	0.6631205673758865
RT_ICON	0x37e2b4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m	English	United States	0.43949343339587243
RT_ICON	0x37f35c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m	English	United States	0.3411825726141079
RT_STRING	0x381904	0x14c	data			0.5481927710843374
RT_STRING	0x381a50	0x484	data			0.3788927335640138
RT_STRING	0x381ed4	0x31c	data			0.40954773869346733
RT_STRING	0x3821f0	0x4e4	data			0.3993610223642173
RT_STRING	0x3826d4	0x1158	data			0.1837837837837838
RT_STRING	0x38382c	0x960	data			0.3358333333333333
RT_STRING	0x38418c	0x994	data			0.3266721044045677
RT_STRING	0x384b20	0x928	data			0.26791808873720135
RT_STRING	0x385448	0x688	data			0.31758373205741625
RT_STRING	0x385ad0	0x3e4	data			0.42168674698795183
RT_STRING	0x385eb4	0x3e4	data			0.41767068273092367
RT_STRING	0x386298	0x3d8	data			0.41565040650406504
RT_STRING	0x386670	0x440	data			0.390625
RT_STRING	0x386ab0	0x358	data			0.4287383177570093
RT_STRING	0x386e08	0x394	data			0.35262008733624456
RT_STRING	0x38719c	0x264	data			0.4542483660130719
RT_STRING	0x387400	0x314	data			0.4467005076142132
RT_STRING	0x387714	0x234	data			0.35638297872340424
RT_STRING	0x387948	0x194	data			0.48267326732673266
RT_STRING	0x387adc	0x120	data			0.53125
RT_STRING	0x387bfc	0xf0	StarOffice Gallery theme r, 1761637120 objects, 1st A			0.65
RT_STRING	0x387cec	0x274	data			0.4745222929936306
RT_STRING	0x387f60	0x824	data			0.10508637236084453
RT_STRING	0x388784	0x860	data			0.14738805970149255
RT_STRING	0x388fe4	0x874	data			0.15295748613678373
RT_STRING	0x389858	0x7c0	data			0.16129032258064516
RT_STRING	0x38a018	0x990	data			0.11519607843137254
RT_STRING	0x38a9a8	0x9b4	data			0.12198067632850242
RT_STRING	0x38b35c	0x518	data			0.3282208588957055
RT_STRING	0x38b874	0x49c	data			0.36610169491525424
RT_STRING	0x38bd10	0x348	data			0.3416666666666667
RT_STRING	0x38c058	0x414	data			0.4128352490421456
RT_STRING	0x38c46c	0x1d8	data			0.5338983050847458
RT_STRING	0x38c644	0xcc	data			0.6666666666666666
RT_STRING	0x38c710	0x160	data			0.5568181818181818
RT_STRING	0x38c870	0x410	data			0.3855769230769231
RT_STRING	0x38cc80	0x3e4	data			0.38755020080321284
RT_STRING	0x38d064	0x504	data			0.3115264797507788
RT_STRING	0x38d568	0x2d0	data			0.3888888888888889
RT_STRING	0x38d838	0x420	data			0.3787878787878788
RT_STRING	0x38dc58	0x6c8	data			0.3220046082949309
RT_STRING	0x38e320	0x330	data			0.3909313725490196
RT_STRING	0x38e650	0x368	data			0.3795871559633027
RT_STRING	0x38e9b8	0x3c8	data			0.3956611570247934
RT_STRING	0x38ed80	0x268	data			0.40584415584415584
RT_STRING	0x38efe8	0xb8	data			0.6467391304347826
RT_STRING	0x38f0a0	0x9c	data			0.6410256410256411
RT_STRING	0x38f13c	0x350	data			0.42806603773584906
RT_STRING	0x38f48c	0x474	data			0.29385964912280704
RT_STRING	0x38f900	0x36c	data			0.4018264840182648
RT_STRING	0x38fc6c	0x2c4	data			0.4392655367231638
RT_RCDATA	0x38ff30	0x10	data			1.5
RT_RCDATA	0x38ff40	0xfc8	data			0.5024752475247525
RT_RCDATA	0x390f08	0x2	data	English	United States	5.0
RT_RCDATA	0x390f0c	0x16a8	Delphi compiled form 'TArcForm'			0.4110344827586207
RT_GROUP_CURSOR	0x3925b4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.25
RT_GROUP_CURSOR	0x3925c8	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x3925dc	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x3925f0	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x392604	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.25
RT_GROUP_CURSOR	0x392618	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x39262c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x392640	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x392654	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x392668	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_ICON	0x39267c	0x30	data	English	United States	0.8125
RT_VERSION	0x3926ac	0x2e8	data	English	United States	0.43010752688172044
RT_MANIFEST	0x392994	0x2ca	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5028011204481793

Imports

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey
user32.dll	MessageBoxA, CharNextW, LoadStringW
kernel32.dll	Sleep, VirtualFree, VirtualAlloc, lstrlenW, lstrcpynW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, WriteFile, GetStdHandle, CloseHandle
kernel32.dll	GetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary
user32.dll	SetClassLongW, GetClassLongW, SetWindowLongW, GetWindowLongW, CreateWindowExW, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetCapture, SetActiveWindow, SendNotifyMessageW, SendMessageA, SendMessageW, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PtInRect, PostThreadMessageW, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, OffsetRect, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxExW, MessageBoxA, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsDialogMessageW, IsChild, InvalidateRect, IntersectRect, InsertMenuItemW, InsertMenuW, InflateRect, HideCaret, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetScrollBarInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EndMenu, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, CreateAcceleratorTableW, CopyImage, CopyIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, AttachThreadInput, CharLowerBuffA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout
msimg32.dll	TransparentBlt, GradientFill, AlphaBlend
gdi32.dll	UnrealizeObject, StretchDIBits, StretchBlt, StartPage, StartDocW, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetViewportOrgEx, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetTextColor, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetCurrentObject, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExtCreateRegion, ExcludeClipRect, EnumFontsW, EnumFontFamiliesExW, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRoundRectRgn, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateICW, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, CombineRgn, Chord, BitBlt, ArcTo, Arc, AngleArc, AbortDoc
version.dll	VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
kernel32.dll	WriteFile, WideCharToMultiByte, WaitForSingleObjectEx, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualFree, VirtualAlloc, UnmapViewOfFile, TryEnterCriticalSection, SwitchToThread, SuspendThread, Sleep, SizeofResource, SignalObjectAndWait, SetThreadPriority, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, SetCurrentDirectoryW, ResumeThread, ResetEvent, RemoveDirectoryW, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, PulseEvent, IsDebuggerPresent, OpenFileMappingW, OpenEventW, MulDiv, MapViewOfFileEx, MapViewOfFile, LockResource, LocalFree, LoadResource, LoadLibraryW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, GlobalUnlock, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetVersionExW, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadPriority, GetThreadLocale, GetTempPathW, GetSystemInfo, GetStringTypeExA, GetStringTypeExW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeThread, GetEnvironmentVariableW, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameW, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchangeAdd, InterlockedExchange, InterlockedDecrement, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FlushViewOfFile, FindResourceW, FindFirstFileW, FindClose, ExitProcess, EnumSystemLocalesW, EnumResourceNamesW, EnumCalendarInfoW, EnterCriticalSection, DeleteFileW, DeleteCriticalSection, CreateThread, CreateProcessW, CreateFileMappingW, CreateFileW, CreateEventW, CreateDirectoryW, CompareStringA, CompareStringW, CloseHandle
advapi32.dll	SetSecurityDescriptorSacl, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, RegUnLoadKeyW, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegReplaceKeyW, RegQueryValueExA, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExA, RegOpenKeyExW, RegLoadKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegConnectRegistryW, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupAccountSidW, IsValidSid, InitializeSecurityDescriptor, InitializeAcl, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority, GetSidIdentifierAuthority, GetLengthSid, FreeSid, AllocateAndInitializeSid, AddAccessAllowedAce
SHFolder.dll	SHGetFolderPathA
