Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4QamAQhoxB.exe

Overview

General Information

Sample name:4QamAQhoxB.exe
renamed because original name is a hash value
Original sample name:1ada2c6796a3486b79c5eb47fce9b19c.exe
Analysis ID:1466587
MD5:1ada2c6796a3486b79c5eb47fce9b19c
SHA1:5d78a1cabf376716fbf429e2f6f8c4ea1295ca43
SHA256:b8f1fe93386003e82a148e0efd52759bc3be7bc7088537f6d031faec54870fb3
Tags:32exe
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Uses dynamic DNS services
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Detected TCP or UDP traffic on non-standard ports
Enables debug privileges
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • 4QamAQhoxB.exe (PID: 2360 cmdline: "C:\Users\user\Desktop\4QamAQhoxB.exe" MD5: 1ADA2C6796A3486B79C5EB47FCE9B19C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
4QamAQhoxB.exeJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    4QamAQhoxB.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.3283781224.0000000004521000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000000.00000000.2027295530.0000000001832000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Process Memory Space: 4QamAQhoxB.exe PID: 2360JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for domain / URL
            Source: stevenhead.ddns.netVirustotal: Detection: 7%Perma Link
            Multi AV Scanner detection for submitted file
            Source: 4QamAQhoxB.exeReversingLabs: Detection: 73%
            Source: 4QamAQhoxB.exeVirustotal: Detection: 56%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: 4QamAQhoxB.exeJoe Sandbox ML: detected
            Source: 4QamAQhoxB.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 4QamAQhoxB.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Networking

            barindex
            Uses dynamic DNS services
            Source: unknownDNS query: name: booosisnhead.ddns.net
            Source: unknownDNS query: name: stevenhead.ddns.net
            Yara detected Generic Downloader
            Source: Yara matchFile source: 4QamAQhoxB.exe, type: SAMPLE
            Source: global trafficTCP traffic: 192.168.2.5:49704 -> 157.20.182.5:36365
            Source: Joe Sandbox ViewASN Name: FCNUniversityPublicCorporationOsakaJP FCNUniversityPublicCorporationOsakaJP
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficDNS traffic detected: DNS query: booosisnhead.ddns.net
            Source: global trafficDNS traffic detected: DNS query: stevenhead.ddns.net
            Source: 4QamAQhoxB.exe, 00000000.00000002.3282783028.0000000002717000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs 4QamAQhoxB.exe
            Source: 4QamAQhoxB.exe, 00000000.00000000.2033525770.0000000002292000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameStub.exe" vs 4QamAQhoxB.exe
            Source: 4QamAQhoxB.exeBinary or memory string: OriginalFilenameStub.exe" vs 4QamAQhoxB.exe
            Source: 4QamAQhoxB.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: classification engineClassification label: mal76.troj.evad.winEXE@1/0@18/1
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeMutant created: \Sessions\1\BaseNamedObjects\dfoipoduifdpodupifduodud9d78yd9078df098dp90yu9py7d9
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeMutant created: NULL
            Source: 4QamAQhoxB.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 4QamAQhoxB.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: 4QamAQhoxB.exeReversingLabs: Detection: 73%
            Source: 4QamAQhoxB.exeVirustotal: Detection: 56%
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeSection loaded: schannel.dllJump to behavior
            Source: 4QamAQhoxB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: 4QamAQhoxB.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
            Source: 4QamAQhoxB.exeStatic file information: File size 21362688 > 1048576
            Source: 4QamAQhoxB.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x145ea00
            Source: 4QamAQhoxB.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            Yara detected Costura Assembly Loader
            Source: Yara matchFile source: 4QamAQhoxB.exe, type: SAMPLE
            Source: Yara matchFile source: 00000000.00000002.3283781224.0000000004521000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.2027295530.0000000001832000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: 4QamAQhoxB.exe PID: 2360, type: MEMORYSTR
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeMemory allocated: 2BC0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeMemory allocated: 4520000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeMemory allocated: 6520000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exe TID: 6484Thread sleep count: 115 > 30Jump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exe TID: 6484Thread sleep time: -1035000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: 4QamAQhoxB.exeBinary or memory string: cHjLJAFJdovmcI
            Source: 4QamAQhoxB.exeBinary or memory string: NIHGfsokYOdN
            Source: 4QamAQhoxB.exe, 00000000.00000002.3283128431.00000000027B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeQueries volume information: C:\Users\user\Desktop\4QamAQhoxB.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\4QamAQhoxB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		1
            DLL Side-Loading            		2
            Virtualization/Sandbox Evasion            		OS Credential Dumping1
            Security Software Discovery            		Remote ServicesData from Local System1
            Non-Standard Port            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Disable or Modify Tools            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop ProtocolData from Removable Media1
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            DLL Side-Loading            		Security Account Manager13
            System Information Discovery            		SMB/Windows Admin SharesData from Network Shared Drive11
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            4QamAQhoxB.exe74%ReversingLabsByteCode-MSIL.Backdoor.AsyncRAT
            4QamAQhoxB.exe57%VirustotalBrowse
            4QamAQhoxB.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            stevenhead.ddns.net7%VirustotalBrowse
            booosisnhead.ddns.net1%VirustotalBrowse

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            stevenhead.ddns.net
            		157.20.182.5
            		truetrueunknown
            booosisnhead.ddns.net
            		unknown
            		unknowntrueunknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            157.20.182.5
            		stevenhead.ddns.netunknown
            		24297FCNUniversityPublicCorporationOsakaJPtrue

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1466587
            Start date and time:2024-07-03 07:19:14 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 4m 48s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:5
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:4QamAQhoxB.exe
            renamed because original name is a hash value
            Original Sample Name:1ada2c6796a3486b79c5eb47fce9b19c.exe
            Detection:MAL
            Classification:mal76.troj.evad.winEXE@1/0@18/1
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 19
            • Number of non-executed functions: 0
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Execution Graph export aborted for target 4QamAQhoxB.exe, PID 2360 because it is empty
            • Report size getting too big, too many NtReadVirtualMemory calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            01:20:03API Interceptor118x Sleep call for process: 4QamAQhoxB.exe modified

