Edit tour

Windows Analysis Report
BUgAyPXboK.exe

Overview

General Information

Sample Name:	BUgAyPXboK.exe
Analysis ID:	694553
MD5:	dde91b6947d2b726e5bb8f5852cecb76
SHA1:	7d2467c4e65238599c5fd05641c628fb4252c7ca
SHA256:	eae8d675873bd846302263fdca95db805b560d3406ec964f76b2d4123f78b59a
Tags:	exeGandCrab
Infos:

Detection

Gandcrab

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Gandcrab

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Snort IDS alert for network traffic

Contains functionality to determine the online IP of the system

Found Tor onion address

Uses nslookup.exe to query domains

Machine Learning detection for sample

May check the online IP address of the machine

Machine Learning detection for dropped file

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Antivirus or Machine Learning detection for unpacked file

May sleep (evasive loops) to hinder dynamic analysis

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Sample execution stops while process was sleeping (likely an evasion)

Too many similar processes found

Contains functionality to dynamically determine API calls

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Queries information about the installed CPU (vendor, model number etc)

Drops PE files

Found evaded block containing many API calls

Contains functionality to enumerate device drivers

Checks for available system drives (often done to infect USB drives)

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

BUgAyPXboK.exe (PID: 868 cmdline: "C:\Users\user\Desktop\BUgAyPXboK.exe" MD5: DDE91B6947D2B726E5BB8F5852CECB76)

nslookup.exe (PID: 5424 cmdline: nslookup nomoreransom.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 5500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 1576 cmdline: nslookup emsisoft.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 5276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 5356 cmdline: nslookup gandcrab.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 5336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 5360 cmdline: nslookup nomoreransom.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 5340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 4876 cmdline: nslookup emsisoft.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 5796 cmdline: nslookup gandcrab.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 6128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 5224 cmdline: nslookup nomoreransom.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 5588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 5572 cmdline: nslookup emsisoft.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 6040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 2912 cmdline: nslookup gandcrab.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 1572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 4228 cmdline: nslookup nomoreransom.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 5940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 2464 cmdline: nslookup emsisoft.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 3244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 3824 cmdline: nslookup gandcrab.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 5896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 2208 cmdline: nslookup nomoreransom.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 4628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 2852 cmdline: nslookup emsisoft.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 2608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 4628 cmdline: nslookup gandcrab.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 2688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 4908 cmdline: nslookup nomoreransom.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 1908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 3096 cmdline: nslookup emsisoft.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 1964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 644 cmdline: nslookup gandcrab.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 1676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 5964 cmdline: nslookup nomoreransom.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 4772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 4064 cmdline: nslookup emsisoft.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 5928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 2360 cmdline: nslookup gandcrab.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 4856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 5728 cmdline: nslookup nomoreransom.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 6052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

nslookup.exe (PID: 5940 cmdline: nslookup emsisoft.bit dns1.soprodns.ru MD5: 8E82529D1475D67615ADCB4E1B8F4EEC)

conhost.exe (PID: 6088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

ykbxzh.exe (PID: 5500 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe" MD5: EE7A320AB14366D36D44CDC33B5E8238)

ykbxzh.exe (PID: 4784 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe" MD5: EE7A320AB14366D36D44CDC33B5E8238)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
BUgAyPXboK.exe	SUSP_RANSOMWARE_Indicator_Jul20	Detects ransomware indicator	Florian Roth	0xf716:$: DECRYPT.txt 0xf784:$: DECRYPT.txt
BUgAyPXboK.exe	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
BUgAyPXboK.exe	Gandcrab	Gandcrab Payload	kevoreilly	0xf70c:$string1: GDCB-DECRYPT.txt 0xf77a:$string1: GDCB-DECRYPT.txt 0xf460:$string3: action=result&e_files=%d&e_size=%I64u&e_time=%d&

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	SUSP_RANSOMWARE_Indicator_Jul20	Detects ransomware indicator	Florian Roth	0xf716:$: DECRYPT.txt 0xf784:$: DECRYPT.txt
C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Gandcrab	Gandcrab Payload	kevoreilly	0xf70c:$string1: GDCB-DECRYPT.txt 0xf77a:$string1: GDCB-DECRYPT.txt 0xf460:$string3: action=result&e_files=%d&e_size=%I64u&e_time=%d&

Memory Dumps

Source	Rule	Description	Author
0000000C.00000002.292150068.0000000000412000.00000008.00000001.01000000.00000006.sdmp	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
00000019.00000002.306373977.000000000040E000.00000004.00000001.01000000.00000006.sdmp	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
00000000.00000000.252253377.000000000040E000.00000008.00000001.01000000.00000003.sdmp	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
00000019.00000000.303643193.000000000040E000.00000008.00000001.01000000.00000006.sdmp	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
0000000C.00000000.289414377.000000000040E000.00000008.00000001.01000000.00000006.sdmp	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
0000000C.00000002.292144226.000000000040E000.00000004.00000001.01000000.00000006.sdmp	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
00000019.00000002.306381807.0000000000412000.00000008.00000001.01000000.00000006.sdmp	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
00000000.00000002.584330728.000000000040E000.00000004.00000001.01000000.00000003.sdmp	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
Process Memory Space: BUgAyPXboK.exe PID: 868	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
Process Memory Space: ykbxzh.exe PID: 5500	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
Process Memory Space: ykbxzh.exe PID: 4784	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
Click to see the 6 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.BUgAyPXboK.exe.400000.0.unpack	SUSP_RANSOMWARE_Indicator_Jul20	Detects ransomware indicator	Florian Roth	0xf716:$: DECRYPT.txt 0xf784:$: DECRYPT.txt
0.0.BUgAyPXboK.exe.400000.0.unpack	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
0.0.BUgAyPXboK.exe.400000.0.unpack	Gandcrab	Gandcrab Payload	kevoreilly	0xf70c:$string1: GDCB-DECRYPT.txt 0xf77a:$string1: GDCB-DECRYPT.txt 0xf460:$string3: action=result&e_files=%d&e_size=%I64u&e_time=%d&
12.0.ykbxzh.exe.400000.0.unpack	SUSP_RANSOMWARE_Indicator_Jul20	Detects ransomware indicator	Florian Roth	0xf716:$: DECRYPT.txt 0xf784:$: DECRYPT.txt
12.0.ykbxzh.exe.400000.0.unpack	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
12.0.ykbxzh.exe.400000.0.unpack	Gandcrab	Gandcrab Payload	kevoreilly	0xf70c:$string1: GDCB-DECRYPT.txt 0xf77a:$string1: GDCB-DECRYPT.txt 0xf460:$string3: action=result&e_files=%d&e_size=%I64u&e_time=%d&
12.2.ykbxzh.exe.400000.0.unpack	SUSP_RANSOMWARE_Indicator_Jul20	Detects ransomware indicator	Florian Roth	0xf716:$: DECRYPT.txt 0xf784:$: DECRYPT.txt
12.2.ykbxzh.exe.400000.0.unpack	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
12.2.ykbxzh.exe.400000.0.unpack	Gandcrab	Gandcrab Payload	kevoreilly	0xf70c:$string1: GDCB-DECRYPT.txt 0xf77a:$string1: GDCB-DECRYPT.txt 0xf460:$string3: action=result&e_files=%d&e_size=%I64u&e_time=%d&
25.0.ykbxzh.exe.400000.0.unpack	SUSP_RANSOMWARE_Indicator_Jul20	Detects ransomware indicator	Florian Roth	0xf716:$: DECRYPT.txt 0xf784:$: DECRYPT.txt
25.2.ykbxzh.exe.400000.0.unpack	SUSP_RANSOMWARE_Indicator_Jul20	Detects ransomware indicator	Florian Roth	0xf716:$: DECRYPT.txt 0xf784:$: DECRYPT.txt
25.0.ykbxzh.exe.400000.0.unpack	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
25.2.ykbxzh.exe.400000.0.unpack	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
25.0.ykbxzh.exe.400000.0.unpack	Gandcrab	Gandcrab Payload	kevoreilly	0xf70c:$string1: GDCB-DECRYPT.txt 0xf77a:$string1: GDCB-DECRYPT.txt 0xf460:$string3: action=result&e_files=%d&e_size=%I64u&e_time=%d&
25.2.ykbxzh.exe.400000.0.unpack	Gandcrab	Gandcrab Payload	kevoreilly	0xf70c:$string1: GDCB-DECRYPT.txt 0xf77a:$string1: GDCB-DECRYPT.txt 0xf460:$string3: action=result&e_files=%d&e_size=%I64u&e_time=%d&
0.2.BUgAyPXboK.exe.400000.0.unpack	SUSP_RANSOMWARE_Indicator_Jul20	Detects ransomware indicator	Florian Roth	0xf716:$: DECRYPT.txt 0xf784:$: DECRYPT.txt
0.2.BUgAyPXboK.exe.400000.0.unpack	JoeSecurity_Gandcrab	Yara detected Gandcrab	Joe Security
0.2.BUgAyPXboK.exe.400000.0.unpack	Gandcrab	Gandcrab Payload	kevoreilly	0xf70c:$string1: GDCB-DECRYPT.txt 0xf77a:$string1: GDCB-DECRYPT.txt 0xf460:$string3: action=result&e_files=%d&e_size=%I64u&e_time=%d&
Click to see the 13 entries