kernel32.dll	Sleep
oleaut32.dll	GetErrorInfo, SysFreeString
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID
oleaut32.dll	SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
comctl32.dll	InitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
user32.dll	EnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow
msvcrt.dll	isxdigit, isupper, isspace, ispunct, isprint, islower, isgraph, isdigit, iscntrl, isalpha, isalnum, toupper, tolower, strchr, strlen, strncmp, memset, memmove, memcpy, memcmp
shell32.dll	SHGetFileInfoW, ShellExecuteW, Shell_NotifyIconW
winspool.drv	OpenPrinterW, EnumPrintersW, DocumentPropertiesW, ClosePrinter
winspool.drv	GetDefaultPrinterW
crypt32.dll	CryptProtectData
kernel32.dll	GetVersionExW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 10:32:38.745367050 CET	49730	80	192.168.2.4	82.97.242.231
Mar 29, 2024 10:32:38.972317934 CET	80	49730	82.97.242.231	192.168.2.4
Mar 29, 2024 10:32:38.972510099 CET	49730	80	192.168.2.4	82.97.242.231
Mar 29, 2024 10:32:38.972673893 CET	49730	80	192.168.2.4	82.97.242.231
Mar 29, 2024 10:32:39.202013969 CET	80	49730	82.97.242.231	192.168.2.4
Mar 29, 2024 10:32:39.202059984 CET	80	49730	82.97.242.231	192.168.2.4
Mar 29, 2024 10:32:39.203591108 CET	49730	80	192.168.2.4	82.97.242.231
Mar 29, 2024 10:32:39.430531979 CET	80	49730	82.97.242.231	192.168.2.4
Mar 29, 2024 10:32:39.430639029 CET	49730	80	192.168.2.4	82.97.242.231

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 29, 2024 10:32:36.429271936 CET	64098	53	192.168.2.4	1.1.1.1
Mar 29, 2024 10:32:36.429315090 CET	59506	53	192.168.2.4	1.1.1.1
Mar 29, 2024 10:32:36.429507017 CET	63297	53	192.168.2.4	1.1.1.1
Mar 29, 2024 10:32:36.429548979 CET	56420	53	192.168.2.4	1.1.1.1
Mar 29, 2024 10:32:36.429658890 CET	53574	53	192.168.2.4	1.1.1.1
Mar 29, 2024 10:32:36.590548038 CET	53	53574	1.1.1.1	192.168.2.4
Mar 29, 2024 10:32:36.711633921 CET	53	56420	1.1.1.1	192.168.2.4
Mar 29, 2024 10:32:36.762902021 CET	53	64098	1.1.1.1	192.168.2.4
Mar 29, 2024 10:32:36.808434010 CET	53	63297	1.1.1.1	192.168.2.4
Mar 29, 2024 10:32:36.930591106 CET	53	59506	1.1.1.1	192.168.2.4
Mar 29, 2024 10:32:37.789340973 CET	55032	53	192.168.2.4	1.1.1.1
Mar 29, 2024 10:32:38.744321108 CET	53	55032	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 29, 2024 10:32:36.597978115 CET	192.168.2.4	195.123.214.59	3df9		Echo
Mar 29, 2024 10:32:36.712676048 CET	192.168.2.4	45.84.0.32	3df8		Echo
Mar 29, 2024 10:32:36.780733109 CET	192.168.2.4	38.180.38.136	3df7		Echo
Mar 29, 2024 10:32:36.783495903 CET	192.168.2.4	195.123.214.59	3df6		Echo
Mar 29, 2024 10:32:36.783962011 CET	192.168.2.4	45.84.0.32	3df5		Echo
Mar 29, 2024 10:32:36.809159994 CET	192.168.2.4	38.180.38.136	3df4		Echo
Mar 29, 2024 10:32:36.811460972 CET	195.123.214.59	192.168.2.4	45f9		Echo Reply
Mar 29, 2024 10:32:36.811517954 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:32:36.930474043 CET	45.84.0.32	192.168.2.4	45f8		Echo Reply
Mar 29, 2024 10:32:36.930676937 CET	192.168.2.4	45.84.0.32	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:32:36.931169033 CET	192.168.2.4	62.152.58.190	3df3		Echo
Mar 29, 2024 10:32:36.996928930 CET	195.123.214.59	192.168.2.4	45f6		Echo Reply
Mar 29, 2024 10:32:37.001614094 CET	45.84.0.32	192.168.2.4	45f5		Echo Reply
Mar 29, 2024 10:32:37.056674957 CET	38.180.38.136	192.168.2.4	45f7		Echo Reply
Mar 29, 2024 10:32:37.084261894 CET	38.180.38.136	192.168.2.4	45f4		Echo Reply
Mar 29, 2024 10:32:37.148076057 CET	62.152.58.190	192.168.2.4	45f3		Echo Reply
Mar 29, 2024 10:32:37.266988993 CET	192.168.2.4	38.180.38.136	3df2		Echo
Mar 29, 2024 10:32:37.299081087 CET	192.168.2.4	38.180.38.136	3df1		Echo
Mar 29, 2024 10:32:37.360281944 CET	192.168.2.4	62.152.58.190	3df0		Echo
Mar 29, 2024 10:32:37.542248964 CET	38.180.38.136	192.168.2.4	45f2		Echo Reply
Mar 29, 2024 10:32:37.574979067 CET	38.180.38.136	192.168.2.4	45f1		Echo Reply
Mar 29, 2024 10:32:37.577325106 CET	62.152.58.190	192.168.2.4	45f0		Echo Reply
Mar 29, 2024 10:32:37.789628983 CET	192.168.2.4	195.123.214.59	3def		Echo
Mar 29, 2024 10:32:37.790502071 CET	192.168.2.4	195.123.214.59	3dee		Echo
Mar 29, 2024 10:32:37.791196108 CET	192.168.2.4	195.123.214.59	3ded		Echo
Mar 29, 2024 10:32:37.791521072 CET	192.168.2.4	8.8.8.8	3dec		Echo
Mar 29, 2024 10:32:37.885035038 CET	192.168.2.4	195.123.214.59	3deb		Echo
Mar 29, 2024 10:32:37.894212961 CET	8.8.8.8	192.168.2.4	45ec		Echo Reply
Mar 29, 2024 10:32:37.983774900 CET	192.168.2.4	195.123.214.59	3dea		Echo
Mar 29, 2024 10:32:38.008754969 CET	195.123.214.59	192.168.2.4	45ed		Echo Reply
Mar 29, 2024 10:32:38.084419966 CET	192.168.2.4	195.123.214.59	3de9		Echo
Mar 29, 2024 10:32:38.261352062 CET	192.168.2.4	195.123.214.59	3de8		Echo
Mar 29, 2024 10:32:38.443247080 CET	192.168.2.4	195.123.214.59	3de7		Echo
Mar 29, 2024 10:32:38.629591942 CET	192.168.2.4	195.123.214.59	3de6		Echo
Mar 29, 2024 10:32:38.842406034 CET	192.168.2.4	195.123.214.59	3de5		Echo
Mar 29, 2024 10:32:38.906507015 CET	192.168.2.4	8.8.8.8	3de4		Echo
Mar 29, 2024 10:32:39.009206057 CET	8.8.8.8	192.168.2.4	45e4		Echo Reply
Mar 29, 2024 10:32:39.016762018 CET	192.168.2.4	195.123.214.59	3de3		Echo
Mar 29, 2024 10:32:39.054966927 CET	192.168.2.4	195.123.214.59	3de2		Echo
Mar 29, 2024 10:32:39.230194092 CET	195.123.214.59	192.168.2.4	45e3		Echo Reply
Mar 29, 2024 10:32:39.267499924 CET	192.168.2.4	195.123.214.59	3de1		Echo
Mar 29, 2024 10:32:39.483352900 CET	192.168.2.4	195.123.214.59	3de0		Echo
Mar 29, 2024 10:32:40.016129017 CET	192.168.2.4	8.8.8.8	3ddf		Echo
Mar 29, 2024 10:32:40.118767023 CET	8.8.8.8	192.168.2.4	45df		Echo Reply
Mar 29, 2024 10:32:40.235075951 CET	192.168.2.4	195.123.214.59	3dde		Echo
Mar 29, 2024 10:32:40.266386986 CET	192.168.2.4	195.123.214.59	3ddd		Echo
Mar 29, 2024 10:32:40.448599100 CET	195.123.214.59	192.168.2.4	45de		Echo Reply
Mar 29, 2024 10:32:40.448718071 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:32:40.480021954 CET	195.123.214.59	192.168.2.4	45dd		Echo Reply
Mar 29, 2024 10:32:41.125669956 CET	192.168.2.4	8.8.8.8	3ddc		Echo
Mar 29, 2024 10:32:41.228342056 CET	8.8.8.8	192.168.2.4	45dc		Echo Reply
Mar 29, 2024 10:32:41.485534906 CET	192.168.2.4	195.123.214.59	3ddb		Echo
Mar 29, 2024 10:32:41.699101925 CET	195.123.214.59	192.168.2.4	45db		Echo Reply
Mar 29, 2024 10:32:42.234673977 CET	192.168.2.4	8.8.8.8	3dda		Echo
Mar 29, 2024 10:32:42.337493896 CET	8.8.8.8	192.168.2.4	45da		Echo Reply
Mar 29, 2024 10:32:42.337574959 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:32:42.706126928 CET	192.168.2.4	8.8.8.8	3dd9		Echo
Mar 29, 2024 10:32:42.706446886 CET	192.168.2.4	195.123.214.59	3dd8		Echo
Mar 29, 2024 10:32:42.766027927 CET	192.168.2.4	8.8.8.8	3dd7		Echo
Mar 29, 2024 10:32:42.766525030 CET	192.168.2.4	195.123.214.59	3dd6		Echo
Mar 29, 2024 10:32:42.808900118 CET	8.8.8.8	192.168.2.4	45d9		Echo Reply
Mar 29, 2024 10:32:42.868726015 CET	8.8.8.8	192.168.2.4	45d7		Echo Reply
Mar 29, 2024 10:32:42.919933081 CET	195.123.214.59	192.168.2.4	45d8		Echo Reply
Mar 29, 2024 10:32:42.920111895 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:32:42.980109930 CET	195.123.214.59	192.168.2.4	45d6		Echo Reply
Mar 29, 2024 10:32:43.875518084 CET	192.168.2.4	8.8.8.8	3dd5		Echo
Mar 29, 2024 10:32:43.978313923 CET	8.8.8.8	192.168.2.4	45d5		Echo Reply
Mar 29, 2024 10:32:43.985124111 CET	192.168.2.4	195.123.214.59	3dd4		Echo
Mar 29, 2024 10:32:44.198637962 CET	195.123.214.59	192.168.2.4	45d4		Echo Reply
Mar 29, 2024 10:32:44.269155025 CET	192.168.2.4	195.123.214.59	3dd3		Echo
Mar 29, 2024 10:32:44.484884024 CET	192.168.2.4	195.123.214.59	3dd2		Echo
Mar 29, 2024 10:32:44.698132038 CET	195.123.214.59	192.168.2.4	45d2		Echo Reply
Mar 29, 2024 10:32:44.988518000 CET	192.168.2.4	8.8.8.8	3dd1		Echo
Mar 29, 2024 10:32:45.090975046 CET	8.8.8.8	192.168.2.4	45d1		Echo Reply
Mar 29, 2024 10:32:45.204977036 CET	192.168.2.4	195.123.214.59	3dd0		Echo
Mar 29, 2024 10:32:45.267254114 CET	192.168.2.4	195.123.214.59	3dcf		Echo
Mar 29, 2024 10:32:45.418313980 CET	195.123.214.59	192.168.2.4	45d0		Echo Reply
Mar 29, 2024 10:32:45.418442965 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:32:45.490921974 CET	195.123.214.59	192.168.2.4	45cf		Echo Reply
Mar 29, 2024 10:32:46.094882965 CET	192.168.2.4	8.8.8.8	3dce		Echo