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            FCNUniversityPublicCorporationOsakaJParm4-20240623-2204.elfGet hashmaliciousMiraiBrowse
            • 157.16.140.2
            G7b98y6IWj.elfGet hashmaliciousMiraiBrowse
            • 157.20.207.4
            bot.arm7.elfGet hashmaliciousMirai, MoobotBrowse
            • 157.20.68.131
            skt.mips.elfGet hashmaliciousMiraiBrowse
            • 157.16.87.9
            1rA2CJx2rg.elfGet hashmaliciousMirai, MoobotBrowse
            • 157.20.207.8
            dLW2bzO9c1.elfGet hashmaliciousMirai, MoobotBrowse
            • 157.20.68.183
            S6hCRsyPaN.elfGet hashmaliciousMiraiBrowse
            • 163.227.120.64
            cLVA2hSNO0.elfGet hashmaliciousUnknownBrowse
            • 157.16.228.196
            RAV6MYlZkN.elfGet hashmaliciousGafgyt, MiraiBrowse
            • 157.16.140.7
            arm7.elfGet hashmaliciousMirai, MoobotBrowse
            • 157.16.228.170

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            No created / dropped files found

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Entropy (8bit):7.866869650697103
            TrID:
            • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
            • Win32 Executable (generic) a (10002005/4) 49.97%
            • Generic Win/DOS Executable (2004/3) 0.01%
            • DOS Executable Generic (2002/1) 0.01%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:4QamAQhoxB.exe
            File size:21'362'688 bytes
            MD5:1ada2c6796a3486b79c5eb47fce9b19c
            SHA1:5d78a1cabf376716fbf429e2f6f8c4ea1295ca43
            SHA256:b8f1fe93386003e82a148e0efd52759bc3be7bc7088537f6d031faec54870fb3
            SHA512:16413bb86289d46408e479cd67f71821d788fa000adce091c0bd6812b79525a236e117732416880688b2c139f0021f97270900e68a8a840c0b60bcbe5511d390
            SSDEEP:393216:MZrAUv/DWT9lrqm59DJjhe+NRDWUFnAUv/DWT9lrqm5ordQll/LY/:iml3NR3wl3Vlc
            TLSH:A927121923F8AE33D12E93B1D5F65052BBF1E416F363EB072542A6796913B006D423BB
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3wf..................E...........F.. ... F...@.. .......................`F...........`................................

            File Icon

            Icon Hash:00928e8e8686b000

            Static PE Info

            General

            Entrypoint:0x18607fe
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x667733C6 [Sat Jun 22 20:27:50 2024 UTC]
            TLS Callbacks:
            CLR (.Net) Version:v4.0.30319
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

            Entrypoint Preview

            Instruction
            jmp dword ptr [00402000h]
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x14607ac0x4f.text
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x14620000x878.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x14640000xc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000x145e8040x145ea001539c94eddd706f6e8e902704e98d135unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rsrc0x14620000x8780xa004cfdae2eee495c7daceb428056aa4576False0.366015625data4.336081225962232IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0x14640000xc0x200ede8b68aa87e515cbcdcc1d232461d26False0.041015625data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_VERSION0x14620a00x35edata0.44895591647331784
            RT_MANIFEST0x14624000x478exported SGML document, Unicode text, UTF-8 (with BOM) text0.4423076923076923