Snort Signatures

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859531532026737 08/31/22-23:45:39.973829
SID:	2026737
Source Port:	59531
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854507532829500 08/31/22-23:44:51.051028
SID:	2829500
Source Port:	54507
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856433532026737 08/31/22-23:45:05.669170
SID:	2026737
Source Port:	56433
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859724532026737 08/31/22-23:45:37.047109
SID:	2026737
Source Port:	59724
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859626532026737 08/31/22-23:45:09.130817
SID:	2026737
Source Port:	59626
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860383532829500 08/31/22-23:45:54.073595
SID:	2829500
Source Port:	60383
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856298532026737 08/31/22-23:44:46.383892
SID:	2026737
Source Port:	56298
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864965532829500 08/31/22-23:44:45.948752
SID:	2829500
Source Port:	64965
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862224532829500 08/31/22-23:44:36.753658
SID:	2829500
Source Port:	62224
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861613532829500 08/31/22-23:43:46.602572
SID:	2829500
Source Port:	61613
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856363532026737 08/31/22-23:44:42.471272
SID:	2026737
Source Port:	56363
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856507532829500 08/31/22-23:45:51.692352
SID:	2829500
Source Port:	56507
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852121532829500 08/31/22-23:45:13.843635
SID:	2829500
Source Port:	52121
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863867532829500 08/31/22-23:43:31.143411
SID:	2829500
Source Port:	63867
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854513532829498 08/31/22-23:44:53.235786
SID:	2829498
Source Port:	54513
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854757532026737 08/31/22-23:45:14.540780
SID:	2026737
Source Port:	54757
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850347532829500 08/31/22-23:44:00.906690
SID:	2829500
Source Port:	50347
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860134532829500 08/31/22-23:44:29.746960
SID:	2829500
Source Port:	60134
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861173532829498 08/31/22-23:45:03.206529
SID:	2829498
Source Port:	61173
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852486532026737 08/31/22-23:43:48.342534
SID:	2026737
Source Port:	52486
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864649532829498 08/31/22-23:44:48.847826
SID:	2829498
Source Port:	64649
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864798532026737 08/31/22-23:44:59.208494
SID:	2026737
Source Port:	64798
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863501532829498 08/31/22-23:45:53.807893
SID:	2829498
Source Port:	63501
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850968532829498 08/31/22-23:45:24.827189
SID:	2829498
Source Port:	50968
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862915532829498 08/31/22-23:43:29.888154
SID:	2829498
Source Port:	62915
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863438532026737 08/31/22-23:45:30.070764
SID:	2026737
Source Port:	63438
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852719532829498 08/31/22-23:44:35.284576
SID:	2829498
Source Port:	52719
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863675532026737 08/31/22-23:45:02.703986
SID:	2026737
Source Port:	63675
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854493532829500 08/31/22-23:45:28.756602
SID:	2829500
Source Port:	54493
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852729532026737 08/31/22-23:45:11.556204
SID:	2026737
Source Port:	52729
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860170532026737 08/31/22-23:45:19.218542
SID:	2026737
Source Port:	60170
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864409532829500 08/31/22-23:44:20.846616
SID:	2829500
Source Port:	64409
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850257532829500 08/31/22-23:44:58.802648
SID:	2829500
Source Port:	50257
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856551532026737 08/31/22-23:43:56.858808
SID:	2026737
Source Port:	56551
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852870532026737 08/31/22-23:44:15.600002
SID:	2026737
Source Port:	52870
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.858159532026737 08/31/22-23:44:44.437835
SID:	2026737
Source Port:	58159
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856429532829500 08/31/22-23:45:04.151432
SID:	2829500
Source Port:	56429
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859756532829500 08/31/22-23:44:14.164883
SID:	2829500
Source Port:	59756
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854881532829498 08/31/22-23:45:07.148628
SID:	2829498
Source Port:	54881
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860693532829498 08/31/22-23:44:32.915750
SID:	2829498
Source Port:	60693
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.865048532829500 08/31/22-23:44:07.531291
SID:	2829500
Source Port:	65048
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862523532026737 08/31/22-23:44:02.606977
SID:	2026737
Source Port:	62523
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857788532829498 08/31/22-23:44:45.461187
SID:	2829498
Source Port:	57788
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854202532829498 08/31/22-23:44:57.085032
SID:	2829498
Source Port:	54202
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859224532026737 08/31/22-23:44:39.557927
SID:	2026737
Source Port:	59224
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862949532829500 08/31/22-23:45:16.848920
SID:	2829500
Source Port:	62949
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864652532829498 08/31/22-23:44:48.958101
SID:	2829498
Source Port:	64652
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853271532829498 08/31/22-23:45:27.889217
SID:	2829498
Source Port:	53271
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852867532026737 08/31/22-23:44:15.534930
SID:	2026737
Source Port:	52867
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851776532829500 08/31/22-23:44:39.007949
SID:	2829500
Source Port:	51776
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857059532829498 08/31/22-23:45:18.303571
SID:	2829498
Source Port:	57059
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857981532026737 08/31/22-23:45:53.032065
SID:	2026737
Source Port:	57981
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862850532026737 08/31/22-23:44:23.403881
SID:	2026737
Source Port:	62850
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853947532829498 08/31/22-23:43:50.950634
SID:	2829498
Source Port:	53947
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857519532829500 08/31/22-23:44:26.384204
SID:	2829500
Source Port:	57519
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854313532829498 08/31/22-23:45:50.857498
SID:	2829498
Source Port:	54313
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856752532829500 08/31/22-23:44:33.536411
SID:	2829500
Source Port:	56752
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859885532829498 08/31/22-23:43:58.594444
SID:	2829498
Source Port:	59885
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860757532829500 08/31/22-23:45:46.254203
SID:	2829500
Source Port:	60757
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856549532026737 08/31/22-23:43:56.812959
SID:	2026737
Source Port:	56549
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851890532026737 08/31/22-23:44:51.640850
SID:	2026737
Source Port:	51890
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850256532829500 08/31/22-23:44:58.782280
SID:	2829500
Source Port:	50256
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.855298532829500 08/31/22-23:45:37.693886
SID:	2829500
Source Port:	55298
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859969532829500 08/31/22-23:44:44.030720
SID:	2829500
Source Port:	59969
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.855639532026737 08/31/22-23:45:55.456580
SID:	2026737
Source Port:	55639
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851689532829498 08/31/22-23:45:15.310184
SID:	2829498
Source Port:	51689
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863232532026737 08/31/22-23:43:32.344833
SID:	2026737
Source Port:	63232
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859757532829500 08/31/22-23:44:14.192618
SID:	2829500
Source Port:	59757
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857790532829498 08/31/22-23:44:45.500682
SID:	2829498
Source Port:	57790
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862963532829498 08/31/22-23:44:17.245311
SID:	2829498
Source Port:	62963
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860786532026737 08/31/22-23:45:45.011230
SID:	2026737
Source Port:	60786
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863256532829498 08/31/22-23:45:10.074723
SID:	2829498
Source Port:	63256
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856065532026737 08/31/22-23:45:29.057624
SID:	2026737
Source Port:	56065
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853050532829498 08/31/22-23:45:20.171719
SID:	2829498
Source Port:	53050
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856552532026737 08/31/22-23:43:56.877030
SID:	2026737
Source Port:	56552
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851626532829500 08/31/22-23:45:44.232922
SID:	2829500
Source Port:	51626
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859886532829498 08/31/22-23:43:58.614290
SID:	2829498
Source Port:	59886
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863266532026737 08/31/22-23:44:37.362093
SID:	2026737
Source Port:	63266
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853956532829498 08/31/22-23:45:45.816937
SID:	2829498
Source Port:	53956
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854301532829500 08/31/22-23:45:08.700152
SID:	2829500
Source Port:	54301
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862636532829498 08/31/22-23:45:12.181439
SID:	2829498
Source Port:	62636
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854101532026737 08/31/22-23:45:43.138088
SID:	2026737
Source Port:	54101
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.849237532026737 08/31/22-23:44:09.133303
SID:	2026737
Source Port:	49237
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860011532026737 08/31/22-23:44:56.144537
SID:	2026737
Source Port:	60011
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856128532829498 08/31/22-23:44:10.647184
SID:	2829498
Source Port:	56128
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859627532026737 08/31/22-23:45:09.148937
SID:	2026737
Source Port:	59627
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.849507532829500 08/31/22-23:45:22.271617
SID:	2829500
Source Port:	49507
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854312532829498 08/31/22-23:45:50.836877
SID:	2829498
Source Port:	54312
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.849337532829498 08/31/22-23:44:43.512238
SID:	2829498
Source Port:	49337
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856297532026737 08/31/22-23:44:46.363903
SID:	2026737
Source Port:	56297
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857979532026737 08/31/22-23:45:52.995555
SID:	2026737
Source Port:	57979
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852394532829498 08/31/22-23:45:33.462720
SID:	2829498
Source Port:	52394
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861807532026737 08/31/22-23:45:26.638406
SID:	2026737
Source Port:	61807
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860692532829498 08/31/22-23:44:32.895962
SID:	2829498
Source Port:	60692
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857759532829498 08/31/22-23:44:41.121343
SID:	2829498
Source Port:	57759
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860789532026737 08/31/22-23:45:45.071628
SID:	2026737
Source Port:	60789
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857190532829500 08/31/22-23:45:34.277428
SID:	2829500
Source Port:	57190
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857982532026737 08/31/22-23:45:53.052190
SID:	2026737
Source Port:	57982
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864931532829498 08/31/22-23:45:31.895021
SID:	2829498
Source Port:	64931
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856125532829498 08/31/22-23:44:10.587852
SID:	2829498
Source Port:	56125
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863259532829498 08/31/22-23:45:10.134383
SID:	2829498
Source Port:	63259
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864651532829498 08/31/22-23:44:48.937934
SID:	2829498
Source Port:	64651
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854908532829500 08/31/22-23:43:40.017875
SID:	2829500
Source Port:	54908
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.855959532829498 08/31/22-23:44:24.973756
SID:	2829498
Source Port:	55959
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856907532829498 08/31/22-23:45:34.930944
SID:	2829498
Source Port:	56907
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853959532829498 08/31/22-23:45:45.873966
SID:	2829498
Source Port:	53959
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861578532829498 08/31/22-23:45:43.955052
SID:	2829498
Source Port:	61578
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861094532829498 08/31/22-23:44:27.968897
SID:	2829498
Source Port:	61094
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857188532829500 08/31/22-23:45:34.238634
SID:	2829500
Source Port:	57188
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859794532026737 08/31/22-23:45:48.558569
SID:	2026737
Source Port:	59794
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851326532026737 08/31/22-23:44:27.434988
SID:	2026737
Source Port:	51326
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862040532829500 08/31/22-23:45:01.158698
SID:	2829500
Source Port:	62040
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864640532829500 08/31/22-23:45:18.759264
SID:	2829500
Source Port:	64640
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854203532829498 08/31/22-23:44:57.105081
SID:	2829498
Source Port:	54203
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851889532026737 08/31/22-23:44:51.620571
SID:	2026737
Source Port:	51889
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860010532026737 08/31/22-23:44:56.124573
SID:	2026737
Source Port:	60010
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863502532829498 08/31/22-23:45:53.826060
SID:	2829498
Source Port:	63502
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.858161532026737 08/31/22-23:44:44.475598
SID:	2026737
Source Port:	58161
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863437532026737 08/31/22-23:45:30.050806
SID:	2026737
Source Port:	63437
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864964532829500 08/31/22-23:44:45.929172
SID:	2829500
Source Port:	64964
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853198532829500 08/31/22-23:44:54.703855
SID:	2829500
Source Port:	53198
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864934532829498 08/31/22-23:45:31.953591
SID:	2829498
Source Port:	64934
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851532532026737 08/31/22-23:43:41.630051
SID:	2026737
Source Port:	51532
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864408532829500 08/31/22-23:44:20.826579
SID:	2829500
Source Port:	64408
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850540532026737 08/31/22-23:45:24.416776
SID:	2026737
Source Port:	50540
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856434532026737 08/31/22-23:45:05.689287
SID:	2026737
Source Port:	56434
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853595532829500 08/31/22-23:44:41.898667
SID:	2829500
Source Port:	53595
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854508532829500 08/31/22-23:44:51.075095
SID:	2829500
Source Port:	54508
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857098532829500 08/31/22-23:45:35.742268
SID:	2829500
Source Port:	57098
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854905532829500 08/31/22-23:43:39.956403
SID:	2829500
Source Port:	54905
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864799532026737 08/31/22-23:44:59.228975
SID:	2026737
Source Port:	64799
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861614532829500 08/31/22-23:43:46.625363
SID:	2829500
Source Port:	61614
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862223532829500 08/31/22-23:44:36.732224
SID:	2829500
Source Port:	62223
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850810532829500 08/31/22-23:45:42.795800
SID:	2829500
Source Port:	50810
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860758532829500 08/31/22-23:45:46.272226
SID:	2829500
Source Port:	60758
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864406532829500 08/31/22-23:44:20.786154
SID:	2829500
Source Port:	64406
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864932532829498 08/31/22-23:45:31.915004
SID:	2829498
Source Port:	64932
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863868532829500 08/31/22-23:43:31.170740
SID:	2829500
Source Port:	63868
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864966532829500 08/31/22-23:44:45.968566
SID:	2829500
Source Port:	64966
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862635532829498 08/31/22-23:45:12.157482
SID:	2829498
Source Port:	62635
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850970532829498 08/31/22-23:45:24.869816
SID:	2829498
Source Port:	50970
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860755532829500 08/31/22-23:45:46.217401
SID:	2829500
Source Port:	60755
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864642532829500 08/31/22-23:45:18.801787
SID:	2829500
Source Port:	64642
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863987532026737 08/31/22-23:45:33.034613
SID:	2026737
Source Port:	63987
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856091532829500 08/31/22-23:43:52.113643
SID:	2829500
Source Port:	56091
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854300532829500 08/31/22-23:45:08.678590
SID:	2829500
Source Port:	54300
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854907532829500 08/31/22-23:43:39.999758
SID:	2829500
Source Port:	54907
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861234532829498 08/31/22-23:44:38.522132
SID:	2829498
Source Port:	61234
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861172532829498 08/31/22-23:45:03.186618
SID:	2829498
Source Port:	61172
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862736532026737 08/31/22-23:44:30.983637
SID:	2026737
Source Port:	62736
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859723532026737 08/31/22-23:45:37.029063
SID:	2026737
Source Port:	59723
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.855300532829500 08/31/22-23:45:37.734665
SID:	2829500
Source Port:	55300
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850255532829500 08/31/22-23:44:58.762397
SID:	2829500
Source Port:	50255
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.849236532026737 08/31/22-23:44:09.112716
SID:	2026737
Source Port:	49236
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856908532829498 08/31/22-23:45:34.949400
SID:	2829498
Source Port:	56908
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860013532026737 08/31/22-23:44:56.185703
SID:	2026737
Source Port:	60013
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861808532026737 08/31/22-23:45:26.658197
SID:	2026737
Source Port:	61808
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851624532829500 08/31/22-23:45:44.191433
SID:	2829500
Source Port:	51624
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857518532829500 08/31/22-23:44:26.364052
SID:	2829500
Source Port:	57518
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856360532026737 08/31/22-23:44:42.410727
SID:	2026737
Source Port:	56360
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851535532026737 08/31/22-23:43:41.693076
SID:	2026737
Source Port:	51535
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852717532829498 08/31/22-23:44:35.238130
SID:	2829498
Source Port:	52717
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861231532829498 08/31/22-23:44:38.465975
SID:	2829498
Source Port:	61231
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862633532829498 08/31/22-23:45:12.116146
SID:	2829498
Source Port:	62633
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859532532026737 08/31/22-23:45:39.991955
SID:	2026737
Source Port:	59532
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859792532026737 08/31/22-23:45:48.517877
SID:	2026737
Source Port:	59792
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.855637532026737 08/31/22-23:45:55.417422
SID:	2026737
Source Port:	55637
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.849506532829500 08/31/22-23:45:22.251711
SID:	2829500
Source Port:	49506
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856773532026737 08/31/22-23:45:34.608670
SID:	2026737
Source Port:	56773
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851323532026737 08/31/22-23:44:27.377732
SID:	2026737
Source Port:	51323
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856126532829498 08/31/22-23:44:10.607141
SID:	2829498
Source Port:	56126
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861575532829498 08/31/22-23:45:43.896304
SID:	2829498
Source Port:	61575
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857096532829500 08/31/22-23:45:35.703871
SID:	2829500
Source Port:	57096
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860777532829498 08/31/22-23:45:40.857769
SID:	2829498
Source Port:	60777
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852868532026737 08/31/22-23:44:15.557965
SID:	2026737
Source Port:	52868
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861091532829498 08/31/22-23:44:27.912765
SID:	2829498
Source Port:	61091
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863233532026737 08/31/22-23:43:32.365334
SID:	2026737
Source Port:	63233
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861848532829498 08/31/22-23:45:29.448150
SID:	2829498
Source Port:	61848
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863674532026737 08/31/22-23:45:02.682245
SID:	2026737
Source Port:	63674
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.865049532829500 08/31/22-23:44:07.555130
SID:	2829500
Source Port:	65049
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853592532829500 08/31/22-23:44:41.838524
SID:	2829500
Source Port:	53592
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851595532829498 08/31/22-23:45:37.395999
SID:	2829498
Source Port:	51595
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852561532829498 08/31/22-23:43:44.313767
SID:	2829498
Source Port:	52561
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860386532829500 08/31/22-23:45:54.135455
SID:	2829500
Source Port:	60386
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854754532026737 08/31/22-23:45:14.478679
SID:	2026737
Source Port:	54754
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854299532829500 08/31/22-23:45:08.657968
SID:	2829500
Source Port:	54299
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856905532829498 08/31/22-23:45:34.890654
SID:	2829498
Source Port:	56905
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852728532026737 08/31/22-23:45:11.538182
SID:	2026737
Source Port:	52728
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852559532829498 08/31/22-23:43:44.275226
SID:	2829498
Source Port:	52559
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856571532829498 08/31/22-23:44:04.765178
SID:	2829498
Source Port:	56571
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856509532829500 08/31/22-23:45:51.736467
SID:	2829500
Source Port:	56509
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857691532829500 08/31/22-23:45:26.303054
SID:	2829500
Source Port:	57691
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861805532026737 08/31/22-23:45:26.598524
SID:	2026737
Source Port:	61805
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864800532026737 08/31/22-23:44:59.249276
SID:	2026737
Source Port:	64800
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854102532026737 08/31/22-23:45:43.158257
SID:	2026737
Source Port:	54102
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862541532829498 08/31/22-23:45:00.327889
SID:	2829498
Source Port:	62541
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860133532829500 08/31/22-23:44:29.726898
SID:	2829500
Source Port:	60133
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859339532026737 08/31/22-23:44:34.622255
SID:	2026737
Source Port:	59339
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860358532829500 08/31/22-23:45:11.129894
SID:	2829500
Source Port:	60358
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860171532026737 08/31/22-23:45:19.238395
SID:	2026737
Source Port:	60171
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852393532829498 08/31/22-23:45:33.441343
SID:	2829498
Source Port:	52393
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851891532026737 08/31/22-23:44:51.663811
SID:	2026737
Source Port:	51891
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856432532829500 08/31/22-23:45:04.211842
SID:	2829500
Source Port:	56432
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862038532829500 08/31/22-23:45:01.120775
SID:	2829500
Source Port:	62038
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863865532829500 08/31/22-23:43:31.097637
SID:	2829500
Source Port:	63865
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854334532026737 08/31/22-23:45:17.822080
SID:	2026737
Source Port:	54334
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854331532026737 08/31/22-23:45:17.760023
SID:	2026737
Source Port:	54331
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856753532829500 08/31/22-23:44:33.556718
SID:	2829500
Source Port:	56753
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854511532829498 08/31/22-23:44:53.195102
SID:	2829498
Source Port:	54511
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853051532829498 08/31/22-23:45:20.191618
SID:	2829498
Source Port:	53051
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862539532829498 08/31/22-23:45:00.266317
SID:	2829498
Source Port:	62539
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854492532829500 08/31/22-23:45:28.736488
SID:	2829500
Source Port:	54492
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856089532829500 08/31/22-23:43:52.075291
SID:	2829500
Source Port:	56089
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859968532829500 08/31/22-23:44:44.010316
SID:	2829500
Source Port:	59968
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859339532829500 08/31/22-23:45:29.745493
SID:	2829500
Source Port:	59339
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851777532829500 08/31/22-23:44:39.027584
SID:	2829500
Source Port:	51777
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856506532829500 08/31/22-23:45:51.673642
SID:	2829500
Source Port:	56506
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852483532026737 08/31/22-23:43:48.282565
SID:	2026737
Source Port:	52483
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853948532829498 08/31/22-23:43:50.969584
SID:	2829498
Source Port:	53948
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853195532829500 08/31/22-23:44:54.646933
SID:	2829500
Source Port:	53195
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862524532026737 08/31/22-23:44:02.627433
SID:	2026737
Source Port:	62524
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861611532829500 08/31/22-23:43:46.559519
SID:	2829500
Source Port:	61611
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857757532829498 08/31/22-23:44:41.083129
SID:	2829498
Source Port:	57757
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862961532829498 08/31/22-23:44:17.199822
SID:	2829498
Source Port:	62961
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.858160532026737 08/31/22-23:44:44.457604
SID:	2026737
Source Port:	58160
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.865046532829500 08/31/22-23:44:07.490248
SID:	2829500
Source Port:	65046
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851687532829498 08/31/22-23:45:15.269352
SID:	2829498
Source Port:	51687
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854491532829500 08/31/22-23:45:28.716622
SID:	2829500
Source Port:	54491
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853197532829500 08/31/22-23:44:54.685783
SID:	2829500
Source Port:	53197
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862947532829500 08/31/22-23:45:16.811046
SID:	2829500
Source Port:	62947
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853273532829498 08/31/22-23:45:27.934014
SID:	2829498
Source Port:	53273
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850808532829500 08/31/22-23:45:42.752242
SID:	2829500
Source Port:	50808
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856430532829500 08/31/22-23:45:04.173628
SID:	2829500
Source Port:	56430
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859227532026737 08/31/22-23:44:39.617895
SID:	2026737
Source Port:	59227
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851774532829500 08/31/22-23:44:38.969749
SID:	2829500
Source Port:	51774
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.849335532829498 08/31/22-23:44:43.471732
SID:	2829498
Source Port:	49335
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859970532829500 08/31/22-23:44:44.048963
SID:	2829500
Source Port:	59970
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850811532829500 08/31/22-23:45:42.813839
SID:	2829500
Source Port:	50811
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853945532829498 08/31/22-23:43:50.908833
SID:	2829498
Source Port:	53945
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861577532829498 08/31/22-23:45:43.934540
SID:	2829498
Source Port:	61577
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859795532026737 08/31/22-23:45:48.583140
SID:	2026737
Source Port:	59795
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854906532829500 08/31/22-23:43:39.979642
SID:	2829500
Source Port:	54906
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860695532829498 08/31/22-23:44:32.965263
SID:	2829498
Source Port:	60695
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857520532829500 08/31/22-23:44:26.402095
SID:	2829500
Source Port:	57520
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864933532829498 08/31/22-23:45:31.933353
SID:	2829498
Source Port:	64933
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851325532026737 08/31/22-23:44:27.416197
SID:	2026737
Source Port:	51325
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854204532829498 08/31/22-23:44:57.124925
SID:	2829498
Source Port:	54204
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859337532829500 08/31/22-23:45:29.704403
SID:	2829500
Source Port:	59337
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853049532829498 08/31/22-23:45:20.151836
SID:	2829498
Source Port:	53049
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850538532026737 08/31/22-23:45:24.374820
SID:	2026737
Source Port:	50538
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857692532829500 08/31/22-23:45:26.323011
SID:	2829500
Source Port:	57692
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862853532026737 08/31/22-23:44:23.460622
SID:	2026737
Source Port:	62853
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864407532829500 08/31/22-23:44:20.806285
SID:	2829500
Source Port:	64407
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864650532829498 08/31/22-23:44:48.868078
SID:	2829498
Source Port:	64650
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857057532829498 08/31/22-23:45:18.264695
SID:	2829498
Source Port:	57057
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863672532026737 08/31/22-23:45:02.641322
SID:	2026737
Source Port:	63672
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856300532026737 08/31/22-23:44:46.422476
SID:	2026737
Source Port:	56300
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861175532829498 08/31/22-23:45:03.248644
SID:	2829498
Source Port:	61175
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863503532829498 08/31/22-23:45:53.846708
SID:	2829498
Source Port:	63503
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853958532829498 08/31/22-23:45:45.853434
SID:	2829498
Source Port:	53958
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864963532829500 08/31/22-23:44:45.907609
SID:	2829500
Source Port:	64963
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863436532026737 08/31/22-23:45:30.030649
SID:	2026737
Source Port:	63436
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862443532829500 08/31/22-23:45:32.738675
SID:	2829500
Source Port:	62443
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862041532829500 08/31/22-23:45:01.185034
SID:	2829500
Source Port:	62041
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.855958532829498 08/31/22-23:44:24.955368
SID:	2829498
Source Port:	55958
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854315532829498 08/31/22-23:45:50.898635
SID:	2829498
Source Port:	54315
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856435532026737 08/31/22-23:45:05.709061
SID:	2026737
Source Port:	56435
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852484532026737 08/31/22-23:43:48.300604
SID:	2026737
Source Port:	52484
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.855961532829498 08/31/22-23:44:25.014723
SID:	2829498
Source Port:	55961
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856775532026737 08/31/22-23:45:34.651620
SID:	2026737
Source Port:	56775
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.849234532026737 08/31/22-23:44:09.071545
SID:	2026737
Source Port:	49234
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863258532829498 08/31/22-23:45:10.114400
SID:	2829498
Source Port:	63258
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860788532026737 08/31/22-23:45:45.053319
SID:	2026737
Source Port:	60788
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862226532829500 08/31/22-23:44:36.798472
SID:	2829500
Source Port:	62226
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859754532829500 08/31/22-23:44:14.128267
SID:	2829500
Source Port:	59754
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862913532829498 08/31/22-23:43:29.846372
SID:	2829498
Source Port:	62913
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854883532829498 08/31/22-23:45:07.190819
SID:	2829498
Source Port:	54883
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859967532829500 08/31/22-23:44:43.992635
SID:	2829500
Source Port:	59967
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854505532829500 08/31/22-23:44:51.004869
SID:	2829500
Source Port:	54505
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861835532829498 08/31/22-23:44:04.805216
SID:	2829498
Source Port:	61835
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859883532829498 08/31/22-23:43:58.553914
SID:	2829498
Source Port:	59883
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856754532829500 08/31/22-23:44:33.577050
SID:	2829500
Source Port:	56754
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862735532026737 08/31/22-23:44:30.963319
SID:	2026737
Source Port:	62735
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859534532026737 08/31/22-23:45:40.030175
SID:	2026737
Source Port:	59534
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859341532026737 08/31/22-23:44:34.662548
SID:	2026737
Source Port:	59341
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859338532026737 08/31/22-23:44:34.602119
SID:	2026737
Source Port:	59338
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864643532829500 08/31/22-23:45:18.822080
SID:	2829500
Source Port:	64643
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852730532026737 08/31/22-23:45:11.576227
SID:	2026737
Source Port:	52730
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851534532026737 08/31/22-23:43:41.673206
SID:	2026737
Source Port:	51534
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850345532829500 08/31/22-23:44:00.864997
SID:	2829500
Source Port:	50345
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851627532829500 08/31/22-23:45:44.253365
SID:	2829500
Source Port:	51627
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852727532026737 08/31/22-23:45:11.519431
SID:	2026737
Source Port:	52727
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862039532829500 08/31/22-23:45:01.138670
SID:	2829500
Source Port:	62039
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860169532026737 08/31/22-23:45:19.198459
SID:	2026737
Source Port:	60169
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860172532026737 08/31/22-23:45:19.258880
SID:	2026737
Source Port:	60172
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856066532026737 08/31/22-23:45:29.077449
SID:	2026737
Source Port:	56066
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862852532026737 08/31/22-23:44:23.440318
SID:	2026737
Source Port:	62852
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863267532026737 08/31/22-23:44:37.381873
SID:	2026737
Source Port:	63267
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.855299532829500 08/31/22-23:45:37.714101
SID:	2829500
Source Port:	55299
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854205532829498 08/31/22-23:44:57.145411
SID:	2829498
Source Port:	54205
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863988532026737 08/31/22-23:45:33.054662
SID:	2026737
Source Port:	63988
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854333532026737 08/31/22-23:45:17.804037
SID:	2026737
Source Port:	54333
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860778532829498 08/31/22-23:45:40.877620
SID:	2829498
Source Port:	60778
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852123532829500 08/31/22-23:45:13.882213
SID:	2829500
Source Port:	52123
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850809532829500 08/31/22-23:45:42.775516
SID:	2829500
Source Port:	50809
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859226532026737 08/31/22-23:44:39.597797
SID:	2026737
Source Port:	59226
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862442532829500 08/31/22-23:45:32.718407
SID:	2829500
Source Port:	62442
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854332532026737 08/31/22-23:45:17.784189
SID:	2026737
Source Port:	54332
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861576532829498 08/31/22-23:45:43.916183
SID:	2829498
Source Port:	61576
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857056532829498 08/31/22-23:45:18.246350
SID:	2829498
Source Port:	57056
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861233532829498 08/31/22-23:44:38.502415
SID:	2829498
Source Port:	61233
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856361532026737 08/31/22-23:44:42.430522
SID:	2026737
Source Port:	56361
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862948532829500 08/31/22-23:45:16.831038
SID:	2829500
Source Port:	62948
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861834532829498 08/31/22-23:44:04.785165
SID:	2829498
Source Port:	61834
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853594532829500 08/31/22-23:44:41.878318
SID:	2829500
Source Port:	53594
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854884532829498 08/31/22-23:45:07.210988
SID:	2829498
Source Port:	54884
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862522532026737 08/31/22-23:44:02.586427
SID:	2026737
Source Port:	62522
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850539532026737 08/31/22-23:45:24.397103
SID:	2026737
Source Port:	50539
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851596532829498 08/31/22-23:45:37.416090
SID:	2829498
Source Port:	51596
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859340532026737 08/31/22-23:44:34.642153
SID:	2026737
Source Port:	59340
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851593532829498 08/31/22-23:45:37.355426
SID:	2829498
Source Port:	51593
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.865047532829500 08/31/22-23:44:07.510331
SID:	2829500
Source Port:	65047
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862543532829498 08/31/22-23:43:34.588739
SID:	2829498
Source Port:	62543
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860357532829500 08/31/22-23:45:11.111963
SID:	2829500
Source Port:	60357
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862540532829498 08/31/22-23:45:00.304908
SID:	2829498
Source Port:	62540
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853946532829498 08/31/22-23:43:50.926739
SID:	2829498
Source Port:	53946
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851775532829500 08/31/22-23:44:38.988155
SID:	2829500
Source Port:	51775
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.849334532829498 08/31/22-23:44:43.443293
SID:	2829498
Source Port:	49334
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.855636532026737 08/31/22-23:45:55.399161
SID:	2026737
Source Port:	55636
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860385532829500 08/31/22-23:45:54.115289
SID:	2829500
Source Port:	60385
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861847532829498 08/31/22-23:45:29.427867
SID:	2829498
Source Port:	61847
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857095532829500 08/31/22-23:45:35.685539
SID:	2829500
Source Port:	57095
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863673532026737 08/31/22-23:45:02.662218
SID:	2026737
Source Port:	63673
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859722532026737 08/31/22-23:45:37.008989
SID:	2026737
Source Port:	59722
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853272532829498 08/31/22-23:45:27.910057
SID:	2829498
Source Port:	53272
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856774532026737 08/31/22-23:45:34.633210
SID:	2026737
Source Port:	56774
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854755532026737 08/31/22-23:45:14.500005
SID:	2026737
Source Port:	54755
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861093532829498 08/31/22-23:44:27.948801
SID:	2829498
Source Port:	61093
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862912532829498 08/31/22-23:43:29.827972
SID:	2829498
Source Port:	62912
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863435532026737 08/31/22-23:45:30.010284
SID:	2026737
Source Port:	63435
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859340532829500 08/31/22-23:45:29.765614
SID:	2829500
Source Port:	59340
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856090532829500 08/31/22-23:43:52.093457
SID:	2829500
Source Port:	56090
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857191532829500 08/31/22-23:45:34.298140
SID:	2829500
Source Port:	57191
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862444532829500 08/31/22-23:45:32.758993
SID:	2829500
Source Port:	62444
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.849508532829500 08/31/22-23:45:22.293889
SID:	2829500
Source Port:	49508
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.849336532829498 08/31/22-23:44:43.492294
SID:	2829498
Source Port:	49336
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854512532829498 08/31/22-23:44:53.215474
SID:	2829498
Source Port:	54512
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861174532829498 08/31/22-23:45:03.230028
SID:	2829498
Source Port:	61174
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850348532829500 08/31/22-23:44:00.930724
SID:	2829500
Source Port:	50348
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856755532829500 08/31/22-23:44:33.597404
SID:	2829500
Source Port:	56755
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850969532829498 08/31/22-23:45:24.845855
SID:	2829498
Source Port:	50969
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856550532026737 08/31/22-23:43:56.837414
SID:	2026737
Source Port:	56550
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861836532829498 08/31/22-23:44:04.825892
SID:	2829498
Source Port:	61836
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860135532829500 08/31/22-23:44:29.765194
SID:	2829500
Source Port:	60135
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850537532026737 08/31/22-23:45:24.354748
SID:	2026737
Source Port:	50537
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857693532829500 08/31/22-23:45:26.343034
SID:	2829500
Source Port:	57693
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854100532026737 08/31/22-23:45:43.119824
SID:	2026737
Source Port:	54100
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859338532829500 08/31/22-23:45:29.724262
SID:	2829500
Source Port:	59338
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856431532829500 08/31/22-23:45:04.193694
SID:	2829500
Source Port:	56431
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853274532829498 08/31/22-23:45:27.954080
SID:	2829498
Source Port:	53274
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857756532829498 08/31/22-23:44:41.063437
SID:	2829498
Source Port:	57756
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852122532829500 08/31/22-23:45:13.864005
SID:	2829500
Source Port:	52122
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863990532026737 08/31/22-23:45:33.098684
SID:	2026737
Source Port:	63990
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860694532829498 08/31/22-23:44:32.941274
SID:	2829498
Source Port:	60694
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856508532829500 08/31/22-23:45:51.716328
SID:	2829500
Source Port:	56508
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862946532829500 08/31/22-23:45:16.791073
SID:	2829500
Source Port:	62946
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854490532829500 08/31/22-23:45:28.698486
SID:	2829500
Source Port:	54490
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856362532026737 08/31/22-23:44:42.450740
SID:	2026737
Source Port:	56362
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852485532026737 08/31/22-23:43:48.319052
SID:	2026737
Source Port:	52485
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862962532829498 08/31/22-23:44:17.220032
SID:	2829498
Source Port:	62962
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863231532026737 08/31/22-23:43:32.324505
SID:	2026737
Source Port:	63231
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853048532829498 08/31/22-23:45:20.133745
SID:	2829498
Source Port:	53048
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864801532026737 08/31/22-23:44:59.269048
SID:	2026737
Source Port:	64801
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854756532026737 08/31/22-23:45:14.520580
SID:	2026737
Source Port:	54756
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862525532026737 08/31/22-23:44:02.647686
SID:	2026737
Source Port:	62525
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851688532829498 08/31/22-23:45:15.290256
SID:	2829498
Source Port:	51688
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856906532829498 08/31/22-23:45:34.910660
SID:	2829498
Source Port:	56906
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852560532829498 08/31/22-23:43:44.295389
SID:	2829498
Source Port:	52560
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850346532829500 08/31/22-23:44:00.886556
SID:	2829500
Source Port:	50346
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863500532829498 08/31/22-23:45:53.787672
SID:	2829498
Source Port:	63500
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860776532829498 08/31/22-23:45:40.839433
SID:	2829498
Source Port:	60776
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860779532829498 08/31/22-23:45:40.897866
SID:	2829498
Source Port:	60779
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860384532829500 08/31/22-23:45:54.095085
SID:	2829500
Source Port:	60384
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861092532829498 08/31/22-23:44:27.930612
SID:	2829498
Source Port:	61092
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852869532026737 08/31/22-23:44:15.578775
SID:	2026737
Source Port:	52869
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856088532829500 08/31/22-23:43:52.054951
SID:	2829500
Source Port:	56088
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851324532026737 08/31/22-23:44:27.397683
SID:	2026737
Source Port:	51324
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854510532829498 08/31/22-23:44:53.176959
SID:	2829498
Source Port:	54510
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863866532829500 08/31/22-23:43:31.119406
SID:	2829500
Source Port:	63866
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852395532829498 08/31/22-23:45:33.483017
SID:	2829498
Source Port:	52395
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851892532026737 08/31/22-23:44:51.684138
SID:	2026737
Source Port:	51892
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860356532829500 08/31/22-23:45:11.093877
SID:	2829500
Source Port:	60356
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861612532829500 08/31/22-23:43:46.582342
SID:	2829500
Source Port:	61612
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862960532829498 08/31/22-23:44:17.126999
SID:	2829498
Source Port:	62960
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857758532829498 08/31/22-23:44:41.103311
SID:	2829498
Source Port:	57758
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852120532829500 08/31/22-23:45:13.823401
SID:	2829500
Source Port:	52120
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853196532829500 08/31/22-23:44:54.665572
SID:	2829500
Source Port:	53196
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853593532829500 08/31/22-23:44:41.858327
SID:	2829500
Source Port:	53593
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863234532026737 08/31/22-23:43:32.383826
SID:	2026737
Source Port:	63234
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861846532829498 08/31/22-23:45:29.407811
SID:	2829498
Source Port:	61846
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851686532829498 08/31/22-23:45:15.249386
SID:	2829498
Source Port:	51686
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859721532026737 08/31/22-23:45:36.989137
SID:	2026737
Source Port:	59721
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863989532026737 08/31/22-23:45:33.076660
SID:	2026737
Source Port:	63989
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861232532829498 08/31/22-23:44:38.484716
SID:	2829498
Source Port:	61232
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860787532026737 08/31/22-23:45:45.033484
SID:	2026737
Source Port:	60787
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860012532026737 08/31/22-23:44:56.166001
SID:	2026737
Source Port:	60012
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854099532026737 08/31/22-23:45:43.099769
SID:	2026737
Source Port:	54099
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852558532829498 08/31/22-23:43:44.255164
SID:	2829498
Source Port:	52558
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862851532026737 08/31/22-23:44:23.422050
SID:	2026737
Source Port:	62851
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852718532829498 08/31/22-23:44:35.264599
SID:	2829498
Source Port:	52718
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857690532829500 08/31/22-23:45:26.285005
SID:	2829500
Source Port:	57690
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.855638532026737 08/31/22-23:45:55.435640
SID:	2026737
Source Port:	55638
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859225532026737 08/31/22-23:44:39.577699
SID:	2026737
Source Port:	59225
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854298532829500 08/31/22-23:45:08.637369
SID:	2829500
Source Port:	54298
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.849505532829500 08/31/22-23:45:22.198497
SID:	2829500
Source Port:	49505
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860132532829500 08/31/22-23:44:29.658619
SID:	2829500
Source Port:	60132
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862441532829500 08/31/22-23:45:32.697893
SID:	2829500
Source Port:	62441
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.853957532829498 08/31/22-23:45:45.835304
SID:	2829498
Source Port:	53957
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852720532829498 08/31/22-23:44:35.302792
SID:	2829498
Source Port:	52720
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863257532829498 08/31/22-23:45:10.094581
SID:	2829498
Source Port:	63257
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859628532026737 08/31/22-23:45:09.167178
SID:	2026737
Source Port:	59628
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.852392532829498 08/31/22-23:45:33.421298
SID:	2829498
Source Port:	52392
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860756532829500 08/31/22-23:45:46.235846
SID:	2829500
Source Port:	60756
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862542532829498 08/31/22-23:45:00.351749
SID:	2829498
Source Port:	62542
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862734532026737 08/31/22-23:44:30.902951
SID:	2026737
Source Port:	62734
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.860359532829500 08/31/22-23:45:11.147941
SID:	2829500
Source Port:	60359
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861806532026737 08/31/22-23:45:26.618513
SID:	2026737
Source Port:	61806
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856127532829498 08/31/22-23:44:10.627241
SID:	2829498
Source Port:	56127
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.861849532829498 08/31/22-23:45:29.468833
SID:	2829498
Source Port:	61849
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851533532026737 08/31/22-23:43:41.652498
SID:	2026737
Source Port:	51533
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857791532829498 08/31/22-23:44:45.522004
SID:	2829498
Source Port:	57791
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851594532829498 08/31/22-23:45:37.375783
SID:	2829498
Source Port:	51594
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.851625532829500 08/31/22-23:45:44.209571
SID:	2829500
Source Port:	51625
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862225532829500 08/31/22-23:44:36.774015
SID:	2829500
Source Port:	62225
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850254532829500 08/31/22-23:44:58.744615
SID:	2829500
Source Port:	50254
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859884532829498 08/31/22-23:43:58.574440
SID:	2829498
Source Port:	59884
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856067532026737 08/31/22-23:45:29.097446
SID:	2026737
Source Port:	56067
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863265532026737 08/31/22-23:44:37.342111
SID:	2026737
Source Port:	63265
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862914532829498 08/31/22-23:43:29.867951
SID:	2829498
Source Port:	62914
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857980532026737 08/31/22-23:45:53.013848
SID:	2026737
Source Port:	57980
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857189532829500 08/31/22-23:45:34.259006
SID:	2829500
Source Port:	57189
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859793532026737 08/31/22-23:45:48.538109
SID:	2026737
Source Port:	59793
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.858162532026737 08/31/22-23:44:44.497801
SID:	2026737
Source Port:	58162
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856064532026737 08/31/22-23:45:29.037586
SID:	2026737
Source Port:	56064
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859625532026737 08/31/22-23:45:09.112131
SID:	2026737
Source Port:	59625
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856772532026737 08/31/22-23:45:34.590480
SID:	2026737
Source Port:	56772
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857789532829498 08/31/22-23:44:45.480446
SID:	2829498
Source Port:	57789
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857097532829500 08/31/22-23:45:35.724078
SID:	2829500
Source Port:	57097
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859533532026737 08/31/22-23:45:40.011858
SID:	2026737
Source Port:	59533
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.864641532829500 08/31/22-23:45:18.781389
SID:	2829500
Source Port:	64641
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.850971532829498 08/31/22-23:45:24.890116
SID:	2829498
Source Port:	50971
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854882532829498 08/31/22-23:45:07.166788
SID:	2829498
Source Port:	54882
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854506532829500 08/31/22-23:44:51.025085
SID:	2829500
Source Port:	54506
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862634532829498 08/31/22-23:45:12.136668
SID:	2829498
Source Port:	62634
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857058532829498 08/31/22-23:45:18.283248
SID:	2829498
Source Port:	57058
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.859755532829500 08/31/22-23:44:14.146726
SID:	2829500
Source Port:	59755
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.863268532026737 08/31/22-23:44:37.399636
SID:	2026737
Source Port:	63268
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856299532026737 08/31/22-23:44:46.401563
SID:	2026737
Source Port:	56299
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.857517532829500 08/31/22-23:44:26.339554
SID:	2829500
Source Port:	57517
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 3 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.855297532829500 08/31/22-23:45:37.673787
SID:	2829500
Source Port:	55297
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.862737532026737 08/31/22-23:44:31.038440
SID:	2026737
Source Port:	62737
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.856436532026737 08/31/22-23:45:05.726984
SID:	2026737
Source Port:	56436
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.854314532829498 08/31/22-23:45:50.878483
SID:	2829498
Source Port:	54314
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed GandCrab Domain (gandcrab .bit) - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.849235532026737 08/31/22-23:44:09.091938
SID:	2026737
Source Port:	49235
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ETPRO TROJAN GandCrab DNS Lookup 1 - Source IP: 192.168.2.6 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.68.8.8.855960532829498 08/31/22-23:44:24.995544
SID:	2829498
Source Port:	55960
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: BUgAyPXboK.exe	Virustotal: Detection: 88%	Perma Link
Source: BUgAyPXboK.exe	Metadefender: Detection: 85%	Perma Link
Source: BUgAyPXboK.exe	ReversingLabs: Detection: 100%

Antivirus / Scanner detection for submitted sample

Source: BUgAyPXboK.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de	Avira URL Cloud: Label: malware
Source: http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe

Avira: detection malicious, Label: TR/Crypt.XPACK.Gen3

Machine Learning detection for sample

Source: BUgAyPXboK.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe

Joe Sandbox ML: detected

Source: 12.0.ykbxzh.exe.400000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen3
Source: 25.0.ykbxzh.exe.400000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen3
Source: 25.2.ykbxzh.exe.400000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen3
Source: 12.2.ykbxzh.exe.400000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen3
Source: 0.0.BUgAyPXboK.exe.400000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen3
Source: 0.2.BUgAyPXboK.exe.400000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen3

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_00405750 VirtualAlloc,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenA,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_00405D80 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW,
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_004048A0 Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_00407DB0 VirtualAlloc,CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_00405540 VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenW,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree,
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_00405050 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,_memset,lstrlenA,lstrlenA,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,MultiByteToWideChar,GetLastError,VirtualAlloc,VirtualFree,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError,
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_004048A0 Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_00405540 VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenW,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_00405750 VirtualAlloc,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenA,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_00405050 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,_memset,lstrlenA,lstrlenA,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,MultiByteToWideChar,GetLastError,VirtualAlloc,VirtualFree,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_00405D80 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_00407DB0 VirtualAlloc,CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_004048A0 Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_00405540 VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenW,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_00405750 VirtualAlloc,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenA,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_00405050 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,_memset,lstrlenA,lstrlenA,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,MultiByteToWideChar,GetLastError,VirtualAlloc,VirtualFree,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_00405D80 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_00407DB0 VirtualAlloc,CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,

Source: BUgAyPXboK.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: BUgAyPXboK.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: z:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: x:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: v:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: t:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: r:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: p:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: n:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: l:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: j:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: h:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: f:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: b:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: y:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: w:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: u:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: s:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: q:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: o:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: m:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: k:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: i:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: g:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: e:
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File opened: a:

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_004066F0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_004064A0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_004066F0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_004064A0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_004066F0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_004064A0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose,

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62912 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62913 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62914 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62915 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:63865 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:63866 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:63867 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:63868 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63231 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63232 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63233 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63234 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62540 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62541 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62542 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62543 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54905 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54906 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54907 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54908 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51532 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51533 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51534 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51535 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:52558 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:52559 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:52560 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:52561 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:61611 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:61612 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:61613 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:61614 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52483 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52484 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52485 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52486 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53945 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53946 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53947 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53948 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56088 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56089 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56090 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56091 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56549 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56550 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56551 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56552 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:59883 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:59884 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:59885 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:59886 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:50345 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:50346 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:50347 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:50348 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62522 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62523 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62524 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62525 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56571 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61834 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61835 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61836 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:65046 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:65047 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:65048 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:65049 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:49234 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:49235 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:49236 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:49237 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56125 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56126 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56127 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56128 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59754 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59755 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59756 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59757 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52867 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52868 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52869 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52870 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62960 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62961 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62962 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62963 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64406 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64407 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64408 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64409 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62850 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62851 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62852 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62853 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:55958 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:55959 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:55960 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:55961 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57517 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57518 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57519 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57520 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51323 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51324 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51325 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51326 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61091 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61092 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61093 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61094 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60132 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60133 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60134 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60135 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62734 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62735 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62736 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62737 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:60692 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:60693 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:60694 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:60695 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56752 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56753 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56754 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56755 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59338 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59339 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59340 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59341 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:52717 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:52718 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:52719 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:52720 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62223 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62224 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62225 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62226 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63265 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63266 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63267 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63268 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61231 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61232 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61233 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61234 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:51774 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:51775 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:51776 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:51777 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59224 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59225 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59226 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59227 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57756 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57757 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57758 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57759 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:53592 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:53593 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:53594 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:53595 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56360 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56361 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56362 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56363 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:49334 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:49335 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:49336 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:49337 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59967 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59968 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59969 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59970 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:58159 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:58160 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:58161 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:58162 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57788 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57789 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57790 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57791 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64963 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64964 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64965 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64966 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56297 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56298 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56299 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56300 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64649 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64650 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64651 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64652 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54505 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54506 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54507 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54508 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51889 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51890 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51891 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51892 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54510 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54511 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54512 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54513 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:53195 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:53196 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:53197 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:53198 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60010 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60011 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60012 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60013 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54202 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54203 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54204 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54205 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:50254 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:50255 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:50256 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:50257 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:64798 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:64799 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:64800 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:64801 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62539 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62038 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62039 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62040 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62041 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63672 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63673 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63674 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63675 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61172 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61173 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61174 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61175 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56429 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56430 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56431 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56432 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56433 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56434 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56435 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56436 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54881 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54882 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54883 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54884 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54298 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54299 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54300 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54301 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59625 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59626 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59627 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59628 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:63256 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:63257 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:63258 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:63259 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60356 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60357 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60358 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60359 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52727 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52728 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52729 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52730 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62633 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62634 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62635 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62636 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:52120 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:52121 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:52122 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:52123 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54754 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54755 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54756 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54757 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51686 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51687 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51688 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51689 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62946 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62947 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62948 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62949 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54331 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54332 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54333 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54334 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57056 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57057 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57058 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57059 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64640 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64641 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64642 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64643 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60169 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60170 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60171 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60172 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53048 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53049 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53050 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53051 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:49505 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:49506 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:49507 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:49508 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:50537 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:50538 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:50539 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:50540 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:50968 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:50969 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:50970 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:50971 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57690 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57691 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57692 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57693 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:61805 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:61806 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:61807 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:61808 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53271 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53272 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53273 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53274 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54490 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54491 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54492 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54493 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56064 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56065 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56066 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56067 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61846 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61847 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61848 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61849 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59337 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59338 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59339 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59340 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63435 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63436 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63437 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63438 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64931 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64932 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64933 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64934 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62441 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62442 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62443 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62444 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63987 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63988 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63989 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:63990 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:52392 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:52393 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:52394 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:52395 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57188 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57189 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57190 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57191 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56772 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56773 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56774 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56775 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56905 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56906 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56907 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56908 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57095 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57096 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57097 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:57098 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59721 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59722 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59723 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59724 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51593 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51594 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51595 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51596 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:55297 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:55298 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:55299 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:55300 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59531 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59532 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59533 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59534 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:60776 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:60777 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:60778 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:60779 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:50808 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:50809 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:50810 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:50811 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54099 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54100 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54101 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54102 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61575 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61576 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61577 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:61578 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:51624 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:51625 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:51626 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:51627 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60786 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60787 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60788 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60789 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53956 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53957 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53958 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53959 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60755 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60756 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60757 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60758 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59792 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59793 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59794 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:59795 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54312 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54313 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54314 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54315 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56506 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56507 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56508 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56509 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:57979 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:57980 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:57981 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:57982 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:63500 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:63501 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:63502 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:63503 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60383 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60384 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60385 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60386 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:55636 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:55637 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:55638 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:55639 -> 8.8.8.8:53