Mar 29, 2024 10:32:46.197594881 CET	8.8.8.8	192.168.2.4	45ce		Echo Reply
Mar 29, 2024 10:32:47.206417084 CET	192.168.2.4	8.8.8.8	3dcd		Echo
Mar 29, 2024 10:32:47.206418037 CET	192.168.2.4	195.123.214.59	3dcc		Echo
Mar 29, 2024 10:32:47.266134024 CET	192.168.2.4	8.8.8.8	3dcb		Echo
Mar 29, 2024 10:32:47.266570091 CET	192.168.2.4	195.123.214.59	3dca		Echo
Mar 29, 2024 10:32:47.309181929 CET	8.8.8.8	192.168.2.4	45cd		Echo Reply
Mar 29, 2024 10:32:47.309293985 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:32:47.368904114 CET	8.8.8.8	192.168.2.4	45cb		Echo Reply
Mar 29, 2024 10:32:47.421164036 CET	195.123.214.59	192.168.2.4	45cc		Echo Reply
Mar 29, 2024 10:32:47.421255112 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:32:47.479871988 CET	195.123.214.59	192.168.2.4	45ca		Echo Reply
Mar 29, 2024 10:32:48.375854969 CET	192.168.2.4	8.8.8.8	3dc9		Echo
Mar 29, 2024 10:32:48.478698015 CET	8.8.8.8	192.168.2.4	45c9		Echo Reply
Mar 29, 2024 10:32:48.501127958 CET	192.168.2.4	195.123.214.59	3dc8		Echo
Mar 29, 2024 10:32:48.725307941 CET	195.123.214.59	192.168.2.4	45c8		Echo Reply
Mar 29, 2024 10:32:49.488126040 CET	192.168.2.4	8.8.8.8	3dc7		Echo
Mar 29, 2024 10:32:49.590878963 CET	8.8.8.8	192.168.2.4	45c7		Echo Reply
Mar 29, 2024 10:32:49.735342026 CET	192.168.2.4	195.123.214.59	3dc6		Echo
Mar 29, 2024 10:32:49.769901037 CET	192.168.2.4	195.123.214.59	3dc5		Echo
Mar 29, 2024 10:32:49.948750019 CET	195.123.214.59	192.168.2.4	45c6		Echo Reply
Mar 29, 2024 10:32:49.953310966 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:32:49.983458042 CET	195.123.214.59	192.168.2.4	45c5		Echo Reply
Mar 29, 2024 10:32:51.329062939 CET	192.168.2.4	8.8.8.8	3dc4		Echo
Mar 29, 2024 10:32:51.431799889 CET	8.8.8.8	192.168.2.4	45c4		Echo Reply
Mar 29, 2024 10:32:52.441410065 CET	192.168.2.4	195.123.214.59	3dc3		Echo
Mar 29, 2024 10:32:52.442449093 CET	192.168.2.4	8.8.8.8	3dc2		Echo
Mar 29, 2024 10:32:52.545433044 CET	8.8.8.8	192.168.2.4	45c2		Echo Reply
Mar 29, 2024 10:32:52.655811071 CET	195.123.214.59	192.168.2.4	45c3		Echo Reply
Mar 29, 2024 10:32:53.594183922 CET	192.168.2.4	8.8.8.8	3dc1		Echo
Mar 29, 2024 10:32:53.672591925 CET	192.168.2.4	195.123.214.59	3dc0		Echo
Mar 29, 2024 10:32:53.696695089 CET	8.8.8.8	192.168.2.4	45c1		Echo Reply
Mar 29, 2024 10:32:53.768054008 CET	192.168.2.4	195.123.214.59	3dbf		Echo
Mar 29, 2024 10:32:53.886019945 CET	195.123.214.59	192.168.2.4	45c0		Echo Reply
Mar 29, 2024 10:32:53.889338017 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:32:53.981533051 CET	195.123.214.59	192.168.2.4	45bf		Echo Reply
Mar 29, 2024 10:32:54.703551054 CET	192.168.2.4	8.8.8.8	3dbe		Echo
Mar 29, 2024 10:32:54.766232967 CET	192.168.2.4	8.8.8.8	3dbd		Echo
Mar 29, 2024 10:32:54.806269884 CET	8.8.8.8	192.168.2.4	45be		Echo Reply
Mar 29, 2024 10:32:54.806400061 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:32:54.869044065 CET	8.8.8.8	192.168.2.4	45bd		Echo Reply
Mar 29, 2024 10:32:54.988539934 CET	192.168.2.4	195.123.214.59	3dbc		Echo
Mar 29, 2024 10:32:55.202075005 CET	195.123.214.59	192.168.2.4	45bc		Echo Reply
Mar 29, 2024 10:32:55.875693083 CET	192.168.2.4	8.8.8.8	3dbb		Echo
Mar 29, 2024 10:32:55.978399992 CET	8.8.8.8	192.168.2.4	45bb		Echo Reply
Mar 29, 2024 10:32:56.204246044 CET	192.168.2.4	195.123.214.59	3dba		Echo
Mar 29, 2024 10:32:56.417728901 CET	195.123.214.59	192.168.2.4	45ba		Echo Reply
Mar 29, 2024 10:32:56.419703007 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:32:56.987859964 CET	192.168.2.4	8.8.8.8	3db9		Echo
Mar 29, 2024 10:32:56.987864017 CET	192.168.2.4	195.123.214.59	3db8		Echo
Mar 29, 2024 10:32:57.090620995 CET	8.8.8.8	192.168.2.4	45b9		Echo Reply
Mar 29, 2024 10:32:57.201318979 CET	195.123.214.59	192.168.2.4	45b8		Echo Reply
Mar 29, 2024 10:32:58.110797882 CET	192.168.2.4	8.8.8.8	3db7		Echo
Mar 29, 2024 10:32:58.204024076 CET	192.168.2.4	195.123.214.59	3db6		Echo
Mar 29, 2024 10:32:58.213716030 CET	8.8.8.8	192.168.2.4	45b7		Echo Reply
Mar 29, 2024 10:32:58.267079115 CET	192.168.2.4	195.123.214.59	3db5		Echo
Mar 29, 2024 10:32:58.417732954 CET	195.123.214.59	192.168.2.4	45b6		Echo Reply
Mar 29, 2024 10:32:58.418028116 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:32:58.480812073 CET	195.123.214.59	192.168.2.4	45b5		Echo Reply
Mar 29, 2024 10:32:59.219199896 CET	192.168.2.4	8.8.8.8	3db4		Echo
Mar 29, 2024 10:32:59.266359091 CET	192.168.2.4	8.8.8.8	3db3		Echo
Mar 29, 2024 10:32:59.322274923 CET	8.8.8.8	192.168.2.4	45b4		Echo Reply
Mar 29, 2024 10:32:59.323322058 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:32:59.369023085 CET	8.8.8.8	192.168.2.4	45b3		Echo Reply
Mar 29, 2024 10:32:59.513741016 CET	192.168.2.4	195.123.214.59	3db2		Echo
Mar 29, 2024 10:32:59.728135109 CET	195.123.214.59	192.168.2.4	45b2		Echo Reply
Mar 29, 2024 10:33:00.375901937 CET	192.168.2.4	8.8.8.8	3db1		Echo
Mar 29, 2024 10:33:00.478535891 CET	8.8.8.8	192.168.2.4	45b1		Echo Reply
Mar 29, 2024 10:33:00.735542059 CET	192.168.2.4	195.123.214.59	3db0		Echo
Mar 29, 2024 10:33:00.948957920 CET	195.123.214.59	192.168.2.4	45b0		Echo Reply
Mar 29, 2024 10:33:00.949069023 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:01.487643957 CET	192.168.2.4	8.8.8.8	3daf		Echo
Mar 29, 2024 10:33:01.487781048 CET	192.168.2.4	195.123.214.59	3dae		Echo
Mar 29, 2024 10:33:01.590341091 CET	8.8.8.8	192.168.2.4	45af		Echo Reply
Mar 29, 2024 10:33:01.719167948 CET	195.123.214.59	192.168.2.4	45ae		Echo Reply
Mar 29, 2024 10:33:02.594708920 CET	192.168.2.4	8.8.8.8	3dad		Echo
Mar 29, 2024 10:33:02.697419882 CET	8.8.8.8	192.168.2.4	45ad		Echo Reply
Mar 29, 2024 10:33:02.735634089 CET	192.168.2.4	195.123.214.59	3dac		Echo
Mar 29, 2024 10:33:02.766859055 CET	192.168.2.4	195.123.214.59	3dab		Echo
Mar 29, 2024 10:33:02.949023008 CET	195.123.214.59	192.168.2.4	45ac		Echo Reply
Mar 29, 2024 10:33:02.949161053 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:02.980297089 CET	195.123.214.59	192.168.2.4	45ab		Echo Reply
Mar 29, 2024 10:33:03.704133987 CET	192.168.2.4	8.8.8.8	3daa		Echo
Mar 29, 2024 10:33:03.766360998 CET	192.168.2.4	8.8.8.8	3da9		Echo
Mar 29, 2024 10:33:03.808965921 CET	8.8.8.8	192.168.2.4	45aa		Echo Reply
Mar 29, 2024 10:33:03.811342955 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:03.869132042 CET	8.8.8.8	192.168.2.4	45a9		Echo Reply
Mar 29, 2024 10:33:03.985344887 CET	192.168.2.4	195.123.214.59	3da8		Echo
Mar 29, 2024 10:33:04.198679924 CET	195.123.214.59	192.168.2.4	45a8		Echo Reply
Mar 29, 2024 10:33:04.875771999 CET	192.168.2.4	8.8.8.8	3da7		Echo
Mar 29, 2024 10:33:04.979069948 CET	8.8.8.8	192.168.2.4	45a7		Echo Reply
Mar 29, 2024 10:33:05.204668999 CET	192.168.2.4	195.123.214.59	3da6		Echo
Mar 29, 2024 10:33:05.418356895 CET	195.123.214.59	192.168.2.4	45a6		Echo Reply
Mar 29, 2024 10:33:05.418469906 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:05.987747908 CET	192.168.2.4	195.123.214.59	3da5		Echo
Mar 29, 2024 10:33:05.988847017 CET	192.168.2.4	8.8.8.8	3da4		Echo
Mar 29, 2024 10:33:06.091603994 CET	8.8.8.8	192.168.2.4	45a4		Echo Reply
Mar 29, 2024 10:33:06.201380968 CET	195.123.214.59	192.168.2.4	45a5		Echo Reply
Mar 29, 2024 10:33:07.094413996 CET	192.168.2.4	8.8.8.8	3da3		Echo
Mar 29, 2024 10:33:07.197382927 CET	8.8.8.8	192.168.2.4	45a3		Echo Reply
Mar 29, 2024 10:33:07.203982115 CET	192.168.2.4	195.123.214.59	3da2		Echo
Mar 29, 2024 10:33:07.266977072 CET	192.168.2.4	195.123.214.59	3da1		Echo
Mar 29, 2024 10:33:07.418832064 CET	195.123.214.59	192.168.2.4	45a2		Echo Reply
Mar 29, 2024 10:33:07.418946981 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:07.491017103 CET	195.123.214.59	192.168.2.4	45a1		Echo Reply
Mar 29, 2024 10:33:08.400253057 CET	192.168.2.4	8.8.8.8	3da0		Echo
Mar 29, 2024 10:33:08.501872063 CET	192.168.2.4	195.123.214.59	3d9f		Echo
Mar 29, 2024 10:33:08.503232002 CET	8.8.8.8	192.168.2.4	45a0		Echo Reply
Mar 29, 2024 10:33:08.715352058 CET	195.123.214.59	192.168.2.4	459f		Echo Reply
Mar 29, 2024 10:33:09.516212940 CET	192.168.2.4	8.8.8.8	3d9e		Echo
Mar 29, 2024 10:33:09.618875980 CET	8.8.8.8	192.168.2.4	459e		Echo Reply
Mar 29, 2024 10:33:09.741106987 CET	192.168.2.4	195.123.214.59	3d9d		Echo
Mar 29, 2024 10:33:09.954606056 CET	195.123.214.59	192.168.2.4	459d		Echo Reply