            Imports

            DLLImport
            mscoree.dll_CorExeMain

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 3, 2024 07:20:06.754947901 CEST4970436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:06.759910107 CEST3636549704157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:06.760039091 CEST4970436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:06.772550106 CEST4970436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:06.779189110 CEST3636549704157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:08.571759939 CEST3636549704157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:08.571965933 CEST4970436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:08.687763929 CEST4970436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:08.688519001 CEST4970536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:08.692751884 CEST3636549704157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:08.693548918 CEST3636549705157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:08.693634987 CEST4970536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:08.694015026 CEST4970536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:08.698960066 CEST3636549705157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:10.317802906 CEST3636549705157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:10.317895889 CEST4970536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:10.436855078 CEST4970536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:10.437921047 CEST4970636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:10.441807032 CEST3636549705157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:10.442758083 CEST3636549706157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:10.442856073 CEST4970636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:10.443317890 CEST4970636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:10.448118925 CEST3636549706157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:12.072225094 CEST3636549706157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:12.072578907 CEST4970636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:12.186218977 CEST4970636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:12.191050053 CEST3636549706157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:12.781059980 CEST4970736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:12.786406040 CEST3636549707157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:12.786530018 CEST4970736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:12.786973000 CEST4970736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:12.792260885 CEST3636549707157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:14.411881924 CEST3636549707157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:14.412004948 CEST4970736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:14.514394045 CEST4970736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:14.515234947 CEST4970836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:14.519309998 CEST3636549707157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:14.520098925 CEST3636549708157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:14.520169973 CEST4970836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:14.520469904 CEST4970836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:14.525260925 CEST3636549708157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:16.111062050 CEST3636549708157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:16.111164093 CEST4970836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:16.217423916 CEST4970836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:16.222415924 CEST3636549708157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:16.436943054 CEST4970936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:16.441910982 CEST3636549709157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:16.441986084 CEST4970936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:16.442302942 CEST4970936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:16.448285103 CEST3636549709157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:18.068375111 CEST3636549709157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:18.068496943 CEST4970936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:18.170617104 CEST4970936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:18.171629906 CEST4971036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:18.182792902 CEST3636549709157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:18.193746090 CEST3636549710157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:18.193857908 CEST4971036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:18.194133043 CEST4971036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:18.202208996 CEST3636549710157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:19.819547892 CEST3636549710157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:19.819869995 CEST4971036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:19.920828104 CEST4971036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:19.921578884 CEST4971236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:19.929699898 CEST3636549710157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:19.929712057 CEST3636549712157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:19.929832935 CEST4971236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:19.930170059 CEST4971236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:19.936182022 CEST3636549712157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:21.553452015 CEST3636549712157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:21.553531885 CEST4971236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:21.654939890 CEST4971236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:21.655734062 CEST4971936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:21.659753084 CEST3636549712157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:21.660545111 CEST3636549719157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:21.660599947 CEST4971936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:21.660881996 CEST4971936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:21.665684938 CEST3636549719157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:23.286751986 CEST3636549719157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:23.286902905 CEST4971936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:23.390183926 CEST4971936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:23.395170927 CEST3636549719157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:23.656130075 CEST4972036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:23.661566019 CEST3636549720157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:23.661659956 CEST4972036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:23.661947012 CEST4972036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:23.667699099 CEST3636549720157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:25.290476084 CEST3636549720157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:25.290571928 CEST4972036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:25.404898882 CEST4972036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:25.409800053 CEST3636549720157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:25.624975920 CEST4972136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:25.632019043 CEST3636549721157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:25.632103920 CEST4972136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:25.632422924 CEST4972136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:25.639436007 CEST3636549721157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:27.238308907 CEST3636549721157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:27.238374949 CEST4972136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:27.382584095 CEST4972136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:27.387501955 CEST3636549721157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:27.718501091 CEST4972236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:27.723491907 CEST3636549722157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:27.723577023 CEST4972236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:27.723870993 CEST4972236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:27.728676081 CEST3636549722157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:29.349215031 CEST3636549722157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:29.349407911 CEST4972236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:29.452006102 CEST4972236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:29.452838898 CEST4972336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:29.456933022 CEST3636549722157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:29.457768917 CEST3636549723157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:29.457842112 CEST4972336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:29.458080053 CEST4972336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:29.462867975 CEST3636549723157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:31.084472895 CEST3636549723157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:31.084538937 CEST4972336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:31.186181068 CEST4972336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:31.191018105 CEST3636549723157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:31.765233994 CEST4972436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:31.770399094 CEST3636549724157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:31.770500898 CEST4972436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:31.770720959 CEST4972436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:31.776020050 CEST3636549724157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:33.400298119 CEST3636549724157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:33.400377989 CEST4972436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:33.514341116 CEST4972436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:33.515371084 CEST4972536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:33.519223928 CEST3636549724157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:33.520271063 CEST3636549725157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:33.520337105 CEST4972536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:33.520648956 CEST4972536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:33.525579929 CEST3636549725157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:35.229260921 CEST3636549725157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:35.231656075 CEST4972536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:35.342648983 CEST4972536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:35.343485117 CEST4972636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:35.347567081 CEST3636549725157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:35.348253012 CEST3636549726157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:35.348321915 CEST4972636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:35.348643064 CEST4972636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:35.353419065 CEST3636549726157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:37.007909060 CEST3636549726157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:37.007971048 CEST4972636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:37.123682976 CEST4972636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:37.128835917 CEST3636549726157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:37.483999014 CEST4972736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:37.488931894 CEST3636549727157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:37.489031076 CEST4972736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:37.489331961 CEST4972736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:37.494262934 CEST3636549727157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:39.115148067 CEST3636549727157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:39.115235090 CEST4972736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:39.217516899 CEST4972736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:39.218416929 CEST4972836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:39.222989082 CEST3636549727157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:39.223583937 CEST3636549728157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:39.223664999 CEST4972836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:39.223929882 CEST4972836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:39.229737043 CEST3636549728157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:40.832521915 CEST3636549728157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:40.832614899 CEST4972836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:40.936194897 CEST4972836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:40.936902046 CEST4972936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:40.940996885 CEST3636549728157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:40.941792965 CEST3636549729157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:40.941879988 CEST4972936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:40.942142010 CEST4972936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:40.946950912 CEST3636549729157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:42.573219061 CEST3636549729157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:42.573327065 CEST4972936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:42.686450005 CEST4972936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:42.691420078 CEST3636549729157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:42.937280893 CEST4973036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:42.943347931 CEST3636549730157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:42.943425894 CEST4973036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:42.943778992 CEST4973036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:42.948693037 CEST3636549730157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:44.572516918 CEST3636549730157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:44.572710991 CEST4973036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:44.687640905 CEST4973036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:44.692527056 CEST3636549730157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:45.015393019 CEST4973136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:45.020448923 CEST3636549731157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:45.020555973 CEST4973136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:45.020915985 CEST4973136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:45.025950909 CEST3636549731157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:46.629697084 CEST3636549731157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:46.629790068 CEST4973136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:46.734190941 CEST4973136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:46.734930038 CEST4973236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:46.739130020 CEST3636549731157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:46.739825010 CEST3636549732157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:46.739916086 CEST4973236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:46.740190983 CEST4973236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:46.745089054 CEST3636549732157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:49.349908113 CEST3636549732157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:49.349932909 