Contains functionality to determine the online IP of the system

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_004068F0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_004068F0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_004068F0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_004068F0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_004068F0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_004068F0 VirtualAlloc,VirtualAlloc,lstrlenW,lstrlenA,wsprintfW,VirtualFree,InternetCloseHandle, ipv4bot.whatismyipaddress.com

Found Tor onion address

Source: BUgAyPXboK.exe, 00000000.00000000.252253377.000000000040E000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de
Source: BUgAyPXboK.exe, 00000000.00000000.252253377.000000000040E000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de
Source: BUgAyPXboK.exe, 00000000.00000000.252253377.000000000040E000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de
Source: BUgAyPXboK.exe, 00000000.00000000.252253377.000000000040E000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de
Source: BUgAyPXboK.exe, 00000000.00000000.252253377.000000000040E000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de
Source: BUgAyPXboK.exe, 00000000.00000000.252253377.000000000040E000.00000008.00000001.01000000.00000003.sdmp	String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de
Source: BUgAyPXboK.exe, 00000000.00000002.584330728.000000000040E000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de
Source: BUgAyPXboK.exe, 00000000.00000002.584330728.000000000040E000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de
Source: BUgAyPXboK.exe, 00000000.00000002.584330728.000000000040E000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de
Source: BUgAyPXboK.exe, 00000000.00000002.584330728.000000000040E000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de
Source: BUgAyPXboK.exe, 00000000.00000002.584330728.000000000040E000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de
Source: BUgAyPXboK.exe, 00000000.00000002.584330728.000000000040E000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de
Source: ykbxzh.exe, 0000000C.00000002.292150068.0000000000412000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de
Source: ykbxzh.exe, 0000000C.00000002.292150068.0000000000412000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de
Source: ykbxzh.exe, 0000000C.00000002.292150068.0000000000412000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de
Source: ykbxzh.exe, 0000000C.00000002.292150068.0000000000412000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de
Source: ykbxzh.exe, 0000000C.00000002.292150068.0000000000412000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de
Source: ykbxzh.exe, 0000000C.00000002.292150068.0000000000412000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de
Source: ykbxzh.exe, 0000000C.00000000.289414377.000000000040E000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de
Source: ykbxzh.exe, 0000000C.00000000.289414377.000000000040E000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de
Source: ykbxzh.exe, 0000000C.00000000.289414377.000000000040E000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de
Source: ykbxzh.exe, 0000000C.00000000.289414377.000000000040E000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de
Source: ykbxzh.exe, 0000000C.00000000.289414377.000000000040E000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de
Source: ykbxzh.exe, 0000000C.00000000.289414377.000000000040E000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de
Source: ykbxzh.exe, 00000019.00000000.303643193.000000000040E000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de
Source: ykbxzh.exe, 00000019.00000000.303643193.000000000040E000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de
Source: ykbxzh.exe, 00000019.00000000.303643193.000000000040E000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de
Source: ykbxzh.exe, 00000019.00000000.303643193.000000000040E000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de
Source: ykbxzh.exe, 00000019.00000000.303643193.000000000040E000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de
Source: ykbxzh.exe, 00000019.00000000.303643193.000000000040E000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de
Source: ykbxzh.exe, 00000019.00000002.306381807.0000000000412000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de
Source: ykbxzh.exe, 00000019.00000002.306381807.0000000000412000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de
Source: ykbxzh.exe, 00000019.00000002.306381807.0000000000412000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de
Source: ykbxzh.exe, 00000019.00000002.306381807.0000000000412000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de
Source: ykbxzh.exe, 00000019.00000002.306381807.0000000000412000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de
Source: ykbxzh.exe, 00000019.00000002.306381807.0000000000412000.00000008.00000001.01000000.00000006.sdmp	String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de
Source: BUgAyPXboK.exe	String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de
Source: BUgAyPXboK.exe	String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de
Source: BUgAyPXboK.exe	String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de
Source: BUgAyPXboK.exe	String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de
Source: BUgAyPXboK.exe	String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de
Source: BUgAyPXboK.exe	String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de
Source: ykbxzh.exe.0.dr	String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de
Source: ykbxzh.exe.0.dr	String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de
Source: ykbxzh.exe.0.dr	String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de
Source: ykbxzh.exe.0.dr	String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de
Source: ykbxzh.exe.0.dr	String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de
Source: ykbxzh.exe.0.dr	String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de

Uses nslookup.exe to query domains

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru

May check the online IP address of the machine

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	DNS query: name: ipv4bot.whatismyipaddress.com
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	DNS query: name: ipv4bot.whatismyipaddress.com

Source: BUgAyPXboK.exe, ykbxzh.exe.0.dr	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de
Source: BUgAyPXboK.exe, ykbxzh.exe.0.dr	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de
Source: BUgAyPXboK.exe, ykbxzh.exe.0.dr	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de
Source: BUgAyPXboK.exe, ykbxzh.exe.0.dr	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de
Source: BUgAyPXboK.exe, ykbxzh.exe.0.dr	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de
Source: BUgAyPXboK.exe, ykbxzh.exe.0.dr	String found in binary or memory: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de
Source: BUgAyPXboK.exe, ykbxzh.exe.0.dr	String found in binary or memory: https://www.torproject.org/

Source: unknown

DNS traffic detected: queries for: ipv4bot.whatismyipaddress.com

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

Code function: 0_2_00407A00 lstrcatW,InternetCloseHandle,InternetConnectW,VirtualAlloc,wsprintfW,HttpOpenRequestW,HttpAddRequestHeadersW,HttpSendRequestW,InternetReadFile,InternetReadFile,GetLastError,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,VirtualFree,

Spam, unwanted Advertisements and Ransom Demands

Yara detected Gandcrab

Source: Yara match	File source: BUgAyPXboK.exe, type: SAMPLE
Source: Yara match	File source: 0.0.BUgAyPXboK.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.0.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.0.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.BUgAyPXboK.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.292150068.0000000000412000.00000008.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.306373977.000000000040E000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.252253377.000000000040E000.00000008.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000000.303643193.000000000040E000.00000008.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.289414377.000000000040E000.00000008.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.292144226.000000000040E000.00000004.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.306381807.0000000000412000.00000008.00000001.01000000.00000006.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.584330728.000000000040E000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: BUgAyPXboK.exe PID: 868, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ykbxzh.exe PID: 5500, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ykbxzh.exe PID: 4784, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe, type: DROPPED

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection,

Source: nslookup.exe

Process created: 44

System Summary

Malicious sample detected (through community Yara rule)

Source: BUgAyPXboK.exe, type: SAMPLE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0.0.BUgAyPXboK.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: 12.0.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: 12.2.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: 25.0.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: 25.2.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0.2.BUgAyPXboK.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe, type: DROPPED	Matched rule: Gandcrab Payload Author: kevoreilly

Source: BUgAyPXboK.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: BUgAyPXboK.exe, type: SAMPLE	Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: BUgAyPXboK.exe, type: SAMPLE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0.0.BUgAyPXboK.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0.0.BUgAyPXboK.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 12.0.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 12.0.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 12.2.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 12.2.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 25.0.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 25.2.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 25.0.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 25.2.ykbxzh.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0.2.BUgAyPXboK.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: 0.2.BUgAyPXboK.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe, type: DROPPED	Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe, type: DROPPED	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_00402000
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_00407EE0
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_00402000
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_00407EE0
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_00402000
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_00407EE0

Source: BUgAyPXboK.exe	Virustotal: Detection: 88%
Source: BUgAyPXboK.exe	Metadefender: Detection: 85%
Source: BUgAyPXboK.exe	ReversingLabs: Detection: 100%

Source: BUgAyPXboK.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\BUgAyPXboK.exe "C:\Users\user\Desktop\BUgAyPXboK.exe"
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe "C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe"
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe "C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe"
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe

Jump to behavior

Source: classification engine

Classification label: mal100.rans.troj.evad.winEXE@166/2@742/1

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

Code function: 0_2_00406D90 VirtualAlloc,VirtualAlloc,GetUserNameW,VirtualAlloc,GetComputerNameW,wsprintfW,VirtualAlloc,wsprintfW,VirtualAlloc,RegOpenKeyExW,RegQueryValueExW,GetLastError,RegCloseKey,VirtualFree,VirtualAlloc,VirtualAlloc,wsprintfW,RegOpenKeyExW,RegQueryValueExW,GetLastError,RegCloseKey,lstrcmpiW,wsprintfW,wsprintfW,VirtualFree,VirtualAlloc,VirtualAlloc,RegOpenKeyExW,RegQueryValueExW,GetLastError,RegCloseKey,wsprintfW,GetNativeSystemInfo,VirtualAlloc,wsprintfW,VirtualAlloc,VirtualAlloc,GetWindowsDirectoryW,GetVolumeInformationW,RegOpenKeyExW,RegQueryValueExW,GetLastError,RegCloseKey,lstrlenW,wsprintfW,lstrcatW,lstrcatW,GetModuleHandleW,GetProcAddress,lstrlenW,VirtualFree,lstrcatW,VirtualAlloc,GetDriveTypeW,lstrcatW,lstrcatW,lstrcatW,GetDiskFreeSpaceW,lstrlenW,wsprintfW,wsprintfW,lstrlenW,lstrlenW,wsprintfW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,VirtualFree,

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

Code function: 0_2_00404640 CreateToolhelp32Snapshot,VirtualAlloc,Process32FirstW,CloseHandle,lstrcmpiW,OpenProcess,TerminateProcess,CloseHandle,CloseHandle,CloseHandle,Process32NextW,VirtualFree,FindCloseChangeNotification,

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5336:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:812:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2688:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5340:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6040:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5896:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4772:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1676:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5500:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6128:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5276:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5588:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5928:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2608:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1908:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6088:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4628:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4856:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1572:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1964:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3244:120:WilError_01
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\pc_group=WORKGROUP&ransom_id=ff6866ce6d7bede6
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6052:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5940:120:WilError_01

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\nslookup.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: BUgAyPXboK.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

Code function: 0_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe

Jump to dropped file

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce cmskpbujpyb	Jump to behavior
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce cmskpbujpyb	Jump to behavior
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce cmskpbujpyb	Jump to behavior
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce cmskpbujpyb	Jump to behavior

Source: C:\Users\user\Desktop\BUgAyPXboK.exe TID: 4652	Thread sleep count: 116 > 30
Source: C:\Users\user\Desktop\BUgAyPXboK.exe TID: 4652	Thread sleep time: -1160000s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Evaded block: after key decision
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Evaded block: after key decision

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: EnumDeviceDrivers,K32EnumDeviceDrivers,VirtualAlloc,K32EnumDeviceDrivers,K32GetDeviceDriverBaseNameW,lstrcmpiW,VirtualFree,VirtualFree,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: EnumDeviceDrivers,EnumDeviceDrivers,VirtualAlloc,EnumDeviceDrivers,GetDeviceDriverBaseNameW,lstrcmpiW,VirtualFree,VirtualFree,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: EnumDeviceDrivers,EnumDeviceDrivers,VirtualAlloc,EnumDeviceDrivers,GetDeviceDriverBaseNameW,lstrcmpiW,VirtualFree,VirtualFree,

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_004066F0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Code function: 0_2_004064A0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_004066F0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 12_2_004064A0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_004066F0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Code function: 25_2_004064A0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose,

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

System information queried: ModuleInformation

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

Code function: 0_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

Code function: 0_2_00405050 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,_memset,lstrlenA,lstrlenA,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,MultiByteToWideChar,GetLastError,VirtualAlloc,VirtualFree,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError,

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

Code function: 0_2_00403A60 AllocateAndInitializeSid,GetModuleHandleA,GetProcAddress,FreeSid,

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

Code function: 0_2_00408BC0 cpuid

Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\Desktop\BUgAyPXboK.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: C:\Users\user\Desktop\BUgAyPXboK.exe

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
1 Replication Through Removable Media	2 Native API	1 Registry Run Keys / Startup Folder	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	1 Replication Through Removable Media	11 Archive Collected Data	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 Data Encrypted for Impact
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	11 Process Injection	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Software Packing	NTDS	11 Peripheral Device Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 Account Discovery	SSH	Keylogging	Data Transfer Size Limits	1 Proxy	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	1 System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	1 Remote System Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	2 System Network Configuration Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	1 System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Invalid Code Signature	Network Sniffing	1 File and Directory Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	Right-to-Left Override	Input Capture	44 System Information Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
BUgAyPXboK.exe	89%	Virustotal		Browse
BUgAyPXboK.exe	86%	Metadefender		Browse
BUgAyPXboK.exe	100%	ReversingLabs	Win32.Ransomware.GandCrab
BUgAyPXboK.exe	100%	Avira	TR/Crypt.XPACK.Gen3
BUgAyPXboK.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	100%	Avira	TR/Crypt.XPACK.Gen3
C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe	100%	Joe Sandbox ML

Unpacked PE Files

Source	Detection	Scanner	Label	Download
12.0.ykbxzh.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen3	Download File
25.0.ykbxzh.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen3	Download File
25.2.ykbxzh.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen3	Download File
12.2.ykbxzh.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen3	Download File
0.0.BUgAyPXboK.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen3	Download File
0.2.BUgAyPXboK.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen3	Download File

Domains

Source	Detection	Scanner	Link
emsisoft.bit	0%	Virustotal	Browse
nomoreransom.bit	1%	Virustotal	Browse
gandcrab.bit	2%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de	100%	Avira URL Cloud	malware
http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de	100%	Avira URL Cloud	phishing
http://gdcbghvjyqy7jclk.onion/e644d32fec6144de	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
emsisoft.bit	unknown	unknown	true	0%, Virustotal, Browse	unknown
ipv4bot.whatismyipaddress.com	unknown	unknown	false		high
nomoreransom.bit	unknown	unknown	true	1%, Virustotal, Browse	unknown
gandcrab.bit	unknown	unknown	true	2%, Virustotal, Browse	unknown
dns1.soprodns.ru	unknown	unknown	true		unknown
8.8.8.8.in-addr.arpa	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.torproject.org/	BUgAyPXboK.exe, ykbxzh.exe.0.dr	false		high
http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de	BUgAyPXboK.exe, ykbxzh.exe.0.dr	false		high
http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de	BUgAyPXboK.exe, ykbxzh.exe.0.dr	false		high
http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de	BUgAyPXboK.exe, ykbxzh.exe.0.dr	true	Avira URL Cloud: malware	unknown
http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de	BUgAyPXboK.exe, ykbxzh.exe.0.dr	true	Avira URL Cloud: phishing	unknown
http://gdcbghvjyqy7jclk.onion/e644d32fec6144de	BUgAyPXboK.exe, ykbxzh.exe.0.dr	true	Avira URL Cloud: safe	unknown
http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de	BUgAyPXboK.exe, ykbxzh.exe.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	35.0.0 Citrine
Analysis ID:	694553
Start date and time:	2022-08-31 23:42:21 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 50s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	BUgAyPXboK.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	63
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.rans.troj.evad.winEXE@166/2@742/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 100% (good quality ratio 96.9%) Quality average: 84.5% Quality standard deviation: 23.2%
HCA Information:	Successful, ratio: 99% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Adjust boot time Enable AMSI

Warnings

Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.82.154.241, 20.82.228.9
Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, client.wns.windows.com, rp-consumer-prod-displaycatalog-geomap.trafficmanager.net, fs.microsoft.com, eudb.ris.api.iris.microsoft.com, neus2c-displaycatalog.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net, neus1c-displaycatalog.frontdoor.bigcatalog.commerce.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
23:43:25	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce cmskpbujpyb "C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe"
23:43:29	API Interceptor	116x Sleep call for process: BUgAyPXboK.exe modified
23:43:35	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce cmskpbujpyb "C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe"

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\21c8026919fd094ab07ec3c180a9f210_d06ed635-68f6-4e9a-955c-4899f5f57b9a

Download File

Process:	C:\Users\user\Desktop\BUgAyPXboK.exe
File Type:	data
Category:	dropped
Size (bytes):	2221
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	8882037A0674A329B5AB8C870E58C422
SHA1:	FA2B896CE7908548EB54F6897A57DFCC9A333A49
SHA-256:	BF58499BF43BEC8D41F04779DAC5618A081455A657667C157DE019657224FEAD
SHA-512:	AAE711E67CAB35A320C533B2B939B1C171F9219B4813292F7CE0A64AF785679DDC23DBD61A3D31876558FA19C4E88D3DF845242C2210C226FB5D9D3DAECE6891
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe

Download File

Process:	C:\Users\user\Desktop\BUgAyPXboK.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	75264
Entropy (8bit):	4.804310863125555
Encrypted:	false
SSDEEP:	1536:4gSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:4MSjOnrmBbMqqMmr3IdE8we0Avu5r++N
MD5:	EE7A320AB14366D36D44CDC33B5E8238
SHA1:	744108B34CC6279D6FC78268EB8BA151BC3090AE
SHA-256:	B8333C93702F808152B0FA0F18A0CDC72E8F85B1BCC765F2AB1710A7F983B855
SHA-512:	E3F63DE252BBDD5A023789DD9DE9204B4996EAEC55422BF140E92EB6A0C0D5C93CF7977A52FC7FA7B971EF131BE423E20016EC6895E699C1EEE83CA4B88279D9
Malicious:	true
Yara Hits:	Rule: SUSP_RANSOMWARE_Indicator_Jul20, Description: Detects ransomware indicator, Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe, Author: Florian Roth Rule: JoeSecurity_Gandcrab, Description: Yara detected Gandcrab, Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe, Author: Joe Security Rule: Gandcrab, Description: Gandcrab Payload, Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe, Author: kevoreilly
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This .u....m cannot be run in DOS mode....$.......AU@..4...4...4..Ce...4..Ce...4...f...4...4...4...L...4...4/.4...f...4...f...4...f...4..Rich.4..................PE..L...].vZ.............................J............@..........................`............@.................................p........@.......................P.......................................................................................text............................... ..`.rdata..............................@....data........ ......................@....CRT.........0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	4.804404197820735
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	BUgAyPXboK.exe
File size:	75264
MD5:	dde91b6947d2b726e5bb8f5852cecb76
SHA1:	7d2467c4e65238599c5fd05641c628fb4252c7ca
SHA256:	eae8d675873bd846302263fdca95db805b560d3406ec964f76b2d4123f78b59a
SHA512:	d7c5a4ae4e4a641d0ec8c821ef6356d17b35fd52999b95c0b1b882587a7fb536407012203468644577ea6daeda913d1603d2c59034555ec1bce43973592704e8
SSDEEP:	1536:kgSeGDjtQhnwmmB0yjMqqUM2mr3IdE8mne0Avu5r++yy7CA7GcIaapavdv:kMSjOnrmBbMqqMmr3IdE8we0Avu5r++N
TLSH:	A67318053AE18133FAF2F9B265B869E1587B7E545B287ADF00E8043E19275E25D30B4F
File Content Preview:	MZ......................@...............................................!..L.!This ...X.1m cannot be run in DOS mode....$.......AU@..4...4...4..Ce...4..Ce...4...f...4...4...4...L...4...4/..4...f...4...f...4...f...4..Rich.4..................PE..L...].vZ...

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General

Entrypoint:	0x404af0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x5A76065D [Sat Feb 3 18:58:37 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	40306b615af659fc1f93cfb121cc38d9

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
call 00007F8528A3986Dh
push 00000000h
call dword ptr [00409168h]
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
push ebp
mov ebp, esp
sub esp, 5Ch
push esi
push 00000044h
lea eax, dword ptr [ebp-58h]
xorps xmm0, xmm0
push 00000000h
push eax
mov esi, ecx
movdqu dqword ptr [ebp-10h], xmm0
call 00007F8528A3DAC7h
mov eax, dword ptr [00412B0Ch]
add esp, 0Ch
mov dword ptr [ebp-18h], eax
mov dword ptr [ebp-1Ch], eax
mov eax, dword ptr [00412B08h]
or dword ptr [ebp-2Ch], 00000101h
mov dword ptr [ebp-20h], eax
xor eax, eax
mov word ptr [ebp-28h], ax
lea eax, dword ptr [ebp-10h]
push eax
lea eax, dword ptr [ebp-58h]
mov dword ptr [ebp-58h], 00000044h
push eax
push 00000000h
push 00000000h
push 00000000h
push 00000001h
push 00000000h
push 00000000h
push esi
push 00000000h
call dword ptr [00409164h]
test eax, eax
jne 00007F8528A39ACDh
call dword ptr [00409064h]
pop esi
mov esp, ebp
pop ebp
ret
push dword ptr [ebp-10h]
mov esi, dword ptr [0040910Ch]
call esi
push dword ptr [ebp-0Ch]
call esi
pop esi
mov esp, ebp
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
push ebp
mov ebp, esp
sub esp, 10h
movq xmm0, qword ptr [0040FF2Ch]
mov al, byte ptr [0040FF34h]
push ebx
mov ebx, dword ptr [ebp+08h]

Rich Headers

Programming Language:

[ C ] VS2013 build 21005
[IMP] VS2008 SP1 build 30729
[RES] VS2013 build 21005
[LNK] VS2013 build 21005

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x10970	0xb4	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x14000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x15000	0xab0	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8000	0x8000	False	0.439727783203125	data	5.762192122939682	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x9000	0x9000	0x8600	False	0.26437150186567165	data	3.71703192533741	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.data	0x12000	0x1000	0xc00	False	0.2613932291666667	data	3.15531156836296	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x13000	0x1000	0x200	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x14000	0x1000	0x200	False	0.52734375	data	4.710061382693063	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x15000	0x1000	0xc00	False	0.008138020833333334	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_MANIFEST	0x14060	0x17d	XML 1.0 document text	English	United States