Mar 29, 2024 10:33:09.957319021 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:10.625575066 CET	192.168.2.4	8.8.8.8	3d9c		Echo
Mar 29, 2024 10:33:10.728177071 CET	8.8.8.8	192.168.2.4	459c		Echo Reply
Mar 29, 2024 10:33:11.737855911 CET	192.168.2.4	8.8.8.8	3d9b		Echo
Mar 29, 2024 10:33:11.737859011 CET	192.168.2.4	195.123.214.59	3d9a		Echo
Mar 29, 2024 10:33:11.765935898 CET	192.168.2.4	8.8.8.8	3d99		Echo
Mar 29, 2024 10:33:11.766473055 CET	192.168.2.4	195.123.214.59	3d98		Echo
Mar 29, 2024 10:33:11.841101885 CET	8.8.8.8	192.168.2.4	459b		Echo Reply
Mar 29, 2024 10:33:11.841353893 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:11.868520021 CET	8.8.8.8	192.168.2.4	4599		Echo Reply
Mar 29, 2024 10:33:11.951809883 CET	195.123.214.59	192.168.2.4	459a		Echo Reply
Mar 29, 2024 10:33:11.952054024 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:11.979734898 CET	195.123.214.59	192.168.2.4	4598		Echo Reply
Mar 29, 2024 10:33:12.875564098 CET	192.168.2.4	8.8.8.8	3d97		Echo
Mar 29, 2024 10:33:12.978357077 CET	8.8.8.8	192.168.2.4	4597		Echo Reply
Mar 29, 2024 10:33:12.985183954 CET	192.168.2.4	195.123.214.59	3d96		Echo
Mar 29, 2024 10:33:13.200640917 CET	195.123.214.59	192.168.2.4	4596		Echo Reply
Mar 29, 2024 10:33:13.984852076 CET	192.168.2.4	8.8.8.8	3d95		Echo
Mar 29, 2024 10:33:14.087507010 CET	8.8.8.8	192.168.2.4	4595		Echo Reply
Mar 29, 2024 10:33:14.204442024 CET	192.168.2.4	195.123.214.59	3d94		Echo
Mar 29, 2024 10:33:14.267023087 CET	192.168.2.4	195.123.214.59	3d93		Echo
Mar 29, 2024 10:33:14.417880058 CET	195.123.214.59	192.168.2.4	4594		Echo Reply
Mar 29, 2024 10:33:14.419631958 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:14.480504036 CET	195.123.214.59	192.168.2.4	4593		Echo Reply
Mar 29, 2024 10:33:15.094294071 CET	192.168.2.4	8.8.8.8	3d92		Echo
Mar 29, 2024 10:33:15.197026014 CET	8.8.8.8	192.168.2.4	4592		Echo Reply
Mar 29, 2024 10:33:16.209520102 CET	192.168.2.4	195.123.214.59	3d91		Echo
Mar 29, 2024 10:33:16.210628986 CET	192.168.2.4	8.8.8.8	3d90		Echo
Mar 29, 2024 10:33:16.266798973 CET	192.168.2.4	195.123.214.59	3d8e		Echo
Mar 29, 2024 10:33:16.266798973 CET	192.168.2.4	8.8.8.8	3d8f		Echo
Mar 29, 2024 10:33:16.314340115 CET	8.8.8.8	192.168.2.4	4590		Echo Reply
Mar 29, 2024 10:33:16.315718889 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:16.370059967 CET	8.8.8.8	192.168.2.4	458f		Echo Reply
Mar 29, 2024 10:33:16.422914982 CET	195.123.214.59	192.168.2.4	4591		Echo Reply
Mar 29, 2024 10:33:16.423018932 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:16.480326891 CET	195.123.214.59	192.168.2.4	458e		Echo Reply
Mar 29, 2024 10:33:17.375617027 CET	192.168.2.4	8.8.8.8	3d8d		Echo
Mar 29, 2024 10:33:17.478296041 CET	8.8.8.8	192.168.2.4	458d		Echo Reply
Mar 29, 2024 10:33:17.485162973 CET	192.168.2.4	195.123.214.59	3d8c		Echo
Mar 29, 2024 10:33:17.700313091 CET	195.123.214.59	192.168.2.4	458c		Echo Reply
Mar 29, 2024 10:33:18.484829903 CET	192.168.2.4	8.8.8.8	3d8b		Echo
Mar 29, 2024 10:33:18.587409019 CET	8.8.8.8	192.168.2.4	458b		Echo Reply
Mar 29, 2024 10:33:18.706238985 CET	192.168.2.4	195.123.214.59	3d8a		Echo
Mar 29, 2024 10:33:18.794342041 CET	192.168.2.4	195.123.214.59	3d89		Echo
Mar 29, 2024 10:33:18.920274973 CET	195.123.214.59	192.168.2.4	458a		Echo Reply
Mar 29, 2024 10:33:18.920499086 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:19.007946014 CET	195.123.214.59	192.168.2.4	4589		Echo Reply
Mar 29, 2024 10:33:19.594460011 CET	192.168.2.4	8.8.8.8	3d88		Echo
Mar 29, 2024 10:33:19.697133064 CET	8.8.8.8	192.168.2.4	4588		Echo Reply
Mar 29, 2024 10:33:20.706046104 CET	192.168.2.4	8.8.8.8	3d87		Echo
Mar 29, 2024 10:33:20.706079960 CET	192.168.2.4	195.123.214.59	3d86		Echo
Mar 29, 2024 10:33:20.765899897 CET	192.168.2.4	8.8.8.8	3d85		Echo
Mar 29, 2024 10:33:20.766292095 CET	192.168.2.4	195.123.214.59	3d84		Echo
Mar 29, 2024 10:33:20.810148001 CET	8.8.8.8	192.168.2.4	4587		Echo Reply
Mar 29, 2024 10:33:20.810332060 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:20.869810104 CET	8.8.8.8	192.168.2.4	4585		Echo Reply
Mar 29, 2024 10:33:20.920985937 CET	195.123.214.59	192.168.2.4	4586		Echo Reply
Mar 29, 2024 10:33:20.921161890 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:20.980452061 CET	195.123.214.59	192.168.2.4	4584		Echo Reply
Mar 29, 2024 10:33:21.875567913 CET	192.168.2.4	8.8.8.8	3d83		Echo
Mar 29, 2024 10:33:21.978240013 CET	8.8.8.8	192.168.2.4	4583		Echo Reply
Mar 29, 2024 10:33:21.985325098 CET	192.168.2.4	195.123.214.59	3d82		Echo
Mar 29, 2024 10:33:22.198790073 CET	195.123.214.59	192.168.2.4	4582		Echo Reply
Mar 29, 2024 10:33:22.984987020 CET	192.168.2.4	8.8.8.8	3d81		Echo
Mar 29, 2024 10:33:23.087589979 CET	8.8.8.8	192.168.2.4	4581		Echo Reply
Mar 29, 2024 10:33:23.204128027 CET	192.168.2.4	195.123.214.59	3d80		Echo
Mar 29, 2024 10:33:23.266834974 CET	192.168.2.4	195.123.214.59	3d7f		Echo
Mar 29, 2024 10:33:23.417639017 CET	195.123.214.59	192.168.2.4	4580		Echo Reply
Mar 29, 2024 10:33:23.421287060 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:23.480266094 CET	195.123.214.59	192.168.2.4	457f		Echo Reply
Mar 29, 2024 10:33:24.094204903 CET	192.168.2.4	8.8.8.8	3d7e		Echo
Mar 29, 2024 10:33:24.197256088 CET	8.8.8.8	192.168.2.4	457e		Echo Reply
Mar 29, 2024 10:33:25.206481934 CET	192.168.2.4	8.8.8.8	3d7d		Echo
Mar 29, 2024 10:33:25.206695080 CET	192.168.2.4	195.123.214.59	3d7c		Echo
Mar 29, 2024 10:33:25.266002893 CET	192.168.2.4	8.8.8.8	3d7b		Echo
Mar 29, 2024 10:33:25.266483068 CET	192.168.2.4	195.123.214.59	3d7a		Echo
Mar 29, 2024 10:33:25.310118914 CET	8.8.8.8	192.168.2.4	457d		Echo Reply
Mar 29, 2024 10:33:25.310198069 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:25.368776083 CET	8.8.8.8	192.168.2.4	457b		Echo Reply
Mar 29, 2024 10:33:25.420974970 CET	195.123.214.59	192.168.2.4	457c		Echo Reply
Mar 29, 2024 10:33:25.421142101 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:25.479993105 CET	195.123.214.59	192.168.2.4	457a		Echo Reply
Mar 29, 2024 10:33:26.377901077 CET	192.168.2.4	8.8.8.8	3d79		Echo
Mar 29, 2024 10:33:26.480566025 CET	8.8.8.8	192.168.2.4	4579		Echo Reply
Mar 29, 2024 10:33:26.485194921 CET	192.168.2.4	195.123.214.59	3d78		Echo
Mar 29, 2024 10:33:26.698904037 CET	195.123.214.59	192.168.2.4	4578		Echo Reply
Mar 29, 2024 10:33:28.558999062 CET	192.168.2.4	8.8.8.8	3d77		Echo
Mar 29, 2024 10:33:28.661447048 CET	8.8.8.8	192.168.2.4	4577		Echo Reply
Mar 29, 2024 10:33:29.565685987 CET	192.168.2.4	195.123.214.59	3d76		Echo
Mar 29, 2024 10:33:29.672048092 CET	192.168.2.4	8.8.8.8	3d75		Echo
Mar 29, 2024 10:33:29.766699076 CET	192.168.2.4	195.123.214.59	3d74		Echo
Mar 29, 2024 10:33:29.774780989 CET	8.8.8.8	192.168.2.4	4575		Echo Reply
Mar 29, 2024 10:33:29.774879932 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:29.823950052 CET	195.123.214.59	192.168.2.4	4576		Echo Reply
Mar 29, 2024 10:33:29.824023008 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:30.014861107 CET	195.123.214.59	192.168.2.4	4574		Echo Reply
Mar 29, 2024 10:33:31.018485069 CET	192.168.2.4	8.8.8.8	3d73		Echo
Mar 29, 2024 10:33:31.018615007 CET	192.168.2.4	195.123.214.59	3d72		Echo
Mar 29, 2024 10:33:31.121239901 CET	8.8.8.8	192.168.2.4	4573		Echo Reply
Mar 29, 2024 10:33:31.232136965 CET	195.123.214.59	192.168.2.4	4572		Echo Reply
Mar 29, 2024 10:33:32.125611067 CET	192.168.2.4	8.8.8.8	3d71		Echo
Mar 29, 2024 10:33:32.228266001 CET	8.8.8.8	192.168.2.4	4571		Echo Reply
Mar 29, 2024 10:33:32.235129118 CET	192.168.2.4	195.123.214.59	3d70		Echo
Mar 29, 2024 10:33:32.266891956 CET	192.168.2.4	195.123.214.59	3d6f		Echo
Mar 29, 2024 10:33:32.448621035 CET	195.123.214.59	192.168.2.4	4570		Echo Reply
Mar 29, 2024 10:33:32.451569080 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:32.480271101 CET	195.123.214.59	192.168.2.4	456f		Echo Reply
Mar 29, 2024 10:33:33.235095024 CET	192.168.2.4	8.8.8.8	3d6e		Echo
Mar 29, 2024 10:33:33.266292095 CET	192.168.2.4	8.8.8.8	3d6d		Echo
Mar 29, 2024 10:33:33.337764025 CET	8.8.8.8	192.168.2.4	456e		Echo Reply
Mar 29, 2024 10:33:33.337904930 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:33.368894100 CET	8.8.8.8	192.168.2.4	456d		Echo Reply
Mar 29, 2024 10:33:33.485409021 CET	192.168.2.4	195.123.214.59	3d6c		Echo
Mar 29, 2024 10:33:33.703320026 CET	195.123.214.59	192.168.2.4	456c		Echo Reply