CEST3636549732157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:49.349986076 CEST4973236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:49.350023985 CEST4973236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:49.350193024 CEST3636549732157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:49.350233078 CEST4973236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:49.351139069 CEST3636549732157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:49.351187944 CEST4973236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:49.452008963 CEST4973236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:49.453445911 CEST4973336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:49.532066107 CEST3636549732157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:49.532080889 CEST3636549733157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:49.532195091 CEST4973336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:49.532757044 CEST4973336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:49.540999889 CEST3636549733157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:51.150054932 CEST3636549733157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:51.150304079 CEST4973336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:51.264549017 CEST4973336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:51.269355059 CEST3636549733157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:51.921598911 CEST4973436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:51.926481009 CEST3636549734157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:51.926583052 CEST4973436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:51.926939011 CEST4973436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:51.932188034 CEST3636549734157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:53.537292004 CEST3636549734157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:53.537380934 CEST4973436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:53.639478922 CEST4973436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:53.787930012 CEST3636549734157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:53.859020948 CEST4973536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:53.863919973 CEST3636549735157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:53.864017963 CEST4973536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:53.864320040 CEST4973536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:53.869154930 CEST3636549735157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:55.494616985 CEST3636549735157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:55.494739056 CEST4973536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:55.608381033 CEST4973536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:55.613167048 CEST3636549735157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:55.718658924 CEST4973636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:55.726803064 CEST3636549736157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:55.726907969 CEST4973636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:55.727185965 CEST4973636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:55.732419014 CEST3636549736157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:57.331121922 CEST3636549736157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:57.331377029 CEST4973636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:57.437155008 CEST4973636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:57.442123890 CEST3636549736157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:57.921612978 CEST4973836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:57.926486015 CEST3636549738157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:57.926569939 CEST4973836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:57.926867962 CEST4973836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:57.931665897 CEST3636549738157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:59.560548067 CEST3636549738157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:59.560884953 CEST4973836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:59.670681953 CEST4973836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:59.675600052 CEST3636549738157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:59.781228065 CEST4973936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:59.786130905 CEST3636549739157.20.182.5192.168.2.5
            Jul 3, 2024 07:20:59.786233902 CEST4973936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:59.786571026 CEST4973936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:20:59.791492939 CEST3636549739157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:01.397049904 CEST3636549739157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:01.397260904 CEST4973936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:01.498733044 CEST4973936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:01.504194975 CEST3636549739157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:01.718352079 CEST4974036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:01.724798918 CEST3636549740157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:01.724957943 CEST4974036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:01.725291014 CEST4974036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:01.730088949 CEST3636549740157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:03.371146917 CEST3636549740157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:03.371362925 CEST4974036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:03.483143091 CEST4974036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:03.484014988 CEST4974136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:03.487993002 CEST3636549740157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:03.488971949 CEST3636549741157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:03.489187956 CEST4974136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:03.489537001 CEST4974136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:03.494317055 CEST3636549741157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:05.120420933 CEST3636549741157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:05.120536089 CEST4974136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:05.233273029 CEST4974136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:05.238229990 CEST3636549741157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:05.343440056 CEST4974236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:05.348406076 CEST3636549742157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:05.348522902 CEST4974236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:05.348786116 CEST4974236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:05.353586912 CEST3636549742157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:06.960104942 CEST3636549742157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:06.960268974 CEST4974236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:07.076869965 CEST4974236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:07.081708908 CEST3636549742157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:07.396348953 CEST4974336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:07.401669025 CEST3636549743157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:07.401757002 CEST4974336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:07.402168989 CEST4974336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:07.407527924 CEST3636549743157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:09.022192955 CEST3636549743157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:09.022337914 CEST4974336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:09.139614105 CEST4974336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:09.140552998 CEST4974436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:09.244112968 CEST3636549743157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:09.244128942 CEST3636549744157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:09.244204998 CEST4974436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:09.244585991 CEST4974436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:09.249387026 CEST3636549744157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:10.850646019 CEST3636549744157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:10.850928068 CEST4974436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:10.952076912 CEST4974436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:10.957804918 CEST3636549744157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:11.218682051 CEST4974536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:11.225817919 CEST3636549745157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:11.225912094 CEST4974536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:11.226284981 CEST4974536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:11.231107950 CEST3636549745157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:12.853883982 CEST3636549745157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:12.853954077 CEST4974536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:12.967554092 CEST4974536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:12.968496084 CEST4974636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:12.972733974 CEST3636549745157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:12.973443031 CEST3636549746157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:12.973535061 CEST4974636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:12.973860025 CEST4974636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:12.979471922 CEST3636549746157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:14.600924969 CEST3636549746157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:14.602746964 CEST4974636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:14.717597961 CEST4974636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:14.718627930 CEST4974736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:14.722538948 CEST3636549746157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:14.723702908 CEST3636549747157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:14.727718115 CEST4974736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:14.728117943 CEST4974736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:14.732986927 CEST3636549747157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:16.315493107 CEST3636549747157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:16.315638065 CEST4974736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:16.420944929 CEST4974736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:16.421781063 CEST4974836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:16.425934076 CEST3636549747157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:16.426670074 CEST3636549748157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:16.426744938 CEST4974836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:16.427037001 CEST4974836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:16.431960106 CEST3636549748157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:18.034543991 CEST3636549748157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:18.034763098 CEST4974836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:18.139405012 CEST4974836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:18.140280962 CEST4974936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:18.144346952 CEST3636549748157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:18.145380020 CEST3636549749157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:18.145467043 CEST4974936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:18.145822048 CEST4974936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:18.150640011 CEST3636549749157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:19.761476040 CEST3636549749157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:19.761698961 CEST4974936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:19.873774052 CEST4974936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:19.874682903 CEST4975036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:19.878705025 CEST3636549749157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:19.879592896 CEST3636549750157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:19.879673004 CEST4975036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:19.879950047 CEST4975036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:19.885340929 CEST3636549750157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:21.505621910 CEST3636549750157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:21.505716085 CEST4975036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:21.608215094 CEST4975036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:21.613029003 CEST3636549750157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:21.937515020 CEST4975136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:21.942701101 CEST3636549751157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:21.942789078 CEST4975136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:21.943161964 CEST4975136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:21.948663950 CEST3636549751157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:23.550729036 CEST3636549751157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:23.550833941 CEST4975136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:23.654989958 CEST4975136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:23.659899950 CEST3636549751157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:23.765264988 CEST4975236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:23.771223068 CEST3636549752157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:23.771305084 CEST4975236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:23.771610022 CEST4975236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:23.778727055 CEST3636549752157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:25.383038044 CEST3636549752157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:25.383109093 CEST4975236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:25.499016047 CEST4975236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:25.500963926 CEST4975336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:25.504060984 CEST3636549752157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:25.505951881 CEST3636549753157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:25.506083965 CEST4975336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:25.506755114 CEST4975336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:25.512963057 CEST3636549753157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:27.133050919 CEST3636549753157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:27.133124113 CEST4975336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:27.248830080 CEST4975336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:27.250108004 CEST4975436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:27.253748894 CEST3636549753157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:27.255036116 CEST3636549754157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:27.255106926 CEST4975436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:27.258321047 CEST4975436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:27.263113976 CEST3636549754157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:28.883590937 CEST3636549754157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:28.883860111 CEST4975436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:29.037062883 CEST4975436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:29.038091898 