Imports

DLL	Import
KERNEL32.dll	SetFilePointer, GetFileAttributesW, ReadFile, GetLastError, MoveFileW, lstrcpyW, SetFileAttributesW, CreateMutexW, GetDriveTypeW, VerSetConditionMask, WaitForSingleObject, GetTickCount, InitializeCriticalSection, OpenProcess, GetSystemDirectoryW, TerminateThread, Sleep, TerminateProcess, VerifyVersionInfoW, WaitForMultipleObjects, DeleteCriticalSection, ExpandEnvironmentStringsW, lstrlenW, SetHandleInformation, lstrcatA, MultiByteToWideChar, CreatePipe, lstrcmpiA, Process32NextW, CreateToolhelp32Snapshot, LeaveCriticalSection, EnterCriticalSection, FindFirstFileW, lstrcmpW, FindClose, FindNextFileW, GetNativeSystemInfo, GetComputerNameW, GetDiskFreeSpaceW, GetWindowsDirectoryW, GetVolumeInformationW, LoadLibraryA, lstrcmpiW, VirtualFree, CreateThread, CloseHandle, lstrcatW, CreateFileMappingW, ExitThread, CreateFileW, GetModuleFileNameW, WriteFile, GetModuleHandleW, UnmapViewOfFile, MapViewOfFile, GetFileSize, GetEnvironmentVariableW, lstrcpyA, GetModuleHandleA, VirtualAlloc, Process32FirstW, GetTempPathW, GetProcAddress, GetProcessHeap, HeapFree, HeapAlloc, lstrlenA, CreateProcessW, ExitProcess, IsProcessorFeaturePresent
USER32.dll	wsprintfW, TranslateMessage, RegisterClassExW, LoadIconW, SetWindowLongW, EndPaint, BeginPaint, LoadCursorW, GetMessageW, ShowWindow, CreateWindowExW, SendMessageW, DispatchMessageW, DefWindowProcW, UpdateWindow, GetForegroundWindow, DestroyWindow
GDI32.dll	TextOutW
ADVAPI32.dll	CryptExportKey, AllocateAndInitializeSid, RegSetValueExW, RegCreateKeyExW, RegCloseKey, CryptAcquireContextW, CryptGetKeyParam, CryptReleaseContext, CryptImportKey, CryptEncrypt, CryptGenKey, CryptDestroyKey, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, FreeSid
SHELL32.dll	SHGetSpecialFolderPathW, ShellExecuteExW, ShellExecuteW
CRYPT32.dll	CryptStringToBinaryA, CryptBinaryToStringA
WININET.dll	InternetCloseHandle, HttpAddRequestHeadersW, HttpSendRequestW, InternetConnectW, HttpOpenRequestW, InternetOpenW, InternetReadFile
PSAPI.DLL	EnumDeviceDrivers, GetDeviceDriverBaseNameW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.68.8.8.859531532026737 08/31/22-23:45:39.973829	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59531	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854507532829500 08/31/22-23:44:51.051028	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54507	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856433532026737 08/31/22-23:45:05.669170	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56433	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859724532026737 08/31/22-23:45:37.047109	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59724	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859626532026737 08/31/22-23:45:09.130817	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59626	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860383532829500 08/31/22-23:45:54.073595	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60383	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856298532026737 08/31/22-23:44:46.383892	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56298	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864965532829500 08/31/22-23:44:45.948752	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	64965	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862224532829500 08/31/22-23:44:36.753658	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62224	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861613532829500 08/31/22-23:43:46.602572	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	61613	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856363532026737 08/31/22-23:44:42.471272	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56363	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856507532829500 08/31/22-23:45:51.692352	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56507	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852121532829500 08/31/22-23:45:13.843635	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	52121	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863867532829500 08/31/22-23:43:31.143411	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	63867	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854513532829498 08/31/22-23:44:53.235786	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54513	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854757532026737 08/31/22-23:45:14.540780	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	54757	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850347532829500 08/31/22-23:44:00.906690	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	50347	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860134532829500 08/31/22-23:44:29.746960	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60134	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861173532829498 08/31/22-23:45:03.206529	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61173	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852486532026737 08/31/22-23:43:48.342534	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	52486	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864649532829498 08/31/22-23:44:48.847826	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	64649	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864798532026737 08/31/22-23:44:59.208494	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	64798	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863501532829498 08/31/22-23:45:53.807893	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	63501	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850968532829498 08/31/22-23:45:24.827189	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	50968	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862915532829498 08/31/22-23:43:29.888154	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62915	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863438532026737 08/31/22-23:45:30.070764	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63438	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852719532829498 08/31/22-23:44:35.284576	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	52719	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863675532026737 08/31/22-23:45:02.703986	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63675	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854493532829500 08/31/22-23:45:28.756602	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54493	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852729532026737 08/31/22-23:45:11.556204	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	52729	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860170532026737 08/31/22-23:45:19.218542	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	60170	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864409532829500 08/31/22-23:44:20.846616	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	64409	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850257532829500 08/31/22-23:44:58.802648	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	50257	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856551532026737 08/31/22-23:43:56.858808	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56551	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852870532026737 08/31/22-23:44:15.600002	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	52870	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.858159532026737 08/31/22-23:44:44.437835	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	58159	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856429532829500 08/31/22-23:45:04.151432	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56429	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859756532829500 08/31/22-23:44:14.164883	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	59756	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854881532829498 08/31/22-23:45:07.148628	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54881	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860693532829498 08/31/22-23:44:32.915750	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	60693	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.865048532829500 08/31/22-23:44:07.531291	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	65048	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862523532026737 08/31/22-23:44:02.606977	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	62523	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857788532829498 08/31/22-23:44:45.461187	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	57788	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854202532829498 08/31/22-23:44:57.085032	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54202	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859224532026737 08/31/22-23:44:39.557927	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59224	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862949532829500 08/31/22-23:45:16.848920	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62949	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864652532829498 08/31/22-23:44:48.958101	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	64652	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853271532829498 08/31/22-23:45:27.889217	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53271	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852867532026737 08/31/22-23:44:15.534930	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	52867	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851776532829500 08/31/22-23:44:39.007949	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	51776	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857059532829498 08/31/22-23:45:18.303571	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	57059	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857981532026737 08/31/22-23:45:53.032065	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	57981	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862850532026737 08/31/22-23:44:23.403881	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	62850	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853947532829498 08/31/22-23:43:50.950634	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53947	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857519532829500 08/31/22-23:44:26.384204	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57519	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854313532829498 08/31/22-23:45:50.857498	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54313	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856752532829500 08/31/22-23:44:33.536411	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56752	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859885532829498 08/31/22-23:43:58.594444	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	59885	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860757532829500 08/31/22-23:45:46.254203	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60757	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856549532026737 08/31/22-23:43:56.812959	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56549	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851890532026737 08/31/22-23:44:51.640850	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	51890	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850256532829500 08/31/22-23:44:58.782280	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	50256	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.855298532829500 08/31/22-23:45:37.693886	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	55298	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859969532829500 08/31/22-23:44:44.030720	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	59969	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.855639532026737 08/31/22-23:45:55.456580	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	55639	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851689532829498 08/31/22-23:45:15.310184	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	51689	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863232532026737 08/31/22-23:43:32.344833	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63232	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859757532829500 08/31/22-23:44:14.192618	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	59757	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857790532829498 08/31/22-23:44:45.500682	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	57790	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862963532829498 08/31/22-23:44:17.245311	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62963	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860786532026737 08/31/22-23:45:45.011230	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	60786	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863256532829498 08/31/22-23:45:10.074723	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	63256	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856065532026737 08/31/22-23:45:29.057624	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56065	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853050532829498 08/31/22-23:45:20.171719	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53050	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856552532026737 08/31/22-23:43:56.877030	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56552	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851626532829500 08/31/22-23:45:44.232922	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	51626	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859886532829498 08/31/22-23:43:58.614290	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	59886	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863266532026737 08/31/22-23:44:37.362093	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63266	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853956532829498 08/31/22-23:45:45.816937	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53956	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854301532829500 08/31/22-23:45:08.700152	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54301	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862636532829498 08/31/22-23:45:12.181439	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62636	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854101532026737 08/31/22-23:45:43.138088	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	54101	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.849237532026737 08/31/22-23:44:09.133303	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	49237	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860011532026737 08/31/22-23:44:56.144537	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	60011	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856128532829498 08/31/22-23:44:10.647184	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	56128	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859627532026737 08/31/22-23:45:09.148937	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59627	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.849507532829500 08/31/22-23:45:22.271617	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	49507	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854312532829498 08/31/22-23:45:50.836877	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54312	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.849337532829498 08/31/22-23:44:43.512238	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	49337	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856297532026737 08/31/22-23:44:46.363903	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56297	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857979532026737 08/31/22-23:45:52.995555	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	57979	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852394532829498 08/31/22-23:45:33.462720	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	52394	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861807532026737 08/31/22-23:45:26.638406	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	61807	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860692532829498 08/31/22-23:44:32.895962	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	60692	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857759532829498 08/31/22-23:44:41.121343	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	57759	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860789532026737 08/31/22-23:45:45.071628	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	60789	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857190532829500 08/31/22-23:45:34.277428	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57190	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857982532026737 08/31/22-23:45:53.052190	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	57982	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864931532829498 08/31/22-23:45:31.895021	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	64931	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856125532829498 08/31/22-23:44:10.587852	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	56125	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863259532829498 08/31/22-23:45:10.134383	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	63259	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864651532829498 08/31/22-23:44:48.937934	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	64651	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854908532829500 08/31/22-23:43:40.017875	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54908	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.855959532829498 08/31/22-23:44:24.973756	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	55959	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856907532829498 08/31/22-23:45:34.930944	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	56907	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853959532829498 08/31/22-23:45:45.873966	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53959	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861578532829498 08/31/22-23:45:43.955052	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61578	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861094532829498 08/31/22-23:44:27.968897	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61094	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857188532829500 08/31/22-23:45:34.238634	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57188	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859794532026737 08/31/22-23:45:48.558569	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59794	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851326532026737 08/31/22-23:44:27.434988	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	51326	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862040532829500 08/31/22-23:45:01.158698	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62040	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864640532829500 08/31/22-23:45:18.759264	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	64640	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854203532829498 08/31/22-23:44:57.105081	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54203	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851889532026737 08/31/22-23:44:51.620571	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	51889	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860010532026737 08/31/22-23:44:56.124573	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	60010	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863502532829498 08/31/22-23:45:53.826060	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	63502	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.858161532026737 08/31/22-23:44:44.475598	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	58161	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863437532026737 08/31/22-23:45:30.050806	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63437	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864964532829500 08/31/22-23:44:45.929172	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	64964	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853198532829500 08/31/22-23:44:54.703855	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	53198	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864934532829498 08/31/22-23:45:31.953591	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	64934	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851532532026737 08/31/22-23:43:41.630051	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	51532	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864408532829500 08/31/22-23:44:20.826579	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	64408	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850540532026737 08/31/22-23:45:24.416776	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	50540	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856434532026737 08/31/22-23:45:05.689287	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56434	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853595532829500 08/31/22-23:44:41.898667	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	53595	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854508532829500 08/31/22-23:44:51.075095	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54508	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857098532829500 08/31/22-23:45:35.742268	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57098	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854905532829500 08/31/22-23:43:39.956403	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54905	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864799532026737 08/31/22-23:44:59.228975	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	64799	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861614532829500 08/31/22-23:43:46.625363	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	61614	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862223532829500 08/31/22-23:44:36.732224	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62223	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850810532829500 08/31/22-23:45:42.795800	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	50810	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860758532829500 08/31/22-23:45:46.272226	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60758	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864406532829500 08/31/22-23:44:20.786154	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	64406	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864932532829498 08/31/22-23:45:31.915004	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	64932	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863868532829500 08/31/22-23:43:31.170740	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	63868	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864966532829500 08/31/22-23:44:45.968566	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	64966	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862635532829498 08/31/22-23:45:12.157482	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62635	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850970532829498 08/31/22-23:45:24.869816	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	50970	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860755532829500 08/31/22-23:45:46.217401	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60755	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864642532829500 08/31/22-23:45:18.801787	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	64642	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863987532026737 08/31/22-23:45:33.034613	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63987	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856091532829500 08/31/22-23:43:52.113643	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56091	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854300532829500 08/31/22-23:45:08.678590	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54300	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854907532829500 08/31/22-23:43:39.999758	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54907	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861234532829498 08/31/22-23:44:38.522132	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61234	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861172532829498 08/31/22-23:45:03.186618	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61172	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862736532026737 08/31/22-23:44:30.983637	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	62736	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859723532026737 08/31/22-23:45:37.029063	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59723	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.855300532829500 08/31/22-23:45:37.734665	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	55300	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850255532829500 08/31/22-23:44:58.762397	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	50255	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.849236532026737 08/31/22-23:44:09.112716	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	49236	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856908532829498 08/31/22-23:45:34.949400	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	56908	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860013532026737 08/31/22-23:44:56.185703	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	60013	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861808532026737 08/31/22-23:45:26.658197	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	61808	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851624532829500 08/31/22-23:45:44.191433	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	51624	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857518532829500 08/31/22-23:44:26.364052	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57518	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856360532026737 08/31/22-23:44:42.410727	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56360	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851535532026737 08/31/22-23:43:41.693076	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	51535	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852717532829498 08/31/22-23:44:35.238130	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	52717	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861231532829498 08/31/22-23:44:38.465975	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61231	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862633532829498 08/31/22-23:45:12.116146	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62633	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859532532026737 08/31/22-23:45:39.991955	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59532	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859792532026737 08/31/22-23:45:48.517877	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59792	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.855637532026737 08/31/22-23:45:55.417422	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	55637	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.849506532829500 08/31/22-23:45:22.251711	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	49506	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856773532026737 08/31/22-23:45:34.608670	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56773	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851323532026737 08/31/22-23:44:27.377732	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	51323	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856126532829498 08/31/22-23:44:10.607141	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	56126	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861575532829498 08/31/22-23:45:43.896304	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61575	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857096532829500 08/31/22-23:45:35.703871	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57096	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860777532829498 08/31/22-23:45:40.857769	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	60777	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852868532026737 08/31/22-23:44:15.557965	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	52868	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861091532829498 08/31/22-23:44:27.912765	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61091	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863233532026737 08/31/22-23:43:32.365334	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63233	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861848532829498 08/31/22-23:45:29.448150	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61848	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863674532026737 08/31/22-23:45:02.682245	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63674	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.865049532829500 08/31/22-23:44:07.555130	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	65049	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853592532829500 08/31/22-23:44:41.838524	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	53592	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851595532829498 08/31/22-23:45:37.395999	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	51595	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852561532829498 08/31/22-23:43:44.313767	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	52561	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860386532829500 08/31/22-23:45:54.135455	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60386	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854754532026737 08/31/22-23:45:14.478679	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	54754	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854299532829500 08/31/22-23:45:08.657968	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54299	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856905532829498 08/31/22-23:45:34.890654	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	56905	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852728532026737 08/31/22-23:45:11.538182	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	52728	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852559532829498 08/31/22-23:43:44.275226	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	52559	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856571532829498 08/31/22-23:44:04.765178	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	56571	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856509532829500 08/31/22-23:45:51.736467	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56509	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857691532829500 08/31/22-23:45:26.303054	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57691	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861805532026737 08/31/22-23:45:26.598524	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	61805	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864800532026737 08/31/22-23:44:59.249276	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	64800	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854102532026737 08/31/22-23:45:43.158257	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	54102	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862541532829498 08/31/22-23:45:00.327889	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62541	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860133532829500 08/31/22-23:44:29.726898	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60133	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859339532026737 08/31/22-23:44:34.622255	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59339	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860358532829500 08/31/22-23:45:11.129894	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60358	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860171532026737 08/31/22-23:45:19.238395	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	60171	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852393532829498 08/31/22-23:45:33.441343	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	52393	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851891532026737 08/31/22-23:44:51.663811	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	51891	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856432532829500 08/31/22-23:45:04.211842	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56432	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862038532829500 08/31/22-23:45:01.120775	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62038	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863865532829500 08/31/22-23:43:31.097637	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	63865	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854334532026737 08/31/22-23:45:17.822080	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	54334	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854331532026737 08/31/22-23:45:17.760023	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	54331	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856753532829500 08/31/22-23:44:33.556718	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56753	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854511532829498 08/31/22-23:44:53.195102	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54511	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853051532829498 08/31/22-23:45:20.191618	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53051	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862539532829498 08/31/22-23:45:00.266317	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62539	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854492532829500 08/31/22-23:45:28.736488	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54492	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856089532829500 08/31/22-23:43:52.075291	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56089	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859968532829500 08/31/22-23:44:44.010316	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	59968	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859339532829500 08/31/22-23:45:29.745493	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	59339	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851777532829500 08/31/22-23:44:39.027584	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	51777	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856506532829500 08/31/22-23:45:51.673642	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56506	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852483532026737 08/31/22-23:43:48.282565	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	52483	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853948532829498 08/31/22-23:43:50.969584	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53948	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853195532829500 08/31/22-23:44:54.646933	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	53195	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862524532026737 08/31/22-23:44:02.627433	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	62524	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861611532829500 08/31/22-23:43:46.559519	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	61611	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857757532829498 08/31/22-23:44:41.083129	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	57757	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862961532829498 08/31/22-23:44:17.199822	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62961	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.858160532026737 08/31/22-23:44:44.457604	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	58160	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.865046532829500 08/31/22-23:44:07.490248	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	65046	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851687532829498 08/31/22-23:45:15.269352	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	51687	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854491532829500 08/31/22-23:45:28.716622	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54491	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853197532829500 08/31/22-23:44:54.685783	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	53197	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862947532829500 08/31/22-23:45:16.811046	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62947	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853273532829498 08/31/22-23:45:27.934014	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53273	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850808532829500 08/31/22-23:45:42.752242	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	50808	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856430532829500 08/31/22-23:45:04.173628	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56430	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859227532026737 08/31/22-23:44:39.617895	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59227	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851774532829500 08/31/22-23:44:38.969749	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	51774	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.849335532829498 08/31/22-23:44:43.471732	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	49335	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859970532829500 08/31/22-23:44:44.048963	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	59970	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850811532829500 08/31/22-23:45:42.813839	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	50811	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853945532829498 08/31/22-23:43:50.908833	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53945	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861577532829498 08/31/22-23:45:43.934540	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61577	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859795532026737 08/31/22-23:45:48.583140	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59795	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854906532829500 08/31/22-23:43:39.979642	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54906	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860695532829498 08/31/22-23:44:32.965263	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	60695	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857520532829500 08/31/22-23:44:26.402095	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57520	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864933532829498 08/31/22-23:45:31.933353	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	64933	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851325532026737 08/31/22-23:44:27.416197	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	51325	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854204532829498 08/31/22-23:44:57.124925	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54204	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859337532829500 08/31/22-23:45:29.704403	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	59337	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853049532829498 08/31/22-23:45:20.151836	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53049	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850538532026737 08/31/22-23:45:24.374820	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	50538	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857692532829500 08/31/22-23:45:26.323011	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57692	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862853532026737 08/31/22-23:44:23.460622	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	62853	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864407532829500 08/31/22-23:44:20.806285	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	64407	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864650532829498 08/31/22-23:44:48.868078	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	64650	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857057532829498 08/31/22-23:45:18.264695	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	57057	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863672532026737 08/31/22-23:45:02.641322	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63672	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856300532026737 08/31/22-23:44:46.422476	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56300	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861175532829498 08/31/22-23:45:03.248644	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61175	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863503532829498 08/31/22-23:45:53.846708	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	63503	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853958532829498 08/31/22-23:45:45.853434	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53958	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864963532829500 08/31/22-23:44:45.907609	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	64963	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863436532026737 08/31/22-23:45:30.030649	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63436	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862443532829500 08/31/22-23:45:32.738675	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62443	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862041532829500 08/31/22-23:45:01.185034	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62041	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.855958532829498 08/31/22-23:44:24.955368	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	55958	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854315532829498 08/31/22-23:45:50.898635	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54315	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856435532026737 08/31/22-23:45:05.709061	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56435	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852484532026737 08/31/22-23:43:48.300604	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	52484	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.855961532829498 08/31/22-23:44:25.014723	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	55961	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856775532026737 08/31/22-23:45:34.651620	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56775	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.849234532026737 08/31/22-23:44:09.071545	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	49234	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863258532829498 08/31/22-23:45:10.114400	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	63258	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860788532026737 08/31/22-23:45:45.053319	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	60788	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862226532829500 08/31/22-23:44:36.798472	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62226	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859754532829500 08/31/22-23:44:14.128267	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	59754	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862913532829498 08/31/22-23:43:29.846372	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62913	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854883532829498 08/31/22-23:45:07.190819	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54883	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859967532829500 08/31/22-23:44:43.992635	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	59967	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854505532829500 08/31/22-23:44:51.004869	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54505	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861835532829498 08/31/22-23:44:04.805216	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61835	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859883532829498 08/31/22-23:43:58.553914	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	59883	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856754532829500 08/31/22-23:44:33.577050	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56754	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862735532026737 08/31/22-23:44:30.963319	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	62735	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859534532026737 08/31/22-23:45:40.030175	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59534	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859341532026737 08/31/22-23:44:34.662548	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59341	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859338532026737 08/31/22-23:44:34.602119	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59338	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864643532829500 08/31/22-23:45:18.822080	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	64643	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852730532026737 08/31/22-23:45:11.576227	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	52730	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851534532026737 08/31/22-23:43:41.673206	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	51534	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850345532829500 08/31/22-23:44:00.864997	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	50345	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851627532829500 08/31/22-23:45:44.253365	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	51627	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852727532026737 08/31/22-23:45:11.519431	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	52727	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862039532829500 08/31/22-23:45:01.138670	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62039	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860169532026737 08/31/22-23:45:19.198459	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	60169	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860172532026737 08/31/22-23:45:19.258880	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	60172	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856066532026737 08/31/22-23:45:29.077449	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56066	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862852532026737 08/31/22-23:44:23.440318	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	62852	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863267532026737 08/31/22-23:44:37.381873	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63267	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.855299532829500 08/31/22-23:45:37.714101	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	55299	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854205532829498 08/31/22-23:44:57.145411	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54205	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863988532026737 08/31/22-23:45:33.054662	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63988	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854333532026737 08/31/22-23:45:17.804037	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	54333	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860778532829498 08/31/22-23:45:40.877620	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	60778	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852123532829500 08/31/22-23:45:13.882213	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	52123	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850809532829500 08/31/22-23:45:42.775516	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	50809	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859226532026737 08/31/22-23:44:39.597797	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59226	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862442532829500 08/31/22-23:45:32.718407	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62442	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854332532026737 08/31/22-23:45:17.784189	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	54332	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861576532829498 08/31/22-23:45:43.916183	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61576	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857056532829498 08/31/22-23:45:18.246350	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	57056	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861233532829498 08/31/22-23:44:38.502415	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61233	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856361532026737 08/31/22-23:44:42.430522	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56361	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862948532829500 08/31/22-23:45:16.831038	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62948	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861834532829498 08/31/22-23:44:04.785165	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61834	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853594532829500 08/31/22-23:44:41.878318	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	53594	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854884532829498 08/31/22-23:45:07.210988	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54884	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862522532026737 08/31/22-23:44:02.586427	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	62522	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850539532026737 08/31/22-23:45:24.397103	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	50539	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851596532829498 08/31/22-23:45:37.416090	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	51596	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859340532026737 08/31/22-23:44:34.642153	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59340	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851593532829498 08/31/22-23:45:37.355426	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	51593	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.865047532829500 08/31/22-23:44:07.510331	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	65047	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862543532829498 08/31/22-23:43:34.588739	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62543	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860357532829500 08/31/22-23:45:11.111963	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60357	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862540532829498 08/31/22-23:45:00.304908	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62540	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853946532829498 08/31/22-23:43:50.926739	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53946	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851775532829500 08/31/22-23:44:38.988155	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	51775	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.849334532829498 08/31/22-23:44:43.443293	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	49334	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.855636532026737 08/31/22-23:45:55.399161	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	55636	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860385532829500 08/31/22-23:45:54.115289	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60385	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861847532829498 08/31/22-23:45:29.427867	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61847	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857095532829500 08/31/22-23:45:35.685539	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57095	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863673532026737 08/31/22-23:45:02.662218	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63673	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859722532026737 08/31/22-23:45:37.008989	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59722	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853272532829498 08/31/22-23:45:27.910057	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53272	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856774532026737 08/31/22-23:45:34.633210	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56774	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854755532026737 08/31/22-23:45:14.500005	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	54755	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861093532829498 08/31/22-23:44:27.948801	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61093	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862912532829498 08/31/22-23:43:29.827972	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62912	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863435532026737 08/31/22-23:45:30.010284	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63435	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859340532829500 08/31/22-23:45:29.765614	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	59340	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856090532829500 08/31/22-23:43:52.093457	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56090	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857191532829500 08/31/22-23:45:34.298140	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57191	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862444532829500 08/31/22-23:45:32.758993	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62444	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.849508532829500 08/31/22-23:45:22.293889	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	49508	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.849336532829498 08/31/22-23:44:43.492294	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	49336	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854512532829498 08/31/22-23:44:53.215474	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54512	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861174532829498 08/31/22-23:45:03.230028	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61174	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850348532829500 08/31/22-23:44:00.930724	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	50348	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856755532829500 08/31/22-23:44:33.597404	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56755	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850969532829498 08/31/22-23:45:24.845855	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	50969	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856550532026737 08/31/22-23:43:56.837414	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56550	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861836532829498 08/31/22-23:44:04.825892	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61836	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860135532829500 08/31/22-23:44:29.765194	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60135	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850537532026737 08/31/22-23:45:24.354748	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	50537	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857693532829500 08/31/22-23:45:26.343034	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57693	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854100532026737 08/31/22-23:45:43.119824	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	54100	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859338532829500 08/31/22-23:45:29.724262	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	59338	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856431532829500 08/31/22-23:45:04.193694	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56431	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853274532829498 08/31/22-23:45:27.954080	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53274	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857756532829498 08/31/22-23:44:41.063437	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	57756	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852122532829500 08/31/22-23:45:13.864005	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	52122	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863990532026737 08/31/22-23:45:33.098684	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63990	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860694532829498 08/31/22-23:44:32.941274	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	60694	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856508532829500 08/31/22-23:45:51.716328	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56508	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862946532829500 08/31/22-23:45:16.791073	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62946	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854490532829500 08/31/22-23:45:28.698486	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54490	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856362532026737 08/31/22-23:44:42.450740	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56362	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852485532026737 08/31/22-23:43:48.319052	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	52485	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862962532829498 08/31/22-23:44:17.220032	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62962	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863231532026737 08/31/22-23:43:32.324505	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63231	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853048532829498 08/31/22-23:45:20.133745	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53048	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864801532026737 08/31/22-23:44:59.269048	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	64801	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854756532026737 08/31/22-23:45:14.520580	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	54756	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862525532026737 08/31/22-23:44:02.647686	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	62525	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851688532829498 08/31/22-23:45:15.290256	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	51688	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856906532829498 08/31/22-23:45:34.910660	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	56906	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852560532829498 08/31/22-23:43:44.295389	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	52560	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850346532829500 08/31/22-23:44:00.886556	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	50346	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863500532829498 08/31/22-23:45:53.787672	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	63500	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860776532829498 08/31/22-23:45:40.839433	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	60776	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860779532829498 08/31/22-23:45:40.897866	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	60779	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860384532829500 08/31/22-23:45:54.095085	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60384	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861092532829498 08/31/22-23:44:27.930612	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61092	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852869532026737 08/31/22-23:44:15.578775	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	52869	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856088532829500 08/31/22-23:43:52.054951	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	56088	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851324532026737 08/31/22-23:44:27.397683	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	51324	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854510532829498 08/31/22-23:44:53.176959	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54510	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863866532829500 08/31/22-23:43:31.119406	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	63866	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852395532829498 08/31/22-23:45:33.483017	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	52395	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851892532026737 08/31/22-23:44:51.684138	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	51892	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860356532829500 08/31/22-23:45:11.093877	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60356	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861612532829500 08/31/22-23:43:46.582342	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	61612	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862960532829498 08/31/22-23:44:17.126999	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62960	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857758532829498 08/31/22-23:44:41.103311	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	57758	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852120532829500 08/31/22-23:45:13.823401	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	52120	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853196532829500 08/31/22-23:44:54.665572	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	53196	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853593532829500 08/31/22-23:44:41.858327	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	53593	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863234532026737 08/31/22-23:43:32.383826	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63234	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861846532829498 08/31/22-23:45:29.407811	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61846	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851686532829498 08/31/22-23:45:15.249386	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	51686	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859721532026737 08/31/22-23:45:36.989137	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59721	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863989532026737 08/31/22-23:45:33.076660	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63989	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861232532829498 08/31/22-23:44:38.484716	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61232	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860787532026737 08/31/22-23:45:45.033484	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	60787	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860012532026737 08/31/22-23:44:56.166001	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	60012	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854099532026737 08/31/22-23:45:43.099769	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	54099	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852558532829498 08/31/22-23:43:44.255164	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	52558	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862851532026737 08/31/22-23:44:23.422050	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	62851	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852718532829498 08/31/22-23:44:35.264599	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	52718	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857690532829500 08/31/22-23:45:26.285005	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57690	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.855638532026737 08/31/22-23:45:55.435640	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	55638	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859225532026737 08/31/22-23:44:39.577699	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59225	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854298532829500 08/31/22-23:45:08.637369	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54298	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.849505532829500 08/31/22-23:45:22.198497	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	49505	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860132532829500 08/31/22-23:44:29.658619	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60132	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862441532829500 08/31/22-23:45:32.697893	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62441	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.853957532829498 08/31/22-23:45:45.835304	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	53957	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852720532829498 08/31/22-23:44:35.302792	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	52720	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863257532829498 08/31/22-23:45:10.094581	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	63257	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859628532026737 08/31/22-23:45:09.167178	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59628	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.852392532829498 08/31/22-23:45:33.421298	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	52392	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860756532829500 08/31/22-23:45:46.235846	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60756	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862542532829498 08/31/22-23:45:00.351749	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62542	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862734532026737 08/31/22-23:44:30.902951	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	62734	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.860359532829500 08/31/22-23:45:11.147941	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	60359	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861806532026737 08/31/22-23:45:26.618513	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	61806	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856127532829498 08/31/22-23:44:10.627241	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	56127	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.861849532829498 08/31/22-23:45:29.468833	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	61849	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851533532026737 08/31/22-23:43:41.652498	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	51533	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857791532829498 08/31/22-23:44:45.522004	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	57791	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851594532829498 08/31/22-23:45:37.375783	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	51594	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.851625532829500 08/31/22-23:45:44.209571	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	51625	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862225532829500 08/31/22-23:44:36.774015	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	62225	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850254532829500 08/31/22-23:44:58.744615	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	50254	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859884532829498 08/31/22-23:43:58.574440	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	59884	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856067532026737 08/31/22-23:45:29.097446	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56067	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863265532026737 08/31/22-23:44:37.342111	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63265	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862914532829498 08/31/22-23:43:29.867951	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62914	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857980532026737 08/31/22-23:45:53.013848	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	57980	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857189532829500 08/31/22-23:45:34.259006	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57189	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859793532026737 08/31/22-23:45:48.538109	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59793	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.858162532026737 08/31/22-23:44:44.497801	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	58162	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856064532026737 08/31/22-23:45:29.037586	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56064	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859625532026737 08/31/22-23:45:09.112131	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59625	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856772532026737 08/31/22-23:45:34.590480	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56772	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857789532829498 08/31/22-23:44:45.480446	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	57789	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857097532829500 08/31/22-23:45:35.724078	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57097	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859533532026737 08/31/22-23:45:40.011858	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	59533	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.864641532829500 08/31/22-23:45:18.781389	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	64641	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.850971532829498 08/31/22-23:45:24.890116	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	50971	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854882532829498 08/31/22-23:45:07.166788	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54882	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854506532829500 08/31/22-23:44:51.025085	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	54506	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862634532829498 08/31/22-23:45:12.136668	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	62634	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857058532829498 08/31/22-23:45:18.283248	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	57058	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.859755532829500 08/31/22-23:44:14.146726	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	59755	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.863268532026737 08/31/22-23:44:37.399636	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	63268	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856299532026737 08/31/22-23:44:46.401563	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56299	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.857517532829500 08/31/22-23:44:26.339554	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	57517	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.855297532829500 08/31/22-23:45:37.673787	UDP	2829500	ETPRO TROJAN GandCrab DNS Lookup 3	55297	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.862737532026737 08/31/22-23:44:31.038440	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	62737	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.856436532026737 08/31/22-23:45:05.726984	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	56436	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.854314532829498 08/31/22-23:45:50.878483	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	54314	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.849235532026737 08/31/22-23:44:09.091938	UDP	2026737	ET TROJAN Observed GandCrab Domain (gandcrab .bit)	49235	53	192.168.2.6	8.8.8.8
192.168.2.68.8.8.855960532829498 08/31/22-23:44:24.995544	UDP	2829498	ETPRO TROJAN GandCrab DNS Lookup 1	55960	53	192.168.2.6	8.8.8.8