Mar 29, 2024 10:33:34.375515938 CET	192.168.2.4	8.8.8.8	3d6b		Echo
Mar 29, 2024 10:33:34.478841066 CET	8.8.8.8	192.168.2.4	456b		Echo Reply
Mar 29, 2024 10:33:34.719738960 CET	192.168.2.4	195.123.214.59	3d6a		Echo
Mar 29, 2024 10:33:34.949026108 CET	195.123.214.59	192.168.2.4	456a		Echo Reply
Mar 29, 2024 10:33:34.949229002 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:35.494992018 CET	192.168.2.4	8.8.8.8	3d69		Echo
Mar 29, 2024 10:33:35.495124102 CET	192.168.2.4	195.123.214.59	3d68		Echo
Mar 29, 2024 10:33:35.598409891 CET	8.8.8.8	192.168.2.4	4569		Echo Reply
Mar 29, 2024 10:33:35.708395004 CET	195.123.214.59	192.168.2.4	4568		Echo Reply
Mar 29, 2024 10:33:36.610460043 CET	192.168.2.4	8.8.8.8	3d67		Echo
Mar 29, 2024 10:33:36.713165045 CET	8.8.8.8	192.168.2.4	4567		Echo Reply
Mar 29, 2024 10:33:36.719666958 CET	192.168.2.4	195.123.214.59	3d66		Echo
Mar 29, 2024 10:33:36.774440050 CET	192.168.2.4	195.123.214.59	3d65		Echo
Mar 29, 2024 10:33:36.933058023 CET	195.123.214.59	192.168.2.4	4566		Echo Reply
Mar 29, 2024 10:33:36.933141947 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:36.987883091 CET	195.123.214.59	192.168.2.4	4565		Echo Reply
Mar 29, 2024 10:33:37.719285965 CET	192.168.2.4	8.8.8.8	3d64		Echo
Mar 29, 2024 10:33:37.766556978 CET	192.168.2.4	8.8.8.8	3d63		Echo
Mar 29, 2024 10:33:37.822074890 CET	8.8.8.8	192.168.2.4	4564		Echo Reply
Mar 29, 2024 10:33:37.822204113 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:37.869087934 CET	8.8.8.8	192.168.2.4	4563		Echo Reply
Mar 29, 2024 10:33:38.001036882 CET	192.168.2.4	195.123.214.59	3d62		Echo
Mar 29, 2024 10:33:38.214392900 CET	195.123.214.59	192.168.2.4	4562		Echo Reply
Mar 29, 2024 10:33:38.875641108 CET	192.168.2.4	8.8.8.8	3d61		Echo
Mar 29, 2024 10:33:38.978231907 CET	8.8.8.8	192.168.2.4	4561		Echo Reply
Mar 29, 2024 10:33:39.219866037 CET	192.168.2.4	195.123.214.59	3d60		Echo
Mar 29, 2024 10:33:39.433655024 CET	195.123.214.59	192.168.2.4	4560		Echo Reply
Mar 29, 2024 10:33:39.433758974 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:39.987313032 CET	192.168.2.4	8.8.8.8	3d5f		Echo
Mar 29, 2024 10:33:39.987498045 CET	192.168.2.4	195.123.214.59	3d5e		Echo
Mar 29, 2024 10:33:40.089946985 CET	8.8.8.8	192.168.2.4	455f		Echo Reply
Mar 29, 2024 10:33:40.200728893 CET	195.123.214.59	192.168.2.4	455e		Echo Reply
Mar 29, 2024 10:33:41.094335079 CET	192.168.2.4	8.8.8.8	3d5d		Echo
Mar 29, 2024 10:33:41.197029114 CET	8.8.8.8	192.168.2.4	455d		Echo Reply
Mar 29, 2024 10:33:41.204298019 CET	192.168.2.4	195.123.214.59	3d5c		Echo
Mar 29, 2024 10:33:41.267019987 CET	192.168.2.4	195.123.214.59	3d5b		Echo
Mar 29, 2024 10:33:41.417673111 CET	195.123.214.59	192.168.2.4	455c		Echo Reply
Mar 29, 2024 10:33:41.419600964 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:41.480638981 CET	195.123.214.59	192.168.2.4	455b		Echo Reply
Mar 29, 2024 10:33:42.203694105 CET	192.168.2.4	8.8.8.8	3d5a		Echo
Mar 29, 2024 10:33:42.266499043 CET	192.168.2.4	8.8.8.8	3d59		Echo
Mar 29, 2024 10:33:42.306318045 CET	8.8.8.8	192.168.2.4	455a		Echo Reply
Mar 29, 2024 10:33:42.306416035 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:42.369216919 CET	8.8.8.8	192.168.2.4	4559		Echo Reply
Mar 29, 2024 10:33:42.485213995 CET	192.168.2.4	195.123.214.59	3d58		Echo
Mar 29, 2024 10:33:42.698482990 CET	195.123.214.59	192.168.2.4	4558		Echo Reply
Mar 29, 2024 10:33:43.375375032 CET	192.168.2.4	8.8.8.8	3d57		Echo
Mar 29, 2024 10:33:43.479456902 CET	8.8.8.8	192.168.2.4	4557		Echo Reply
Mar 29, 2024 10:33:43.721692085 CET	192.168.2.4	195.123.214.59	3d56		Echo
Mar 29, 2024 10:33:43.935199976 CET	195.123.214.59	192.168.2.4	4556		Echo Reply
Mar 29, 2024 10:33:43.935271978 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:44.487482071 CET	192.168.2.4	195.123.214.59	3d55		Echo
Mar 29, 2024 10:33:44.488347054 CET	192.168.2.4	8.8.8.8	3d54		Echo
Mar 29, 2024 10:33:44.590876102 CET	8.8.8.8	192.168.2.4	4554		Echo Reply
Mar 29, 2024 10:33:44.700865030 CET	195.123.214.59	192.168.2.4	4555		Echo Reply
Mar 29, 2024 10:33:45.594577074 CET	192.168.2.4	8.8.8.8	3d53		Echo
Mar 29, 2024 10:33:45.697571993 CET	8.8.8.8	192.168.2.4	4553		Echo Reply
Mar 29, 2024 10:33:45.704421043 CET	192.168.2.4	195.123.214.59	3d52		Echo
Mar 29, 2024 10:33:45.766453028 CET	192.168.2.4	195.123.214.59	3d51		Echo
Mar 29, 2024 10:33:45.918075085 CET	195.123.214.59	192.168.2.4	4552		Echo Reply
Mar 29, 2024 10:33:45.918272018 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:45.979912043 CET	195.123.214.59	192.168.2.4	4551		Echo Reply
Mar 29, 2024 10:33:46.704335928 CET	192.168.2.4	8.8.8.8	3d50		Echo
Mar 29, 2024 10:33:46.766259909 CET	192.168.2.4	8.8.8.8	3d4f		Echo
Mar 29, 2024 10:33:46.807189941 CET	8.8.8.8	192.168.2.4	4550		Echo Reply
Mar 29, 2024 10:33:46.807312012 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:46.868849039 CET	8.8.8.8	192.168.2.4	454f		Echo Reply
Mar 29, 2024 10:33:46.985160112 CET	192.168.2.4	195.123.214.59	3d4e		Echo
Mar 29, 2024 10:33:47.203108072 CET	195.123.214.59	192.168.2.4	454e		Echo Reply
Mar 29, 2024 10:33:47.875519991 CET	192.168.2.4	8.8.8.8	3d4d		Echo
Mar 29, 2024 10:33:47.978233099 CET	8.8.8.8	192.168.2.4	454d		Echo Reply
Mar 29, 2024 10:33:48.219743013 CET	192.168.2.4	195.123.214.59	3d4c		Echo
Mar 29, 2024 10:33:48.433648109 CET	195.123.214.59	192.168.2.4	454c		Echo Reply
Mar 29, 2024 10:33:48.433798075 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:48.987317085 CET	192.168.2.4	8.8.8.8	3d4b		Echo
Mar 29, 2024 10:33:48.987447023 CET	192.168.2.4	195.123.214.59	3d4a		Echo
Mar 29, 2024 10:33:49.089925051 CET	8.8.8.8	192.168.2.4	454b		Echo Reply
Mar 29, 2024 10:33:49.203038931 CET	195.123.214.59	192.168.2.4	454a		Echo Reply
Mar 29, 2024 10:33:50.094197989 CET	192.168.2.4	8.8.8.8	3d49		Echo
Mar 29, 2024 10:33:50.196899891 CET	8.8.8.8	192.168.2.4	4549		Echo Reply
Mar 29, 2024 10:33:50.219455957 CET	192.168.2.4	195.123.214.59	3d48		Echo
Mar 29, 2024 10:33:50.266566992 CET	192.168.2.4	195.123.214.59	3d47		Echo
Mar 29, 2024 10:33:50.449214935 CET	195.123.214.59	192.168.2.4	4548		Echo Reply
Mar 29, 2024 10:33:50.449291945 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:50.479926109 CET	195.123.214.59	192.168.2.4	4547		Echo Reply
Mar 29, 2024 10:33:50.803575993 CET	192.168.2.4	195.123.214.59	3d46		Echo
Mar 29, 2024 10:33:50.804332018 CET	192.168.2.4	195.123.214.59	3d45		Echo
Mar 29, 2024 10:33:50.898833990 CET	192.168.2.4	195.123.214.59	3d44		Echo
Mar 29, 2024 10:33:50.994832039 CET	192.168.2.4	195.123.214.59	3d43		Echo
Mar 29, 2024 10:33:51.095407963 CET	192.168.2.4	195.123.214.59	3d42		Echo
Mar 29, 2024 10:33:51.217062950 CET	192.168.2.4	8.8.8.8	3d41		Echo
Mar 29, 2024 10:33:51.264242887 CET	192.168.2.4	195.123.214.59	3d40		Echo
Mar 29, 2024 10:33:51.265840054 CET	192.168.2.4	8.8.8.8	3d3f		Echo
Mar 29, 2024 10:33:51.319741964 CET	8.8.8.8	192.168.2.4	4541		Echo Reply
Mar 29, 2024 10:33:51.319925070 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:51.368304968 CET	8.8.8.8	192.168.2.4	453f		Echo Reply
Mar 29, 2024 10:33:51.446532011 CET	192.168.2.4	195.123.214.59	3d3e		Echo
Mar 29, 2024 10:33:51.484791994 CET	192.168.2.4	195.123.214.59	3d3d		Echo
Mar 29, 2024 10:33:51.631436110 CET	192.168.2.4	195.123.214.59	3d3c		Echo
Mar 29, 2024 10:33:51.697943926 CET	195.123.214.59	192.168.2.4	453d		Echo Reply
Mar 29, 2024 10:33:51.829061031 CET	192.168.2.4	195.123.214.59	3d3b		Echo
Mar 29, 2024 10:33:52.041773081 CET	192.168.2.4	195.123.214.59	3d3a		Echo
Mar 29, 2024 10:33:52.254648924 CET	192.168.2.4	195.123.214.59	3d39		Echo
Mar 29, 2024 10:33:52.375169992 CET	192.168.2.4	8.8.8.8	3d38		Echo
Mar 29, 2024 10:33:52.470174074 CET	192.168.2.4	195.123.214.59	3d37		Echo
Mar 29, 2024 10:33:52.478375912 CET	8.8.8.8	192.168.2.4	4538		Echo Reply
Mar 29, 2024 10:33:52.704019070 CET	192.168.2.4	195.123.214.59	3d36		Echo
Mar 29, 2024 10:33:52.917685986 CET	195.123.214.59	192.168.2.4	4536		Echo Reply
Mar 29, 2024 10:33:52.917889118 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:53.487338066 CET	192.168.2.4	8.8.8.8	3d35		Echo
Mar 29, 2024 10:33:53.488312960 CET	192.168.2.4	195.123.214.59	3d34		Echo
Mar 29, 2024 10:33:53.590259075 CET	8.8.8.8	192.168.2.4	4535		Echo Reply
Mar 29, 2024 10:33:53.701718092 CET	195.123.214.59	192.168.2.4	4534		Echo Reply
Mar 29, 2024 10:33:54.593893051 CET	192.168.2.4	8.8.8.8	3d33		Echo
Mar 29, 2024 10:33:54.696681976 CET	8.8.8.8	192.168.2.4	4533		Echo Reply
Mar 29, 2024 10:33:54.703700066 CET	192.168.2.4	195.123.214.59	3d32		Echo
Mar 29, 2024 10:33:54.766527891 CET	192.168.2.4	195.123.214.59	3d31		Echo
Mar 29, 2024 10:33:54.916999102 CET	195.123.214.59	192.168.2.4	4532		Echo Reply
Mar 29, 2024 10:33:54.917139053 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:54.988205910 CET	195.123.214.59	192.168.2.4	4531		Echo Reply
Mar 29, 2024 10:33:55.703325987 CET	192.168.2.4	8.8.8.8	3d30		Echo
Mar 29, 2024 10:33:55.765976906 CET	192.168.2.4	8.8.8.8	3d2f		Echo
Mar 29, 2024 10:33:55.808799028 CET	8.8.8.8	192.168.2.4	4530		Echo Reply
Mar 29, 2024 10:33:55.808973074 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:55.871632099 CET	8.8.8.8	192.168.2.4	452f		Echo Reply
Mar 29, 2024 10:33:56.001117945 CET	192.168.2.4	195.123.214.59	3d2e		Echo
Mar 29, 2024 10:33:56.215564013 CET	195.123.214.59	192.168.2.4	452e		Echo Reply
Mar 29, 2024 10:33:56.875241995 CET	192.168.2.4	8.8.8.8	3d2d		Echo
Mar 29, 2024 10:33:56.978631973 CET	8.8.8.8	192.168.2.4	452d		Echo Reply
Mar 29, 2024 10:33:57.219523907 CET	192.168.2.4	195.123.214.59	3d2c		Echo
Mar 29, 2024 10:33:57.267045021 CET	192.168.2.4	195.123.214.59	3d2b		Echo
Mar 29, 2024 10:33:57.432990074 CET	195.123.214.59	192.168.2.4	452c		Echo Reply
Mar 29, 2024 10:33:57.435070038 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:57.482435942 CET	192.168.2.4	195.123.214.59	3d2a		Echo
Mar 29, 2024 10:33:57.701997995 CET	195.123.214.59	192.168.2.4	452a		Echo Reply
Mar 29, 2024 10:33:57.743827105 CET	192.168.2.4	195.123.214.59	3d29		Echo
Mar 29, 2024 10:33:57.744582891 CET	192.168.2.4	195.123.214.59	3d28		Echo
Mar 29, 2024 10:33:57.839703083 CET	192.168.2.4	195.123.214.59	3d27		Echo
Mar 29, 2024 10:33:57.934897900 CET	192.168.2.4	195.123.214.59	3d26		Echo
Mar 29, 2024 10:33:57.987700939 CET	192.168.2.4	8.8.8.8	3d25		Echo
Mar 29, 2024 10:33:57.988034964 CET	192.168.2.4	195.123.214.59	3d24		Echo
Mar 29, 2024 10:33:58.035355091 CET	192.168.2.4	195.123.214.59	3d23		Echo
Mar 29, 2024 10:33:58.090221882 CET	8.8.8.8	192.168.2.4	4525		Echo Reply
Mar 29, 2024 10:33:58.201301098 CET	195.123.214.59	192.168.2.4	4524		Echo Reply
Mar 29, 2024 10:33:58.203896999 CET	192.168.2.4	195.123.214.59	3d22		Echo
Mar 29, 2024 10:33:58.385982037 CET	192.168.2.4	195.123.214.59	3d21		Echo
Mar 29, 2024 10:33:58.631103992 CET	192.168.2.4	195.123.214.59	3d20		Echo
Mar 29, 2024 10:33:58.829227924 CET	192.168.2.4	195.123.214.59	3d1f		Echo
Mar 29, 2024 10:33:59.044270039 CET	192.168.2.4	195.123.214.59	3d1e		Echo
Mar 29, 2024 10:33:59.093909025 CET	192.168.2.4	8.8.8.8	3d1d		Echo
Mar 29, 2024 10:33:59.196702957 CET	8.8.8.8	192.168.2.4	451d		Echo Reply
Mar 29, 2024 10:33:59.203682899 CET	192.168.2.4	195.123.214.59	3d1c		Echo
Mar 29, 2024 10:33:59.261423111 CET	192.168.2.4	195.123.214.59	3d1b		Echo
Mar 29, 2024 10:33:59.266000032 CET	192.168.2.4	195.123.214.59	3d1a		Echo
Mar 29, 2024 10:33:59.417133093 CET	195.123.214.59	192.168.2.4	451c		Echo Reply
Mar 29, 2024 10:33:59.419625998 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:33:59.476061106 CET	192.168.2.4	195.123.214.59	3d19		Echo
Mar 29, 2024 10:33:59.479254007 CET	195.123.214.59	192.168.2.4	451a		Echo Reply
Mar 29, 2024 10:34:00.203306913 CET	192.168.2.4	8.8.8.8	3d18		Echo
Mar 29, 2024 10:34:00.266052008 CET	192.168.2.4	8.8.8.8	3d17		Echo
Mar 29, 2024 10:34:00.305813074 CET	8.8.8.8	192.168.2.4	4518		Echo Reply
Mar 29, 2024 10:34:00.305907965 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:00.370466948 CET	8.8.8.8	192.168.2.4	4517		Echo Reply
Mar 29, 2024 10:34:00.485302925 CET	192.168.2.4	195.123.214.59	3d16		Echo
Mar 29, 2024 10:34:00.698733091 CET	195.123.214.59	192.168.2.4	4516		Echo Reply
Mar 29, 2024 10:34:01.375082970 CET	192.168.2.4	8.8.8.8	3d15		Echo
Mar 29, 2024 10:34:01.477581978 CET	8.8.8.8	192.168.2.4	4515		Echo Reply
Mar 29, 2024 10:34:01.704050064 CET	192.168.2.4	195.123.214.59	3d14		Echo
Mar 29, 2024 10:34:01.919033051 CET	195.123.214.59	192.168.2.4	4514		Echo Reply
Mar 29, 2024 10:34:01.919910908 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:02.489418030 CET	192.168.2.4	195.123.214.59	3d13		Echo
Mar 29, 2024 10:34:02.491169930 CET	192.168.2.4	8.8.8.8	3d12		Echo
Mar 29, 2024 10:34:02.593807936 CET	8.8.8.8	192.168.2.4	4512		Echo Reply
Mar 29, 2024 10:34:02.704161882 CET	195.123.214.59	192.168.2.4	4513		Echo Reply
Mar 29, 2024 10:34:03.639633894 CET	192.168.2.4	8.8.8.8	3d11		Echo
Mar 29, 2024 10:34:03.719283104 CET	192.168.2.4	195.123.214.59	3d10		Echo
Mar 29, 2024 10:34:03.742182016 CET	8.8.8.8	192.168.2.4	4511		Echo Reply
Mar 29, 2024 10:34:03.766158104 CET	192.168.2.4	195.123.214.59	3d0f		Echo
Mar 29, 2024 10:34:03.932594061 CET	195.123.214.59	192.168.2.4	4510		Echo Reply
Mar 29, 2024 10:34:03.932661057 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:03.979540110 CET	195.123.214.59	192.168.2.4	450f		Echo Reply
Mar 29, 2024 10:34:04.266623974 CET	192.168.2.4	195.123.214.59	3d0e		Echo
Mar 29, 2024 10:34:04.481197119 CET	192.168.2.4	195.123.214.59	3d0d		Echo
Mar 29, 2024 10:34:04.694633961 CET	195.123.214.59	192.168.2.4	450d		Echo Reply
Mar 29, 2024 10:34:04.705698967 CET	192.168.2.4	195.123.214.59	3d0c		Echo
Mar 29, 2024 10:34:04.706428051 CET	192.168.2.4	195.123.214.59	3d0b		Echo
Mar 29, 2024 10:34:04.750174046 CET	192.168.2.4	8.8.8.8	3d0a		Echo
Mar 29, 2024 10:34:04.765794992 CET	192.168.2.4	8.8.8.8	3d09		Echo
Mar 29, 2024 10:34:04.803853989 CET	192.168.2.4	195.123.214.59	3d08		Echo
Mar 29, 2024 10:34:04.852799892 CET	8.8.8.8	192.168.2.4	450a		Echo Reply
Mar 29, 2024 10:34:04.852854013 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:04.868295908 CET	8.8.8.8	192.168.2.4	4509		Echo Reply
Mar 29, 2024 10:34:04.898514032 CET	192.168.2.4	195.123.214.59	3d07		Echo
Mar 29, 2024 10:34:04.986272097 CET	192.168.2.4	195.123.214.59	3d06		Echo
Mar 29, 2024 10:34:05.000045061 CET	192.168.2.4	195.123.214.59	3d05		Echo
Mar 29, 2024 10:34:05.199731112 CET	195.123.214.59	192.168.2.4	4506		Echo Reply
Mar 29, 2024 10:34:05.875080109 CET	192.168.2.4	8.8.8.8	3d04		Echo
Mar 29, 2024 10:34:05.977631092 CET	8.8.8.8	192.168.2.4	4504		Echo Reply
Mar 29, 2024 10:34:06.203937054 CET	192.168.2.4	195.123.214.59	3d03		Echo
Mar 29, 2024 10:34:06.419306040 CET	195.123.214.59	192.168.2.4	4503		Echo Reply
Mar 29, 2024 10:34:06.421917915 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:06.987334013 CET	192.168.2.4	195.123.214.59	3d02		Echo
Mar 29, 2024 10:34:06.988436937 CET	192.168.2.4	8.8.8.8	3d01		Echo
Mar 29, 2024 10:34:07.091914892 CET	8.8.8.8	192.168.2.4	4501		Echo Reply
Mar 29, 2024 10:34:07.200860023 CET	195.123.214.59	192.168.2.4	4502		Echo Reply
Mar 29, 2024 10:34:08.093903065 CET	192.168.2.4	8.8.8.8	3d00		Echo
Mar 29, 2024 10:34:08.196718931 CET	8.8.8.8	192.168.2.4	4500		Echo Reply
Mar 29, 2024 10:34:08.203762054 CET	192.168.2.4	195.123.214.59	3cff		Echo
Mar 29, 2024 10:34:08.266365051 CET	192.168.2.4	195.123.214.59	3cfe		Echo
Mar 29, 2024 10:34:08.429229021 CET	195.123.214.59	192.168.2.4	44ff		Echo Reply
Mar 29, 2024 10:34:08.431293964 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:08.479803085 CET	195.123.214.59	192.168.2.4	44fe		Echo Reply
Mar 29, 2024 10:34:09.203584909 CET	192.168.2.4	8.8.8.8	3cfd		Echo
Mar 29, 2024 10:34:09.265916109 CET	192.168.2.4	8.8.8.8	3cfc		Echo
Mar 29, 2024 10:34:09.306262016 CET	8.8.8.8	192.168.2.4	44fd		Echo Reply
Mar 29, 2024 10:34:09.306344032 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:09.368510008 CET	8.8.8.8	192.168.2.4	44fc		Echo Reply
Mar 29, 2024 10:34:09.485280991 CET	192.168.2.4	195.123.214.59	3cfb		Echo
Mar 29, 2024 10:34:09.698576927 CET	195.123.214.59	192.168.2.4	44fb		Echo Reply
Mar 29, 2024 10:34:09.776748896 CET	192.168.2.4	195.123.214.59	3cfa		Echo
Mar 29, 2024 10:34:09.958703041 CET	192.168.2.4	195.123.214.59	3cf9		Echo
Mar 29, 2024 10:34:10.143771887 CET	192.168.2.4	195.123.214.59	3cf8		Echo
Mar 29, 2024 10:34:10.341451883 CET	192.168.2.4	195.123.214.59	3cf7		Echo
Mar 29, 2024 10:34:10.375171900 CET	192.168.2.4	8.8.8.8	3cf6		Echo
Mar 29, 2024 10:34:10.477772951 CET	8.8.8.8	192.168.2.4	44f6		Echo Reply
Mar 29, 2024 10:34:10.556606054 CET	192.168.2.4	195.123.214.59	3cf5		Echo
Mar 29, 2024 10:34:10.703757048 CET	192.168.2.4	195.123.214.59	3cf4		Echo
Mar 29, 2024 10:34:10.769299984 CET	192.168.2.4	195.123.214.59	3cf3		Echo
Mar 29, 2024 10:34:10.917587042 CET	195.123.214.59	192.168.2.4	44f4		Echo Reply
Mar 29, 2024 10:34:10.917784929 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:10.984545946 CET	192.168.2.4	195.123.214.59	3cf2		Echo
Mar 29, 2024 10:34:11.487174034 CET	192.168.2.4	8.8.8.8	3cf1		Echo
Mar 29, 2024 10:34:11.487400055 CET	192.168.2.4	195.123.214.59	3cf0		Echo
Mar 29, 2024 10:34:11.589893103 CET	8.8.8.8	192.168.2.4	44f1		Echo Reply
Mar 29, 2024 10:34:11.700696945 CET	195.123.214.59	192.168.2.4	44f0		Echo Reply
Mar 29, 2024 10:34:12.594008923 CET	192.168.2.4	8.8.8.8	3cef		Echo
Mar 29, 2024 10:34:12.696636915 CET	8.8.8.8	192.168.2.4	44ef		Echo Reply
Mar 29, 2024 10:34:12.703727961 CET	192.168.2.4	195.123.214.59	3cee		Echo
Mar 29, 2024 10:34:12.766311884 CET	192.168.2.4	195.123.214.59	3ced		Echo
Mar 29, 2024 10:34:12.917231083 CET	195.123.214.59	192.168.2.4	44ee		Echo Reply
Mar 29, 2024 10:34:12.917373896 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:12.983877897 CET	195.123.214.59	192.168.2.4	44ed		Echo Reply
Mar 29, 2024 10:34:13.703632116 CET	192.168.2.4	8.8.8.8	3cec		Echo
Mar 29, 2024 10:34:13.766185999 CET	192.168.2.4	8.8.8.8	3ceb		Echo
Mar 29, 2024 10:34:13.806493044 CET	8.8.8.8	192.168.2.4	44ec		Echo Reply
Mar 29, 2024 10:34:13.806579113 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:13.868829966 CET	8.8.8.8	192.168.2.4	44eb		Echo Reply
Mar 29, 2024 10:34:14.000643969 CET	192.168.2.4	195.123.214.59	3cea		Echo
Mar 29, 2024 10:34:14.214322090 CET	195.123.214.59	192.168.2.4	44ea		Echo Reply
Mar 29, 2024 10:34:14.875185966 CET	192.168.2.4	8.8.8.8	3ce9		Echo
Mar 29, 2024 10:34:14.978852034 CET	8.8.8.8	192.168.2.4	44e9		Echo Reply
Mar 29, 2024 10:34:15.219887972 CET	192.168.2.4	195.123.214.59	3ce8		Echo
Mar 29, 2024 10:34:15.433274984 CET	195.123.214.59	192.168.2.4	44e8		Echo Reply
Mar 29, 2024 10:34:15.433357954 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:15.767088890 CET	192.168.2.4	195.123.214.59	3ce7		Echo
Mar 29, 2024 10:34:15.989331961 CET	192.168.2.4	195.123.214.59	3ce6		Echo
Mar 29, 2024 10:34:15.990150928 CET	192.168.2.4	8.8.8.8	3ce5		Echo
Mar 29, 2024 10:34:15.993662119 CET	192.168.2.4	195.123.214.59	3ce4		Echo
Mar 29, 2024 10:34:16.092854977 CET	8.8.8.8	192.168.2.4	44e5		Echo Reply
Mar 29, 2024 10:34:16.207160950 CET	195.123.214.59	192.168.2.4	44e6		Echo Reply
Mar 29, 2024 10:34:16.207798004 CET	195.123.214.59	192.168.2.4	44e4		Echo Reply
Mar 29, 2024 10:34:16.219180107 CET	192.168.2.4	195.123.214.59	3ce3		Echo
Mar 29, 2024 10:34:16.220103979 CET	192.168.2.4	195.123.214.59	3ce2		Echo
Mar 29, 2024 10:34:16.314964056 CET	192.168.2.4	195.123.214.59	3ce1		Echo
Mar 29, 2024 10:34:16.410099030 CET	192.168.2.4	195.123.214.59	3ce0		Echo
Mar 29, 2024 10:34:16.511100054 CET	192.168.2.4	195.123.214.59	3cdf		Echo
Mar 29, 2024 10:34:17.094008923 CET	192.168.2.4	8.8.8.8	3cde		Echo
Mar 29, 2024 10:34:17.196515083 CET	8.8.8.8	192.168.2.4	44de		Echo Reply
Mar 29, 2024 10:34:17.219362974 CET	192.168.2.4	195.123.214.59	3cdd		Echo
Mar 29, 2024 10:34:17.266372919 CET	192.168.2.4	195.123.214.59	3cdc		Echo
Mar 29, 2024 10:34:17.433643103 CET	195.123.214.59	192.168.2.4	44dd		Echo Reply
Mar 29, 2024 10:34:17.437278032 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:17.479834080 CET	195.123.214.59	192.168.2.4	44dc		Echo Reply
Mar 29, 2024 10:34:18.203860044 CET	192.168.2.4	8.8.8.8	3cdb		Echo
Mar 29, 2024 10:34:18.266222000 CET	192.168.2.4	8.8.8.8	3cda		Echo
Mar 29, 2024 10:34:18.306473017 CET	8.8.8.8	192.168.2.4	44db		Echo Reply
Mar 29, 2024 10:34:18.307424068 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:18.368799925 CET	8.8.8.8	192.168.2.4	44da		Echo Reply
Mar 29, 2024 10:34:18.485754967 CET	192.168.2.4	195.123.214.59	3cd9		Echo
Mar 29, 2024 10:34:18.700115919 CET	195.123.214.59	192.168.2.4	44d9		Echo Reply
Mar 29, 2024 10:34:19.375277042 CET	192.168.2.4	8.8.8.8	3cd8		Echo
Mar 29, 2024 10:34:19.477827072 CET	8.8.8.8	192.168.2.4	44d8		Echo Reply
Mar 29, 2024 10:34:19.812254906 CET	192.168.2.4	195.123.214.59	3cd7		Echo
Mar 29, 2024 10:34:20.034377098 CET	195.123.214.59	192.168.2.4	44d7		Echo Reply
Mar 29, 2024 10:34:21.049617052 CET	192.168.2.4	195.123.214.59	3cd6		Echo
Mar 29, 2024 10:34:21.050570965 CET	192.168.2.4	8.8.8.8	3cd5		Echo
Mar 29, 2024 10:34:21.153158903 CET	8.8.8.8	192.168.2.4	44d5		Echo Reply
Mar 29, 2024 10:34:21.263531923 CET	195.123.214.59	192.168.2.4	44d6		Echo Reply
Mar 29, 2024 10:34:21.267177105 CET	192.168.2.4	195.123.214.59	3cd4		Echo
Mar 29, 2024 10:34:21.452080011 CET	192.168.2.4	195.123.214.59	3cd3		Echo
Mar 29, 2024 10:34:21.637569904 CET	192.168.2.4	195.123.214.59	3cd2		Echo
Mar 29, 2024 10:34:21.836806059 CET	192.168.2.4	195.123.214.59	3cd1		Echo
Mar 29, 2024 10:34:22.054482937 CET	192.168.2.4	195.123.214.59	3cd0		Echo
Mar 29, 2024 10:34:22.205667019 CET	192.168.2.4	8.8.8.8	3ccf		Echo
Mar 29, 2024 10:34:22.265965939 CET	192.168.2.4	8.8.8.8	3cce		Echo
Mar 29, 2024 10:34:22.266233921 CET	192.168.2.4	195.123.214.59	3ccd		Echo
Mar 29, 2024 10:34:22.266567945 CET	192.168.2.4	195.123.214.59	3ccc		Echo
Mar 29, 2024 10:34:22.308672905 CET	8.8.8.8	192.168.2.4	44cf		Echo Reply
Mar 29, 2024 10:34:22.308886051 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:22.368542910 CET	8.8.8.8	192.168.2.4	44ce		Echo Reply
Mar 29, 2024 10:34:22.479542017 CET	195.123.214.59	192.168.2.4	44cd		Echo Reply
Mar 29, 2024 10:34:22.481194973 CET	192.168.2.4	195.123.214.59	3ccb		Echo
Mar 29, 2024 10:34:23.375251055 CET	192.168.2.4	8.8.8.8	3cca		Echo
Mar 29, 2024 10:34:23.477859020 CET	8.8.8.8	192.168.2.4	44ca		Echo Reply
Mar 29, 2024 10:34:23.484878063 CET	192.168.2.4	195.123.214.59	3cc9		Echo
Mar 29, 2024 10:34:23.698450089 CET	195.123.214.59	192.168.2.4	44c9		Echo Reply
Mar 29, 2024 10:34:24.484544992 CET	192.168.2.4	8.8.8.8	3cc8		Echo
Mar 29, 2024 10:34:24.587097883 CET	8.8.8.8	192.168.2.4	44c8		Echo Reply
Mar 29, 2024 10:34:24.703854084 CET	192.168.2.4	195.123.214.59	3cc7		Echo
Mar 29, 2024 10:34:24.766452074 CET	192.168.2.4	195.123.214.59	3cc6		Echo
Mar 29, 2024 10:34:24.917253017 CET	195.123.214.59	192.168.2.4	44c7		Echo Reply
Mar 29, 2024 10:34:24.917342901 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:24.979860067 CET	195.123.214.59	192.168.2.4	44c6		Echo Reply
Mar 29, 2024 10:34:25.986769915 CET	192.168.2.4	8.8.8.8	3cc5		Echo
Mar 29, 2024 10:34:25.987088919 CET	192.168.2.4	195.123.214.59	3cc4		Echo
Mar 29, 2024 10:34:26.089687109 CET	8.8.8.8	192.168.2.4	44c5		Echo Reply
Mar 29, 2024 10:34:26.200711966 CET	195.123.214.59	192.168.2.4	44c4		Echo Reply
Mar 29, 2024 10:34:27.093894958 CET	192.168.2.4	8.8.8.8	3cc3		Echo
Mar 29, 2024 10:34:27.196522951 CET	8.8.8.8	192.168.2.4	44c3		Echo Reply
Mar 29, 2024 10:34:27.219278097 CET	192.168.2.4	195.123.214.59	3cc2		Echo
Mar 29, 2024 10:34:27.266287088 CET	192.168.2.4	195.123.214.59	3cc1		Echo
Mar 29, 2024 10:34:27.266316891 CET	192.168.2.4	195.123.214.59	3cc0		Echo
Mar 29, 2024 10:34:27.432943106 CET	195.123.214.59	192.168.2.4	44c2		Echo Reply
Mar 29, 2024 10:34:27.433032990 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:27.479588032 CET	195.123.214.59	192.168.2.4	44c1		Echo Reply
Mar 29, 2024 10:34:27.480761051 CET	192.168.2.4	195.123.214.59	3cbf		Echo
Mar 29, 2024 10:34:27.694387913 CET	195.123.214.59	192.168.2.4	44bf		Echo Reply
Mar 29, 2024 10:34:27.706063986 CET	192.168.2.4	195.123.214.59	3cbe		Echo
Mar 29, 2024 10:34:27.706979990 CET	192.168.2.4	195.123.214.59	3cbd		Echo
Mar 29, 2024 10:34:27.804078102 CET	192.168.2.4	195.123.214.59	3cbc		Echo
Mar 29, 2024 10:34:27.898998976 CET	192.168.2.4	195.123.214.59	3cbb		Echo
Mar 29, 2024 10:34:27.999489069 CET	192.168.2.4	195.123.214.59	3cba		Echo
Mar 29, 2024 10:34:28.203367949 CET	192.168.2.4	8.8.8.8	3cb9		Echo
Mar 29, 2024 10:34:28.265950918 CET	192.168.2.4	8.8.8.8	3cb8		Echo
Mar 29, 2024 10:34:28.305936098 CET	8.8.8.8	192.168.2.4	44b9		Echo Reply
Mar 29, 2024 10:34:28.305998087 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:28.368719101 CET	8.8.8.8	192.168.2.4	44b8		Echo Reply
Mar 29, 2024 10:34:28.484894037 CET	192.168.2.4	195.123.214.59	3cb7		Echo
Mar 29, 2024 10:34:28.698304892 CET	195.123.214.59	192.168.2.4	44b7		Echo Reply
Mar 29, 2024 10:34:29.406872034 CET	192.168.2.4	8.8.8.8	3cb6		Echo
Mar 29, 2024 10:34:29.509680033 CET	8.8.8.8	192.168.2.4	44b6		Echo Reply
Mar 29, 2024 10:34:29.704078913 CET	192.168.2.4	195.123.214.59	3cb5		Echo
Mar 29, 2024 10:34:29.917567968 CET	195.123.214.59	192.168.2.4	44b5		Echo Reply
Mar 29, 2024 10:34:29.917663097 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:30.517982006 CET	192.168.2.4	8.8.8.8	3cb4		Echo
Mar 29, 2024 10:34:30.518250942 CET	192.168.2.4	195.123.214.59	3cb3		Echo
Mar 29, 2024 10:34:30.620683908 CET	8.8.8.8	192.168.2.4	44b4		Echo Reply
Mar 29, 2024 10:34:30.731556892 CET	195.123.214.59	192.168.2.4	44b3		Echo Reply
Mar 29, 2024 10:34:31.625386000 CET	192.168.2.4	8.8.8.8	3cb2		Echo
Mar 29, 2024 10:34:31.728034019 CET	8.8.8.8	192.168.2.4	44b2		Echo Reply
Mar 29, 2024 10:34:31.734889030 CET	192.168.2.4	195.123.214.59	3cb1		Echo
Mar 29, 2024 10:34:31.766206980 CET	192.168.2.4	195.123.214.59	3cb0		Echo
Mar 29, 2024 10:34:31.948853970 CET	195.123.214.59	192.168.2.4	44b1		Echo Reply
Mar 29, 2024 10:34:31.950294971 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:31.979726076 CET	195.123.214.59	192.168.2.4	44b0		Echo Reply
Mar 29, 2024 10:34:32.734632015 CET	192.168.2.4	8.8.8.8	3caf		Echo
Mar 29, 2024 10:34:32.766338110 CET	192.168.2.4	8.8.8.8	3cae		Echo
Mar 29, 2024 10:34:32.766383886 CET	192.168.2.4	195.123.214.59	3cad		Echo
Mar 29, 2024 10:34:32.837178946 CET	8.8.8.8	192.168.2.4	44af		Echo Reply
Mar 29, 2024 10:34:32.837275982 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:32.868855953 CET	8.8.8.8	192.168.2.4	44ae		Echo Reply
Mar 29, 2024 10:34:32.949513912 CET	192.168.2.4	195.123.214.59	3cac		Echo
Mar 29, 2024 10:34:32.984973907 CET	192.168.2.4	195.123.214.59	3cab		Echo
Mar 29, 2024 10:34:33.134433031 CET	192.168.2.4	195.123.214.59	3caa		Echo
Mar 29, 2024 10:34:33.198235035 CET	195.123.214.59	192.168.2.4	44ab		Echo Reply
Mar 29, 2024 10:34:33.343065023 CET	192.168.2.4	195.123.214.59	3ca9		Echo
Mar 29, 2024 10:34:33.555604935 CET	192.168.2.4	195.123.214.59	3ca8		Echo
Mar 29, 2024 10:34:33.768627882 CET	192.168.2.4	195.123.214.59	3ca7		Echo
Mar 29, 2024 10:34:33.875191927 CET	192.168.2.4	8.8.8.8	3ca6		Echo
Mar 29, 2024 10:34:33.977720976 CET	8.8.8.8	192.168.2.4	44a6		Echo Reply
Mar 29, 2024 10:34:33.984066010 CET	192.168.2.4	195.123.214.59	3ca5		Echo
Mar 29, 2024 10:34:34.203944921 CET	192.168.2.4	195.123.214.59	3ca4		Echo
Mar 29, 2024 10:34:34.417351007 CET	195.123.214.59	192.168.2.4	44a4		Echo Reply
Mar 29, 2024 10:34:34.417748928 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:34.988241911 CET	192.168.2.4	195.123.214.59	3ca2		Echo
Mar 29, 2024 10:34:34.988244057 CET	192.168.2.4	8.8.8.8	3ca3		Echo
Mar 29, 2024 10:34:35.090938091 CET	8.8.8.8	192.168.2.4	44a3		Echo Reply
Mar 29, 2024 10:34:35.201603889 CET	195.123.214.59	192.168.2.4	44a2		Echo Reply
Mar 29, 2024 10:34:36.093898058 CET	192.168.2.4	8.8.8.8	3ca1		Echo
Mar 29, 2024 10:34:36.196662903 CET	8.8.8.8	192.168.2.4	44a1		Echo Reply
Mar 29, 2024 10:34:36.203794003 CET	192.168.2.4	195.123.214.59	3ca0		Echo
Mar 29, 2024 10:34:36.268821001 CET	192.168.2.4	195.123.214.59	3c9f		Echo
Mar 29, 2024 10:34:36.418034077 CET	195.123.214.59	192.168.2.4	44a0		Echo Reply
Mar 29, 2024 10:34:36.418128014 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:36.482206106 CET	195.123.214.59	192.168.2.4	449f		Echo Reply
Mar 29, 2024 10:34:37.203629971 CET	192.168.2.4	8.8.8.8	3c9e		Echo
Mar 29, 2024 10:34:37.267939091 CET	192.168.2.4	8.8.8.8	3c9d		Echo
Mar 29, 2024 10:34:37.306437016 CET	8.8.8.8	192.168.2.4	449e		Echo Reply
Mar 29, 2024 10:34:37.309258938 CET	192.168.2.4	8.8.8.8	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:37.370431900 CET	8.8.8.8	192.168.2.4	449d		Echo Reply
Mar 29, 2024 10:34:38.153451920 CET	192.168.2.4	195.123.214.59	3c9c		Echo
Mar 29, 2024 10:34:38.379789114 CET	195.123.214.59	192.168.2.4	449c		Echo Reply
Mar 29, 2024 10:34:38.379897118 CET	192.168.2.4	195.123.214.59	fcfd	(Protocol unreachable)	Destination Unreachable
Mar 29, 2024 10:34:39.929150105 CET	192.168.2.4	8.8.8.8	3c9b		Echo
Mar 29, 2024 10:34:39.929755926 CET	192.168.2.4	195.123.214.59	3c9a		Echo
Mar 29, 2024 10:34:39.932161093 CET	192.168.2.4	195.123.214.59	3c99		Echo
Mar 29, 2024 10:34:40.035953999 CET	8.8.8.8	192.168.2.4	449b		Echo Reply
Mar 29, 2024 10:34:40.145639896 CET	195.123.214.59	192.168.2.4	449a		Echo Reply
Mar 29, 2024 10:34:40.148917913 CET	192.168.2.4	195.123.214.59	3c98		Echo
Mar 29, 2024 10:34:40.407191992 CET	195.123.214.59	192.168.2.4	4498		Echo Reply
Mar 29, 2024 10:34:40.424376965 CET	192.168.2.4	195.123.214.59	3c97		Echo
Mar 29, 2024 10:34:40.425277948 CET	192.168.2.4	195.123.214.59	3c96		Echo
Mar 29, 2024 10:34:40.524827003 CET	192.168.2.4	195.123.214.59	3c95		Echo
Mar 29, 2024 10:34:40.620027065 CET	192.168.2.4	195.123.214.59	3c94		Echo
Mar 29, 2024 10:34:40.720681906 CET	192.168.2.4	195.123.214.59	3c93		Echo
Mar 29, 2024 10:34:41.370825052 CET	192.168.2.4	195.123.214.59	3c92		Echo
Mar 29, 2024 10:34:41.371016026 CET	192.168.2.4	8.8.8.8	3c91		Echo
Mar 29, 2024 10:34:41.473588943 CET	8.8.8.8	192.168.2.4	4491		Echo Reply
Mar 29, 2024 10:34:41.584327936 CET	195.123.214.59	192.168.2.4	4492		Echo Reply

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 29, 2024 10:32:36.429271936 CET	192.168.2.4	1.1.1.1	0xff56	Standard query (0)	r3.autopoisk.vin	A (IP address)	IN (0x0001)	false
Mar 29, 2024 10:32:36.429315090 CET	192.168.2.4	1.1.1.1	0x6189	Standard query (0)	autopoisk.vin	A (IP address)	IN (0x0001)	false
Mar 29, 2024 10:32:36.429507017 CET	192.168.2.4	1.1.1.1	0xe564	Standard query (0)	r2.autopoisk.vin	A (IP address)	IN (0x0001)	false
Mar 29, 2024 10:32:36.429548979 CET	192.168.2.4	1.1.1.1	0x5a4e	Standard query (0)	r4.autopoisk.vin	A (IP address)	IN (0x0001)	false
Mar 29, 2024 10:32:36.429658890 CET	192.168.2.4	1.1.1.1	0x6cbf	Standard query (0)	r5.autopoisk.vin	A (IP address)	IN (0x0001)	false
Mar 29, 2024 10:32:37.789340973 CET	192.168.2.4	1.1.1.1	0xe36d	Standard query (0)	upd.autopoisk.su	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 29, 2024 10:32:36.590548038 CET	1.1.1.1	192.168.2.4	0x6cbf	No error (0)	r5.autopoisk.vin	195.123.214.59	A (IP address)	IN (0x0001)	false
Mar 29, 2024 10:32:36.711633921 CET	1.1.1.1	192.168.2.4	0x5a4e	No error (0)	r4.autopoisk.vin	45.84.0.32	A (IP address)	IN (0x0001)	false
Mar 29, 2024 10:32:36.762902021 CET	1.1.1.1	192.168.2.4	0xff56	No error (0)	r3.autopoisk.vin	38.180.38.136	A (IP address)	IN (0x0001)	false
Mar 29, 2024 10:32:36.808434010 CET	1.1.1.1	192.168.2.4	0xe564	No error (0)	r2.autopoisk.vin	38.180.38.136	A (IP address)	IN (0x0001)	false
Mar 29, 2024 10:32:36.930591106 CET	1.1.1.1	192.168.2.4	0x6189	No error (0)	autopoisk.vin	62.152.58.190	A (IP address)	IN (0x0001)	false
Mar 29, 2024 10:32:38.744321108 CET	1.1.1.1	192.168.2.4	0xe36d	No error (0)	upd.autopoisk.su	82.97.242.231	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

upd.autopoisk.su

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	82.97.242.231	80	7600	C:\Users\user\Desktop\Autopoisk.exe

Timestamp	Bytes transferred	Direction	Data
Mar 29, 2024 10:32:38.972673893 CET	201	OUT	GET /files/version HTTP/1.1 Cache-control: no-cache Pragma: no-cache Host: upd.autopoisk.su Accept: text/html, / Accept-Encoding: identity User-Agent: Mozilla/3.0 (compatible; Indy Library)
Mar 29, 2024 10:32:39.202059984 CET	400	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.18.0 (Ubuntu) Date: Fri, 29 Mar 2024 09:32:39 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://upd.autopoisk.su/files/version Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>

Target ID:	0
Start time:	10:32:33
Start date:	29/03/2024
Path:	C:\Users\user\Desktop\Autopoisk.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Autopoisk.exe"
Imagebase:	0x400000
File size:	13'065'007 bytes
MD5 hash:	E66D46D21CFD0EEBFBFD8A1D5C5B66A7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.1616961805.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Autopoisk.exe

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Memory Usage

Windows Analysis Report
Autopoisk.exe