CEST4975536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:29.132925034 CEST3636549754157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:29.132945061 CEST3636549755157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:29.133110046 CEST4975536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:29.133692026 CEST4975536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:29.139739990 CEST3636549755157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:30.759429932 CEST3636549755157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:30.759496927 CEST4975536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:30.873795033 CEST4975536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:30.874746084 CEST4975636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:30.878777981 CEST3636549755157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:30.879646063 CEST3636549756157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:30.879726887 CEST4975636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:30.879995108 CEST4975636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:30.886439085 CEST3636549756157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:32.506867886 CEST3636549756157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:32.506956100 CEST4975636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:32.608278990 CEST4975636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:32.609092951 CEST4975736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:32.615708113 CEST3636549756157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:32.616585970 CEST3636549757157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:32.616657972 CEST4975736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:32.616980076 CEST4975736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:32.621959925 CEST3636549757157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:34.241908073 CEST3636549757157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:34.242011070 CEST4975736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:34.358159065 CEST4975736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:34.363070965 CEST3636549757157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:34.609446049 CEST4975836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:34.614434004 CEST3636549758157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:34.614525080 CEST4975836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:34.614836931 CEST4975836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:34.621423006 CEST3636549758157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:36.224271059 CEST3636549758157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:36.225519896 CEST4975836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:36.327064037 CEST4975836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:36.333827972 CEST3636549758157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:36.437149048 CEST4975936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:36.622750044 CEST3636549759157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:36.622915983 CEST4975936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:36.623414040 CEST4975936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:36.631154060 CEST3636549759157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:38.259063005 CEST3636549759157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:38.259300947 CEST4975936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:38.373822927 CEST4975936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:38.378947973 CEST3636549759157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:38.593625069 CEST4976036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:38.599526882 CEST3636549760157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:38.599636078 CEST4976036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:38.599930048 CEST4976036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:38.605695009 CEST3636549760157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:40.266283035 CEST3636549760157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:40.266412020 CEST4976036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:40.373810053 CEST4976036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:40.374723911 CEST4976136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:40.383482933 CEST3636549760157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:40.383497953 CEST3636549761157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:40.383584023 CEST4976136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:40.383939981 CEST4976136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:40.391766071 CEST3636549761157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:42.007745028 CEST3636549761157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:42.007913113 CEST4976136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:42.123771906 CEST4976136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:42.124761105 CEST4976236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:42.128843069 CEST3636549761157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:42.129848003 CEST3636549762157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:42.129973888 CEST4976236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:42.130259037 CEST4976236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:42.135039091 CEST3636549762157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:43.759907007 CEST3636549762157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:43.759982109 CEST4976236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:43.874531031 CEST4976236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:43.875332117 CEST4976336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:43.879704952 CEST3636549762157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:43.880594015 CEST3636549763157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:43.880673885 CEST4976336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:43.880954981 CEST4976336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:43.886034966 CEST3636549763157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:45.509299994 CEST3636549763157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:45.509392977 CEST4976336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:45.623842955 CEST4976336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:45.624727011 CEST4976436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:45.632396936 CEST3636549763157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:45.633064032 CEST3636549764157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:45.633142948 CEST4976436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:45.633476973 CEST4976436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:45.640263081 CEST3636549764157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:47.294672966 CEST3636549764157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:47.295485973 CEST4976436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:47.405056953 CEST4976436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:47.410057068 CEST3636549764157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:47.876888037 CEST4976536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:47.882716894 CEST3636549765157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:47.882863998 CEST4976536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:47.883235931 CEST4976536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:47.888057947 CEST3636549765157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:49.507117987 CEST3636549765157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:49.507371902 CEST4976536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:49.608203888 CEST4976536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:49.609072924 CEST4976636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:49.613302946 CEST3636549765157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:49.614109039 CEST3636549766157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:49.614212990 CEST4976636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:49.614634037 CEST4976636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:49.619565010 CEST3636549766157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:51.207140923 CEST3636549766157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:51.207262993 CEST4976636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:51.311491013 CEST4976636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:51.316494942 CEST3636549766157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:51.531011105 CEST4976736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:51.536022902 CEST3636549767157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:51.536113024 CEST4976736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:51.536436081 CEST4976736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:51.541266918 CEST3636549767157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:53.146481991 CEST3636549767157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:53.146675110 CEST4976736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:53.249051094 CEST4976736365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:53.249898911 CEST4976836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:53.254009962 CEST3636549767157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:53.254755974 CEST3636549768157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:53.254838943 CEST4976836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:53.255115032 CEST4976836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:53.259968996 CEST3636549768157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:54.847719908 CEST3636549768157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:54.847903967 CEST4976836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:54.951967955 CEST4976836365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:54.952946901 CEST4976936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:54.957195997 CEST3636549768157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:54.958142996 CEST3636549769157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:54.958234072 CEST4976936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:54.958558083 CEST4976936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:54.963634968 CEST3636549769157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:56.550868034 CEST3636549769157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:56.550971985 CEST4976936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:56.655276060 CEST4976936365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:56.660336018 CEST3636549769157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:56.906104088 CEST4977036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:56.913737059 CEST3636549770157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:56.913829088 CEST4977036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:56.914139986 CEST4977036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:56.935466051 CEST3636549770157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:58.556103945 CEST3636549770157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:58.556258917 CEST4977036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:58.670885086 CEST4977036365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:58.671907902 CEST4977136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:58.678616047 CEST3636549770157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:58.679517031 CEST3636549771157.20.182.5192.168.2.5
            Jul 3, 2024 07:21:58.679600954 CEST4977136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:58.679912090 CEST4977136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:21:58.686564922 CEST3636549771157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:00.304435968 CEST3636549771157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:00.304533958 CEST4977136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:00.420701027 CEST4977136365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:00.425578117 CEST3636549771157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:00.531177044 CEST4977236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:00.536267996 CEST3636549772157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:00.536358118 CEST4977236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:00.536693096 CEST4977236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:00.542821884 CEST3636549772157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:02.166728020 CEST3636549772157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:02.166920900 CEST4977236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:02.280101061 CEST4977236365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:02.285860062 CEST3636549772157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:02.531188011 CEST4977336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:02.536274910 CEST3636549773157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:02.536369085 CEST4977336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:02.536767960 CEST4977336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:02.541832924 CEST3636549773157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:04.165597916 CEST3636549773157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:04.165668964 CEST4977336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:04.280194998 CEST4977336365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:04.281239033 CEST4977436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:04.285053015 CEST3636549773157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:04.286057949 CEST3636549774157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:04.286134958 CEST4977436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:04.286528111 CEST4977436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:04.291347980 CEST3636549774157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:05.918029070 CEST3636549774157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:05.919357061 CEST4977436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:06.030129910 CEST4977436365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:06.030966043 CEST4977536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:06.035046101 CEST3636549774157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:06.035933018 CEST3636549775157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:06.036089897 CEST4977536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:06.036350965 CEST4977536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:06.041151047 CEST3636549775157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:07.680577040 CEST3636549775157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:07.682790041 CEST4977536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:07.795696020 CEST4977536365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:07.800542116 CEST3636549775157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:07.946688890 CEST4977636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:07.951574087 CEST3636549776157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:07.951674938 CEST4977636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:07.952073097 CEST4977636365192.168.2.5157.20.182.5
            Jul 3, 2024 07:22:07.956929922 CEST3636549776157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:09.595813990 CEST3636549776157.20.182.5192.168.2.5
            Jul 3, 2024 07:22:09.595892906 CEST4977636365192.168.2.5157.20.182.5