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 31, 2022 23:43:28.189418077 CEST	65198	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:28.208646059 CEST	53	65198	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:29.258124113 CEST	62910	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:29.787338972 CEST	53	62910	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:29.807944059 CEST	62911	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:29.826931000 CEST	53	62911	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:29.827971935 CEST	62912	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:29.845730066 CEST	53	62912	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:29.846371889 CEST	62913	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:29.865859032 CEST	53	62913	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:29.867950916 CEST	62914	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:29.887485027 CEST	53	62914	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:29.888154030 CEST	62915	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:29.907727003 CEST	53	62915	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:31.034406900 CEST	63863	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:31.062170982 CEST	53	63863	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:31.077511072 CEST	63864	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:31.096620083 CEST	53	63864	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:31.097636938 CEST	63865	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:31.118815899 CEST	53	63865	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:31.119405985 CEST	63866	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:31.139120102 CEST	53	63866	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:31.143410921 CEST	63867	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:31.163194895 CEST	53	63867	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:31.170739889 CEST	63868	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:31.188503981 CEST	53	63868	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:32.248059988 CEST	63229	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:32.284269094 CEST	53	63229	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:32.306555986 CEST	63230	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:32.323657990 CEST	53	63230	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:32.324505091 CEST	63231	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:32.344270945 CEST	53	63231	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:32.344832897 CEST	63232	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:32.364722967 CEST	53	63232	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:32.365334034 CEST	63233	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:32.383225918 CEST	53	63233	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:32.383826017 CEST	63234	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:32.403651953 CEST	53	63234	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:34.200436115 CEST	62538	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:34.281522036 CEST	53	62538	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:34.401488066 CEST	62539	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:34.420568943 CEST	53	62539	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:34.487617016 CEST	62540	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:34.507476091 CEST	53	62540	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:34.508060932 CEST	62541	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:34.527868986 CEST	53	62541	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:34.528575897 CEST	62542	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:34.548209906 CEST	53	62542	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:34.588738918 CEST	62543	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:34.608354092 CEST	53	62543	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:38.385130882 CEST	54903	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:39.376049042 CEST	54903	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:39.915618896 CEST	53	54903	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:39.936307907 CEST	54904	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:39.955585957 CEST	53	54904	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:39.956403017 CEST	54905	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:39.976094961 CEST	53	54905	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:39.979641914 CEST	54906	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:39.999306917 CEST	53	54906	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:39.999758005 CEST	54907	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:40.017430067 CEST	53	54907	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:40.017874956 CEST	54908	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:40.037492037 CEST	53	54908	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:41.553627014 CEST	51530	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:41.581630945 CEST	53	51530	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:41.610330105 CEST	51531	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:41.629317045 CEST	53	51531	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:41.630050898 CEST	51532	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:41.647600889 CEST	53	51532	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:41.652498007 CEST	51533	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:41.672156096 CEST	53	51533	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:41.673206091 CEST	51534	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:41.692521095 CEST	53	51534	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:41.693075895 CEST	51535	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:41.712446928 CEST	53	51535	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:42.090478897 CEST	53	54903	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:43.030864954 CEST	56122	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:44.065428972 CEST	56122	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:44.188271999 CEST	53	56122	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:44.235419989 CEST	52557	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:44.254477024 CEST	53	52557	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:44.255163908 CEST	52558	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:44.274674892 CEST	53	52558	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:44.275226116 CEST	52559	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:44.294872999 CEST	53	52559	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:44.295388937 CEST	52560	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:44.312819958 CEST	53	52560	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:44.313766956 CEST	52561	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:44.331306934 CEST	53	52561	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:44.684417009 CEST	53	56122	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:45.478450060 CEST	61609	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:46.473700047 CEST	61609	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:46.499958038 CEST	53	61609	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:46.510267019 CEST	53	61609	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:46.532617092 CEST	61610	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:46.551563978 CEST	53	61610	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:46.559519053 CEST	61611	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:46.579423904 CEST	53	61611	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:46.582341909 CEST	61612	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:46.602025032 CEST	53	61612	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:46.602571964 CEST	61613	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:46.622019053 CEST	53	61613	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:46.625363111 CEST	61614	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:46.644733906 CEST	53	61614	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:47.643717051 CEST	52481	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:48.172422886 CEST	53	52481	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:48.262540102 CEST	52482	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:48.281683922 CEST	53	52482	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:48.282565117 CEST	52483	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:48.299957037 CEST	53	52483	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:48.300604105 CEST	52484	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:48.318428040 CEST	53	52484	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:48.319051981 CEST	52485	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:48.336926937 CEST	53	52485	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:48.342534065 CEST	52486	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:48.362144947 CEST	53	52486	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:49.251065969 CEST	53943	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:50.267714977 CEST	53943	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:50.869615078 CEST	53	53943	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:50.879436016 CEST	53	53943	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:50.891069889 CEST	53944	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:50.908133030 CEST	53	53944	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:50.908833027 CEST	53945	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:50.926266909 CEST	53	53945	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:50.926738977 CEST	53946	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:50.948179960 CEST	53	53946	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:50.950634003 CEST	53947	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:50.969118118 CEST	53	53947	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:50.969583988 CEST	53948	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:50.989043951 CEST	53	53948	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:51.967856884 CEST	56086	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:51.996550083 CEST	53	56086	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:52.034921885 CEST	56087	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:52.054335117 CEST	53	56087	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:52.054950953 CEST	56088	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:52.074793100 CEST	53	56088	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:52.075290918 CEST	56089	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:52.092959881 CEST	53	56089	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:52.093456984 CEST	56090	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:52.113110065 CEST	53	56090	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:52.113642931 CEST	56091	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:52.131578922 CEST	53	56091	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:55.712802887 CEST	56547	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:56.705502987 CEST	56547	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:56.771748066 CEST	53	56547	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:56.792910099 CEST	56548	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:56.812232018 CEST	53	56548	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:56.812958956 CEST	56549	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:56.832400084 CEST	53	56549	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:56.837414026 CEST	56550	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:56.856908083 CEST	53	56550	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:56.858808041 CEST	56551	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:56.876498938 CEST	53	56551	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:56.877029896 CEST	56552	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:56.897021055 CEST	53	56552	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:57.493695974 CEST	53	56547	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:58.408860922 CEST	59881	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:58.437196016 CEST	53	59881	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:58.533785105 CEST	59882	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:58.552953005 CEST	53	59882	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:58.553914070 CEST	59883	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:58.573885918 CEST	53	59883	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:58.574440002 CEST	59884	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:58.593951941 CEST	53	59884	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:58.594444036 CEST	59885	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:58.613837957 CEST	53	59885	8.8.8.8	192.168.2.6
Aug 31, 2022 23:43:58.614289999 CEST	59886	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:43:58.632070065 CEST	53	59886	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:00.717885971 CEST	50343	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:00.746181965 CEST	53	50343	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:00.844788074 CEST	50344	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:00.862198114 CEST	53	50344	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:00.864996910 CEST	50345	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:00.885832071 CEST	53	50345	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:00.886555910 CEST	50346	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:00.906203032 CEST	53	50346	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:00.906689882 CEST	50347	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:00.926271915 CEST	53	50347	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:00.930723906 CEST	50348	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:00.950309992 CEST	53	50348	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:02.461639881 CEST	62520	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:02.498614073 CEST	53	62520	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:02.566622972 CEST	62521	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:02.585666895 CEST	53	62521	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:02.586426973 CEST	62522	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:02.606394053 CEST	53	62522	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:02.606976986 CEST	62523	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:02.626574039 CEST	53	62523	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:02.627433062 CEST	62524	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:02.647193909 CEST	53	62524	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:02.647686005 CEST	62525	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:02.667031050 CEST	53	62525	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:04.089490891 CEST	55629	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:04.712783098 CEST	53	55629	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:04.744563103 CEST	56570	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:04.763520956 CEST	53	56570	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:04.765177965 CEST	56571	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:04.784681082 CEST	53	56571	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:04.785165071 CEST	61834	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:04.804680109 CEST	53	61834	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:04.805216074 CEST	61835	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:04.822841883 CEST	53	61835	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:04.825891972 CEST	61836	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:04.843600988 CEST	53	61836	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:06.382621050 CEST	65044	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:07.378031969 CEST	65044	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:07.404920101 CEST	53	65044	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:07.470320940 CEST	65045	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:07.489322901 CEST	53	65045	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:07.490247965 CEST	65046	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:07.509794950 CEST	53	65046	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:07.510330915 CEST	65047	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:07.529654026 CEST	53	65047	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:07.531291008 CEST	65048	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:07.550762892 CEST	53	65048	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:07.555130005 CEST	65049	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:07.574573040 CEST	53	65049	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:07.958069086 CEST	53	65044	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:08.953820944 CEST	49232	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:09.030044079 CEST	53	49232	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:09.053752899 CEST	49233	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:09.070871115 CEST	53	49233	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:09.071544886 CEST	49234	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:09.089035034 CEST	53	49234	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:09.091938019 CEST	49235	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:09.112163067 CEST	53	49235	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:09.112715960 CEST	49236	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:09.132690907 CEST	53	49236	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:09.133302927 CEST	49237	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:09.151197910 CEST	53	49237	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:10.494071960 CEST	56123	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:10.521003008 CEST	53	56123	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:10.565339088 CEST	56124	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:10.584431887 CEST	53	56124	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:10.587852001 CEST	56125	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:10.605585098 CEST	53	56125	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:10.607141018 CEST	56126	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:10.625139952 CEST	53	56126	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:10.627240896 CEST	56127	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:10.645028114 CEST	53	56127	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:10.647183895 CEST	56128	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:10.664766073 CEST	53	56128	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:13.952435970 CEST	59752	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:14.085079908 CEST	53	59752	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:14.108444929 CEST	59753	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:14.127676010 CEST	53	59753	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:14.128267050 CEST	59754	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:14.146212101 CEST	53	59754	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:14.146725893 CEST	59755	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:14.164454937 CEST	53	59755	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:14.164882898 CEST	59756	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:14.184348106 CEST	53	59756	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:14.192617893 CEST	59757	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:14.210242033 CEST	53	59757	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:15.463445902 CEST	52865	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:15.491667032 CEST	53	52865	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:15.515043020 CEST	52866	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:15.534033060 CEST	53	52866	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:15.534929991 CEST	52867	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:15.554707050 CEST	53	52867	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:15.557965040 CEST	52868	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:15.578181982 CEST	53	52868	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:15.578774929 CEST	52869	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:15.598711014 CEST	53	52869	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:15.600002050 CEST	52870	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:15.619543076 CEST	53	52870	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:17.033523083 CEST	62958	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:17.061666965 CEST	53	62958	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:17.107180119 CEST	62959	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:17.126076937 CEST	53	62959	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:17.126998901 CEST	62960	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:17.199198961 CEST	53	62960	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:17.199821949 CEST	62961	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:17.219321012 CEST	53	62961	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:17.220031977 CEST	62962	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:17.244647026 CEST	53	62962	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:17.245311022 CEST	62963	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:17.262830019 CEST	53	62963	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:18.446585894 CEST	64404	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:19.514300108 CEST	64404	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:20.504131079 CEST	64404	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:20.621330023 CEST	53	64404	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:20.672352076 CEST	53	64404	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:20.766475916 CEST	64405	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:20.785567999 CEST	53	64405	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:20.786154032 CEST	64406	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:20.805774927 CEST	53	64406	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:20.806284904 CEST	64407	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:20.825907946 CEST	53	64407	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:20.826579094 CEST	64408	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:20.846116066 CEST	53	64408	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:20.846616030 CEST	64409	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:20.866101980 CEST	53	64409	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:21.033593893 CEST	53	64404	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:22.105437040 CEST	62848	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:23.099241972 CEST	62848	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:23.367536068 CEST	53	62848	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:23.377346992 CEST	62849	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:23.396424055 CEST	53	62849	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:23.403881073 CEST	62850	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:23.421693087 CEST	53	62850	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:23.422049999 CEST	62851	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:23.439786911 CEST	53	62851	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:23.440318108 CEST	62852	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:23.459907055 CEST	53	62852	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:23.460622072 CEST	62853	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:23.480061054 CEST	53	62853	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:23.853235960 CEST	55956	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:24.138417959 CEST	53	62848	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:24.848371029 CEST	55956	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:24.916491032 CEST	53	55956	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:24.935620070 CEST	55957	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:24.954788923 CEST	53	55957	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:24.955368042 CEST	55958	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:24.966316938 CEST	53	55956	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:24.972978115 CEST	53	55958	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:24.973756075 CEST	55959	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:24.993294001 CEST	53	55959	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:24.995543957 CEST	55960	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:25.013444901 CEST	53	55960	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:25.014723063 CEST	55961	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:25.034226894 CEST	53	55961	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:26.281732082 CEST	57515	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:26.310862064 CEST	53	57515	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:26.319732904 CEST	57516	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:26.338895082 CEST	53	57516	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:26.339554071 CEST	57517	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:26.359158993 CEST	53	57517	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:26.364052057 CEST	57518	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:26.383789062 CEST	53	57518	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:26.384203911 CEST	57519	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:26.401676893 CEST	53	57519	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:26.402095079 CEST	57520	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:26.420916080 CEST	53	57520	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:26.826797962 CEST	51321	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:27.353720903 CEST	53	51321	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:27.360004902 CEST	51322	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:27.377182007 CEST	53	51322	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:27.377732038 CEST	51323	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:27.397227049 CEST	53	51323	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:27.397682905 CEST	51324	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:27.415566921 CEST	53	51324	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:27.416197062 CEST	51325	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:27.433887959 CEST	53	51325	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:27.434988022 CEST	51326	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:27.454647064 CEST	53	51326	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:27.849769115 CEST	61089	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:27.878129959 CEST	53	61089	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:27.893129110 CEST	61090	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:27.912081957 CEST	53	61090	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:27.912765026 CEST	61091	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:27.930186987 CEST	53	61091	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:27.930612087 CEST	61092	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:27.948191881 CEST	53	61092	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:27.948801041 CEST	61093	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:27.966533899 CEST	53	61093	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:27.968897104 CEST	61094	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:27.989063978 CEST	53	61094	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:28.560740948 CEST	60130	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:29.556891918 CEST	60130	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:29.633094072 CEST	53	60130	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:29.640669107 CEST	60131	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:29.658077955 CEST	53	60131	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:29.658618927 CEST	60132	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:29.678369999 CEST	53	60132	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:29.726897955 CEST	60133	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:29.746664047 CEST	53	60133	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:29.746959925 CEST	60134	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:29.764878988 CEST	53	60134	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:29.765193939 CEST	60135	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:29.784965992 CEST	53	60135	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:30.184921026 CEST	53	60130	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:30.807333946 CEST	62732	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:30.873771906 CEST	53	62732	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:30.880889893 CEST	62733	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:30.898199081 CEST	53	62733	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:30.902951002 CEST	62734	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:30.923027992 CEST	53	62734	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:30.963319063 CEST	62735	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:30.983294010 CEST	53	62735	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:30.983637094 CEST	62736	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:31.003328085 CEST	53	62736	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:31.038439989 CEST	62737	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:31.058240891 CEST	53	62737	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:32.254594088 CEST	60690	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:32.867783070 CEST	53	60690	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:32.873814106 CEST	60691	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:32.892914057 CEST	53	60691	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:32.895962000 CEST	60692	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:32.913737059 CEST	53	60692	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:32.915750027 CEST	60693	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:32.935492039 CEST	53	60693	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:32.941273928 CEST	60694	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:32.960941076 CEST	53	60694	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:32.965262890 CEST	60695	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:32.982760906 CEST	53	60695	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:33.473517895 CEST	56750	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:33.501940966 CEST	53	56750	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:33.516571045 CEST	56751	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:33.535860062 CEST	53	56751	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:33.536411047 CEST	56752	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:33.556155920 CEST	53	56752	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:33.556718111 CEST	56753	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:33.576621056 CEST	53	56753	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:33.577049971 CEST	56754	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:33.596858978 CEST	53	56754	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:33.597404003 CEST	56755	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:33.617141962 CEST	53	56755	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:33.999166965 CEST	59336	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:34.576379061 CEST	53	59336	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:34.582575083 CEST	59337	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:34.601655960 CEST	53	59337	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:34.602118969 CEST	59338	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:34.621896982 CEST	53	59338	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:34.622255087 CEST	59339	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:34.641765118 CEST	53	59339	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:34.642153025 CEST	59340	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:34.662103891 CEST	53	59340	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:34.662548065 CEST	59341	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:34.682557106 CEST	53	59341	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:35.045813084 CEST	52715	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:35.214416027 CEST	53	52715	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:35.220551968 CEST	52716	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:35.237657070 CEST	53	52716	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:35.238130093 CEST	52717	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:35.257749081 CEST	53	52717	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:35.264599085 CEST	52718	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:35.284265041 CEST	53	52718	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:35.284575939 CEST	52719	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:35.302470922 CEST	53	52719	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:35.302792072 CEST	52720	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:35.322506905 CEST	53	52720	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:35.671628952 CEST	62221	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:36.677879095 CEST	62221	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:36.706327915 CEST	53	62221	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:36.712397099 CEST	62222	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:36.731586933 CEST	53	62222	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:36.732223988 CEST	62223	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:36.750371933 CEST	53	62223	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:36.753658056 CEST	62224	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:36.773665905 CEST	53	62224	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:36.774014950 CEST	62225	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:36.791744947 CEST	53	62225	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:36.798471928 CEST	62226	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:36.816457033 CEST	53	62226	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:36.939074039 CEST	53	62221	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:37.285651922 CEST	63263	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:37.313386917 CEST	53	63263	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:37.320348978 CEST	63264	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:37.337385893 CEST	53	63264	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:37.342111111 CEST	63265	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:37.361768007 CEST	53	63265	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:37.362092972 CEST	63266	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:37.381539106 CEST	53	63266	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:37.381872892 CEST	63267	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:37.399224997 CEST	53	63267	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:37.399636030 CEST	63268	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:37.419363976 CEST	53	63268	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:37.907648087 CEST	59998	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:38.436364889 CEST	53	59998	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:38.446387053 CEST	61230	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:38.465503931 CEST	53	61230	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:38.465975046 CEST	61231	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:38.484422922 CEST	53	61231	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:38.484715939 CEST	61232	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:38.502108097 CEST	53	61232	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:38.502414942 CEST	61233	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:38.521826982 CEST	53	61233	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:38.522131920 CEST	61234	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:38.539650917 CEST	53	61234	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:38.911334991 CEST	51772	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:38.938251019 CEST	53	51772	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:38.952085018 CEST	51773	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:38.969208002 CEST	53	51773	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:38.969748974 CEST	51774	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:38.987540007 CEST	53	51774	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:38.988154888 CEST	51775	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:39.007621050 CEST	53	51775	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:39.007949114 CEST	51776	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:39.027304888 CEST	53	51776	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:39.027584076 CEST	51777	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:39.047132015 CEST	53	51777	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:39.449382067 CEST	59222	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:39.475492001 CEST	53	59222	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:39.537282944 CEST	59223	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:39.556307077 CEST	53	59223	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:39.557926893 CEST	59224	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:39.577370882 CEST	53	59224	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:39.577698946 CEST	59225	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:39.597099066 CEST	53	59225	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:39.597796917 CEST	59226	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:39.615369081 CEST	53	59226	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:39.617894888 CEST	59227	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:39.635468960 CEST	53	59227	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:40.011394024 CEST	52816	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:41.008980036 CEST	52816	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:41.036927938 CEST	53	52816	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:41.046010017 CEST	57755	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:41.062947989 CEST	53	57755	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:41.063436985 CEST	57756	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:41.082788944 CEST	53	57756	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:41.083128929 CEST	57757	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:41.102920055 CEST	53	57757	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:41.103311062 CEST	57758	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:41.121021986 CEST	53	57758	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:41.121342897 CEST	57759	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:41.141063929 CEST	53	57759	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:41.169985056 CEST	53	52816	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:41.694123030 CEST	53590	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:41.811177969 CEST	53	53590	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:41.820821047 CEST	53591	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:41.837889910 CEST	53	53591	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:41.838524103 CEST	53592	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:41.857992887 CEST	53	53592	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:41.858326912 CEST	53593	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:41.877934933 CEST	53	53593	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:41.878318071 CEST	53594	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:41.898178101 CEST	53	53594	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:41.898667097 CEST	53595	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:41.918279886 CEST	53	53595	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:42.354094982 CEST	56358	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:42.382412910 CEST	53	56358	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:42.390948057 CEST	56359	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:42.410130024 CEST	53	56359	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:42.410727024 CEST	56360	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:42.430150986 CEST	53	56360	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:42.430521965 CEST	56361	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:42.450306892 CEST	53	56361	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:42.450740099 CEST	56362	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:42.470879078 CEST	53	56362	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:42.471271992 CEST	56363	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:42.491142035 CEST	53	56363	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:42.883522987 CEST	49332	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:43.413260937 CEST	53	49332	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:43.423599005 CEST	49333	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:43.442663908 CEST	53	49333	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:43.443293095 CEST	49334	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:43.460849047 CEST	53	49334	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:43.471731901 CEST	49335	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:43.491415024 CEST	53	49335	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:43.492294073 CEST	49336	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:43.511894941 CEST	53	49336	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:43.512238026 CEST	49337	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:43.531490088 CEST	53	49337	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:43.926251888 CEST	59965	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:43.961663008 CEST	53	59965	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:43.974957943 CEST	59966	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:43.991935968 CEST	53	59966	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:43.992635012 CEST	59967	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:44.009932995 CEST	53	59967	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:44.010315895 CEST	59968	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:44.030059099 CEST	53	59968	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:44.030719995 CEST	59969	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:44.048516035 CEST	53	59969	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:44.048963070 CEST	59970	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:44.068895102 CEST	53	59970	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:44.382122040 CEST	58157	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:44.411514997 CEST	53	58157	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:44.418190002 CEST	58158	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:44.437238932 CEST	53	58158	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:44.437834978 CEST	58159	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:44.457220078 CEST	53	58159	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:44.457603931 CEST	58160	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:44.475223064 CEST	53	58160	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:44.475598097 CEST	58161	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:44.493381023 CEST	53	58161	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:44.497801065 CEST	58162	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:44.517654896 CEST	53	58162	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:44.906749010 CEST	57786	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:45.435556889 CEST	53	57786	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:45.442172050 CEST	57787	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:45.460696936 CEST	53	57787	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:45.461186886 CEST	57788	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:45.478576899 CEST	53	57788	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:45.480446100 CEST	57789	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:45.500251055 CEST	53	57789	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:45.500682116 CEST	57790	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:45.520853996 CEST	53	57790	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:45.522003889 CEST	57791	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:45.539642096 CEST	53	57791	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:45.854546070 CEST	64961	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:45.881977081 CEST	53	64961	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:45.887908936 CEST	64962	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:45.907064915 CEST	53	64962	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:45.907608986 CEST	64963	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:45.927283049 CEST	53	64963	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:45.929172039 CEST	64964	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:45.948478937 CEST	53	64964	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:45.948751926 CEST	64965	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:45.968255043 CEST	53	64965	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:45.968565941 CEST	64966	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:45.988017082 CEST	53	64966	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:46.311108112 CEST	56295	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:46.337909937 CEST	53	56295	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:46.344320059 CEST	56296	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:46.363435984 CEST	53	56296	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:46.363903046 CEST	56297	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:46.383466005 CEST	53	56297	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:46.383892059 CEST	56298	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:46.401216030 CEST	53	56298	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:46.401562929 CEST	56299	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:46.421830893 CEST	53	56299	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:46.422476053 CEST	56300	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:46.442011118 CEST	53	56300	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:46.748087883 CEST	64647	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:47.783533096 CEST	64647	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:48.821460009 CEST	53	64647	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:48.823721886 CEST	64647	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:48.830035925 CEST	64648	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:48.847312927 CEST	53	64648	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:48.847826004 CEST	64649	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:48.867320061 CEST	53	64649	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:48.868077993 CEST	64650	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:48.885781050 CEST	53	64650	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:48.910540104 CEST	53	64647	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:48.937933922 CEST	64651	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:48.957782030 CEST	53	64651	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:48.958101034 CEST	64652	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:48.977746010 CEST	53	64652	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:49.891845942 CEST	53	64647	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:50.444237947 CEST	54503	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:50.972193956 CEST	53	54503	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:50.985032082 CEST	54504	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:51.004219055 CEST	53	54504	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:51.004868984 CEST	54505	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:51.024416924 CEST	53	54505	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:51.025084972 CEST	54506	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:51.044862986 CEST	53	54506	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:51.051028013 CEST	54507	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:51.070853949 CEST	53	54507	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:51.075094938 CEST	54508	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:51.093216896 CEST	53	54508	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:51.553877115 CEST	51887	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:51.589247942 CEST	53	51887	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:51.600792885 CEST	51888	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:51.620028019 CEST	53	51888	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:51.620570898 CEST	51889	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:51.640378952 CEST	53	51889	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:51.640850067 CEST	51890	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:51.660531044 CEST	53	51890	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:51.663810968 CEST	51891	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:51.683698893 CEST	53	51891	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:51.684138060 CEST	51892	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:51.703880072 CEST	53	51892	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:52.075218916 CEST	53041	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:53.086749077 CEST	53041	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:53.151417971 CEST	53	53041	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:53.159248114 CEST	54509	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:53.176506996 CEST	53	54509	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:53.176959038 CEST	54510	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:53.194789886 CEST	53	54510	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:53.195101976 CEST	54511	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:53.215109110 CEST	53	54511	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:53.215473890 CEST	54512	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:53.235271931 CEST	53	54512	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:53.235785961 CEST	54513	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:53.255618095 CEST	53	54513	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:53.561455011 CEST	53193	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:53.625669956 CEST	53	53041	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:54.554263115 CEST	53193	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:54.619091034 CEST	53	53193	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:54.627124071 CEST	53194	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:54.646353960 CEST	53	53194	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:54.646933079 CEST	53195	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:54.664908886 CEST	53	53195	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:54.665571928 CEST	53196	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:54.685338974 CEST	53	53196	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:54.685782909 CEST	53197	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:54.703402996 CEST	53	53197	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:54.703855038 CEST	53198	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:54.721267939 CEST	53	53198	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:54.741657972 CEST	53	53193	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:55.064367056 CEST	60008	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:56.075655937 CEST	60008	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:56.097080946 CEST	53	60008	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:56.104077101 CEST	60009	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:56.124034882 CEST	53	60009	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:56.124572992 CEST	60010	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:56.144139051 CEST	53	60010	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:56.144536972 CEST	60011	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:56.165666103 CEST	53	60011	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:56.166001081 CEST	60012	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:56.185373068 CEST	53	60012	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:56.185703039 CEST	60013	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:56.206304073 CEST	53	60013	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:56.519510984 CEST	54200	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:57.057044029 CEST	53	54200	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:57.065381050 CEST	54201	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:57.084417105 CEST	53	54201	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:57.085031986 CEST	54202	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:57.104636908 CEST	53	54202	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:57.105081081 CEST	54203	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:57.124588966 CEST	53	54203	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:57.124924898 CEST	54204	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:57.144799948 CEST	53	54204	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:57.145411015 CEST	54205	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:57.165554047 CEST	53	54205	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:57.468453884 CEST	50252	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:57.657109976 CEST	53	60008	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:58.460675001 CEST	50252	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:58.709364891 CEST	53	50252	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:58.724746943 CEST	50253	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:58.744060993 CEST	53	50253	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:58.744615078 CEST	50254	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:58.762052059 CEST	53	50254	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:58.762397051 CEST	50255	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:58.775975943 CEST	53	50252	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:58.781868935 CEST	53	50255	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:58.782279968 CEST	50256	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:58.802098036 CEST	53	50256	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:58.802648067 CEST	50257	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:58.822364092 CEST	53	50257	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:59.148394108 CEST	64796	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:59.175309896 CEST	53	64796	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:59.188793898 CEST	64797	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:59.208067894 CEST	53	64797	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:59.208493948 CEST	64798	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:59.228351116 CEST	53	64798	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:59.228975058 CEST	64799	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:59.248884916 CEST	53	64799	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:59.249275923 CEST	64800	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:59.268644094 CEST	53	64800	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:59.269047976 CEST	64801	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:44:59.286719084 CEST	53	64801	8.8.8.8	192.168.2.6
Aug 31, 2022 23:44:59.632479906 CEST	62537	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:00.215579033 CEST	53	62537	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:00.236723900 CEST	62538	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:00.255872011 CEST	53	62538	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:00.266316891 CEST	62539	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:00.286022902 CEST	53	62539	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:00.304908037 CEST	62540	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:00.325176001 CEST	53	62540	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:00.327888966 CEST	62541	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:00.348517895 CEST	53	62541	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:00.351748943 CEST	62542	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:00.371310949 CEST	53	62542	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:01.047051907 CEST	62036	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:01.091835022 CEST	53	62036	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:01.100621939 CEST	62037	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:01.120204926 CEST	53	62037	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:01.120774984 CEST	62038	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:01.138207912 CEST	53	62038	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:01.138669968 CEST	62039	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:01.158245087 CEST	53	62039	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:01.158698082 CEST	62040	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:01.178411007 CEST	53	62040	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:01.185034037 CEST	62041	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:01.204669952 CEST	53	62041	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:01.537235975 CEST	63670	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:02.539155960 CEST	63670	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:02.615139008 CEST	53	63670	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:02.621450901 CEST	63671	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:02.640677929 CEST	53	63671	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:02.641321898 CEST	63672	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:02.661689997 CEST	53	63672	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:02.662218094 CEST	63673	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:02.681889057 CEST	53	63673	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:02.682245016 CEST	63674	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:02.703619003 CEST	53	63674	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:02.703985929 CEST	63675	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:02.723409891 CEST	53	63675	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:03.045041084 CEST	61170	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:03.106302977 CEST	53	63670	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:03.158047915 CEST	53	61170	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:03.167327881 CEST	61171	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:03.184478045 CEST	53	61171	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:03.186618090 CEST	61172	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:03.206196070 CEST	53	61172	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:03.206528902 CEST	61173	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:03.228708982 CEST	53	61173	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:03.230027914 CEST	61174	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:03.248331070 CEST	53	61174	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:03.248644114 CEST	61175	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:03.268287897 CEST	53	61175	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:03.595216990 CEST	56427	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:04.125479937 CEST	53	56427	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:04.131422997 CEST	56428	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:04.150804043 CEST	53	56428	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:04.151432037 CEST	56429	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:04.172810078 CEST	53	56429	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:04.173628092 CEST	56430	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:04.193243027 CEST	53	56430	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:04.193694115 CEST	56431	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:04.211317062 CEST	53	56431	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:04.211842060 CEST	56432	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:04.231714964 CEST	53	56432	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:04.562575102 CEST	56431	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:05.570563078 CEST	56431	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:05.642608881 CEST	53	56431	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:05.649463892 CEST	56432	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:05.668690920 CEST	53	56432	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:05.669169903 CEST	56433	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:05.679235935 CEST	53	56431	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:05.688968897 CEST	53	56433	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:05.689286947 CEST	56434	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:05.708745956 CEST	53	56434	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:05.709060907 CEST	56435	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:05.726625919 CEST	53	56435	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:05.726984024 CEST	56436	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:05.746467113 CEST	53	56436	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:06.085989952 CEST	49465	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:07.102210999 CEST	49465	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:07.123591900 CEST	53	49465	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:07.130872011 CEST	54880	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:07.147948027 CEST	53	54880	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:07.148627996 CEST	54881	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:07.166426897 CEST	53	54881	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:07.166788101 CEST	54882	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:07.184499979 CEST	53	54882	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:07.190819025 CEST	54883	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:07.210597992 CEST	53	54883	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:07.210988045 CEST	54884	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:07.230631113 CEST	53	54884	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:07.536108971 CEST	54296	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:07.638503075 CEST	53	49465	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:08.542176008 CEST	54296	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:08.604301929 CEST	53	54296	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:08.609941006 CEST	53	54296	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:08.617167950 CEST	54297	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:08.636708975 CEST	53	54297	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:08.637368917 CEST	54298	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:08.657493114 CEST	53	54298	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:08.657968044 CEST	54299	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:08.678095102 CEST	53	54299	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:08.678590059 CEST	54300	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:08.699327946 CEST	53	54300	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:08.700151920 CEST	54301	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:08.720056057 CEST	53	54301	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:09.050138950 CEST	59623	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:09.086039066 CEST	53	59623	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:09.094361067 CEST	59624	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:09.111648083 CEST	53	59624	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:09.112131119 CEST	59625	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:09.129959106 CEST	53	59625	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:09.130816936 CEST	59626	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:09.148557901 CEST	53	59626	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:09.148936987 CEST	59627	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:09.166651011 CEST	53	59627	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:09.167177916 CEST	59628	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:09.184634924 CEST	53	59628	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:09.521197081 CEST	63254	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:10.048824072 CEST	53	63254	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:10.054795027 CEST	63255	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:10.074271917 CEST	53	63255	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:10.074723005 CEST	63256	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:10.094129086 CEST	53	63256	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:10.094580889 CEST	63257	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:10.114101887 CEST	53	63257	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:10.114399910 CEST	63258	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:10.134094954 CEST	53	63258	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:10.134382963 CEST	63259	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:10.153976917 CEST	53	63259	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:10.448133945 CEST	60354	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:11.069394112 CEST	53	60354	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:11.075881004 CEST	60355	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:11.093446970 CEST	53	60355	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:11.093877077 CEST	60356	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:11.111608028 CEST	53	60356	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:11.111963034 CEST	60357	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:11.129561901 CEST	53	60357	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:11.129894018 CEST	60358	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:11.147553921 CEST	53	60358	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:11.147941113 CEST	60359	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:11.167288065 CEST	53	60359	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:11.464940071 CEST	52725	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:11.493338108 CEST	53	52725	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:11.501610994 CEST	52726	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:11.518835068 CEST	53	52726	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:11.519431114 CEST	52727	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:11.537653923 CEST	53	52727	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:11.538182020 CEST	52728	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:11.555847883 CEST	53	52728	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:11.556204081 CEST	52729	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:11.575905085 CEST	53	52729	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:11.576226950 CEST	52730	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:11.596256971 CEST	53	52730	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:12.058248043 CEST	62631	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:12.086657047 CEST	53	62631	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:12.096239090 CEST	62632	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:12.115483999 CEST	53	62632	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:12.116146088 CEST	62633	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:12.133847952 CEST	53	62633	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:12.136667967 CEST	62634	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:12.156578064 CEST	53	62634	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:12.157481909 CEST	62635	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:12.177124977 CEST	53	62635	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:12.181438923 CEST	62636	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:12.199208975 CEST	53	62636	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:12.617562056 CEST	52118	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:13.603507042 CEST	52118	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:13.795871973 CEST	53	52118	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:13.803756952 CEST	52119	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:13.822742939 CEST	53	52119	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:13.823400974 CEST	52120	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:13.843261957 CEST	53	52120	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:13.843635082 CEST	52121	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:13.863305092 CEST	53	52121	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:13.864005089 CEST	52122	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:13.881822109 CEST	53	52122	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:13.882213116 CEST	52123	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:13.899844885 CEST	53	52123	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:14.276071072 CEST	53	52118	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:14.292866945 CEST	54752	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:14.455116987 CEST	53	54752	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:14.460872889 CEST	54753	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:14.478157043 CEST	53	54753	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:14.478678942 CEST	54754	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:14.498713970 CEST	53	54754	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:14.500005007 CEST	54755	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:14.520136118 CEST	53	54755	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:14.520580053 CEST	54756	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:14.540436983 CEST	53	54756	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:14.540780067 CEST	54757	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:14.560705900 CEST	53	54757	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:15.136995077 CEST	51684	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:15.212640047 CEST	53	51684	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:15.226294041 CEST	51685	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:15.245517015 CEST	53	51685	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:15.249386072 CEST	51686	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:15.268943071 CEST	53	51686	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:15.269351959 CEST	51687	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:15.289814949 CEST	53	51687	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:15.290256023 CEST	51688	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:15.309674978 CEST	53	51688	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:15.310184002 CEST	51689	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:15.330753088 CEST	53	51689	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:15.733643055 CEST	62944	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:16.727732897 CEST	62944	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:16.762197018 CEST	53	62944	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:16.773322105 CEST	62945	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:16.790291071 CEST	53	62945	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:16.791073084 CEST	62946	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:16.810615063 CEST	53	62946	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:16.811045885 CEST	62947	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:16.830655098 CEST	53	62947	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:16.831037998 CEST	62948	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:16.848545074 CEST	53	62948	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:16.848920107 CEST	62949	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:16.868464947 CEST	53	62949	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:17.195213079 CEST	54329	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:17.734127045 CEST	53	54329	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:17.740503073 CEST	54330	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:17.759524107 CEST	53	54330	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:17.760023117 CEST	54331	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:17.779627085 CEST	53	54331	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:17.784188986 CEST	54332	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:17.803694963 CEST	53	54332	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:17.804037094 CEST	54333	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:17.821728945 CEST	53	54333	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:17.822079897 CEST	54334	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:17.841531038 CEST	53	54334	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:18.176704884 CEST	57054	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:18.213179111 CEST	53	57054	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:18.228538990 CEST	57055	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:18.245822906 CEST	53	57055	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:18.246350050 CEST	57056	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:18.264169931 CEST	53	57056	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:18.264694929 CEST	57057	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:18.282655001 CEST	53	57057	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:18.283247948 CEST	57058	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:18.303041935 CEST	53	57058	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:18.303570986 CEST	57059	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:18.323292971 CEST	53	57059	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:18.617186069 CEST	64638	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:18.727078915 CEST	53	64638	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:18.739464045 CEST	64639	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:18.758493900 CEST	53	64639	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:18.759263992 CEST	64640	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:18.779901028 CEST	53	64640	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:18.781388998 CEST	64641	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:18.801358938 CEST	53	64641	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:18.801786900 CEST	64642	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:18.821578026 CEST	53	64642	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:18.822079897 CEST	64643	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:18.839883089 CEST	53	64643	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:19.141751051 CEST	60167	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:19.169836044 CEST	53	60167	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:19.178591967 CEST	60168	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:19.197752953 CEST	53	60168	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:19.198458910 CEST	60169	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:19.218126059 CEST	53	60169	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:19.218542099 CEST	60170	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:19.237973928 CEST	53	60170	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:19.238394976 CEST	60171	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:19.258479118 CEST	53	60171	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:19.258879900 CEST	60172	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:19.278409958 CEST	53	60172	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:19.579224110 CEST	53046	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:20.108885050 CEST	53	53046	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:20.116256952 CEST	53047	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:20.133389950 CEST	53	53047	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:20.133744955 CEST	53048	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:20.151463985 CEST	53	53048	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:20.151835918 CEST	53049	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:20.171344042 CEST	53	53049	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:20.171719074 CEST	53050	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:20.191129923 CEST	53	53050	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:20.191617966 CEST	53051	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:20.211190939 CEST	53	53051	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:20.554970026 CEST	49503	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:20.750307083 CEST	53	62944	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:21.924539089 CEST	49503	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:22.173013926 CEST	53	49503	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:22.180754900 CEST	49504	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:22.197968006 CEST	53	49504	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:22.198497057 CEST	49505	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:22.217995882 CEST	53	49505	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:22.251710892 CEST	49506	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:22.271331072 CEST	53	49506	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:22.271616936 CEST	49507	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:22.290329933 CEST	53	49507	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:22.293889046 CEST	49508	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:22.313796043 CEST	53	49508	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:23.552133083 CEST	53	49503	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:23.801573038 CEST	50535	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:24.331062078 CEST	53	50535	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:24.337188959 CEST	50536	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:24.354151011 CEST	53	50536	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:24.354748011 CEST	50537	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:24.374262094 CEST	53	50537	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:24.374819994 CEST	50538	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:24.394306898 CEST	53	50538	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:24.397103071 CEST	50539	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:24.416450024 CEST	53	50539	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:24.416775942 CEST	50540	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:24.435049057 CEST	53	50540	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:24.724124908 CEST	50966	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:24.800530910 CEST	53	50966	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:24.807276964 CEST	50967	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:24.826673985 CEST	53	50967	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:24.827188969 CEST	50968	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:24.844790936 CEST	53	50968	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:24.845854998 CEST	50969	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:24.866312027 CEST	53	50969	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:24.869816065 CEST	50970	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:24.889637947 CEST	53	50970	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:24.890115976 CEST	50971	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:24.909706116 CEST	53	50971	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:25.236032009 CEST	57688	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:26.229635000 CEST	57688	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:26.257894039 CEST	53	57688	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:26.267116070 CEST	53	57688	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:26.267462015 CEST	57689	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:26.284495115 CEST	53	57689	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:26.285005093 CEST	57690	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:26.302685022 CEST	53	57690	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:26.303054094 CEST	57691	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:26.322731018 CEST	53	57691	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:26.323010921 CEST	57692	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:26.342674017 CEST	53	57692	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:26.343034029 CEST	57693	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:26.362843990 CEST	53	57693	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:26.532789946 CEST	61803	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:26.570079088 CEST	53	61803	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:26.580955029 CEST	61804	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:26.598028898 CEST	53	61804	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:26.598524094 CEST	61805	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:26.618112087 CEST	53	61805	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:26.618513107 CEST	61806	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:26.638072968 CEST	53	61806	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:26.638406038 CEST	61807	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:26.657855034 CEST	53	61807	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:26.658196926 CEST	61808	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:26.677685976 CEST	53	61808	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:26.844290018 CEST	53269	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:27.838044882 CEST	53269	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:27.864686966 CEST	53	53269	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:27.871409893 CEST	53270	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:27.888834953 CEST	53	53270	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:27.889216900 CEST	53271	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:27.909015894 CEST	53	53271	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:27.910057068 CEST	53272	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:27.929562092 CEST	53	53272	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:27.934014082 CEST	53273	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:27.953717947 CEST	53	53273	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:27.954080105 CEST	53274	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:27.971896887 CEST	53	53274	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:28.130558968 CEST	54488	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:28.669117928 CEST	53	54488	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:28.680681944 CEST	54489	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:28.697978020 CEST	53	54489	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:28.698486090 CEST	54490	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:28.716156006 CEST	53	54490	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:28.716622114 CEST	54491	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:28.735982895 CEST	53	54491	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:28.736488104 CEST	54492	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:28.756066084 CEST	53	54492	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:28.756602049 CEST	54493	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:28.776252031 CEST	53	54493	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:28.935791016 CEST	56062	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.011524916 CEST	53	56062	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.017611980 CEST	56063	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.037141085 CEST	53	56063	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.037585974 CEST	56064	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.057269096 CEST	53	56064	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.057624102 CEST	56065	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.077163935 CEST	53	56065	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.077449083 CEST	56066	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.097136974 CEST	53	56066	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.097445965 CEST	56067	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.117222071 CEST	53	56067	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.270234108 CEST	61844	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.381879091 CEST	53	61844	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.387746096 CEST	61845	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.407457113 CEST	53	61845	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.407810926 CEST	61846	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.427575111 CEST	53	61846	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.427866936 CEST	61847	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.447861910 CEST	53	61847	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.448149920 CEST	61848	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.468513966 CEST	53	61848	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.468832970 CEST	61849	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.488358974 CEST	53	61849	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.606527090 CEST	53	53269	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.649353981 CEST	59335	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.678388119 CEST	53	59335	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.684885025 CEST	59336	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.704013109 CEST	53	59336	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.704402924 CEST	59337	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.723932981 CEST	53	59337	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.724261999 CEST	59338	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.745117903 CEST	53	59338	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.745492935 CEST	59339	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.765243053 CEST	53	59339	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.765614033 CEST	59340	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.785756111 CEST	53	59340	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.950278044 CEST	63433	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:29.978842020 CEST	53	63433	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:29.985933065 CEST	63434	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:30.005171061 CEST	53	63434	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:30.010283947 CEST	63435	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:30.029825926 CEST	53	63435	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:30.030648947 CEST	63436	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:30.050517082 CEST	53	63436	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:30.050806046 CEST	63437	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:30.070476055 CEST	53	63437	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:30.070764065 CEST	63438	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:30.090724945 CEST	53	63438	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:30.252954006 CEST	64929	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:31.244724035 CEST	64929	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:31.870630980 CEST	53	64929	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:31.870671988 CEST	53	64929	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:31.877437115 CEST	64930	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:31.894535065 CEST	53	64930	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:31.895020962 CEST	64931	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:31.914591074 CEST	53	64931	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:31.915004015 CEST	64932	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:31.932943106 CEST	53	64932	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:31.933352947 CEST	64933	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:31.953244925 CEST	53	64933	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:31.953591108 CEST	64934	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:31.973292112 CEST	53	64934	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:32.136538029 CEST	62439	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:32.671992064 CEST	53	62439	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:32.678122044 CEST	62440	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:32.697273970 CEST	53	62440	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:32.697892904 CEST	62441	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:32.717818022 CEST	53	62441	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:32.718406916 CEST	62442	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:32.738121986 CEST	53	62442	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:32.738675117 CEST	62443	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:32.758621931 CEST	53	62443	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:32.758992910 CEST	62444	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:32.776418924 CEST	53	62444	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:32.933954954 CEST	63985	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:33.008081913 CEST	53	63985	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:33.016643047 CEST	63986	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:33.033670902 CEST	53	63986	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:33.034612894 CEST	63987	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:33.052232027 CEST	53	63987	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:33.054661989 CEST	63988	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:33.074173927 CEST	53	63988	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:33.076659918 CEST	63989	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:33.096429110 CEST	53	63989	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:33.098684072 CEST	63990	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:33.116456032 CEST	53	63990	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:33.277739048 CEST	52390	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:33.391014099 CEST	53	52390	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:33.401248932 CEST	52391	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:33.420255899 CEST	53	52391	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:33.421298027 CEST	52392	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:33.440869093 CEST	53	52392	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:33.441343069 CEST	52393	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:33.461447954 CEST	53	52393	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:33.462719917 CEST	52394	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:33.482673883 CEST	53	52394	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:33.483016968 CEST	52395	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:33.502680063 CEST	53	52395	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:33.675072908 CEST	57186	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.205842018 CEST	53	57186	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.218529940 CEST	57187	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.237862110 CEST	53	57187	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.238634109 CEST	57188	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.258346081 CEST	53	57188	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.259006023 CEST	57189	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.276730061 CEST	53	57189	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.277427912 CEST	57190	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.297285080 CEST	53	57190	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.298140049 CEST	57191	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.317642927 CEST	53	57191	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.490065098 CEST	56770	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.563857079 CEST	53	56770	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.570928097 CEST	56771	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.590023994 CEST	53	56771	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.590480089 CEST	56772	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.608253002 CEST	53	56772	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.608669996 CEST	56773	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.632611990 CEST	53	56773	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.633209944 CEST	56774	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.650960922 CEST	53	56774	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.651619911 CEST	56775	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.671530008 CEST	53	56775	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.833235979 CEST	56903	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.861598015 CEST	53	56903	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.870647907 CEST	56904	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.889672041 CEST	53	56904	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.890654087 CEST	56905	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.910166979 CEST	53	56905	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.910660028 CEST	56906	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.930305958 CEST	53	56906	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.930943966 CEST	56907	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.948801041 CEST	53	56907	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:34.949399948 CEST	56908	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:34.966978073 CEST	53	56908	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:35.123905897 CEST	57093	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:35.659677029 CEST	53	57093	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:35.667711973 CEST	57094	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:35.684854031 CEST	53	57094	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:35.685539007 CEST	57095	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:35.703336000 CEST	53	57095	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:35.703871012 CEST	57096	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:35.723376036 CEST	53	57096	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:35.724077940 CEST	57097	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:35.741929054 CEST	53	57097	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:35.742268085 CEST	57098	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:35.761758089 CEST	53	57098	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:35.936270952 CEST	59719	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:36.933383942 CEST	59719	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:36.962335110 CEST	53	59719	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:36.971575022 CEST	59720	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:36.988629103 CEST	53	59720	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:36.989136934 CEST	59721	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.008464098 CEST	53	59721	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.008989096 CEST	59722	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.028367996 CEST	53	59722	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.029062986 CEST	59723	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.046492100 CEST	53	59723	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.047108889 CEST	59724	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.068111897 CEST	53	59724	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.239649057 CEST	51591	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.328402042 CEST	53	51591	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.335338116 CEST	51592	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.354845047 CEST	53	51592	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.355426073 CEST	51593	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.375205994 CEST	53	51593	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.375782967 CEST	51594	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.395513058 CEST	53	51594	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.395998955 CEST	51595	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.415610075 CEST	53	51595	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.416090012 CEST	51596	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.435617924 CEST	53	51596	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.596064091 CEST	55295	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.646131992 CEST	53	55295	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.655630112 CEST	55296	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.672806025 CEST	53	55296	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.673787117 CEST	55297	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.693382025 CEST	53	55297	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.693886042 CEST	55298	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.713413000 CEST	53	55298	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.714101076 CEST	55299	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.733810902 CEST	53	55299	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.734664917 CEST	55300	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:37.752490044 CEST	53	55300	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:37.905271053 CEST	59529	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:38.917013884 CEST	59529	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:39.287280083 CEST	53	59719	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:39.917289019 CEST	59529	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:39.946167946 CEST	53	59529	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:39.954221964 CEST	59530	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:39.973323107 CEST	53	59530	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:39.973829031 CEST	59531	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:39.991565943 CEST	53	59531	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:39.991955042 CEST	59532	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:40.011499882 CEST	53	59532	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:40.011857986 CEST	59533	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:40.029787064 CEST	53	59533	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:40.030174971 CEST	59534	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:40.050113916 CEST	53	59534	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:40.095642090 CEST	53	59529	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:40.110693932 CEST	53	59529	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:40.202665091 CEST	60774	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:40.811549902 CEST	53	60774	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:40.819202900 CEST	60775	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:40.838596106 CEST	53	60775	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:40.839432955 CEST	60776	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:40.857355118 CEST	53	60776	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:40.857769012 CEST	60777	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:40.877202034 CEST	53	60777	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:40.877619982 CEST	60778	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:40.897402048 CEST	53	60778	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:40.897866011 CEST	60779	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:40.919195890 CEST	53	60779	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:41.100511074 CEST	50806	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:42.090756893 CEST	50806	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:42.722179890 CEST	53	50806	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:42.733959913 CEST	50807	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:42.751497984 CEST	53	50807	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:42.752242088 CEST	50808	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:42.772325993 CEST	53	50808	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:42.775516033 CEST	50809	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:42.795279980 CEST	53	50809	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:42.795799971 CEST	50810	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:42.813390017 CEST	53	50810	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:42.813838959 CEST	50811	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:42.831677914 CEST	53	50811	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:43.005398989 CEST	54097	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:43.071841955 CEST	53	54097	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:43.079855919 CEST	54098	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:43.099137068 CEST	53	54098	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:43.099769115 CEST	54099	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:43.119312048 CEST	53	54099	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:43.119823933 CEST	54100	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:43.137548923 CEST	53	54100	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:43.138087988 CEST	54101	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:43.157763004 CEST	53	54101	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:43.158257008 CEST	54102	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:43.177860975 CEST	53	54102	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:43.341131926 CEST	61573	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:43.868730068 CEST	53	61573	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:43.876570940 CEST	61574	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:43.895756960 CEST	53	61574	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:43.896303892 CEST	61575	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:43.915795088 CEST	53	61575	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:43.916182995 CEST	61576	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:43.933940887 CEST	53	61576	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:43.934540033 CEST	61577	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:43.954459906 CEST	53	61577	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:43.955051899 CEST	61578	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:43.972961903 CEST	53	61578	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:44.135931969 CEST	51622	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:44.162213087 CEST	53	51622	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:44.172229052 CEST	51623	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:44.189434052 CEST	53	51623	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:44.191432953 CEST	51624	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:44.209141016 CEST	53	51624	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:44.209570885 CEST	51625	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:44.229032993 CEST	53	51625	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:44.232922077 CEST	51626	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:44.252708912 CEST	53	51626	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:44.253365040 CEST	51627	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:44.273025990 CEST	53	51627	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:44.436881065 CEST	60784	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:44.985682964 CEST	53	60784	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:44.993525982 CEST	60785	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:45.010627031 CEST	53	60785	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:45.011229992 CEST	60786	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:45.030633926 CEST	53	60786	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:45.033483982 CEST	60787	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:45.052932024 CEST	53	60787	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:45.053318977 CEST	60788	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:45.071058035 CEST	53	60788	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:45.071628094 CEST	60789	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:45.091566086 CEST	53	60789	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:45.253845930 CEST	53954	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:45.790606022 CEST	53	53954	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:45.799216986 CEST	53955	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:45.816375017 CEST	53	53955	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:45.816936970 CEST	53956	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:45.834777117 CEST	53	53956	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:45.835304022 CEST	53957	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:45.852967024 CEST	53	53957	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:45.853434086 CEST	53958	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:45.873301029 CEST	53	53958	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:45.873965979 CEST	53959	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:45.891820908 CEST	53	53959	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:46.065907955 CEST	60753	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:46.191735983 CEST	53	60753	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:46.199429035 CEST	60754	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:46.216659069 CEST	53	60754	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:46.217401028 CEST	60755	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:46.235269070 CEST	53	60755	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:46.235846043 CEST	60756	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:46.253509998 CEST	53	60756	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:46.254203081 CEST	60757	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:46.271697998 CEST	53	60757	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:46.272226095 CEST	60758	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:46.291834116 CEST	53	60758	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:46.460216999 CEST	59790	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:47.109087944 CEST	53	50806	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:47.458210945 CEST	59790	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:48.461271048 CEST	59790	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:48.489577055 CEST	53	59790	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:48.497889042 CEST	59791	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:48.517317057 CEST	53	59791	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:48.517877102 CEST	59792	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:48.537610054 CEST	53	59792	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:48.538109064 CEST	59793	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:48.544222116 CEST	53	59790	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:48.557970047 CEST	53	59793	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:48.558568954 CEST	59794	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:48.578443050 CEST	53	59794	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:48.583139896 CEST	59795	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:48.602873087 CEST	53	59795	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:48.776711941 CEST	54310	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:49.040975094 CEST	53	59790	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:49.768608093 CEST	54310	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:50.784080982 CEST	54310	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:50.809185982 CEST	53	54310	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:50.816631079 CEST	54311	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:50.836035967 CEST	53	54311	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:50.836877108 CEST	54312	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:50.856573105 CEST	53	54312	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:50.857497931 CEST	54313	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:50.878010035 CEST	53	54313	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:50.878483057 CEST	54314	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:50.898149967 CEST	53	54314	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:50.898634911 CEST	54315	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:50.916162014 CEST	53	54315	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:51.079763889 CEST	56504	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:51.168813944 CEST	53	54310	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:51.647681952 CEST	53	56504	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:51.655795097 CEST	56505	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:51.672899008 CEST	53	56505	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:51.673641920 CEST	56506	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:51.691550970 CEST	53	56506	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:51.692352057 CEST	56507	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:51.711776018 CEST	53	56507	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:51.716327906 CEST	56508	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:51.736037970 CEST	53	56508	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:51.736466885 CEST	56509	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:51.756360054 CEST	53	56509	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:51.931433916 CEST	57977	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:52.403012991 CEST	53	54310	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:52.940356970 CEST	57977	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:52.968674898 CEST	53	57977	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:52.975866079 CEST	57978	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:52.995096922 CEST	53	57978	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:52.995554924 CEST	57979	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:53.013417959 CEST	53	57979	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:53.013848066 CEST	57980	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:53.031677008 CEST	53	57980	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:53.032064915 CEST	57981	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:53.051702976 CEST	53	57981	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:53.052190065 CEST	57982	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:53.073030949 CEST	53	57982	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:53.227962971 CEST	63498	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:53.510509014 CEST	53	57977	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:53.758115053 CEST	53	63498	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:53.764256954 CEST	63499	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:53.783446074 CEST	53	63499	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:53.787672043 CEST	63500	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:53.807456970 CEST	53	63500	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:53.807893038 CEST	63501	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:53.825607061 CEST	53	63501	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:53.826060057 CEST	63502	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:53.846086025 CEST	53	63502	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:53.846708059 CEST	63503	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:53.866564035 CEST	53	63503	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:54.023427963 CEST	60381	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:54.049860954 CEST	53	60381	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:54.055927992 CEST	60382	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:54.073111057 CEST	53	60382	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:54.073595047 CEST	60383	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:54.093367100 CEST	53	60383	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:54.095084906 CEST	60384	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:54.114746094 CEST	53	60384	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:54.115288973 CEST	60385	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:54.135003090 CEST	53	60385	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:54.135454893 CEST	60386	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:54.154999018 CEST	53	60386	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:54.320693016 CEST	55634	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:55.331852913 CEST	55634	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:55.368313074 CEST	53	55634	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:55.379616976 CEST	55635	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:55.398617029 CEST	53	55635	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:55.399161100 CEST	55636	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:55.417046070 CEST	53	55636	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:55.417422056 CEST	55637	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:55.435185909 CEST	53	55637	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:55.435640097 CEST	55638	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:55.456170082 CEST	53	55638	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:55.456579924 CEST	55639	53	192.168.2.6	8.8.8.8
Aug 31, 2022 23:45:55.476073980 CEST	53	55639	8.8.8.8	192.168.2.6
Aug 31, 2022 23:45:55.889926910 CEST	53	55634	8.8.8.8	192.168.2.6