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 3, 2024 07:20:06.270587921 CEST5101253192.168.2.51.1.1.1
            Jul 3, 2024 07:20:06.418800116 CEST53510121.1.1.1192.168.2.5
            Jul 3, 2024 07:20:06.530574083 CEST6329253192.168.2.51.1.1.1
            Jul 3, 2024 07:20:06.751343966 CEST53632921.1.1.1192.168.2.5
            Jul 3, 2024 07:20:12.187232971 CEST6001353192.168.2.51.1.1.1
            Jul 3, 2024 07:20:12.336785078 CEST53600131.1.1.1192.168.2.5
            Jul 3, 2024 07:20:23.391061068 CEST5400053192.168.2.51.1.1.1
            Jul 3, 2024 07:20:23.539515018 CEST53540001.1.1.1192.168.2.5
            Jul 3, 2024 07:20:31.186886072 CEST4975653192.168.2.51.1.1.1
            Jul 3, 2024 07:20:31.333659887 CEST53497561.1.1.1192.168.2.5
            Jul 3, 2024 07:20:37.124351025 CEST5345653192.168.2.51.1.1.1
            Jul 3, 2024 07:20:37.265719891 CEST53534561.1.1.1192.168.2.5
            Jul 3, 2024 07:20:42.687163115 CEST6462053192.168.2.51.1.1.1
            Jul 3, 2024 07:20:42.835455894 CEST53646201.1.1.1192.168.2.5
            Jul 3, 2024 07:20:51.265043020 CEST5519453192.168.2.51.1.1.1
            Jul 3, 2024 07:20:51.488523960 CEST53551941.1.1.1192.168.2.5
            Jul 3, 2024 07:20:57.437927008 CEST5389553192.168.2.51.1.1.1
            Jul 3, 2024 07:20:57.660506964 CEST53538951.1.1.1192.168.2.5
            Jul 3, 2024 07:21:05.233859062 CEST5573653192.168.2.51.1.1.1
            Jul 3, 2024 07:21:05.241276979 CEST53557361.1.1.1192.168.2.5
            Jul 3, 2024 07:21:07.077672005 CEST5034553192.168.2.51.1.1.1
            Jul 3, 2024 07:21:07.299282074 CEST53503451.1.1.1192.168.2.5
            Jul 3, 2024 07:21:10.952759981 CEST6182053192.168.2.51.1.1.1
            Jul 3, 2024 07:21:11.101780891 CEST53618201.1.1.1192.168.2.5
            Jul 3, 2024 07:21:21.608901978 CEST5967253192.168.2.51.1.1.1
            Jul 3, 2024 07:21:21.830102921 CEST53596721.1.1.1192.168.2.5
            Jul 3, 2024 07:21:34.358993053 CEST5779253192.168.2.51.1.1.1
            Jul 3, 2024 07:21:34.499393940 CEST53577921.1.1.1192.168.2.5
            Jul 3, 2024 07:21:47.405782938 CEST5449753192.168.2.51.1.1.1
            Jul 3, 2024 07:21:47.554276943 CEST53544971.1.1.1192.168.2.5
            Jul 3, 2024 07:21:56.656024933 CEST5794153192.168.2.51.1.1.1
            Jul 3, 2024 07:21:56.803877115 CEST53579411.1.1.1192.168.2.5
            Jul 3, 2024 07:22:02.280627012 CEST5319253192.168.2.51.1.1.1
            Jul 3, 2024 07:22:02.422175884 CEST53531921.1.1.1192.168.2.5
            Jul 3, 2024 07:22:07.796844006 CEST5460853192.168.2.51.1.1.1
            Jul 3, 2024 07:22:07.945842028 CEST53546081.1.1.1192.168.2.5

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Jul 3, 2024 07:20:06.270587921 CEST192.168.2.51.1.1.10x88a8Standard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:20:06.530574083 CEST192.168.2.51.1.1.10x7319Standard query (0)stevenhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:20:12.187232971 CEST192.168.2.51.1.1.10x4a0eStandard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:20:23.391061068 CEST192.168.2.51.1.1.10x4ba2Standard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:20:31.186886072 CEST192.168.2.51.1.1.10xaff6Standard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:20:37.124351025 CEST192.168.2.51.1.1.10xc980Standard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:20:42.687163115 CEST192.168.2.51.1.1.10xff5aStandard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:20:51.265043020 CEST192.168.2.51.1.1.10x2730Standard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:20:57.437927008 CEST192.168.2.51.1.1.10xfce4Standard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:21:05.233859062 CEST192.168.2.51.1.1.10xa0f9Standard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:21:07.077672005 CEST192.168.2.51.1.1.10xe720Standard query (0)stevenhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:21:10.952759981 CEST192.168.2.51.1.1.10x11e4Standard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:21:21.608901978 CEST192.168.2.51.1.1.10x3f69Standard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:21:34.358993053 CEST192.168.2.51.1.1.10xa53aStandard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:21:47.405782938 CEST192.168.2.51.1.1.10x20ffStandard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:21:56.656024933 CEST192.168.2.51.1.1.10x9f45Standard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:22:02.280627012 CEST192.168.2.51.1.1.10x7fcdStandard query (0)booosisnhead.ddns.netA (IP address)IN (0x0001)false
            Jul 3, 2024 07:22:07.796844006 CEST192.168.2.51.1.1.10x8ab9Standard query (0)stevenhead.ddns.netA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Jul 3, 2024 07:20:06.751343966 CEST1.1.1.1192.168.2.50x7319No error (0)stevenhead.ddns.net157.20.182.5A (IP address)IN (0x0001)false
            Jul 3, 2024 07:21:07.299282074 CEST1.1.1.1192.168.2.50xe720No error (0)stevenhead.ddns.net157.20.182.5A (IP address)IN (0x0001)false
            Jul 3, 2024 07:22:07.945842028 CEST1.1.1.1192.168.2.50x8ab9No error (0)stevenhead.ddns.net157.20.182.5A (IP address)IN (0x0001)false

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            System Behavior

            General

            Target ID:0
            Start time:01:20:02
            Start date:03/07/2024
            Path:C:\Users\user\Desktop\4QamAQhoxB.exe
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\Desktop\4QamAQhoxB.exe"
            Imagebase:0xe30000
            File size:21'362'688 bytes
            MD5 hash:1ADA2C6796A3486B79C5EB47FCE9B19C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3283781224.0000000004521000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.2027295530.0000000001832000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
            Reputation:low
            Has exited:false

            Disassembly

            Reset < >

              Executed Functions

              Function 02BC188F Relevance: 5.4, Strings: 4, Instructions: 443COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID: a]q$ a]q$,$xaq
              • API String ID: 0-452644037
              • Opcode ID: 83f4da467d39209a5e07e6f3563a7c6ff60a8e6146c56e2e43260828ad562aec
              • Instruction ID: 0397f7a24c43c08523a27b6bb026f919c055f314aeae91360c8297dbbbdfa9fe
              • Opcode Fuzzy Hash: 83f4da467d39209a5e07e6f3563a7c6ff60a8e6146c56e2e43260828ad562aec
              • Instruction Fuzzy Hash: 87026B30B102059FC714DF78D594B6E7BA2AF85310F2089ADE405AF3A5DF75AC4ACB80
              Function 02BC1ACA Relevance: 3.9, Strings: 3, Instructions: 183COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID: a]q$ a]q$xaq
              • API String ID: 0-315583803
              • Opcode ID: 1e73014ce13fbd37d6a17203e5dba512d8931636faf97b9c44e7213c1ab105a1
              • Instruction ID: 2ed8f7090ff278acc93ea93fbe2fae5c25bb28afb3c03e6b480d258f1b2cb853
              • Opcode Fuzzy Hash: 1e73014ce13fbd37d6a17203e5dba512d8931636faf97b9c44e7213c1ab105a1
              • Instruction Fuzzy Hash: E4616A70B402049FD754DF38D844B6E7BA6EF85350F2089ADD4069F3A5DBB5A849CB80
              Function 02BC1020 Relevance: 3.9, Strings: 3, Instructions: 158COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID: (aq$Te]q$d6p
              • API String ID: 0-967301506
              • Opcode ID: 298b1a7aabd7287b47016bdd9f3ed8a05652b97b5b910457d0dc555d4dd1d1b3
              • Instruction ID: 6c96df7b89699d72a8174efb1a77882800b6a86a24b541a1fb0eb0cb940c669e
              • Opcode Fuzzy Hash: 298b1a7aabd7287b47016bdd9f3ed8a05652b97b5b910457d0dc555d4dd1d1b3
              • Instruction Fuzzy Hash: 59518F34B105149FC744DF7DC458AAEBBF2EF89710F2580A9E806EB3A5DA75DC028B90
              Function 02BC0E88 Relevance: 2.6, Strings: 2, Instructions: 131COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID: Haq$dLcq
              • API String ID: 0-1713614415
              • Opcode ID: 6fedc32bbe7d530bc9d6a5c89fc51e1dae5283433390100a8dd9c1f1cf58f938
              • Instruction ID: 10ec238d6a633040e2652e04562fc9fea8cce5e91e5ce4bd01b08413be81f616
              • Opcode Fuzzy Hash: 6fedc32bbe7d530bc9d6a5c89fc51e1dae5283433390100a8dd9c1f1cf58f938
              • Instruction Fuzzy Hash: 80419031B002148FDB15EF69D454AAEBBF6EF89304F2448A9E406DB3A1DA74DC45CB91
              Function 02BC0E78 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID: dLcq
              • API String ID: 0-2236789282
              • Opcode ID: 3355d7b743eacec7c778c43024fc6e06f516035b465a60e83bb682f995cc2191
              • Instruction ID: 3038fa8869032e865b3f9b6f5f644d19ec45c5735b78a97924098c3e0aa9eece
              • Opcode Fuzzy Hash: 3355d7b743eacec7c778c43024fc6e06f516035b465a60e83bb682f995cc2191
              • Instruction Fuzzy Hash: 1A418E71A00209DFDB15DF68C494AAEBFF2FF89304F1445AAE401AB3A1DB759D49CB90
              Function 02BC14A1 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID: LR]q
              • API String ID: 0-3081347316
              • Opcode ID: 5166319a5e32b13a7950320e43bdda84d46f91e8ad27aea815b844ae3a64f2ea
              • Instruction ID: 8ae711fe83aeacb3cc8e6883dda549300e58e27303780b8fabea5dc5b91090ce
              • Opcode Fuzzy Hash: 5166319a5e32b13a7950320e43bdda84d46f91e8ad27aea815b844ae3a64f2ea
              • Instruction Fuzzy Hash: 2F31BF34F102168FCB54DB788455A6EBBF6BF89204F2440ADE50AEB362DE30DC02CB91
              Function 02BC0C08 Relevance: .1, Instructions: 131COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 832cbca6b549eb5e33f74e0af5b7a83715816c3103952946383c9e2a466a8cf6
              • Instruction ID: 210853f6f357bb3c7ee7d07466ebee559ab893d646abc94bb1d4d260e3f8f0e1
              • Opcode Fuzzy Hash: 832cbca6b549eb5e33f74e0af5b7a83715816c3103952946383c9e2a466a8cf6
              • Instruction Fuzzy Hash: D151B330A60205CFC725EB34E4999593F67FF8A349750496EE4028B225FF39994ADF80
              Function 02BC1338 Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4a288de24c4168c208cacb0ea7bd3029eb6a3905b86bc48fe879384cb1469639
              • Instruction ID: a94315948803bb94282cc262141a0564587865386290c002541a4fe853baccf3
              • Opcode Fuzzy Hash: 4a288de24c4168c208cacb0ea7bd3029eb6a3905b86bc48fe879384cb1469639
              • Instruction Fuzzy Hash: 05419471F00209AFCB04EFBD85546AEFBF6EFC4300F2485A9D859D7346DA3499428B90
              Function 0295D4A0 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3283331061.000000000295D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0295D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_295d000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6eb630bb263684fc77edc8187ffccf1e13f0458c7d220ee0a7b6371321a18d86
              • Instruction ID: 86d578d2b97fd96b905c383b3e02bddfcb4e5caf840461721cfffbed7e0492da
              • Opcode Fuzzy Hash: 6eb630bb263684fc77edc8187ffccf1e13f0458c7d220ee0a7b6371321a18d86
              • Instruction Fuzzy Hash: D4210371604200DFDB05DF14D9C0B26BF69FB88318F20C569ED0A0A25AC33AD456CBB2
              Function 02BC0B18 Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2e1143600876780c0d7481f1348b147bb700694d03b8dff0e1e4aa81b6b1e5ad
              • Instruction ID: ec774c96b0cfb60f60bf6a54dd53e07063f79c6bdd68f2f724cd6a85199be9f9
              • Opcode Fuzzy Hash: 2e1143600876780c0d7481f1348b147bb700694d03b8dff0e1e4aa81b6b1e5ad
              • Instruction Fuzzy Hash: 5D115630A54246DFDB64FB79985972A3BA5BF1538DB608CADE813C3290FB248544CF62
              Function 02BC0B28 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3258aebb05559d1f2436487cdabae3f0b607558434e8d57fffd1f4f7a86f89cd
              • Instruction ID: 6d83bdd91d214655292ba4b8cb10cdb05c8e9c5b7c68abf028c5076592a5c541
              • Opcode Fuzzy Hash: 3258aebb05559d1f2436487cdabae3f0b607558434e8d57fffd1f4f7a86f89cd
              • Instruction Fuzzy Hash: D3115B30A54246CFDB64FB79985872E7AA5FF0434CB204CADE417C7140FF248544CB62
              Function 0295D49B Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3283331061.000000000295D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0295D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_295d000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
              • Instruction ID: c4dc1f878d8a8e9db28aba6d15ff9179689d05b95942b683d27620aa0085da58
              • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
              • Instruction Fuzzy Hash: 9B11D376504240CFDB16CF14D5C4B16BF71FB84324F24C5A9DD094B25AC336D45ACBA2
              Function 02BC15A8 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3275a8c9984c764d5ea34976a56f06c894b5819ac6174c9dd424509175154990
              • Instruction ID: 23c0ddc8cc4f5e158db5d80b25043df22d56334b135318e207cea4c2765c7276
              • Opcode Fuzzy Hash: 3275a8c9984c764d5ea34976a56f06c894b5819ac6174c9dd424509175154990
              • Instruction Fuzzy Hash: 9A117930B102059FCB64EBBD940562A3BE6FF8921472008BEE40ADB356EE39D845CB91
              Function 02BC1599 Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6f7d07720a98af28adfaa709d9eb53c0ad99f0255dbda0751030d5ad87a71c21
              • Instruction ID: da7be3ec63e9802b9ee3c1f7d0ea1d18bd3bd2622dfe93e5588d42ce396eed9c
              • Opcode Fuzzy Hash: 6f7d07720a98af28adfaa709d9eb53c0ad99f0255dbda0751030d5ad87a71c21
              • Instruction Fuzzy Hash: A5117074B10205CFCB64EF79D44556A7BB2FF89215B1004BEE00ADB351EB34C846CB51
              Function 02BC1809 Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 37035185ed41859d749fc7f213b74c4a709c73d47ebaf1640c64c7215e073483
              • Instruction ID: ec8a52b4d640c7a92429b3ed37da5a43a586641c9e766e3e11908ee43272cba7
              • Opcode Fuzzy Hash: 37035185ed41859d749fc7f213b74c4a709c73d47ebaf1640c64c7215e073483
              • Instruction Fuzzy Hash: 1A017171F162558FDB14EB7880557AE7BB1EF45708B1400ADC819AB342EB306901CB91
              Function 02BC0BF2 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8fdd29ed16fba7817423901380a1bdf8a1a5a324ae4a75c9a63b3bde8d27150
              • Instruction ID: a415ca692215075f98cd8a5efebad9a80d0a1a91269411e59e8ffbda56dfa0c3
              • Opcode Fuzzy Hash: d8fdd29ed16fba7817423901380a1bdf8a1a5a324ae4a75c9a63b3bde8d27150
              • Instruction Fuzzy Hash: 8CC08C30CC8208CFD300B3B4D00CB287B20AB4834CF604CD8E103870A1AA6C06A8CB26
              Function 02BC0BD6 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65fcacc35c70d709fc5444c8c218d8eab042b44320bd618d28d51dadb56f4a5c
              • Instruction ID: c50f0092642bf6690369e30d813f2c6ce49b8aec4a698a572a838c74ba880ee5
              • Opcode Fuzzy Hash: 65fcacc35c70d709fc5444c8c218d8eab042b44320bd618d28d51dadb56f4a5c
              • Instruction Fuzzy Hash: C4C08C30CC8288CFD300B3B8D01CB287B20AB4434CF608CDDE103870A19A6C06A8CF26
              Function 02BC084A Relevance: .0, Instructions: 6COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e457b30a9a61319ad0e3a507f55c7cbbf1d9cceceafb64fe81b1716208c485a6
              • Instruction ID: 48227a9cc9e4fa42c9591dfd2c1f5731415b3c930c613f07bae07afb97d77f6c
              • Opcode Fuzzy Hash: e457b30a9a61319ad0e3a507f55c7cbbf1d9cceceafb64fe81b1716208c485a6
              • Instruction Fuzzy Hash: 9CB01271880248678F902A7030C70DC3F2495200A5B550054994F4114295268816AB00
              Function 02BC0850 Relevance: .0, Instructions: 5COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.3283572530.0000000002BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_2bc0000_4QamAQhoxB.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 253f7feab8888bd049e86f63ef9d73d34193c9338aa03178229fd7906bab144d
              • Instruction ID: 99ad670cecfc4b07ecf3a43be6f1c6bd6fc971c3fbc6bb2617164f303808260d
              • Opcode Fuzzy Hash: 253f7feab8888bd049e86f63ef9d73d34193c9338aa03178229fd7906bab144d
              • Instruction Fuzzy Hash: 9990023148460C8B4A803B957409559775CA544595B854451A50E426015A55A4247595