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 31, 2022 23:43:42.090585947 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:43:44.684494972 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:43:46.512868881 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:43:50.879545927 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:43:57.495480061 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:44:07.958151102 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:44:20.672470093 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:44:24.138535023 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:44:30.185129881 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:44:36.939229965 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:44:41.170113087 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:44:48.910731077 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:44:49.892015934 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:44:53.625788927 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:44:54.741772890 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:44:57.657238007 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:44:58.776050091 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:03.106554985 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:05.679322004 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:07.638600111 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:14.276295900 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:20.750515938 CEST	192.168.2.6	8.8.8.8	cff6	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:23.552331924 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:26.267215014 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:29.606621981 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:39.290972948 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:40.110896111 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:47.109262943 CEST	192.168.2.6	8.8.8.8	cff6	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:48.544336081 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:51.169941902 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:52.403152943 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:53.510659933 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable
Aug 31, 2022 23:45:55.890140057 CEST	192.168.2.6	8.8.8.8	d033	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 31, 2022 23:43:28.189418077 CEST	192.168.2.6	8.8.8.8	0xa574	Standard query (0)	ipv4bot.whatismyipaddress.com	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:29.258124113 CEST	192.168.2.6	8.8.8.8	0x157a	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:29.807944059 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:29.827971935 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:29.846371889 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:43:29.867950916 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:29.888154030 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:43:31.034406900 CEST	192.168.2.6	8.8.8.8	0xe7f5	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:31.077511072 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:31.097636938 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:31.119405985 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:43:31.143410921 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:31.170739889 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:43:32.248059988 CEST	192.168.2.6	8.8.8.8	0xb58e	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:32.306555986 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:32.324505091 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:32.344832897 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:43:32.365334034 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:32.383826017 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:43:34.200436115 CEST	192.168.2.6	8.8.8.8	0x5447	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:34.401488066 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:34.487617016 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:34.508060932 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:43:34.528575897 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:34.588738918 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:43:38.385130882 CEST	192.168.2.6	8.8.8.8	0xd552	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:39.376049042 CEST	192.168.2.6	8.8.8.8	0xd552	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:39.936307907 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:39.956403017 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:39.979641914 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:43:39.999758005 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:40.017874956 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:43:41.553627014 CEST	192.168.2.6	8.8.8.8	0xd289	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:41.610330105 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:41.630050898 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:41.652498007 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:43:41.673206091 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:41.693075895 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:43:43.030864954 CEST	192.168.2.6	8.8.8.8	0x36a0	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:44.065428972 CEST	192.168.2.6	8.8.8.8	0x36a0	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:44.235419989 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:44.255163908 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:44.275226116 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:43:44.295388937 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:44.313766956 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:43:45.478450060 CEST	192.168.2.6	8.8.8.8	0x6e9c	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:46.473700047 CEST	192.168.2.6	8.8.8.8	0x6e9c	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:46.532617092 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:46.559519053 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:46.582341909 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:43:46.602571964 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:46.625363111 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:43:47.643717051 CEST	192.168.2.6	8.8.8.8	0x1fde	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:48.262540102 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:48.282565117 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:48.300604105 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:43:48.319051981 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:48.342534065 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:43:49.251065969 CEST	192.168.2.6	8.8.8.8	0xdc6d	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:50.267714977 CEST	192.168.2.6	8.8.8.8	0xdc6d	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:50.891069889 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:50.908833027 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:50.926738977 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:43:50.950634003 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:50.969583988 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:43:51.967856884 CEST	192.168.2.6	8.8.8.8	0xa66c	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:52.034921885 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:52.054950953 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:52.075290918 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:43:52.093456984 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:52.113642931 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:43:55.712802887 CEST	192.168.2.6	8.8.8.8	0xe578	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:56.705502987 CEST	192.168.2.6	8.8.8.8	0xe578	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:56.792910099 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:56.812958956 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:56.837414026 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:43:56.858808041 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:56.877029896 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:43:58.408860922 CEST	192.168.2.6	8.8.8.8	0x15ad	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:58.533785105 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:58.553914070 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:58.574440002 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:43:58.594444036 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:58.614289999 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:00.717885971 CEST	192.168.2.6	8.8.8.8	0x76a5	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:00.844788074 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:00.864996910 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:00.886555910 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:00.906689882 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:00.930723906 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:02.461639881 CEST	192.168.2.6	8.8.8.8	0xe899	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:02.566622972 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:02.586426973 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:02.606976986 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:02.627433062 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:02.647686005 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:04.089490891 CEST	192.168.2.6	8.8.8.8	0x2315	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:04.744563103 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:04.765177965 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:04.785165071 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:04.805216074 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:04.825891972 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:06.382621050 CEST	192.168.2.6	8.8.8.8	0xdaab	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:07.378031969 CEST	192.168.2.6	8.8.8.8	0xdaab	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:07.470320940 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:07.490247965 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:07.510330915 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:07.531291008 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:07.555130005 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:08.953820944 CEST	192.168.2.6	8.8.8.8	0xa02d	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:09.053752899 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:09.071544886 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:09.091938019 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:09.112715960 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:09.133302927 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:10.494071960 CEST	192.168.2.6	8.8.8.8	0x26ba	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:10.565339088 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:10.587852001 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:10.607141018 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:10.627240896 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:10.647183895 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:13.952435970 CEST	192.168.2.6	8.8.8.8	0xf735	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:14.108444929 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:14.128267050 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:14.146725893 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:14.164882898 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:14.192617893 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:15.463445902 CEST	192.168.2.6	8.8.8.8	0xc22b	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:15.515043020 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:15.534929991 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:15.557965040 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:15.578774929 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:15.600002050 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:17.033523083 CEST	192.168.2.6	8.8.8.8	0x1614	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:17.107180119 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:17.126998901 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:17.199821949 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:17.220031977 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:17.245311022 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:18.446585894 CEST	192.168.2.6	8.8.8.8	0xb64b	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:19.514300108 CEST	192.168.2.6	8.8.8.8	0xb64b	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:20.504131079 CEST	192.168.2.6	8.8.8.8	0xb64b	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:20.766475916 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:20.786154032 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:20.806284904 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:20.826579094 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:20.846616030 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:22.105437040 CEST	192.168.2.6	8.8.8.8	0x5585	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:23.099241972 CEST	192.168.2.6	8.8.8.8	0x5585	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:23.377346992 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:23.403881073 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:23.422049999 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:23.440318108 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:23.460622072 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:23.853235960 CEST	192.168.2.6	8.8.8.8	0x870e	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:24.848371029 CEST	192.168.2.6	8.8.8.8	0x870e	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:24.935620070 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:24.955368042 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:24.973756075 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:24.995543957 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:25.014723063 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:26.281732082 CEST	192.168.2.6	8.8.8.8	0x5b60	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:26.319732904 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:26.339554071 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:26.364052057 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:26.384203911 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:26.402095079 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:26.826797962 CEST	192.168.2.6	8.8.8.8	0x894	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:27.360004902 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:27.377732038 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:27.397682905 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:27.416197062 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:27.434988022 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:27.849769115 CEST	192.168.2.6	8.8.8.8	0xc33	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:27.893129110 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:27.912765026 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:27.930612087 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:27.948801041 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:27.968897104 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:28.560740948 CEST	192.168.2.6	8.8.8.8	0x59c	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:29.556891918 CEST	192.168.2.6	8.8.8.8	0x59c	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:29.640669107 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:29.658618927 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:29.726897955 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:29.746959925 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:29.765193939 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:30.807333946 CEST	192.168.2.6	8.8.8.8	0x8a16	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:30.880889893 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:30.902951002 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:30.963319063 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:30.983637094 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:31.038439989 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:32.254594088 CEST	192.168.2.6	8.8.8.8	0x6ca1	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:32.873814106 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:32.895962000 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:32.915750027 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:32.941273928 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:32.965262890 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:33.473517895 CEST	192.168.2.6	8.8.8.8	0x6372	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:33.516571045 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:33.536411047 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:33.556718111 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:33.577049971 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:33.597404003 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:33.999166965 CEST	192.168.2.6	8.8.8.8	0x5b1c	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:34.582575083 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:34.602118969 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:34.622255087 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:34.642153025 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:34.662548065 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:35.045813084 CEST	192.168.2.6	8.8.8.8	0xdd95	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:35.220551968 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:35.238130093 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:35.264599085 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:35.284575939 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:35.302792072 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:35.671628952 CEST	192.168.2.6	8.8.8.8	0xee4a	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:36.677879095 CEST	192.168.2.6	8.8.8.8	0xee4a	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:36.712397099 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:36.732223988 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:36.753658056 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:36.774014950 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:36.798471928 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:37.285651922 CEST	192.168.2.6	8.8.8.8	0xd110	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:37.320348978 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:37.342111111 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:37.362092972 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:37.381872892 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:37.399636030 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:37.907648087 CEST	192.168.2.6	8.8.8.8	0x177d	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:38.446387053 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:38.465975046 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:38.484715939 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:38.502414942 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:38.522131920 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:38.911334991 CEST	192.168.2.6	8.8.8.8	0x6c8c	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:38.952085018 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:38.969748974 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:38.988154888 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:39.007949114 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:39.027584076 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:39.449382067 CEST	192.168.2.6	8.8.8.8	0x6aa3	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:39.537282944 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:39.557926893 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:39.577698946 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:39.597796917 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:39.617894888 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:40.011394024 CEST	192.168.2.6	8.8.8.8	0xea7d	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:41.008980036 CEST	192.168.2.6	8.8.8.8	0xea7d	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:41.046010017 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:41.063436985 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:41.083128929 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:41.103311062 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:41.121342897 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:41.694123030 CEST	192.168.2.6	8.8.8.8	0xab1a	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:41.820821047 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:41.838524103 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:41.858326912 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:41.878318071 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:41.898667097 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:42.354094982 CEST	192.168.2.6	8.8.8.8	0xacc3	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:42.390948057 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:42.410727024 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:42.430521965 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:42.450740099 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:42.471271992 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:42.883522987 CEST	192.168.2.6	8.8.8.8	0x56d3	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:43.423599005 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:43.443293095 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:43.471731901 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:43.492294073 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:43.512238026 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:43.926251888 CEST	192.168.2.6	8.8.8.8	0x5cfc	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:43.974957943 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:43.992635012 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:44.010315895 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:44.030719995 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:44.048963070 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:44.382122040 CEST	192.168.2.6	8.8.8.8	0x6ce9	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:44.418190002 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:44.437834978 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:44.457603931 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:44.475598097 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:44.497801065 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:44.906749010 CEST	192.168.2.6	8.8.8.8	0x3503	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:45.442172050 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:45.461186886 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:45.480446100 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:45.500682116 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:45.522003889 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:45.854546070 CEST	192.168.2.6	8.8.8.8	0xbc22	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:45.887908936 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:45.907608986 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:45.929172039 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:45.948751926 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:45.968565941 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:46.311108112 CEST	192.168.2.6	8.8.8.8	0x7051	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:46.344320059 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:46.363903046 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:46.383892059 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:46.401562929 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:46.422476053 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:46.748087883 CEST	192.168.2.6	8.8.8.8	0xaa50	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:47.783533096 CEST	192.168.2.6	8.8.8.8	0xaa50	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:48.823721886 CEST	192.168.2.6	8.8.8.8	0xaa50	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:48.830035925 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:48.847826004 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:48.868077993 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:48.937933922 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:48.958101034 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:50.444237947 CEST	192.168.2.6	8.8.8.8	0xf6e1	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:50.985032082 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:51.004868984 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:51.025084972 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:51.051028013 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:51.075094938 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:51.553877115 CEST	192.168.2.6	8.8.8.8	0x893b	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:51.600792885 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:51.620570898 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:51.640850067 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:51.663810968 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:51.684138060 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:52.075218916 CEST	192.168.2.6	8.8.8.8	0x1223	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:53.086749077 CEST	192.168.2.6	8.8.8.8	0x1223	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:53.159248114 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:53.176959038 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:53.195101976 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:53.215473890 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:53.235785961 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:53.561455011 CEST	192.168.2.6	8.8.8.8	0x812d	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:54.554263115 CEST	192.168.2.6	8.8.8.8	0x812d	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:54.627124071 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:54.646933079 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:54.665571928 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:54.685782909 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:54.703855038 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:55.064367056 CEST	192.168.2.6	8.8.8.8	0x3588	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:56.075655937 CEST	192.168.2.6	8.8.8.8	0x3588	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:56.104077101 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:56.124572992 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:56.144536972 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:56.166001081 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:56.185703039 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:56.519510984 CEST	192.168.2.6	8.8.8.8	0x745f	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:57.065381050 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:57.085031986 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:57.105081081 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:57.124924898 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:57.145411015 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:44:57.468453884 CEST	192.168.2.6	8.8.8.8	0x1e86	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:58.460675001 CEST	192.168.2.6	8.8.8.8	0x1e86	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:58.724746943 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:58.744615078 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:58.762397051 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:58.782279968 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:58.802648067 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:44:59.148394108 CEST	192.168.2.6	8.8.8.8	0x598e	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:59.188793898 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:59.208493948 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:59.228975058 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:59.249275923 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:59.269047976 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:44:59.632479906 CEST	192.168.2.6	8.8.8.8	0x1a73	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:00.236723900 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:00.266316891 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:00.304908037 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:00.327888966 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:00.351748943 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:01.047051907 CEST	192.168.2.6	8.8.8.8	0x98c5	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:01.100621939 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:01.120774984 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:01.138669968 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:01.158698082 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:01.185034037 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:01.537235975 CEST	192.168.2.6	8.8.8.8	0x6670	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:02.539155960 CEST	192.168.2.6	8.8.8.8	0x6670	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:02.621450901 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:02.641321898 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:02.662218094 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:02.682245016 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:02.703985929 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:03.045041084 CEST	192.168.2.6	8.8.8.8	0x7330	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:03.167327881 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:03.186618090 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:03.206528902 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:03.230027914 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:03.248644114 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:03.595216990 CEST	192.168.2.6	8.8.8.8	0xc2b1	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:04.131422997 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:04.151432037 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:04.173628092 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:04.193694115 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:04.211842060 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:04.562575102 CEST	192.168.2.6	8.8.8.8	0x2d1b	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:05.570563078 CEST	192.168.2.6	8.8.8.8	0x2d1b	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:05.649463892 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:05.669169903 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:05.689286947 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:05.709060907 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:05.726984024 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:06.085989952 CEST	192.168.2.6	8.8.8.8	0xbece	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:07.102210999 CEST	192.168.2.6	8.8.8.8	0xbece	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:07.130872011 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:07.148627996 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:07.166788101 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:07.190819025 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:07.210988045 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:07.536108971 CEST	192.168.2.6	8.8.8.8	0x5212	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:08.542176008 CEST	192.168.2.6	8.8.8.8	0x5212	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:08.617167950 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:08.637368917 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:08.657968044 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:08.678590059 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:08.700151920 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:09.050138950 CEST	192.168.2.6	8.8.8.8	0xb3f3	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:09.094361067 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:09.112131119 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:09.130816936 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:09.148936987 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:09.167177916 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:09.521197081 CEST	192.168.2.6	8.8.8.8	0x439f	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:10.054795027 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:10.074723005 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:10.094580889 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:10.114399910 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:10.134382963 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:10.448133945 CEST	192.168.2.6	8.8.8.8	0xccc6	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:11.075881004 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:11.093877077 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:11.111963034 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:11.129894018 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:11.147941113 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:11.464940071 CEST	192.168.2.6	8.8.8.8	0xef39	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:11.501610994 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:11.519431114 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:11.538182020 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:11.556204081 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:11.576226950 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:12.058248043 CEST	192.168.2.6	8.8.8.8	0x92a8	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:12.096239090 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:12.116146088 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:12.136667967 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:12.157481909 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:12.181438923 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:12.617562056 CEST	192.168.2.6	8.8.8.8	0x46d2	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:13.603507042 CEST	192.168.2.6	8.8.8.8	0x46d2	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:13.803756952 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:13.823400974 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:13.843635082 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:13.864005089 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:13.882213116 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:14.292866945 CEST	192.168.2.6	8.8.8.8	0xf01a	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:14.460872889 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:14.478678942 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:14.500005007 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:14.520580053 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:14.540780067 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:15.136995077 CEST	192.168.2.6	8.8.8.8	0x7c76	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:15.226294041 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:15.249386072 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:15.269351959 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:15.290256023 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:15.310184002 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:15.733643055 CEST	192.168.2.6	8.8.8.8	0x26ff	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:16.727732897 CEST	192.168.2.6	8.8.8.8	0x26ff	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:16.773322105 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:16.791073084 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:16.811045885 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:16.831037998 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:16.848920107 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:17.195213079 CEST	192.168.2.6	8.8.8.8	0x32fa	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:17.740503073 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:17.760023117 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:17.784188986 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:17.804037094 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:17.822079897 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:18.176704884 CEST	192.168.2.6	8.8.8.8	0x43f4	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:18.228538990 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:18.246350050 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:18.264694929 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:18.283247948 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:18.303570986 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:18.617186069 CEST	192.168.2.6	8.8.8.8	0xf9a1	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:18.739464045 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:18.759263992 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:18.781388998 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:18.801786900 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:18.822079897 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:19.141751051 CEST	192.168.2.6	8.8.8.8	0x53fc	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:19.178591967 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:19.198458910 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:19.218542099 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:19.238394976 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:19.258879900 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:19.579224110 CEST	192.168.2.6	8.8.8.8	0x901c	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:20.116256952 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:20.133744955 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:20.151835918 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:20.171719074 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:20.191617966 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:20.554970026 CEST	192.168.2.6	8.8.8.8	0x6652	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:21.924539089 CEST	192.168.2.6	8.8.8.8	0x6652	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:22.180754900 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:22.198497057 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:22.251710892 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:22.271616936 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:22.293889046 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:23.801573038 CEST	192.168.2.6	8.8.8.8	0x6b1a	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:24.337188959 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:24.354748011 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:24.374819994 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:24.397103071 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:24.416775942 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:24.724124908 CEST	192.168.2.6	8.8.8.8	0x46db	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:24.807276964 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:24.827188969 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:24.845854998 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:24.869816065 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:24.890115976 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:25.236032009 CEST	192.168.2.6	8.8.8.8	0x4aea	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:26.229635000 CEST	192.168.2.6	8.8.8.8	0x4aea	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:26.267462015 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:26.285005093 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:26.303054094 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:26.323010921 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:26.343034029 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:26.532789946 CEST	192.168.2.6	8.8.8.8	0xd8c1	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:26.580955029 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:26.598524094 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:26.618513107 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:26.638406038 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:26.658196926 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:26.844290018 CEST	192.168.2.6	8.8.8.8	0xa842	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:27.838044882 CEST	192.168.2.6	8.8.8.8	0xa842	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:27.871409893 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:27.889216900 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:27.910057068 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:27.934014082 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:27.954080105 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:28.130558968 CEST	192.168.2.6	8.8.8.8	0x8693	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:28.680681944 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:28.698486090 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:28.716622114 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:28.736488104 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:28.756602049 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:28.935791016 CEST	192.168.2.6	8.8.8.8	0xd7dd	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.017611980 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:29.037585974 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.057624102 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:29.077449083 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.097445965 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:29.270234108 CEST	192.168.2.6	8.8.8.8	0x9a3a	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.387746096 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:29.407810926 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.427866936 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:29.448149920 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.468832970 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:29.649353981 CEST	192.168.2.6	8.8.8.8	0x4aab	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.684885025 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:29.704402924 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.724261999 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:29.745492935 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.765614033 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:29.950278044 CEST	192.168.2.6	8.8.8.8	0xd438	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.985933065 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:30.010283947 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:30.030648947 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:30.050806046 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:30.070764065 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:30.252954006 CEST	192.168.2.6	8.8.8.8	0x3828	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:31.244724035 CEST	192.168.2.6	8.8.8.8	0x3828	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:31.877437115 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:31.895020962 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:31.915004015 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:31.933352947 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:31.953591108 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:32.136538029 CEST	192.168.2.6	8.8.8.8	0x12dd	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:32.678122044 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:32.697892904 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:32.718406916 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:32.738675117 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:32.758992910 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:32.933954954 CEST	192.168.2.6	8.8.8.8	0xb965	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:33.016643047 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:33.034612894 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:33.054661989 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:33.076659918 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:33.098684072 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:33.277739048 CEST	192.168.2.6	8.8.8.8	0x4fe0	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:33.401248932 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:33.421298027 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:33.441343069 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:33.462719917 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:33.483016968 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:33.675072908 CEST	192.168.2.6	8.8.8.8	0xfbe4	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.218529940 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:34.238634109 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.259006023 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:34.277427912 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.298140049 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:34.490065098 CEST	192.168.2.6	8.8.8.8	0x2aa3	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.570928097 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:34.590480089 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.608669996 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:34.633209944 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.651619911 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:34.833235979 CEST	192.168.2.6	8.8.8.8	0xbbb4	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.870647907 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:34.890654087 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.910660028 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:34.930943966 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.949399948 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:35.123905897 CEST	192.168.2.6	8.8.8.8	0xc45c	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:35.667711973 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:35.685539007 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:35.703871012 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:35.724077940 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:35.742268085 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:35.936270952 CEST	192.168.2.6	8.8.8.8	0xb850	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:36.933383942 CEST	192.168.2.6	8.8.8.8	0xb850	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:36.971575022 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:36.989136934 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.008989096 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:37.029062986 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.047108889 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:37.239649057 CEST	192.168.2.6	8.8.8.8	0x86e7	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.335338116 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:37.355426073 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.375782967 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:37.395998955 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.416090012 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:37.596064091 CEST	192.168.2.6	8.8.8.8	0x6b88	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.655630112 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:37.673787117 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.693886042 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:37.714101076 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.734664917 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:37.905271053 CEST	192.168.2.6	8.8.8.8	0xc3eb	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:38.917013884 CEST	192.168.2.6	8.8.8.8	0xc3eb	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:39.917289019 CEST	192.168.2.6	8.8.8.8	0xc3eb	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:39.954221964 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:39.973829031 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:39.991955042 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:40.011857986 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:40.030174971 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:40.202665091 CEST	192.168.2.6	8.8.8.8	0x85fc	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:40.819202900 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:40.839432955 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:40.857769012 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:40.877619982 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:40.897866011 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:41.100511074 CEST	192.168.2.6	8.8.8.8	0xeb3a	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:42.090756893 CEST	192.168.2.6	8.8.8.8	0xeb3a	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:42.733959913 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:42.752242088 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:42.775516033 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:42.795799971 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:42.813838959 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:43.005398989 CEST	192.168.2.6	8.8.8.8	0x79a2	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:43.079855919 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:43.099769115 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:43.119823933 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:43.138087988 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:43.158257008 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:43.341131926 CEST	192.168.2.6	8.8.8.8	0x3d7a	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:43.876570940 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:43.896303892 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:43.916182995 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:43.934540033 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:43.955051899 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:44.135931969 CEST	192.168.2.6	8.8.8.8	0x89da	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:44.172229052 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:44.191432953 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:44.209570885 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:44.232922077 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:44.253365040 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:44.436881065 CEST	192.168.2.6	8.8.8.8	0x4715	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:44.993525982 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:45.011229992 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:45.033483982 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:45.053318977 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:45.071628094 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:45.253845930 CEST	192.168.2.6	8.8.8.8	0xb4f5	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:45.799216986 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:45.816936970 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:45.835304022 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:45.853434086 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:45.873965979 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:46.065907955 CEST	192.168.2.6	8.8.8.8	0x356a	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:46.199429035 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:46.217401028 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:46.235846043 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:46.254203081 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:46.272226095 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:46.460216999 CEST	192.168.2.6	8.8.8.8	0xd84d	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:47.458210945 CEST	192.168.2.6	8.8.8.8	0xd84d	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:48.461271048 CEST	192.168.2.6	8.8.8.8	0xd84d	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:48.497889042 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:48.517877102 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:48.538109064 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:48.558568954 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:48.583139896 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:48.776711941 CEST	192.168.2.6	8.8.8.8	0xf4f9	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:49.768608093 CEST	192.168.2.6	8.8.8.8	0xf4f9	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:50.784080982 CEST	192.168.2.6	8.8.8.8	0xf4f9	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:50.816631079 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:50.836877108 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:50.857497931 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:50.878483057 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:50.898634911 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:51.079763889 CEST	192.168.2.6	8.8.8.8	0x889	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:51.655795097 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:51.673641920 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:51.692352057 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:51.716327906 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:51.736466885 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:51.931433916 CEST	192.168.2.6	8.8.8.8	0xa6c5	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:52.940356970 CEST	192.168.2.6	8.8.8.8	0xa6c5	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:52.975866079 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:52.995554924 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:53.013848066 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:53.032064915 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:53.052190065 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:53.227962971 CEST	192.168.2.6	8.8.8.8	0x9dae	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:53.764256954 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:53.787672043 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:53.807893038 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:53.826060057 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	nomoreransom.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:53.846708059 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	nomoreransom.bit	28	IN (0x0001)
Aug 31, 2022 23:45:54.023427963 CEST	192.168.2.6	8.8.8.8	0x1cf	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:54.055927992 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:54.073595047 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:54.095084906 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:54.115288973 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	emsisoft.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:54.135454893 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	emsisoft.bit	28	IN (0x0001)
Aug 31, 2022 23:45:54.320693016 CEST	192.168.2.6	8.8.8.8	0x81db	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:55.331852913 CEST	192.168.2.6	8.8.8.8	0x81db	Standard query (0)	dns1.soprodns.ru	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:55.379616976 CEST	192.168.2.6	8.8.8.8	0x1	Standard query (0)	8.8.8.8.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:55.399161100 CEST	192.168.2.6	8.8.8.8	0x2	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:55.417422056 CEST	192.168.2.6	8.8.8.8	0x3	Standard query (0)	gandcrab.bit	28	IN (0x0001)
Aug 31, 2022 23:45:55.435640097 CEST	192.168.2.6	8.8.8.8	0x4	Standard query (0)	gandcrab.bit	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:55.456579924 CEST	192.168.2.6	8.8.8.8	0x5	Standard query (0)	gandcrab.bit	28	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 31, 2022 23:43:29.787338972 CEST	8.8.8.8	192.168.2.6	0x157a	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:29.826931000 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:29.845730066 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:29.865859032 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:29.887485027 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:29.907727003 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:31.062170982 CEST	8.8.8.8	192.168.2.6	0xe7f5	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:31.096620083 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:31.118815899 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:31.139120102 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:31.163194895 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:31.188503981 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:32.284269094 CEST	8.8.8.8	192.168.2.6	0xb58e	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:32.323657990 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:32.344270945 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:32.364722967 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:32.383225918 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:32.403651953 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:34.281522036 CEST	8.8.8.8	192.168.2.6	0x5447	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:34.420568943 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:34.507476091 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:34.527868986 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:34.548209906 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:34.608354092 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:39.915618896 CEST	8.8.8.8	192.168.2.6	0xd552	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:39.955585957 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:39.976094961 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:39.999306917 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:40.017430067 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:40.037492037 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:41.581630945 CEST	8.8.8.8	192.168.2.6	0xd289	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:41.629317045 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:41.647600889 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:41.672156096 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:41.692521095 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:41.712446928 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:42.090478897 CEST	8.8.8.8	192.168.2.6	0xd552	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:44.188271999 CEST	8.8.8.8	192.168.2.6	0x36a0	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:44.254477024 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:44.274674892 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:44.294872999 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:44.312819958 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:44.331306934 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:44.684417009 CEST	8.8.8.8	192.168.2.6	0x36a0	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:46.499958038 CEST	8.8.8.8	192.168.2.6	0x6e9c	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:46.510267019 CEST	8.8.8.8	192.168.2.6	0x6e9c	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:46.551563978 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:46.579423904 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:46.602025032 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:46.622019053 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:46.644733906 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:48.172422886 CEST	8.8.8.8	192.168.2.6	0x1fde	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:48.281683922 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:48.299957037 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:48.318428040 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:48.336926937 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:48.362144947 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:50.869615078 CEST	8.8.8.8	192.168.2.6	0xdc6d	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:50.879436016 CEST	8.8.8.8	192.168.2.6	0xdc6d	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:50.908133030 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:50.926266909 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:50.948179960 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:50.969118118 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:50.989043951 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:51.996550083 CEST	8.8.8.8	192.168.2.6	0xa66c	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:52.054335117 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:52.074793100 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:52.092959881 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:52.113110065 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:52.131578922 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:56.771748066 CEST	8.8.8.8	192.168.2.6	0xe578	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:56.812232018 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:56.832400084 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:56.856908083 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:56.876498938 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:56.897021055 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:57.493695974 CEST	8.8.8.8	192.168.2.6	0xe578	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:58.437196016 CEST	8.8.8.8	192.168.2.6	0x15ad	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:58.552953005 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:43:58.573885918 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:58.593951941 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:43:58.613837957 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:43:58.632070065 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:00.746181965 CEST	8.8.8.8	192.168.2.6	0x76a5	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:00.862198114 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:00.885832071 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:00.906203032 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:00.926271915 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:00.950309992 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:02.498614073 CEST	8.8.8.8	192.168.2.6	0xe899	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:02.585666895 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:02.606394053 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:02.626574039 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:02.647193909 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:02.667031050 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:04.712783098 CEST	8.8.8.8	192.168.2.6	0x2315	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:04.763520956 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:04.784681082 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:04.804680109 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:04.822841883 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:04.843600988 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:07.404920101 CEST	8.8.8.8	192.168.2.6	0xdaab	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:07.489322901 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:07.509794950 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:07.529654026 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:07.550762892 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:07.574573040 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:07.958069086 CEST	8.8.8.8	192.168.2.6	0xdaab	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:09.030044079 CEST	8.8.8.8	192.168.2.6	0xa02d	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:09.070871115 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:09.089035034 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:09.112163067 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:09.132690907 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:09.151197910 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:10.521003008 CEST	8.8.8.8	192.168.2.6	0x26ba	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:10.584431887 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:10.605585098 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:10.625139952 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:10.645028114 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:10.664766073 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:14.085079908 CEST	8.8.8.8	192.168.2.6	0xf735	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:14.127676010 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:14.146212101 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:14.164454937 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:14.184348106 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:14.210242033 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:15.491667032 CEST	8.8.8.8	192.168.2.6	0xc22b	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:15.534033060 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:15.554707050 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:15.578181982 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:15.598711014 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:15.619543076 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:17.061666965 CEST	8.8.8.8	192.168.2.6	0x1614	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:17.126076937 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:17.199198961 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:17.219321012 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:17.244647026 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:17.262830019 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:20.621330023 CEST	8.8.8.8	192.168.2.6	0xb64b	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:20.672352076 CEST	8.8.8.8	192.168.2.6	0xb64b	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:20.785567999 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:20.805774927 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:20.825907946 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:20.846116066 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:20.866101980 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:21.033593893 CEST	8.8.8.8	192.168.2.6	0xb64b	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:23.367536068 CEST	8.8.8.8	192.168.2.6	0x5585	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:23.396424055 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:23.421693087 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:23.439786911 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:23.459907055 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:23.480061054 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:24.138417959 CEST	8.8.8.8	192.168.2.6	0x5585	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:24.916491032 CEST	8.8.8.8	192.168.2.6	0x870e	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:24.954788923 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:24.966316938 CEST	8.8.8.8	192.168.2.6	0x870e	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:24.972978115 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:24.993294001 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:25.013444901 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:25.034226894 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:26.310862064 CEST	8.8.8.8	192.168.2.6	0x5b60	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:26.338895082 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:26.359158993 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:26.383789062 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:26.401676893 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:26.420916080 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:27.353720903 CEST	8.8.8.8	192.168.2.6	0x894	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:27.377182007 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:27.397227049 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:27.415566921 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:27.433887959 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:27.454647064 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:27.878129959 CEST	8.8.8.8	192.168.2.6	0xc33	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:27.912081957 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:27.930186987 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:27.948191881 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:27.966533899 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:27.989063978 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:29.633094072 CEST	8.8.8.8	192.168.2.6	0x59c	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:29.658077955 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:29.678369999 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:29.746664047 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:29.764878988 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:29.784965992 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:30.184921026 CEST	8.8.8.8	192.168.2.6	0x59c	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:30.873771906 CEST	8.8.8.8	192.168.2.6	0x8a16	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:30.898199081 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:30.923027992 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:30.983294010 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:31.003328085 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:31.058240891 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:32.867783070 CEST	8.8.8.8	192.168.2.6	0x6ca1	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:32.892914057 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:32.913737059 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:32.935492039 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:32.960941076 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:32.982760906 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:33.501940966 CEST	8.8.8.8	192.168.2.6	0x6372	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:33.535860062 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:33.556155920 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:33.576621056 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:33.596858978 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:33.617141962 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:34.576379061 CEST	8.8.8.8	192.168.2.6	0x5b1c	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:34.601655960 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:34.621896982 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:34.641765118 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:34.662103891 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:34.682557106 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:35.214416027 CEST	8.8.8.8	192.168.2.6	0xdd95	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:35.237657070 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:35.257749081 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:35.284265041 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:35.302470922 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:35.322506905 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:36.706327915 CEST	8.8.8.8	192.168.2.6	0xee4a	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:36.731586933 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:36.750371933 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:36.773665905 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:36.791744947 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:36.816457033 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:36.939074039 CEST	8.8.8.8	192.168.2.6	0xee4a	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:37.313386917 CEST	8.8.8.8	192.168.2.6	0xd110	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:37.337385893 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:37.361768007 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:37.381539106 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:37.399224997 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:37.419363976 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:38.436364889 CEST	8.8.8.8	192.168.2.6	0x177d	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:38.465503931 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:38.484422922 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:38.502108097 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:38.521826982 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:38.539650917 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:38.938251019 CEST	8.8.8.8	192.168.2.6	0x6c8c	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:38.969208002 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:38.987540007 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:39.007621050 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:39.027304888 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:39.047132015 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:39.475492001 CEST	8.8.8.8	192.168.2.6	0x6aa3	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:39.556307077 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:39.577370882 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:39.597099066 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:39.615369081 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:39.635468960 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:41.036927938 CEST	8.8.8.8	192.168.2.6	0xea7d	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:41.062947989 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:41.082788944 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:41.102920055 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:41.121021986 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:41.141063929 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:41.169985056 CEST	8.8.8.8	192.168.2.6	0xea7d	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:41.811177969 CEST	8.8.8.8	192.168.2.6	0xab1a	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:41.837889910 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:41.857992887 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:41.877934933 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:41.898178101 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:41.918279886 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:42.382412910 CEST	8.8.8.8	192.168.2.6	0xacc3	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:42.410130024 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:42.430150986 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:42.450306892 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:42.470879078 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:42.491142035 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:43.413260937 CEST	8.8.8.8	192.168.2.6	0x56d3	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:43.442663908 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:43.460849047 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:43.491415024 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:43.511894941 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:43.531490088 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:43.961663008 CEST	8.8.8.8	192.168.2.6	0x5cfc	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:43.991935968 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:44.009932995 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:44.030059099 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:44.048516035 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:44.068895102 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:44.411514997 CEST	8.8.8.8	192.168.2.6	0x6ce9	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:44.437238932 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:44.457220078 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:44.475223064 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:44.493381023 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:44.517654896 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:45.435556889 CEST	8.8.8.8	192.168.2.6	0x3503	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:45.460696936 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:45.478576899 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:45.500251055 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:45.520853996 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:45.539642096 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:45.881977081 CEST	8.8.8.8	192.168.2.6	0xbc22	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:45.907064915 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:45.927283049 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:45.948478937 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:45.968255043 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:45.988017082 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:46.337909937 CEST	8.8.8.8	192.168.2.6	0x7051	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:46.363435984 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:46.383466005 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:46.401216030 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:46.421830893 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:46.442011118 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:48.821460009 CEST	8.8.8.8	192.168.2.6	0xaa50	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:48.847312927 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:48.867320061 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:48.885781050 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:48.910540104 CEST	8.8.8.8	192.168.2.6	0xaa50	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:48.957782030 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:48.977746010 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:49.891845942 CEST	8.8.8.8	192.168.2.6	0xaa50	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:50.972193956 CEST	8.8.8.8	192.168.2.6	0xf6e1	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:51.004219055 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:51.024416924 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:51.044862986 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:51.070853949 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:51.093216896 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:51.589247942 CEST	8.8.8.8	192.168.2.6	0x893b	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:51.620028019 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:51.640378952 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:51.660531044 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:51.683698893 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:51.703880072 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:53.151417971 CEST	8.8.8.8	192.168.2.6	0x1223	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:53.176506996 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:53.194789886 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:53.215109110 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:53.235271931 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:53.255618095 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:53.625669956 CEST	8.8.8.8	192.168.2.6	0x1223	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:54.619091034 CEST	8.8.8.8	192.168.2.6	0x812d	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:54.646353960 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:54.664908886 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:54.685338974 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:54.703402996 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:54.721267939 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:54.741657972 CEST	8.8.8.8	192.168.2.6	0x812d	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:56.097080946 CEST	8.8.8.8	192.168.2.6	0x3588	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:56.124034882 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:56.144139051 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:56.165666103 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:56.185373068 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:56.206304073 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:57.057044029 CEST	8.8.8.8	192.168.2.6	0x745f	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:57.084417105 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:57.104636908 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:57.124588966 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:57.144799948 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:57.165554047 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:57.657109976 CEST	8.8.8.8	192.168.2.6	0x3588	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:58.709364891 CEST	8.8.8.8	192.168.2.6	0x1e86	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:58.744060993 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:58.762052059 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:58.775975943 CEST	8.8.8.8	192.168.2.6	0x1e86	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:58.781868935 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:58.802098036 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:58.822364092 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:59.175309896 CEST	8.8.8.8	192.168.2.6	0x598e	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:59.208067894 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:44:59.228351116 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:59.248884916 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:44:59.268644094 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:44:59.286719084 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:00.215579033 CEST	8.8.8.8	192.168.2.6	0x1a73	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:00.255872011 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:00.286022902 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:00.325176001 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:00.348517895 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:00.371310949 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:01.091835022 CEST	8.8.8.8	192.168.2.6	0x98c5	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:01.120204926 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:01.138207912 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:01.158245087 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:01.178411007 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:01.204669952 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:02.615139008 CEST	8.8.8.8	192.168.2.6	0x6670	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:02.640677929 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:02.661689997 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:02.681889057 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:02.703619003 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:02.723409891 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:03.106302977 CEST	8.8.8.8	192.168.2.6	0x6670	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:03.158047915 CEST	8.8.8.8	192.168.2.6	0x7330	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:03.184478045 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:03.206196070 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:03.228708982 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:03.248331070 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:03.268287897 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:04.125479937 CEST	8.8.8.8	192.168.2.6	0xc2b1	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:04.150804043 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:04.172810078 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:04.193243027 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:04.211317062 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:04.231714964 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:05.642608881 CEST	8.8.8.8	192.168.2.6	0x2d1b	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:05.668690920 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:05.679235935 CEST	8.8.8.8	192.168.2.6	0x2d1b	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:05.688968897 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:05.708745956 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:05.726625919 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:05.746467113 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:07.123591900 CEST	8.8.8.8	192.168.2.6	0xbece	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:07.147948027 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:07.166426897 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:07.184499979 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:07.210597992 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:07.230631113 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:07.638503075 CEST	8.8.8.8	192.168.2.6	0xbece	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:08.604301929 CEST	8.8.8.8	192.168.2.6	0x5212	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:08.609941006 CEST	8.8.8.8	192.168.2.6	0x5212	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:08.636708975 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:08.657493114 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:08.678095102 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:08.699327946 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:08.720056057 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:09.086039066 CEST	8.8.8.8	192.168.2.6	0xb3f3	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:09.111648083 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:09.129959106 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:09.148557901 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:09.166651011 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:09.184634924 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:10.048824072 CEST	8.8.8.8	192.168.2.6	0x439f	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:10.074271917 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:10.094129086 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:10.114101887 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:10.134094954 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:10.153976917 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:11.069394112 CEST	8.8.8.8	192.168.2.6	0xccc6	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:11.093446970 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:11.111608028 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:11.129561901 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:11.147553921 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:11.167288065 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:11.493338108 CEST	8.8.8.8	192.168.2.6	0xef39	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:11.518835068 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:11.537653923 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:11.555847883 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:11.575905085 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:11.596256971 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:12.086657047 CEST	8.8.8.8	192.168.2.6	0x92a8	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:12.115483999 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:12.133847952 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:12.156578064 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:12.177124977 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:12.199208975 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:13.795871973 CEST	8.8.8.8	192.168.2.6	0x46d2	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:13.822742939 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:13.843261957 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:13.863305092 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:13.881822109 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:13.899844885 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:14.276071072 CEST	8.8.8.8	192.168.2.6	0x46d2	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:14.455116987 CEST	8.8.8.8	192.168.2.6	0xf01a	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:14.478157043 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:14.498713970 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:14.520136118 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:14.540436983 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:14.560705900 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:15.212640047 CEST	8.8.8.8	192.168.2.6	0x7c76	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:15.245517015 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:15.268943071 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:15.289814949 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:15.309674978 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:15.330753088 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:16.762197018 CEST	8.8.8.8	192.168.2.6	0x26ff	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:16.790291071 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:16.810615063 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:16.830655098 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:16.848545074 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:16.868464947 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:17.734127045 CEST	8.8.8.8	192.168.2.6	0x32fa	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:17.759524107 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:17.779627085 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:17.803694963 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:17.821728945 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:17.841531038 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:18.213179111 CEST	8.8.8.8	192.168.2.6	0x43f4	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:18.245822906 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:18.264169931 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:18.282655001 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:18.303041935 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:18.323292971 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:18.727078915 CEST	8.8.8.8	192.168.2.6	0xf9a1	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:18.758493900 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:18.779901028 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:18.801358938 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:18.821578026 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:18.839883089 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:19.169836044 CEST	8.8.8.8	192.168.2.6	0x53fc	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:19.197752953 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:19.218126059 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:19.237973928 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:19.258479118 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:19.278409958 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:20.108885050 CEST	8.8.8.8	192.168.2.6	0x901c	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:20.133389950 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:20.151463985 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:20.171344042 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:20.191129923 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:20.211190939 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:20.750307083 CEST	8.8.8.8	192.168.2.6	0x26ff	Server failure (2)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:22.173013926 CEST	8.8.8.8	192.168.2.6	0x6652	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:22.197968006 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:22.217995882 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:22.271331072 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:22.290329933 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:22.313796043 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:23.552133083 CEST	8.8.8.8	192.168.2.6	0x6652	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:24.331062078 CEST	8.8.8.8	192.168.2.6	0x6b1a	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:24.354151011 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:24.374262094 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:24.394306898 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:24.416450024 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:24.435049057 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:24.800530910 CEST	8.8.8.8	192.168.2.6	0x46db	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:24.826673985 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:24.844790936 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:24.866312027 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:24.889637947 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:24.909706116 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:26.257894039 CEST	8.8.8.8	192.168.2.6	0x4aea	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:26.267116070 CEST	8.8.8.8	192.168.2.6	0x4aea	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:26.284495115 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:26.302685022 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:26.322731018 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:26.342674017 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:26.362843990 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:26.570079088 CEST	8.8.8.8	192.168.2.6	0xd8c1	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:26.598028898 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:26.618112087 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:26.638072968 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:26.657855034 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:26.677685976 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:27.864686966 CEST	8.8.8.8	192.168.2.6	0xa842	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:27.888834953 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:27.909015894 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:27.929562092 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:27.953717947 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:27.971896887 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:28.669117928 CEST	8.8.8.8	192.168.2.6	0x8693	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:28.697978020 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:28.716156006 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:28.735982895 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:28.756066084 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:28.776252031 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:29.011524916 CEST	8.8.8.8	192.168.2.6	0xd7dd	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.037141085 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:29.057269096 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.077163935 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:29.097136974 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.117222071 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:29.381879091 CEST	8.8.8.8	192.168.2.6	0x9a3a	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.407457113 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:29.427575111 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.447861910 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:29.468513966 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.488358974 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:29.606527090 CEST	8.8.8.8	192.168.2.6	0xa842	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.678388119 CEST	8.8.8.8	192.168.2.6	0x4aab	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.704013109 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:29.723932981 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.745117903 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:29.765243053 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:29.785756111 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:29.978842020 CEST	8.8.8.8	192.168.2.6	0xd438	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:30.005171061 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:30.029825926 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:30.050517082 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:30.070476055 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:30.090724945 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:31.870630980 CEST	8.8.8.8	192.168.2.6	0x3828	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:31.870671988 CEST	8.8.8.8	192.168.2.6	0x3828	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:31.894535065 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:31.914591074 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:31.932943106 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:31.953244925 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:31.973292112 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:32.671992064 CEST	8.8.8.8	192.168.2.6	0x12dd	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:32.697273970 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:32.717818022 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:32.738121986 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:32.758621931 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:32.776418924 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:33.008081913 CEST	8.8.8.8	192.168.2.6	0xb965	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:33.033670902 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:33.052232027 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:33.074173927 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:33.096429110 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:33.116456032 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:33.391014099 CEST	8.8.8.8	192.168.2.6	0x4fe0	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:33.420255899 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:33.440869093 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:33.461447954 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:33.482673883 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:33.502680063 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:34.205842018 CEST	8.8.8.8	192.168.2.6	0xfbe4	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.237862110 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:34.258346081 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.276730061 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:34.297285080 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.317642927 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:34.563857079 CEST	8.8.8.8	192.168.2.6	0x2aa3	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.590023994 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:34.608253002 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.632611990 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:34.650960922 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.671530008 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:34.861598015 CEST	8.8.8.8	192.168.2.6	0xbbb4	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.889672041 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:34.910166979 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.930305958 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:34.948801041 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:34.966978073 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:35.659677029 CEST	8.8.8.8	192.168.2.6	0xc45c	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:35.684854031 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:35.703336000 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:35.723376036 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:35.741929054 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:35.761758089 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:36.962335110 CEST	8.8.8.8	192.168.2.6	0xb850	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:36.988629103 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:37.008464098 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.028367996 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:37.046492100 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.068111897 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:37.328402042 CEST	8.8.8.8	192.168.2.6	0x86e7	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.354845047 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:37.375205994 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.395513058 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:37.415610075 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.435617924 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:37.646131992 CEST	8.8.8.8	192.168.2.6	0x6b88	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.672806025 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:37.693382025 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.713413000 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:37.733810902 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:37.752490044 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:39.287280083 CEST	8.8.8.8	192.168.2.6	0xb850	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:39.946167946 CEST	8.8.8.8	192.168.2.6	0xc3eb	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:39.973323107 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:39.991565943 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:40.011499882 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:40.029787064 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:40.050113916 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:40.095642090 CEST	8.8.8.8	192.168.2.6	0xc3eb	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:40.110693932 CEST	8.8.8.8	192.168.2.6	0xc3eb	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:40.811549902 CEST	8.8.8.8	192.168.2.6	0x85fc	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:40.838596106 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:40.857355118 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:40.877202034 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:40.897402048 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:40.919195890 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:42.722179890 CEST	8.8.8.8	192.168.2.6	0xeb3a	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:42.751497984 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:42.772325993 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:42.795279980 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:42.813390017 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:42.831677914 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:43.071841955 CEST	8.8.8.8	192.168.2.6	0x79a2	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:43.099137068 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:43.119312048 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:43.137548923 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:43.157763004 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:43.177860975 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:43.868730068 CEST	8.8.8.8	192.168.2.6	0x3d7a	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:43.895756960 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:43.915795088 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:43.933940887 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:43.954459906 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:43.972961903 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:44.162213087 CEST	8.8.8.8	192.168.2.6	0x89da	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:44.189434052 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:44.209141016 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:44.229032993 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:44.252708912 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:44.273025990 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:44.985682964 CEST	8.8.8.8	192.168.2.6	0x4715	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:45.010627031 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:45.030633926 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:45.052932024 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:45.071058035 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:45.091566086 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:45.790606022 CEST	8.8.8.8	192.168.2.6	0xb4f5	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:45.816375017 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:45.834777117 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:45.852967024 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:45.873301029 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:45.891820908 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:46.191735983 CEST	8.8.8.8	192.168.2.6	0x356a	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:46.216659069 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:46.235269070 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:46.253509998 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:46.271697998 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:46.291834116 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:47.109087944 CEST	8.8.8.8	192.168.2.6	0xeb3a	Server failure (2)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:48.489577055 CEST	8.8.8.8	192.168.2.6	0xd84d	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:48.517317057 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:48.537610054 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:48.544222116 CEST	8.8.8.8	192.168.2.6	0xd84d	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:48.557970047 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:48.578443050 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:48.602873087 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:49.040975094 CEST	8.8.8.8	192.168.2.6	0xd84d	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:50.809185982 CEST	8.8.8.8	192.168.2.6	0xf4f9	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:50.836035967 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:50.856573105 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:50.878010035 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:50.898149967 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:50.916162014 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:51.168813944 CEST	8.8.8.8	192.168.2.6	0xf4f9	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:51.647681952 CEST	8.8.8.8	192.168.2.6	0x889	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:51.672899008 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:51.691550970 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:51.711776018 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:51.736037970 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:51.756360054 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:52.403012991 CEST	8.8.8.8	192.168.2.6	0xf4f9	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:52.968674898 CEST	8.8.8.8	192.168.2.6	0xa6c5	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:52.995096922 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:53.013417959 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:53.031677008 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:53.051702976 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:53.073030949 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:53.510509014 CEST	8.8.8.8	192.168.2.6	0xa6c5	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:53.758115053 CEST	8.8.8.8	192.168.2.6	0x9dae	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:53.783446074 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:53.807456970 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:53.825607061 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:53.846086025 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	nomoreransom.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:53.866564035 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	nomoreransom.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:54.049860954 CEST	8.8.8.8	192.168.2.6	0x1cf	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:54.073111057 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:54.093367100 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:54.114746094 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:54.135003090 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	emsisoft.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:54.154999018 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	emsisoft.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:55.368313074 CEST	8.8.8.8	192.168.2.6	0x81db	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:55.398617029 CEST	8.8.8.8	192.168.2.6	0x1	No error (0)	8.8.8.8.in-addr.arpa			PTR (Pointer record)	IN (0x0001)
Aug 31, 2022 23:45:55.417046070 CEST	8.8.8.8	192.168.2.6	0x2	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:55.435185909 CEST	8.8.8.8	192.168.2.6	0x3	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:55.456170082 CEST	8.8.8.8	192.168.2.6	0x4	Name error (3)	gandcrab.bit	none	none	A (IP address)	IN (0x0001)
Aug 31, 2022 23:45:55.476073980 CEST	8.8.8.8	192.168.2.6	0x5	Name error (3)	gandcrab.bit	none	none	28	IN (0x0001)
Aug 31, 2022 23:45:55.889926910 CEST	8.8.8.8	192.168.2.6	0x81db	Name error (3)	dns1.soprodns.ru	none	none	A (IP address)	IN (0x0001)

Target ID:	0
Start time:	23:43:19
Start date:	31/08/2022
Path:	C:\Users\user\Desktop\BUgAyPXboK.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\BUgAyPXboK.exe"
Imagebase:	0x400000
File size:	75264 bytes
MD5 hash:	DDE91B6947D2B726E5BB8F5852CECB76
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Gandcrab, Description: Yara detected Gandcrab, Source: 00000000.00000000.252253377.000000000040E000.00000008.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Gandcrab, Description: Yara detected Gandcrab, Source: 00000000.00000002.584330728.000000000040E000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low

Analysis Process: nslookup.exePID: 5424, Parent PID: 868

General

Target ID:	2
Start time:	23:43:28
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup nomoreransom.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: conhost.exePID: 5500, Parent PID: 5424

General

Target ID:	3
Start time:	23:43:28
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: nslookup.exePID: 1576, Parent PID: 868

General

Target ID:	4
Start time:	23:43:29
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup emsisoft.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: conhost.exePID: 5276, Parent PID: 1576

General

Target ID:	6
Start time:	23:43:30
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: nslookup.exePID: 5356, Parent PID: 868

General

Target ID:	7
Start time:	23:43:31
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup gandcrab.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: conhost.exePID: 5336, Parent PID: 5356

General

Target ID:	8
Start time:	23:43:31
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: nslookup.exePID: 5360, Parent PID: 868

General

Target ID:	9
Start time:	23:43:32
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup nomoreransom.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: conhost.exePID: 5340, Parent PID: 5360

General

Target ID:	10
Start time:	23:43:32
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: ykbxzh.exePID: 5500, Parent PID: 3452

General

Target ID:	12
Start time:	23:43:35
Start date:	31/08/2022
Path:	C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe"
Imagebase:	0x400000
File size:	75264 bytes
MD5 hash:	EE7A320AB14366D36D44CDC33B5E8238
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Gandcrab, Description: Yara detected Gandcrab, Source: 0000000C.00000002.292150068.0000000000412000.00000008.00000001.01000000.00000006.sdmp, Author: Joe Security Rule: JoeSecurity_Gandcrab, Description: Yara detected Gandcrab, Source: 0000000C.00000000.289414377.000000000040E000.00000008.00000001.01000000.00000006.sdmp, Author: Joe Security Rule: JoeSecurity_Gandcrab, Description: Yara detected Gandcrab, Source: 0000000C.00000002.292144226.000000000040E000.00000004.00000001.01000000.00000006.sdmp, Author: Joe Security Rule: SUSP_RANSOMWARE_Indicator_Jul20, Description: Detects ransomware indicator, Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe, Author: Florian Roth Rule: JoeSecurity_Gandcrab, Description: Yara detected Gandcrab, Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe, Author: Joe Security Rule: Gandcrab, Description: Gandcrab Payload, Source: C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe, Author: kevoreilly
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML

Analysis Process: nslookup.exePID: 4876, Parent PID: 868

General

Target ID:	14
Start time:	23:43:35
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup emsisoft.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 812, Parent PID: 4876

General

Target ID:	15
Start time:	23:43:37
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 5796, Parent PID: 868

General

Target ID:	19
Start time:	23:43:39
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup gandcrab.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 6128, Parent PID: 5796

General

Target ID:	21
Start time:	23:43:40
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 5224, Parent PID: 868

General

Target ID:	23
Start time:	23:43:41
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup nomoreransom.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 5588, Parent PID: 5224

General

Target ID:	24
Start time:	23:43:42
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: ykbxzh.exePID: 4784, Parent PID: 3452

General

Target ID:	25
Start time:	23:43:43
Start date:	31/08/2022
Path:	C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe"
Imagebase:	0x400000
File size:	75264 bytes
MD5 hash:	EE7A320AB14366D36D44CDC33B5E8238
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Gandcrab, Description: Yara detected Gandcrab, Source: 00000019.00000002.306373977.000000000040E000.00000004.00000001.01000000.00000006.sdmp, Author: Joe Security Rule: JoeSecurity_Gandcrab, Description: Yara detected Gandcrab, Source: 00000019.00000000.303643193.000000000040E000.00000008.00000001.01000000.00000006.sdmp, Author: Joe Security Rule: JoeSecurity_Gandcrab, Description: Yara detected Gandcrab, Source: 00000019.00000002.306381807.0000000000412000.00000008.00000001.01000000.00000006.sdmp, Author: Joe Security

Analysis Process: nslookup.exePID: 5572, Parent PID: 868

General

Target ID:	26
Start time:	23:43:44
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup emsisoft.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 6040, Parent PID: 5572

General

Target ID:	27
Start time:	23:43:44
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 2912, Parent PID: 868

General

Target ID:	29
Start time:	23:43:46
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup gandcrab.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 1572, Parent PID: 2912

General

Target ID:	30
Start time:	23:43:46
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 4228, Parent PID: 868

General

Target ID:	31
Start time:	23:43:48
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup nomoreransom.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 5940, Parent PID: 4228

General

Target ID:	32
Start time:	23:43:48
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 2464, Parent PID: 868

General

Target ID:	34
Start time:	23:43:50
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup emsisoft.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 3244, Parent PID: 2464

General

Target ID:	35
Start time:	23:43:51
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 3824, Parent PID: 868

General

Target ID:	36
Start time:	23:43:51
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup gandcrab.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 5896, Parent PID: 3824

General

Target ID:	37
Start time:	23:43:52
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 2208, Parent PID: 868

General

Target ID:	39
Start time:	23:43:56
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup nomoreransom.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 4628, Parent PID: 2208

General

Target ID:	40
Start time:	23:43:57
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 2852, Parent PID: 868

General

Target ID:	41
Start time:	23:43:58
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup emsisoft.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 2608, Parent PID: 2852

General

Target ID:	42
Start time:	23:43:59
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 4628, Parent PID: 868

General

Target ID:	43
Start time:	23:44:01
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup gandcrab.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 2688, Parent PID: 4628

General

Target ID:	44
Start time:	23:44:01
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 4908, Parent PID: 868

General

Target ID:	45
Start time:	23:44:02
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup nomoreransom.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 1908, Parent PID: 4908

General

Target ID:	46
Start time:	23:44:03
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 3096, Parent PID: 868

General

Target ID:	47
Start time:	23:44:04
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup emsisoft.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 1964, Parent PID: 3096

General

Target ID:	48
Start time:	23:44:05
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 644, Parent PID: 868

General

Target ID:	49
Start time:	23:44:07
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup gandcrab.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 1676, Parent PID: 644

General

Target ID:	50
Start time:	23:44:07
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 5964, Parent PID: 868

General

Target ID:	51
Start time:	23:44:09
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup nomoreransom.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 4772, Parent PID: 5964

General

Target ID:	52
Start time:	23:44:09
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 4064, Parent PID: 868

General

Target ID:	53
Start time:	23:44:10
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup emsisoft.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 5928, Parent PID: 4064

General

Target ID:	54
Start time:	23:44:11
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 2360, Parent PID: 868

General

Target ID:	55
Start time:	23:44:14
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup gandcrab.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 4856, Parent PID: 2360

General

Target ID:	56
Start time:	23:44:14
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 5728, Parent PID: 868

General

Target ID:	57
Start time:	23:44:15
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup nomoreransom.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 6052, Parent PID: 5728

General

Target ID:	58
Start time:	23:44:16
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: nslookup.exePID: 5940, Parent PID: 868

General

Target ID:	59
Start time:	23:44:17
Start date:	31/08/2022
Path:	C:\Windows\SysWOW64\nslookup.exe
Wow64 process (32bit):	true
Commandline:	nslookup emsisoft.bit dns1.soprodns.ru
Imagebase:	0xd60000
File size:	78336 bytes
MD5 hash:	8E82529D1475D67615ADCB4E1B8F4EEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Analysis Process: conhost.exePID: 6088, Parent PID: 5940

General

Target ID:	60
Start time:	23:44:17
Start date:	31/08/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Disassembly

⊘No disassembly

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Data loss prevention, File monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a connection proxy to direct network traffic between systems or act as an intermediary for network communications to a command and control server to avoid direct connections to their infrastructure. Many tools exist that enable traffic redirection through proxies or port redirection, including HTRAN , ZXProxy, and ZXPortMap. Adversaries use these types of proxies to manage command and control communications, reduce the number of simultaneous outbound network connections, provide resiliency in the face of connection loss, or to ride over existing trusted communications paths between victims to avoid suspicion. Adversaries may chain together multiple proxies to further disguise the source of malicious traffic.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report BUgAyPXboK.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\21c8026919fd094ab07ec3c180a9f210_d06ed635-68f6-4e9a-955c-4899f5f57b9a

C:\Users\user\AppData\Roaming\Microsoft\ykbxzh.exe

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Windows Analysis Report
BUgAyPXboK.exe

Description:	Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key. This may be done in order to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware) or to render data permanently inaccessible in cases where the key is not saved or transmitted.In the case of ransomware, it is typical that common user files like Office documents, PDFs, images, videos, audio, text, and source code files will be encrypted. In some cases, adversaries may encrypt critical system files, disk partitions, and the MBR.
Tactics:	Impact
Data Sources:	File monitoring, Kernel drivers, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre