Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report dllhost.exe

Overview

General Information

Sample Name:dllhost.exe
Analysis ID:486542
MD5:fb4c1f5ec7701209f0a1dcd0726dc403
SHA1:fed324a956bb72fc10928806d887ecd4556a1f3a
SHA256:e75d883d14ab80d900fc21bd6ea9bc3bafc77f7fd31ddf66fa715833e71e8013
Infos:

Most interesting Screenshot:

Detection

Nanominer
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

System process connects to network (likely due to code injection or exploit)
Yara detected Nanominer
Hides threads from debuggers
Found strings related to Crypto-Mining
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
DNS related to crypt mining pools
Machine Learning detection for sample
Queries the volume information (name, serial number etc) of a device
PE file contains an invalid checksum
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
May sleep (evasive loops) to hinder dynamic analysis
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Contains capabilities to detect virtual machines
PE file contains more sections than normal
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
IP address seen in connection with other malware
Entry point lies outside standard sections
Abnormal high CPU Usage

Classification

Process Tree

  • System is w10x64
  • dllhost.exe (PID: 2276 cmdline: 'C:\Users\user\Desktop\dllhost.exe' MD5: FB4C1F5EC7701209F0A1DCD0726DC403)
    • conhost.exe (PID: 5356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpJoeSecurity_NanominerYara detected NanominerJoe Security
    Process Memory Space: dllhost.exe PID: 2276JoeSecurity_NanominerYara detected NanominerJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.3.dllhost.exe.28fa8880000.0.unpackJoeSecurity_NanominerYara detected NanominerJoe Security

        Sigma Overview

        No Sigma rule has matched

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Machine Learning detection for sampleShow sources
        Source: dllhost.exeJoe Sandbox ML: detected

        Bitcoin Miner:

        barindex
        Yara detected NanominerShow sources
        Source: Yara matchFile source: 1.3.dllhost.exe.28fa8880000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: dllhost.exe PID: 2276, type: MEMORYSTR
        Found strings related to Crypto-MiningShow sources
        Source: dllhost.exeString found in binary or memory: .?AV?$_Binder@U_Unforced@std@@P8IClient@@EAAXAEBV?$variant@UEthashResult@@UCryptonightResult@@UVerusHashResult@@@2@AEBV?$variant@UEthashTask@@UCryptonightInput@@UVerusHashInput@@@2@V?$shared_ptr@UDevice@@@2@@ZAEAPEAV3@AEBU?$_Ph@$00@2@AEBU?$_Ph@$01@2@AEAV62@@std@@
        DNS related to crypt mining poolsShow sources
        Source: unknownDNS query: name: xmr-au1.nanopool.org
        Source: unknownDNS query: name: xmr-jp1.nanopool.org
        Source: unknownDNS query: name: xmr-eu1.nanopool.org
        Source: unknownDNS query: name: xmr-us-west1.nanopool.org
        Source: unknownDNS query: name: xmr-us-east1.nanopool.org
        Source: unknownDNS query: name: xmr-eu2.nanopool.org
        Source: unknownDNS query: name: xmr-asia1.nanopool.org
        Source: Binary string: Z:\Development\Secureuser\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\x64\Release\XBundlerTlsHelper.pdb source: dllhost.exe, 00000001.00000000.409581637.00007FF6E7407000.00000080.00020000.sdmp, 477ae13b.dll.1.dr
        Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: dllhost.exe, 00000001.00000000.418040183.00007FF6E8CA3000.00000080.00020000.sdmp
        Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: dllhost.exe, 00000001.00000000.418040183.00007FF6E8CA3000.00000080.00020000.sdmp

        Networking:

        barindex
        System process connects to network (likely due to code injection or exploit)Show sources
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr-au1.nanopool.org
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 139.99.102.71 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: jp.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 139.99.102.73 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 18.180.72.219 144Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 139.99.156.30 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr-jp1.nanopool.org
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: fi.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr-eu1.nanopool.org
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr-us-west1.nanopool.org
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr-eu2.nanopool.org
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 8.8.8.8 53Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr.2miners.com
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: gulf.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 192.99.69.170 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 54.188.223.206 144Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 207.246.100.198 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: us-oh.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 45.76.65.223 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: fr.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 51.15.54.102 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: us-va.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 51.89.96.41 174Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 51.255.34.79 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr-us-east1.nanopool.org
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 54.255.104.167 144Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: us-or.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 18.210.126.40 144Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: de.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 51.83.61.76 80Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 185.71.66.31 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 151.80.144.188 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: proxycenter.geekgalaxy.com
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 139.162.112.195 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 195.201.124.214 144Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: sg.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr-asia1.nanopool.org
        Source: global trafficTCP traffic: 192.168.2.6:49761 -> 54.255.104.167:10128
        Source: global trafficTCP traffic: 192.168.2.6:49762 -> 139.162.112.195:14444
        Source: global trafficTCP traffic: 192.168.2.6:49763 -> 51.89.96.41:2222
        Source: global trafficTCP traffic: 192.168.2.6:49764 -> 139.99.102.73:14444
        Source: global trafficTCP traffic: 192.168.2.6:49766 -> 51.83.61.76:8080
        Source: global trafficTCP traffic: 192.168.2.6:49768 -> 51.255.34.79:14444
        Source: global trafficTCP traffic: 192.168.2.6:49769 -> 195.201.124.214:10128
        Source: global trafficTCP traffic: 192.168.2.6:49770 -> 185.71.66.31:14444
        Source: global trafficTCP traffic: 192.168.2.6:49771 -> 139.99.156.30:14444
        Source: global trafficTCP traffic: 192.168.2.6:49773 -> 18.210.126.40:10128
        Source: global trafficTCP traffic: 192.168.2.6:49774 -> 45.76.65.223:14444
        Source: global trafficTCP traffic: 192.168.2.6:49778 -> 18.180.72.219:10128
        Source: global trafficTCP traffic: 192.168.2.6:49780 -> 54.188.223.206:10128
        Source: global trafficTCP traffic: 192.168.2.6:49783 -> 151.80.144.188:14444
        Source: global trafficTCP traffic: 192.168.2.6:49786 -> 51.15.54.102:14444
        Source: global trafficTCP traffic: 192.168.2.6:49792 -> 139.99.102.71:14444
        Source: global trafficTCP traffic: 192.168.2.6:49795 -> 207.246.100.198:14444
        Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
        Source: Joe Sandbox ViewIP Address: 51.15.54.102 51.15.54.102
        Source: Joe Sandbox ViewIP Address: 51.89.96.41 51.89.96.41
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
        Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
        Source: dllhost.exe, 00000001.00000003.448249928.0000028FA8880000.00000004.00000001.sdmpString found in binary or memory: http://.css
        Source: dllhost.exe, 00000001.00000003.448249928.0000028FA8880000.00000004.00000001.sdmpString found in binary or memory: http://.jpg
        Source: dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
        Source: dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
        Source: dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
        Source: dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
        Source: dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
        Source: dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
        Source: dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
        Source: dllhost.exe, 00000001.00000003.448249928.0000028FA8880000.00000004.00000001.sdmpString found in binary or memory: http://html4/loose.dtd
        Source: dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
        Source: dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0
        Source: dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpString found in binary or memory: https://api.nanopool.org/v1/invalid
        Source: dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
        Source: dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0D
        Source: unknownDNS traffic detected: queries for: sg.moneroocean.stream
        Source: dllhost.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: dllhost.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: dllhost.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: C:\Users\user\Desktop\dllhost.exeSection loaded: .dllJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeSection loaded: nvcuda.dllJump to behavior
        Source: dllhost.exeStatic PE information: Number of sections : 16 > 10
        Source: C:\Users\user\Desktop\dllhost.exeMemory allocated: 70A00000 page read and writeJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeMemory allocated: 70A00000 page read and writeJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeMemory allocated: 70A01000 page read and writeJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeMemory allocated: 70DAA000 page read and writeJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeMemory allocated: 70E56000 page read and writeJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeMemory allocated: 71135000 page read and writeJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeMemory allocated: 71136000 page read and writeJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeMemory allocated: 71137000 page read and writeJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeMemory allocated: 71172000 page read and writeJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeMemory allocated: 71173000 page read and writeJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeMemory allocated: 71174000 page read and writeJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeMemory allocated: 71175000 page read and writeJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeMemory allocated: 71176000 page read and writeJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeProcess Stats: CPU usage > 98%
        Source: 477ae13b.dll.1.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: dllhost.exeStatic PE information: Section: .reloc ZLIB complexity 1.5
        Source: C:\Users\user\Desktop\dllhost.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\dllhost.exe 'C:\Users\user\Desktop\dllhost.exe'
        Source: C:\Users\user\Desktop\dllhost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5356:120:WilError_01
        Source: dllhost.exeBinary or memory string: V.SlN75?'j
        Source: C:\Users\user\Desktop\dllhost.exeFile created: C:\Users\user\AppData\Local\Temp\477ae13b.dllJump to behavior
        Source: dllhost.exeString found in binary or memory: 3.3.9-cuda11commandsimpleoverclockingpowerlimitsstatisticresume0restartstoppauserebootcontrolGpugray-horTerminating, please wait ...--help-dUsage: [config file] [options]sOptions:.-h Print this message and quit:-d List available GPU devices deviceDetected MB PCI
        Source: dllhost.exeString found in binary or memory: 3.3.9-cuda11commandsimpleoverclockingpowerlimitsstatisticresume0restartstoppauserebootcontrolGpugray-horTerminating, please wait ...--help-dUsage: [config file] [options]sOptions:.-h Print this message and quit:-d List available GPU devices deviceDetected MB PCI
        Source: classification engineClassification label: mal80.evad.mine.winEXE@2/1@37/19
        Source: C:\Users\user\Desktop\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: dllhost.exeStatic file information: File size 67306240 > 1048576
        Source: dllhost.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
        Source: dllhost.exeStatic PE information: Image base 0x140000000 > 0x60000000
        Source: dllhost.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1e4200
        Source: dllhost.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x917400
        Source: dllhost.exeStatic PE information: Raw size of __nv_rel is bigger than: 0x100000 < 0x811000
        Source: dllhost.exeStatic PE information: Raw size of .nv_fatb is bigger than: 0x100000 < 0xf7fe00
        Source: dllhost.exeStatic PE information: Raw size of .themida is bigger than: 0x100000 < 0x1ce8000
        Source: Binary string: Z:\Development\Secureuser\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\x64\Release\XBundlerTlsHelper.pdb source: dllhost.exe, 00000001.00000000.409581637.00007FF6E7407000.00000080.00020000.sdmp, 477ae13b.dll.1.dr
        Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: dllhost.exe, 00000001.00000000.418040183.00007FF6E8CA3000.00000080.00020000.sdmp
        Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: dllhost.exe, 00000001.00000000.418040183.00007FF6E8CA3000.00000080.00020000.sdmp
        Source: dllhost.exeStatic PE information: real checksum: 0x4039cb2 should be:
        Source: 477ae13b.dll.1.drStatic PE information: real checksum: 0x0 should be: 0xe963
        Source: dllhost.exeStatic PE information: section name: _RANDOMX
        Source: dllhost.exeStatic PE information: section name: __nv_mod
        Source: dllhost.exeStatic PE information: section name: __nv_rel
        Source: dllhost.exeStatic PE information: section name: .nvFatBi
        Source: dllhost.exeStatic PE information: section name: .nv_fatb
        Source: dllhost.exeStatic PE information: section name: .themida
        Source: initial sampleStatic PE information: section where entry point is pointing to: .themida
        Source: C:\Users\user\Desktop\dllhost.exeFile created: C:\Users\user\AppData\Local\Temp\477ae13b.dllJump to dropped file
        Source: C:\Users\user\Desktop\dllhost.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion:

        barindex
        Query firmware table information (likely to detect VMs)Show sources
        Source: C:\Users\user\Desktop\dllhost.exeSystem information queried: FirmwareTableInformationJump to behavior
        Tries to detect sandboxes / dynamic malware analysis system (registry check)Show sources
        Source: C:\Users\user\Desktop\dllhost.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exe TID: 6308Thread sleep time: -83000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exe TID: 3324Thread sleep time: -69000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging:

        barindex
        Hides threads from debuggersShow sources
        Source: C:\Users\user\Desktop\dllhost.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeProcess queried: DebugObjectHandleJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeProcess queried: DebugPortJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        System process connects to network (likely due to code injection or exploit)Show sources
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr-au1.nanopool.org
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 139.99.102.71 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: jp.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 139.99.102.73 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 18.180.72.219 144Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 139.99.156.30 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr-jp1.nanopool.org
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: fi.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr-eu1.nanopool.org
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr-us-west1.nanopool.org
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr-eu2.nanopool.org
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 8.8.8.8 53Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr.2miners.com
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: gulf.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 192.99.69.170 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 54.188.223.206 144Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 207.246.100.198 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: us-oh.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 45.76.65.223 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: fr.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 51.15.54.102 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: us-va.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 51.89.96.41 174Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 51.255.34.79 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr-us-east1.nanopool.org
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 54.255.104.167 144Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: us-or.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 18.210.126.40 144Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: de.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 51.83.61.76 80Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 185.71.66.31 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 151.80.144.188 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: proxycenter.geekgalaxy.com
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 139.162.112.195 108Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeNetwork Connect: 195.201.124.214 144Jump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: sg.moneroocean.stream
        Source: C:\Users\user\Desktop\dllhost.exeDomain query: xmr-asia1.nanopool.org
        Source: C:\Users\user\Desktop\dllhost.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\dllhost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsCommand and Scripting Interpreter2DLL Side-Loading1Process Injection11Virtualization/Sandbox Evasion23OS Credential DumpingSecurity Software Discovery32Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Process Injection11LSASS MemoryVirtualization/Sandbox Evasion23Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Software Packing2Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)DLL Side-Loading1NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Information Discovery12SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        dllhost.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
        http://html4/loose.dtd0%Avira URL Cloudsafe
        https://sectigo.com/CPS00%URL Reputationsafe
        http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
        http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
        http://ocsp.sectigo.com00%URL Reputationsafe
        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
        https://sectigo.com/CPS0D0%URL Reputationsafe
        http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
        http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
        http://.css0%Avira URL Cloudsafe
        http://.jpg0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        xmr-au1.nanopool.org
        		139.99.156.30
        		truefalse
          		high
          jp.moneroocean.stream
          		18.180.72.219
          		truefalse
            		high
            fr.moneroocean.stream
            		195.201.124.214
            		truefalse
              		high
              xmr-jp1.nanopool.org
              		139.162.112.195
              		truefalse
                		high
                us-va.moneroocean.stream
                		18.210.126.40
                		truefalse
                  		high
                  monerooceans.stream
                  		195.201.124.214
                  		truetrue
                    		unknown
                    fi.moneroocean.stream
                    		195.201.124.214
                    		truefalse
                      		high
                      xmr-eu1.nanopool.org
                      		185.71.66.31
                      		truefalse
                        		high
                        xmr-us-west1.nanopool.org
                        		45.76.65.223
                        		truefalse
                          		high
                          xmr-us-east1.nanopool.org
                          		192.99.69.170
                          		truefalse
                            		high
                            xmr-eu2.nanopool.org
                            		51.255.34.79
                            		truefalse
                              		high
                              us-or.moneroocean.stream
                              		54.188.223.206
                              		truefalse
                                		high
                                xmr.2miners.com
                                		51.89.96.41
                                		truefalse
                                  		high
                                  de.moneroocean.stream
                                  		195.201.124.214
                                  		truefalse
                                    		high
                                    us-oh.moneroocean.stream
                                    		18.210.126.40
                                    		truefalse
                                      		high
                                      proxycenter.geekgalaxy.com
                                      		51.83.61.76
                                      		truetrue
                                        		unknown
                                        sg.moneroocean.stream
                                        		54.255.104.167
                                        		truefalse
                                          		high
                                          xmr-asia1.nanopool.org
                                          		139.99.102.73
                                          		truefalse
                                            		high
                                            gulf.moneroocean.stream
                                            		unknown
                                            		unknownfalse
                                              		high

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tdllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://html4/loose.dtddllhost.exe, 00000001.00000003.448249928.0000028FA8880000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              https://sectigo.com/CPS0dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0ydllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://ocsp.sectigo.com0dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://api.nanopool.org/v1/invaliddllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpfalse
                                                		high
                                                http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://sectigo.com/CPS0Ddllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#dllhost.exe, 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://.cssdllhost.exe, 00000001.00000003.448249928.0000028FA8880000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                http://.jpgdllhost.exe, 00000001.00000003.448249928.0000028FA8880000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low

                                                Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public

                                                IPDomainCountryFlagASNASN NameMalicious
                                                139.99.102.71
                                                		unknownCanada
                                                		16276OVHFRtrue
                                                139.99.102.73
                                                		xmr-asia1.nanopool.orgCanada
                                                		16276OVHFRfalse
                                                18.180.72.219
                                                		jp.moneroocean.streamUnited States
                                                		16509AMAZON-02USfalse
                                                51.15.54.102
                                                		unknownFrance
                                                		12876OnlineSASFRtrue
                                                139.99.156.30
                                                		xmr-au1.nanopool.orgCanada
                                                		16276OVHFRfalse
                                                51.89.96.41
                                                		xmr.2miners.comFrance
                                                		16276OVHFRfalse
                                                51.255.34.79
                                                		xmr-eu2.nanopool.orgFrance
                                                		16276OVHFRfalse
                                                54.255.104.167
                                                		sg.moneroocean.streamUnited States
                                                		16509AMAZON-02USfalse
                                                18.210.126.40
                                                		us-va.moneroocean.streamUnited States
                                                		14618AMAZON-AESUSfalse
                                                51.83.61.76
                                                		proxycenter.geekgalaxy.comFrance
                                                		16276OVHFRtrue
                                                185.71.66.31
                                                		xmr-eu1.nanopool.orgRussian Federation
                                                		59796STORMSYSTEMS-ASRUfalse
                                                192.99.69.170
                                                		xmr-us-east1.nanopool.orgCanada
                                                		16276OVHFRfalse
                                                54.188.223.206
                                                		us-or.moneroocean.streamUnited States
                                                		16509AMAZON-02USfalse
                                                207.246.100.198
                                                		unknownUnited States
                                                		20473AS-CHOOPAUStrue
                                                151.80.144.188
                                                		unknownItaly
                                                		16276OVHFRtrue
                                                139.162.112.195
                                                		xmr-jp1.nanopool.orgNetherlands
                                                		63949LINODE-APLinodeLLCUSfalse
                                                195.201.124.214
                                                		fr.moneroocean.streamGermany
                                                		24940HETZNER-ASDEfalse
                                                45.76.65.223
                                                		xmr-us-west1.nanopool.orgUnited States
                                                		20473AS-CHOOPAUSfalse

                                                Private

                                                IP
                                                192.168.2.1

                                                General Information

                                                Joe Sandbox Version:33.0.0 White Diamond
                                                Analysis ID:486542
                                                Start date:20.09.2021
                                                Start time:16:15:57
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 7m 32s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Sample file name:dllhost.exe
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                Number of analysed new started processes analysed:17
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal80.evad.mine.winEXE@2/1@37/19
                                                EGA Information:Failed
                                                HDC Information:Failed
                                                HCA Information:Failed
                                                Cookbook Comments:
                                                • Adjust boot time
                                                • Enable AMSI
                                                • Found application associated with file extension: .exe
                                                Warnings:
                                                Show All
                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                • Excluded IPs from analysis (whitelisted): 20.42.65.92, 20.189.173.22, 23.211.6.115, 52.182.143.212, 104.208.16.94, 20.82.209.183, 20.54.110.249, 23.211.4.86
                                                • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, onedsblobprdwus17.westus.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e12564.dspb.akamaiedge.net, onedsblobprdeus17.eastus.cloudapp.azure.com, onedsblobprdcus15.centralus.cloudapp.azure.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, onedsblobprdcus16.centralus.cloudapp.azure.com
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                • VT rate limit hit for: /opt/package/joesandbox/database/analysis/486542/sample/dllhost.exe

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                16:17:53API Interceptor2x Sleep call for process: dllhost.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                139.99.102.73RuntimeBroker.exeGet hashmaliciousBrowse
                                                  51.15.54.102wJtL8lkk83.exeGet hashmaliciousBrowse
                                                    YbVuzaXA3o.exeGet hashmaliciousBrowse
                                                      tSXyqrumfM.exeGet hashmaliciousBrowse
                                                        LAcZLfYrj5.exeGet hashmaliciousBrowse
                                                          activation.exeGet hashmaliciousBrowse
                                                            mCiZXEeKax.exeGet hashmaliciousBrowse
                                                              SecuriteInfo.com.Variant.Bulz.242344.9747.exeGet hashmaliciousBrowse
                                                                139.99.156.30RuntimeBroker.exeGet hashmaliciousBrowse
                                                                  vilxost.dllGet hashmaliciousBrowse
                                                                    51.89.96.41mDkCoW1yzV.exeGet hashmaliciousBrowse
                                                                      5siADx4Pdz.exeGet hashmaliciousBrowse
                                                                        Intaller.exeGet hashmaliciousBrowse
                                                                          c104a3a9c34f9afdab2e77874d9b8b6fda14b689_2021-09-09_15-02.exeGet hashmaliciousBrowse
                                                                            t1YS17PfeB.exeGet hashmaliciousBrowse
                                                                              Y54o1vpvV6.exeGet hashmaliciousBrowse
                                                                                eTWeOVTyE0.exeGet hashmaliciousBrowse
                                                                                  hk74Rh7zD5.exeGet hashmaliciousBrowse
                                                                                    noapPl7Cpu.exeGet hashmaliciousBrowse
                                                                                      Vl4JzTDzmQ.exeGet hashmaliciousBrowse
                                                                                        SKj2xw6rtb.exeGet hashmaliciousBrowse
                                                                                          BT1tlwpfkU.exeGet hashmaliciousBrowse
                                                                                            0rRGEsopLg.exeGet hashmaliciousBrowse
                                                                                              F3hrptTSsK.exeGet hashmaliciousBrowse
                                                                                                OZixe06aPK.exeGet hashmaliciousBrowse
                                                                                                  axbSBfbrX5.exeGet hashmaliciousBrowse
                                                                                                    caUPp3yUt7.exeGet hashmaliciousBrowse
                                                                                                      hy2x7ex1Ny.exeGet hashmaliciousBrowse
                                                                                                        03soKqWLfN.exeGet hashmaliciousBrowse
                                                                                                          LinkMiner.exeGet hashmaliciousBrowse

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                            xmr-eu1.nanopool.orgSecuriteInfo.com.Trojan.GenericKD.46968833.5808.exeGet hashmaliciousBrowse
                                                                                                            • 51.15.69.136
                                                                                                            wJtL8lkk83.exeGet hashmaliciousBrowse
                                                                                                            • 51.68.143.81
                                                                                                            7liS1YWCOy.exeGet hashmaliciousBrowse
                                                                                                            • 51.15.54.102
                                                                                                            2qE9TLzYDn.exeGet hashmaliciousBrowse
                                                                                                            • 185.71.66.31
                                                                                                            YbVuzaXA3o.exeGet hashmaliciousBrowse
                                                                                                            • 46.105.31.147
                                                                                                            6Ttcu4rR5x.exeGet hashmaliciousBrowse
                                                                                                            • 51.15.54.102
                                                                                                            yNGNc3hC9Z.exeGet hashmaliciousBrowse
                                                                                                            • 51.15.78.68
                                                                                                            luJ6rWt8TR.exeGet hashmaliciousBrowse
                                                                                                            • 46.105.31.147
                                                                                                            8500F1744E517DFA7E8F0E08AEEA29CA2625695EE2B90.exeGet hashmaliciousBrowse
                                                                                                            • 217.182.169.148
                                                                                                            tSXyqrumfM.exeGet hashmaliciousBrowse
                                                                                                            • 51.15.54.102
                                                                                                            1LhhZPI9MH.exeGet hashmaliciousBrowse
                                                                                                            • 135.125.238.108
                                                                                                            vh12mmuxpj.exeGet hashmaliciousBrowse
                                                                                                            • 51.15.54.102
                                                                                                            HNEhMTzIxu.exeGet hashmaliciousBrowse
                                                                                                            • 46.105.31.147
                                                                                                            zfIIQ6GWAy.exeGet hashmaliciousBrowse
                                                                                                            • 51.15.69.136
                                                                                                            Y6pCQH96bh.exeGet hashmaliciousBrowse
                                                                                                            • 51.15.65.182
                                                                                                            GloryWSetp.exeGet hashmaliciousBrowse
                                                                                                            • 46.105.31.147
                                                                                                            UvVE6mXveZ.exeGet hashmaliciousBrowse
                                                                                                            • 51.15.78.68
                                                                                                            zWK4m28G41.exeGet hashmaliciousBrowse
                                                                                                            • 51.255.34.118
                                                                                                            HbkQ7SSRP7.exeGet hashmaliciousBrowse
                                                                                                            • 51.15.65.182
                                                                                                            LAcZLfYrj5.exeGet hashmaliciousBrowse
                                                                                                            • 51.15.69.136
                                                                                                            xmr-au1.nanopool.orgvilxost.dllGet hashmaliciousBrowse
                                                                                                            • 139.99.156.30
                                                                                                            monerooceans.streamhttp://gulf.moneroocean.streamGet hashmaliciousBrowse
                                                                                                            • 3.125.10.23

                                                                                                            ASN

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                            OVHFRMETALES COSTA DEL SOL S.L. Offer 20211445.exeGet hashmaliciousBrowse
                                                                                                            • 37.59.226.120
                                                                                                            OHlT14GyKR.exeGet hashmaliciousBrowse
                                                                                                            • 146.59.132.186
                                                                                                            h0nSzCFt9G.exeGet hashmaliciousBrowse
                                                                                                            • 51.161.12.29
                                                                                                            q8ylcxt6aJ.exeGet hashmaliciousBrowse
                                                                                                            • 54.37.84.240
                                                                                                            IMG_Order PO 094765 SMH.docGet hashmaliciousBrowse
                                                                                                            • 146.59.132.186
                                                                                                            IMG_Order SPECIFICATION 094765 img.docGet hashmaliciousBrowse
                                                                                                            • 146.59.132.186
                                                                                                            DmTTJwbVpC.exeGet hashmaliciousBrowse
                                                                                                            • 176.31.32.198
                                                                                                            RuntimeBroker.exeGet hashmaliciousBrowse
                                                                                                            • 144.217.14.109
                                                                                                            9LrGqSL8FN.exeGet hashmaliciousBrowse
                                                                                                            • 37.187.95.110
                                                                                                            Quotation-Pepper Fuchs- Asia Pte. Ltd..exeGet hashmaliciousBrowse
                                                                                                            • 54.36.145.173
                                                                                                            REMITTANCE COPY.exeGet hashmaliciousBrowse
                                                                                                            • 51.79.243.138
                                                                                                            PiVcyIi160.exeGet hashmaliciousBrowse
                                                                                                            • 87.98.153.120
                                                                                                            PiVcyIi160.exeGet hashmaliciousBrowse
                                                                                                            • 87.98.153.120
                                                                                                            2RPumB2hAm.exeGet hashmaliciousBrowse
                                                                                                            • 51.178.186.149
                                                                                                            FA387CD1B39ABC702BE4CED41227BF752BAD3B17430B3.exeGet hashmaliciousBrowse
                                                                                                            • 87.98.153.120
                                                                                                            x2HPpQ02mDGet hashmaliciousBrowse
                                                                                                            • 192.95.63.111
                                                                                                            HoGxvkYZd5Get hashmaliciousBrowse
                                                                                                            • 164.132.217.117
                                                                                                            setup_x86_x64_install.exeGet hashmaliciousBrowse
                                                                                                            • 51.178.186.149
                                                                                                            oqYSjv0q9v.exeGet hashmaliciousBrowse
                                                                                                            • 51.178.186.149
                                                                                                            c6d1hg7s8b.exeGet hashmaliciousBrowse
                                                                                                            • 87.98.153.120
                                                                                                            OVHFRMETALES COSTA DEL SOL S.L. Offer 20211445.exeGet hashmaliciousBrowse
                                                                                                            • 37.59.226.120
                                                                                                            OHlT14GyKR.exeGet hashmaliciousBrowse
                                                                                                            • 146.59.132.186
                                                                                                            h0nSzCFt9G.exeGet hashmaliciousBrowse
                                                                                                            • 51.161.12.29
                                                                                                            q8ylcxt6aJ.exeGet hashmaliciousBrowse
                                                                                                            • 54.37.84.240
                                                                                                            IMG_Order PO 094765 SMH.docGet hashmaliciousBrowse
                                                                                                            • 146.59.132.186
                                                                                                            IMG_Order SPECIFICATION 094765 img.docGet hashmaliciousBrowse
                                                                                                            • 146.59.132.186
                                                                                                            DmTTJwbVpC.exeGet hashmaliciousBrowse
                                                                                                            • 176.31.32.198
                                                                                                            RuntimeBroker.exeGet hashmaliciousBrowse
                                                                                                            • 144.217.14.109
                                                                                                            9LrGqSL8FN.exeGet hashmaliciousBrowse
                                                                                                            • 37.187.95.110
                                                                                                            Quotation-Pepper Fuchs- Asia Pte. Ltd..exeGet hashmaliciousBrowse
                                                                                                            • 54.36.145.173
                                                                                                            REMITTANCE COPY.exeGet hashmaliciousBrowse
                                                                                                            • 51.79.243.138
                                                                                                            PiVcyIi160.exeGet hashmaliciousBrowse
                                                                                                            • 87.98.153.120
                                                                                                            PiVcyIi160.exeGet hashmaliciousBrowse
                                                                                                            • 87.98.153.120
                                                                                                            2RPumB2hAm.exeGet hashmaliciousBrowse
                                                                                                            • 51.178.186.149
                                                                                                            FA387CD1B39ABC702BE4CED41227BF752BAD3B17430B3.exeGet hashmaliciousBrowse
                                                                                                            • 87.98.153.120
                                                                                                            x2HPpQ02mDGet hashmaliciousBrowse
                                                                                                            • 192.95.63.111
                                                                                                            HoGxvkYZd5Get hashmaliciousBrowse
                                                                                                            • 164.132.217.117
                                                                                                            setup_x86_x64_install.exeGet hashmaliciousBrowse
                                                                                                            • 51.178.186.149
                                                                                                            oqYSjv0q9v.exeGet hashmaliciousBrowse
                                                                                                            • 51.178.186.149
                                                                                                            c6d1hg7s8b.exeGet hashmaliciousBrowse
                                                                                                            • 87.98.153.120

                                                                                                            JA3 Fingerprints

                                                                                                            No context

                                                                                                            Dropped Files

                                                                                                            No context

                                                                                                            Created / dropped Files

                                                                                                            C:\Users\user\AppData\Local\Temp\477ae13b.dll
                                                                                                            Process:C:\Users\user\Desktop\dllhost.exe
                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):10752
                                                                                                            Entropy (8bit):1.8790345847683234
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:aOyTG0Cfj3gFu/+LIa0Wh4PYCvo+ocjpaRuqSx:xIG3jr+Ud3Q+f6x
                                                                                                            MD5:4D2FFA82BEB49D0C5DC38B4C9107277F
                                                                                                            SHA1:CB73EE2A22C8B0D732D872B7C0D401790D6B9F99
                                                                                                            SHA-256:9BE643CC30F84C35739966E8907866CD7323097610275A534E0A14CE993EA89C
                                                                                                            SHA-512:5F5808FB596DA4F9F9FFCBF622A1F0FD8F03D548A94F344D6FDE231027934F88ABB07A5529A85042FF6BD519FEB857E452F885853558568612A75973628FE8A3
                                                                                                            Malicious:false
                                                                                                            Reputation:low
                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a.5.%.[.%.[.%.[...^.$.[..._.!.[...X.'.[..D..&.[.%.Z.,.[...R.&.[...$.[...Y.$.[.Rich%.[.........PE..d......`.........." .........(............................................................`.................................................4$..(............@..H............... ...p ..p...................x!..(.... ............... ..P............................text............................... ..`.rdata....... ......................@..@.data........0......................@....pdata..H....@......................@..@.tls.........P......................@....CRT.........p......."..............@..@.gfids...............$..............@..@.rsrc................&..............@..@.reloc.. ............(..............@..B........................................................................................................................................................

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                            Entropy (8bit):7.5724463090507035
                                                                                                            TrID:
                                                                                                            • Win64 Executable Console (202006/5) 92.65%
                                                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                            File name:dllhost.exe
                                                                                                            File size:67306240
                                                                                                            MD5:fb4c1f5ec7701209f0a1dcd0726dc403
                                                                                                            SHA1:fed324a956bb72fc10928806d887ecd4556a1f3a
                                                                                                            SHA256:e75d883d14ab80d900fc21bd6ea9bc3bafc77f7fd31ddf66fa715833e71e8013
                                                                                                            SHA512:93975c2ee0e6f6e3180ed2ca4e02ad9efa955a8371aca34378855d92a31e442867d2b3e74a0596e556aedb391df1faa0b0ec70b48c91b82132378e764f29364c
                                                                                                            SSDEEP:786432:JzWoUGA77p/YwHBl3o5VbfF3ymyo+JazDxfmwW8XuHNgxQy5D:JqyoBlYFUmyjufm18XuHWH
                                                                                                            File Content Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......|G..8&..8&..8&..cN..p&..cN..&&..cN...&..jN..1&..jN...&..jN...&..1^:.9&..cN..3&..8&..''....p.9&....q.7&...O..:&...O..*&...O..N'.

                                                                                                            File Icon

                                                                                                            Icon Hash:f0d0a2f071b2cce8

                                                                                                            Static PE Info

                                                                                                            General

                                                                                                            Entrypoint:0x143b94c3c
                                                                                                            Entrypoint Section:.themida
                                                                                                            Digitally signed:false
                                                                                                            Imagebase:0x140000000
                                                                                                            Subsystem:windows cui
                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                            DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, HIGH_ENTROPY_VA
                                                                                                            Time Stamp:0x613A5D1E [Thu Sep 9 19:14:38 2021 UTC]
                                                                                                            TLS Callbacks:
                                                                                                            CLR (.Net) Version:
                                                                                                            OS Version Major:6
                                                                                                            OS Version Minor:0
                                                                                                            File Version Major:6
                                                                                                            File Version Minor:0
                                                                                                            Subsystem Version Major:6
                                                                                                            Subsystem Version Minor:0
                                                                                                            Import Hash:ea0f3ee678ff96b92572b920efa689ea

                                                                                                            Entrypoint Preview

                                                                                                            Instruction
                                                                                                            push ebp
                                                                                                            jmp 00007FCBDCD15F20h
                                                                                                            pop ebp
                                                                                                            jmp 00007FCBDCCC8DD5h
                                                                                                            fisttp qword ptr [esi]
                                                                                                            add byte ptr [eax], al
                                                                                                            add dl, cl
                                                                                                            add byte ptr [edx-07B510CAh], bh
                                                                                                            mov dl, EDh
                                                                                                            xchg eax, ebx
                                                                                                            cmpsd
                                                                                                            or eax, dword ptr [bx+si]
                                                                                                            retf E800h
                                                                                                            out dx, eax
                                                                                                            mov cl, byte ptr [ecx-66C8ABF6h]
                                                                                                            push ebx
                                                                                                            and al, 9Fh
                                                                                                            scasd
                                                                                                            test al, 19h
                                                                                                            sbb al, FBh
                                                                                                            call far E900h : 04C795E9h
                                                                                                            loopne 00007FCBDCCB49B2h
                                                                                                            or byte ptr [eax], al
                                                                                                            jmp 00007FCBDB4B9E8Bh
                                                                                                            jmp 00007FCBDCC9117Fh
                                                                                                            test al, 0Eh
                                                                                                            add byte ptr [eax], al
                                                                                                            add dl, cl
                                                                                                            add al, bh
                                                                                                            out dx, eax
                                                                                                            in al, 50h
                                                                                                            jmp 00007FCBDCCB4989h
                                                                                                            pop esi
                                                                                                            bound esi, dword ptr [ecx+09h]
                                                                                                            add dl, cl
                                                                                                            add byte ptr [ecx+37h], ch
                                                                                                            out dx, eax
                                                                                                            test dword ptr [ebx-3B30FB43h], esp
                                                                                                            add al, E1h
                                                                                                            jnbe 00007FCBDCCB4952h
                                                                                                            pop ebx
                                                                                                            test cl, cl
                                                                                                            inc ebp
                                                                                                            add dword ptr [ebx], ebp
                                                                                                            and al, B0h
                                                                                                            and dword ptr [eax+01h], ebp
                                                                                                            popad
                                                                                                            add byte ptr [esi], cl
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [ebp+01h], al
                                                                                                            scasd
                                                                                                            inc edi
                                                                                                            daa
                                                                                                            inc ebp
                                                                                                            add dword ptr [eax], 8BC70061h

                                                                                                            Rich Headers

                                                                                                            Programming Language:
                                                                                                            • [C++] VS2008 SP1 build 30729
                                                                                                            • [C++] VS2012 build 50727
                                                                                                            • [ C ] VS2012 build 50727

                                                                                                            Data Directories

                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x23520000x58.edata
                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x23530a10xd0.idata
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x233a0000x14f3e.rsrc
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x40186ac0x13788.themida
                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x403f0000x10.reloc
                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x23560180x28.tls
                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x26eb5c0x80.rdata
                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                            Sections

                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                            .text0x10000x1e40930x1e4200False0.445640794442zlib compressed data6.39722119727IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                            .rdata0x1e60000x8a9b40x8aa00False0.37196200124data5.01719863353IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            .data0x2710000x9208640x917400unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                            .pdata0xb920000x137640x13800False0.481733273237data6.15140087656IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            _RANDOMX0xba60000x5560x600False0.529947916667data5.49170654418IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            __nv_mod0xba70000x1b40x200False0.265625data4.16935929547IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                            __nv_rel0xba80000x810f880x811000unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                            .nvFatBi0x13b90000x900x200False0.150390625data1.20360561451IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                            .nv_fatb0x13ba0000xf7fc300xf7fe00unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                            .rsrc0x233a0000x14f3e0x15000False0.427722749256data5.50361278507IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            .reloc0x234f0000x2ff00x3000False0.288004557292data5.45803574263IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                            .edata0x23520000x10000x200False0.1640625data1.16110503859IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            .idata0x23530000x10000x200False0.37109375data2.9470966786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                            .tls0x23540000x30000x2200False0.00735294117647data0.0248387677496IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                            .themida0x23570000x1ce80000x1ce8000unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                            .reloc0x403f0000x10000x10False1.5GLS_BINARY_LSB_FIRST2.73345859334IMAGE_SCN_MEM_READ

                                                                                                            Resources

                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                            RT_ICON0x233a27c0xea8dataPortugueseBrazil
                                                                                                            RT_ICON0x233b1240x568GLS_BINARY_LSB_FIRSTPortugueseBrazil
                                                                                                            RT_ICON0x233b68c0xca8dBase IV DBT of @.DBF, block length 3072, next free block index 40, next free block 145, next used block 0PortugueseBrazil
                                                                                                            RT_ICON0x233c3340x368GLS_BINARY_LSB_FIRSTPortugueseBrazil
                                                                                                            RT_ICON0x233c69c0x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0PortugueseBrazil
                                                                                                            RT_ICON0x234cec40x10a8dataPortugueseBrazil
                                                                                                            RT_ICON0x234df6c0x468GLS_BINARY_LSB_FIRSTPortugueseBrazil
                                                                                                            RT_GROUP_ICON0x234e3d40x68dataPortugueseBrazil
                                                                                                            RT_VERSION0x234e43c0x388dataEnglishUnited States
                                                                                                            RT_VERSION0x234e7c40x290MS Windows COFF PA-RISC object filePortugueseBrazil
                                                                                                            RT_MANIFEST0x234ea540x4eaXML 1.0 document, ASCII text, with CRLF line terminatorsPortugueseBrazil

                                                                                                            Imports

                                                                                                            DLLImport
                                                                                                            kernel32.dllGetModuleHandleA
                                                                                                            IPHLPAPI.DLLGetAdaptersInfo
                                                                                                            SHELL32.dllCommandLineToArgvW
                                                                                                            ADVAPI32.dllLookupPrivilegeValueA
                                                                                                            dbghelp.dllImageNtHeader

                                                                                                            Exports

                                                                                                            NameOrdinalAddress
                                                                                                            NvOptimusEnablementCuda10x140b7f89c

                                                                                                            Version Infos

                                                                                                            DescriptionData
                                                                                                            LegalCopyright Microsoft Corporation. All rights reserved.
                                                                                                            InternalNamedllhost.exe
                                                                                                            FileVersion10.0.19041.546 (WinBuild.160101.0800)
                                                                                                            CompanyNameMicrosoft Corporation
                                                                                                            ProductNameMicrosoft Windows Operating System
                                                                                                            ProductVersion10.0.19041.546
                                                                                                            FileDescriptionCOM Surrogate
                                                                                                            OriginalFilenamedllhost.exe
                                                                                                            Translation0x0409 0x04b0

                                                                                                            Possible Origin

                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                            PortugueseBrazil
                                                                                                            EnglishUnited States

                                                                                                            Network Behavior

                                                                                                            Snort IDS Alerts

                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                            09/20/21-16:17:52.074810UDP254DNS SPOOF query response with TTL of 1 min. and no authority53622088.8.8.8192.168.2.6

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Sep 20, 2021 16:17:51.975172997 CEST4976110128192.168.2.654.255.104.167
                                                                                                            Sep 20, 2021 16:17:51.978549957 CEST4976214444192.168.2.6139.162.112.195
                                                                                                            Sep 20, 2021 16:17:52.049310923 CEST497632222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:52.049324989 CEST4976414444192.168.2.6139.99.102.73
                                                                                                            Sep 20, 2021 16:17:52.068898916 CEST22224976351.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.069183111 CEST497632222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:52.086744070 CEST497668080192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.086832047 CEST49765443192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.086872101 CEST4434976551.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.087775946 CEST49765443192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.090205908 CEST4976780192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.111386061 CEST4976814444192.168.2.651.255.34.79
                                                                                                            Sep 20, 2021 16:17:52.114509106 CEST80804976651.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.114775896 CEST497668080192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.116662025 CEST804976751.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.118068933 CEST4976780192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.126249075 CEST4976910128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.130592108 CEST4977014444192.168.2.6185.71.66.31
                                                                                                            Sep 20, 2021 16:17:52.134838104 CEST101284976154.255.104.167192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.135106087 CEST4976110128192.168.2.654.255.104.167
                                                                                                            Sep 20, 2021 16:17:52.137572050 CEST144444976851.255.34.79192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.141011953 CEST4976814444192.168.2.651.255.34.79
                                                                                                            Sep 20, 2021 16:17:52.146661997 CEST4977114444192.168.2.6139.99.156.30
                                                                                                            Sep 20, 2021 16:17:52.147989035 CEST1012849769195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.148165941 CEST4976910128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.153719902 CEST4977210128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.166229010 CEST49765443192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.166245937 CEST4434976551.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.167704105 CEST4976780192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.167712927 CEST497632222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:52.168682098 CEST497668080192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.172578096 CEST4976910128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.172616005 CEST4976814444192.168.2.651.255.34.79
                                                                                                            Sep 20, 2021 16:17:52.173711061 CEST4977310128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.173798084 CEST4976110128192.168.2.654.255.104.167
                                                                                                            Sep 20, 2021 16:17:52.175466061 CEST4977414444192.168.2.645.76.65.223
                                                                                                            Sep 20, 2021 16:17:52.175916910 CEST1012849772195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.177424908 CEST4977210128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.183340073 CEST4977210128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.187194109 CEST4977510128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.187593937 CEST22224976351.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.187657118 CEST22224976351.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.188143969 CEST497632222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:52.188164949 CEST497632222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:52.192534924 CEST1444449770185.71.66.31192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.194190979 CEST1012849769195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.194420099 CEST4977014444192.168.2.6185.71.66.31
                                                                                                            Sep 20, 2021 16:17:52.194858074 CEST1012849769195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.195213079 CEST4976910128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.198206902 CEST4976910128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.198971987 CEST144444976851.255.34.79192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.199393988 CEST144444976851.255.34.79192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.199449062 CEST804976751.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.199502945 CEST4976814444192.168.2.651.255.34.79
                                                                                                            Sep 20, 2021 16:17:52.200062037 CEST4976814444192.168.2.651.255.34.79
                                                                                                            Sep 20, 2021 16:17:52.200516939 CEST80804976651.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.202172995 CEST4977014444192.168.2.6185.71.66.31
                                                                                                            Sep 20, 2021 16:17:52.204440117 CEST4977610128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.205497980 CEST1012849772195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.205558062 CEST4977714444192.168.2.6192.99.69.170
                                                                                                            Sep 20, 2021 16:17:52.206331968 CEST4976780192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.206376076 CEST1012849772195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.206515074 CEST4977210128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.207071066 CEST4977210128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.207072973 CEST4976780192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.207149029 CEST497668080192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.207561970 CEST22224976351.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.208699942 CEST497668080192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.208756924 CEST4976780192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.209013939 CEST1012849775195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.210094929 CEST4977510128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.210190058 CEST497668080192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.220017910 CEST1012849769195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.221375942 CEST4977510128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.224356890 CEST4977910128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.224435091 CEST4977810128192.168.2.618.180.72.219
                                                                                                            Sep 20, 2021 16:17:52.225281954 CEST4978010128192.168.2.654.188.223.206
                                                                                                            Sep 20, 2021 16:17:52.226279974 CEST144444976851.255.34.79192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.229187012 CEST1012849772195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.229218006 CEST1444449764139.99.102.73192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.229754925 CEST4976414444192.168.2.6139.99.102.73
                                                                                                            Sep 20, 2021 16:17:52.232741117 CEST804976751.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.232767105 CEST497812222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:52.232872963 CEST4976780192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.233757973 CEST80804976651.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.233922958 CEST497668080192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.235079050 CEST804976751.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.235101938 CEST804976751.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.235131025 CEST4976414444192.168.2.6139.99.102.73
                                                                                                            Sep 20, 2021 16:17:52.235227108 CEST4976780192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.235249043 CEST4976780192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.236968040 CEST80804976651.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.236998081 CEST80804976651.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.237162113 CEST497668080192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.237180948 CEST497668080192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.237900972 CEST1444449762139.162.112.195192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.238235950 CEST4976214444192.168.2.6139.162.112.195
                                                                                                            Sep 20, 2021 16:17:52.238792896 CEST4434976551.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.242317915 CEST49765443192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.242336988 CEST4434976551.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.243508101 CEST1012849775195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.244020939 CEST1012849775195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.244956970 CEST4977510128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.245910883 CEST1012849779195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.246037960 CEST4977910128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.251852989 CEST22224978151.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.252038956 CEST497812222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:52.257118940 CEST49765443192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.257134914 CEST4434976551.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.257560968 CEST4977510128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.257678986 CEST1444449770185.71.66.31192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.259309053 CEST4434976551.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.259576082 CEST49765443192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.260845900 CEST4976214444192.168.2.6139.162.112.195
                                                                                                            Sep 20, 2021 16:17:52.265121937 CEST4977910128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.265242100 CEST497812222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:52.265364885 CEST1444449770185.71.66.31192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.279531956 CEST1012849775195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.281836033 CEST49765443192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.282038927 CEST4434976551.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.282147884 CEST49765443192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.282161951 CEST49765443192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.282830954 CEST4434976551.83.61.76192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.282902956 CEST49765443192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.283169985 CEST49765443192.168.2.651.83.61.76
                                                                                                            Sep 20, 2021 16:17:52.286276102 CEST22224978151.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.286468029 CEST497812222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:52.286716938 CEST1012849779195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.287332058 CEST1012849779195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.287420988 CEST4977910128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.296134949 CEST4978210128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.298305035 CEST4978314444192.168.2.6151.80.144.188
                                                                                                            Sep 20, 2021 16:17:52.304402113 CEST4977910128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.313348055 CEST1444449777192.99.69.170192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.313417912 CEST101284977318.210.126.40192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.313559055 CEST4977714444192.168.2.6192.99.69.170
                                                                                                            Sep 20, 2021 16:17:52.313559055 CEST4977310128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.318506002 CEST1012849782195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.319176912 CEST4978210128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.325891018 CEST1012849779195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.327039957 CEST1444449783151.80.144.188192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.327253103 CEST4978314444192.168.2.6151.80.144.188
                                                                                                            Sep 20, 2021 16:17:52.333321095 CEST4978410128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.335067034 CEST101284976154.255.104.167192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.335099936 CEST101284976154.255.104.167192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.335496902 CEST4976110128192.168.2.654.255.104.167
                                                                                                            Sep 20, 2021 16:17:52.336318016 CEST144444977445.76.65.223192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.337923050 CEST4976110128192.168.2.654.255.104.167
                                                                                                            Sep 20, 2021 16:17:52.337927103 CEST4977414444192.168.2.645.76.65.223
                                                                                                            Sep 20, 2021 16:17:52.340151072 CEST4978210128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.340675116 CEST4977310128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.340852976 CEST4977714444192.168.2.6192.99.69.170
                                                                                                            Sep 20, 2021 16:17:52.342833042 CEST101284977618.210.126.40192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.343097925 CEST4977610128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.345938921 CEST4978510128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.347137928 CEST4978614444192.168.2.651.15.54.102
                                                                                                            Sep 20, 2021 16:17:52.355365992 CEST1012849784195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.356369972 CEST4978410128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.362566948 CEST1012849782195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.363282919 CEST4978210128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.367899895 CEST1012849785195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.368748903 CEST4978510128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.391992092 CEST144444978651.15.54.102192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.392168045 CEST4978614444192.168.2.651.15.54.102
                                                                                                            Sep 20, 2021 16:17:52.408998966 CEST101284978054.188.223.206192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.409193993 CEST4978010128192.168.2.654.188.223.206
                                                                                                            Sep 20, 2021 16:17:52.413172007 CEST1444449764139.99.102.73192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.416878939 CEST1444449771139.99.156.30192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.417114019 CEST4977114444192.168.2.6139.99.156.30
                                                                                                            Sep 20, 2021 16:17:52.445516109 CEST1444449777192.99.69.170192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.478595972 CEST101284977818.180.72.219192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.478776932 CEST4977810128192.168.2.618.180.72.219
                                                                                                            Sep 20, 2021 16:17:52.479053974 CEST101284977318.210.126.40192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.479249954 CEST101284977318.210.126.40192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.481148005 CEST4977310128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.497462988 CEST101284976154.255.104.167192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.500452995 CEST4977310128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.504730940 CEST4978314444192.168.2.6151.80.144.188
                                                                                                            Sep 20, 2021 16:17:52.520884037 CEST1444449762139.162.112.195192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.534373045 CEST1444449783151.80.144.188192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.538832903 CEST4978314444192.168.2.6151.80.144.188
                                                                                                            Sep 20, 2021 16:17:52.544931889 CEST4977414444192.168.2.645.76.65.223
                                                                                                            Sep 20, 2021 16:17:52.552155972 CEST4978410128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.553210974 CEST4978510128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.553215981 CEST4977610128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.553536892 CEST4978614444192.168.2.651.15.54.102
                                                                                                            Sep 20, 2021 16:17:52.554349899 CEST4978010128192.168.2.654.188.223.206
                                                                                                            Sep 20, 2021 16:17:52.560213089 CEST4977810128192.168.2.618.180.72.219
                                                                                                            Sep 20, 2021 16:17:52.561534882 CEST4977114444192.168.2.6139.99.156.30
                                                                                                            Sep 20, 2021 16:17:52.573821068 CEST1444449777192.99.69.170192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.573916912 CEST4977714444192.168.2.6192.99.69.170
                                                                                                            Sep 20, 2021 16:17:52.574265003 CEST1012849784195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.574376106 CEST4978410128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.575391054 CEST1012849785195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.575488091 CEST4978510128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.576670885 CEST4977714444192.168.2.6192.99.69.170
                                                                                                            Sep 20, 2021 16:17:52.586025953 CEST4978710128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.603434086 CEST144444978651.15.54.102192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.604995012 CEST4978810128192.168.2.654.255.104.167
                                                                                                            Sep 20, 2021 16:17:52.607436895 CEST144444978651.15.54.102192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.607533932 CEST4978614444192.168.2.651.15.54.102
                                                                                                            Sep 20, 2021 16:17:52.608247042 CEST1012849787195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.608385086 CEST4978710128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.614157915 CEST4978710128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.621543884 CEST4978910128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.624202013 CEST4979014444192.168.2.6192.99.69.170
                                                                                                            Sep 20, 2021 16:17:52.636483908 CEST1012849787195.201.124.214192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.636687994 CEST4978710128192.168.2.6195.201.124.214
                                                                                                            Sep 20, 2021 16:17:52.639036894 CEST101284977318.210.126.40192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.681196928 CEST1444449777192.99.69.170192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.691720963 CEST101284977618.210.126.40192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.691771984 CEST101284977618.210.126.40192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.691895962 CEST4977610128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.693979979 CEST4977610128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.705698967 CEST144444977445.76.65.223192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.711085081 CEST1444449764139.99.102.73192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.711220980 CEST4976414444192.168.2.6139.99.102.73
                                                                                                            Sep 20, 2021 16:17:52.711536884 CEST4976414444192.168.2.6139.99.102.73
                                                                                                            Sep 20, 2021 16:17:52.720571041 CEST4979110128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.736377001 CEST1444449790192.99.69.170192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.736572027 CEST4979014444192.168.2.6192.99.69.170
                                                                                                            Sep 20, 2021 16:17:52.737924099 CEST101284978054.188.223.206192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.738282919 CEST101284978054.188.223.206192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.738415956 CEST4978010128192.168.2.654.188.223.206
                                                                                                            Sep 20, 2021 16:17:52.739923000 CEST4978010128192.168.2.654.188.223.206
                                                                                                            Sep 20, 2021 16:17:52.761229038 CEST101284978918.210.126.40192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.767771006 CEST101284978854.255.104.167192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.768254042 CEST4978910128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.768265963 CEST4978810128192.168.2.654.255.104.167
                                                                                                            Sep 20, 2021 16:17:52.789037943 CEST4979014444192.168.2.6192.99.69.170
                                                                                                            Sep 20, 2021 16:17:52.790163040 CEST4978910128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.792912006 CEST4979214444192.168.2.6139.99.102.71
                                                                                                            Sep 20, 2021 16:17:52.793332100 CEST4978810128192.168.2.654.255.104.167
                                                                                                            Sep 20, 2021 16:17:52.811856031 CEST101284977818.180.72.219192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.814977884 CEST101284977818.180.72.219192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.815205097 CEST4977810128192.168.2.618.180.72.219
                                                                                                            Sep 20, 2021 16:17:52.817315102 CEST4977810128192.168.2.618.180.72.219
                                                                                                            Sep 20, 2021 16:17:52.829108953 CEST1444449771139.99.156.30192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.833894014 CEST101284977618.210.126.40192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.834604979 CEST4979310128192.168.2.654.188.223.206
                                                                                                            Sep 20, 2021 16:17:52.844989061 CEST144444977445.76.65.223192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.845083952 CEST4977414444192.168.2.645.76.65.223
                                                                                                            Sep 20, 2021 16:17:52.848684072 CEST4977414444192.168.2.645.76.65.223
                                                                                                            Sep 20, 2021 16:17:52.860451937 CEST101284979118.210.126.40192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.860632896 CEST4979110128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.890803099 CEST1444449764139.99.102.73192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.900564909 CEST1444449790192.99.69.170192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.900692940 CEST4979014444192.168.2.6192.99.69.170
                                                                                                            Sep 20, 2021 16:17:52.923387051 CEST101284978054.188.223.206192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.928874969 CEST101284978918.210.126.40192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.929052114 CEST4978910128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.932750940 CEST4979110128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:52.945130110 CEST4979410128192.168.2.618.180.72.219
                                                                                                            Sep 20, 2021 16:17:52.955575943 CEST101284978854.255.104.167192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.955672026 CEST4978810128192.168.2.654.255.104.167
                                                                                                            Sep 20, 2021 16:17:52.970412016 CEST1444449792139.99.102.71192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.970623970 CEST4979214444192.168.2.6139.99.102.71
                                                                                                            Sep 20, 2021 16:17:52.972738981 CEST4979214444192.168.2.6139.99.102.71
                                                                                                            Sep 20, 2021 16:17:52.974052906 CEST4979514444192.168.2.6207.246.100.198
                                                                                                            Sep 20, 2021 16:17:53.003247023 CEST1444449762139.162.112.195192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.003439903 CEST4976214444192.168.2.6139.162.112.195
                                                                                                            Sep 20, 2021 16:17:53.004786968 CEST4976214444192.168.2.6139.162.112.195
                                                                                                            Sep 20, 2021 16:17:53.009660006 CEST144444977445.76.65.223192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.011285067 CEST101284979354.188.223.206192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.014724016 CEST4979310128192.168.2.654.188.223.206
                                                                                                            Sep 20, 2021 16:17:53.027707100 CEST4979310128192.168.2.654.188.223.206
                                                                                                            Sep 20, 2021 16:17:53.036449909 CEST4979614444192.168.2.6139.162.112.195
                                                                                                            Sep 20, 2021 16:17:53.069094896 CEST101284977818.180.72.219192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.072335958 CEST101284979118.210.126.40192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.072487116 CEST4979110128192.168.2.618.210.126.40
                                                                                                            Sep 20, 2021 16:17:53.143088102 CEST1444449795207.246.100.198192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.143183947 CEST4979514444192.168.2.6207.246.100.198
                                                                                                            Sep 20, 2021 16:17:53.143737078 CEST4979514444192.168.2.6207.246.100.198
                                                                                                            Sep 20, 2021 16:17:53.150230885 CEST1444449792139.99.102.71192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.150669098 CEST4979214444192.168.2.6139.99.102.71
                                                                                                            Sep 20, 2021 16:17:53.161814928 CEST1444449771139.99.156.30192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.161936045 CEST4977114444192.168.2.6139.99.156.30
                                                                                                            Sep 20, 2021 16:17:53.176122904 CEST4977114444192.168.2.6139.99.156.30
                                                                                                            Sep 20, 2021 16:17:53.192399025 CEST101284979418.180.72.219192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.192560911 CEST4979410128192.168.2.618.180.72.219
                                                                                                            Sep 20, 2021 16:17:53.195945024 CEST4979410128192.168.2.618.180.72.219
                                                                                                            Sep 20, 2021 16:17:53.207277060 CEST101284979354.188.223.206192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.207432985 CEST4979310128192.168.2.654.188.223.206
                                                                                                            Sep 20, 2021 16:17:53.216011047 CEST4979714444192.168.2.6139.99.156.30
                                                                                                            Sep 20, 2021 16:17:53.283715963 CEST1444449762139.162.112.195192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.314872980 CEST1444449795207.246.100.198192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.316987038 CEST4979514444192.168.2.6207.246.100.198
                                                                                                            Sep 20, 2021 16:17:53.364274025 CEST1444449796139.162.112.195192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.364491940 CEST4979614444192.168.2.6139.162.112.195
                                                                                                            Sep 20, 2021 16:17:53.373915911 CEST4979614444192.168.2.6139.162.112.195
                                                                                                            Sep 20, 2021 16:17:53.443991899 CEST101284979418.180.72.219192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.444020987 CEST1444449771139.99.156.30192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.444216967 CEST4979410128192.168.2.618.180.72.219
                                                                                                            Sep 20, 2021 16:17:53.485385895 CEST1444449797139.99.156.30192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.485847950 CEST4979714444192.168.2.6139.99.156.30
                                                                                                            Sep 20, 2021 16:17:53.498188019 CEST4979714444192.168.2.6139.99.156.30
                                                                                                            Sep 20, 2021 16:17:53.644325018 CEST1444449796139.162.112.195192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.710896015 CEST1444449796139.162.112.195192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.711175919 CEST4979614444192.168.2.6139.162.112.195
                                                                                                            Sep 20, 2021 16:17:53.763684988 CEST497982222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:53.767709017 CEST1444449797139.99.156.30192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.771138906 CEST4979714444192.168.2.6139.99.156.30
                                                                                                            Sep 20, 2021 16:17:53.834419012 CEST22224979851.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.834613085 CEST497982222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:53.835741043 CEST497982222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:53.856431007 CEST22224979851.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.856477022 CEST22224979851.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.856547117 CEST497982222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:53.857264042 CEST497982222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:53.858444929 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:53.883502007 CEST22224979851.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.883536100 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.883824110 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:53.891510010 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:17:53.961555004 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.961602926 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:17:54.108755112 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:18:09.006793022 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:18:09.031537056 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:18:24.075234890 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:18:24.075387001 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:18:24.095772028 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:18:24.114953995 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:18:39.174562931 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:18:39.174747944 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:18:39.196208954 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:18:39.215625048 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:18:42.069931984 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:18:42.211564064 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:18:57.097727060 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:18:57.116755962 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:19:12.198472977 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:19:12.198647022 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:19:12.200865984 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:19:12.219885111 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:19:27.302557945 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:19:27.302675009 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:19:27.311629057 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:19:27.330636978 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:19:42.408170938 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:19:42.408369064 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:19:42.416271925 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:19:42.440712929 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:19:44.489917994 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:19:44.508955002 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:19:44.515300989 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:19:44.614588976 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:19:59.717089891 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:19:59.738501072 CEST22224979951.89.96.41192.168.2.6
                                                                                                            Sep 20, 2021 16:20:14.834855080 CEST497992222192.168.2.651.89.96.41
                                                                                                            Sep 20, 2021 16:20:14.860850096 CEST22224979951.89.96.41192.168.2.6

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Sep 20, 2021 16:16:52.690994024 CEST5177453192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:16:52.716610909 CEST53517748.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:16:53.202148914 CEST5602353192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:16:53.221410036 CEST53560238.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:16:53.882023096 CEST5838453192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:16:53.908582926 CEST53583848.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:16:54.443977118 CEST6026153192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:16:54.466253042 CEST53602618.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:16:55.081995964 CEST5606153192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:16:55.101425886 CEST53560618.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:16:55.120183945 CEST5833653192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:16:55.139838934 CEST53583368.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:16:55.738073111 CEST5378153192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:16:55.762558937 CEST53537818.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:16:56.322972059 CEST5406453192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:16:56.340677023 CEST53540648.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:16:56.789344072 CEST5281153192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:16:56.809426069 CEST53528118.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:16:57.846765041 CEST5529953192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:16:57.865994930 CEST53552998.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:16:58.355138063 CEST6374553192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:16:58.379867077 CEST53637458.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:16:59.004910946 CEST5005553192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:16:59.023938894 CEST53500558.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:16:59.559504986 CEST6137453192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:16:59.580396891 CEST53613748.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:00.161885977 CEST5033953192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:00.183552980 CEST53503398.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:00.712143898 CEST6330753192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:00.731367111 CEST53633078.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:01.225557089 CEST4969453192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:01.244127035 CEST53496948.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:04.723160028 CEST5498253192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:04.742355108 CEST53549828.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:29.368942976 CEST5001053192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:29.388577938 CEST53500108.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:51.903198957 CEST6371853192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:51.934108973 CEST53637188.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:51.947235107 CEST6211653192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:51.969907999 CEST53621168.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:51.994895935 CEST6381653192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.003196001 CEST5501453192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.018109083 CEST53638168.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.025985956 CEST53550148.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.051062107 CEST6220853192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.070298910 CEST5757453192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.074810028 CEST53622088.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.077537060 CEST5181853192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.086899042 CEST5662853192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.092935085 CEST53575748.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.097189903 CEST6077853192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.104028940 CEST53518188.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.110338926 CEST53566288.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.111187935 CEST5379953192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.119496107 CEST53607788.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.126595020 CEST5468353192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.136374950 CEST5932953192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.137234926 CEST53537998.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.150861025 CEST6402153192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.153669119 CEST53546838.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.159672976 CEST53593298.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.164228916 CEST5612953192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.175367117 CEST5817753192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.180890083 CEST5070053192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.182756901 CEST53640218.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.185822964 CEST5406953192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.186543941 CEST6117853192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.189826012 CEST53561298.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.194297075 CEST5701753192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.198137999 CEST53581778.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.207367897 CEST53507008.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.208287001 CEST53540698.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.210130930 CEST53611788.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.216962099 CEST53570178.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.260853052 CEST5632753192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.268893957 CEST5024353192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.279581070 CEST6205553192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.286338091 CEST53563278.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.286393881 CEST6124953192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.290338039 CEST6525253192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.292814970 CEST53502438.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.303519964 CEST53620558.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.308511972 CEST53652528.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.308804989 CEST53612498.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.553639889 CEST6436753192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.573263884 CEST5506653192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.580248117 CEST53643678.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.582072973 CEST6021153192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.593519926 CEST5657053192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.602947950 CEST53550668.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.609555960 CEST53602118.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.616808891 CEST53565708.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.699759007 CEST5845453192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.717638969 CEST5518053192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.719399929 CEST53584548.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.741450071 CEST53551808.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.794611931 CEST5872153192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.821621895 CEST53587218.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.829865932 CEST5769153192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.851711035 CEST53576918.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:52.944770098 CEST5294353192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:52.967212915 CEST53529438.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.011312962 CEST5948953192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:53.033525944 CEST53594898.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.188441992 CEST6402253192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:53.211309910 CEST53640228.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.710664034 CEST6402353192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:53.733613968 CEST53640238.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:53.736651897 CEST6402453192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:53.756797075 CEST53640248.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:55.433001995 CEST6002353192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:55.466562986 CEST53600238.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:56.088000059 CEST5719353192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:56.111979961 CEST53571938.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:56.724848032 CEST5024853192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:56.746889114 CEST53502488.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:57.080260038 CEST6441353192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:57.106569052 CEST53644138.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:57.659800053 CEST6042953192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:57.683654070 CEST53604298.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:58.107853889 CEST6034553192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:58.129864931 CEST53603458.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:58.995580912 CEST5873053192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:59.051291943 CEST53587308.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:17:59.946217060 CEST5383053192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:17:59.966351032 CEST53538308.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:18:00.790568113 CEST5722653192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:18:00.810148954 CEST53572268.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:18:01.250684977 CEST5788053192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:18:01.270885944 CEST53578808.8.8.8192.168.2.6
                                                                                                            Sep 20, 2021 16:18:19.175335884 CEST6085053192.168.2.68.8.8.8
                                                                                                            Sep 20, 2021 16:18:19.196850061 CEST53608508.8.8.8192.168.2.6

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                            Sep 20, 2021 16:17:51.903198957 CEST192.168.2.68.8.8.80x1ec2Standard query (0)sg.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:51.947235107 CEST192.168.2.68.8.8.80xd50cStandard query (0)xmr-jp1.nanopool.orgA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:51.994895935 CEST192.168.2.68.8.8.80xe936Standard query (0)xmr-asia1.nanopool.orgA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.003196001 CEST192.168.2.68.8.8.80x6567Standard query (0)xmr.2miners.comA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.051062107 CEST192.168.2.68.8.8.80x28Standard query (0)proxycenter.geekgalaxy.comA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.070298910 CEST192.168.2.68.8.8.80xdde5Standard query (0)xmr-eu2.nanopool.orgA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.077537060 CEST192.168.2.68.8.8.80x991cStandard query (0)de.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.086899042 CEST192.168.2.68.8.8.80xad2cStandard query (0)xmr-eu1.nanopool.orgA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.097189903 CEST192.168.2.68.8.8.80x4009Standard query (0)xmr-au1.nanopool.orgA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.111187935 CEST192.168.2.68.8.8.80x3bb6Standard query (0)fi.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.126595020 CEST192.168.2.68.8.8.80xfe69Standard query (0)us-oh.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.136374950 CEST192.168.2.68.8.8.80x3314Standard query (0)xmr-us-west1.nanopool.orgA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.150861025 CEST192.168.2.68.8.8.80x8660Standard query (0)gulf.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.164228916 CEST192.168.2.68.8.8.80xb83fStandard query (0)us-va.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.175367117 CEST192.168.2.68.8.8.80xf765Standard query (0)xmr-us-east1.nanopool.orgA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.180890083 CEST192.168.2.68.8.8.80x16abStandard query (0)us-or.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.185822964 CEST192.168.2.68.8.8.80x3f15Standard query (0)jp.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.186543941 CEST192.168.2.68.8.8.80xd77eStandard query (0)fr.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.194297075 CEST192.168.2.68.8.8.80x70deStandard query (0)xmr.2miners.comA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.260853052 CEST192.168.2.68.8.8.80xceb0Standard query (0)de.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.268893957 CEST192.168.2.68.8.8.80x8f3aStandard query (0)xmr-eu2.nanopool.orgA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.279581070 CEST192.168.2.68.8.8.80xc707Standard query (0)fi.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.286393881 CEST192.168.2.68.8.8.80x12edStandard query (0)xmr-eu1.nanopool.orgA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.290338039 CEST192.168.2.68.8.8.80x789eStandard query (0)gulf.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.553639889 CEST192.168.2.68.8.8.80xb3d3Standard query (0)fr.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.573263884 CEST192.168.2.68.8.8.80xb540Standard query (0)sg.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.582072973 CEST192.168.2.68.8.8.80xb036Standard query (0)us-oh.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.593519926 CEST192.168.2.68.8.8.80xd01cStandard query (0)xmr-us-east1.nanopool.orgA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.699759007 CEST192.168.2.68.8.8.80x3c90Standard query (0)us-va.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.717638969 CEST192.168.2.68.8.8.80xa6abStandard query (0)xmr-asia1.nanopool.orgA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.794611931 CEST192.168.2.68.8.8.80xa53fStandard query (0)us-or.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.829865932 CEST192.168.2.68.8.8.80xff1dStandard query (0)jp.moneroocean.streamA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.944770098 CEST192.168.2.68.8.8.80x9c32Standard query (0)xmr-us-west1.nanopool.orgA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:53.011312962 CEST192.168.2.68.8.8.80x7b3cStandard query (0)xmr-jp1.nanopool.orgA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:53.188441992 CEST192.168.2.68.8.8.80xb719Standard query (0)xmr-au1.nanopool.orgA (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:53.710664034 CEST192.168.2.68.8.8.80x5401Standard query (0)xmr.2miners.com28IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:53.736651897 CEST192.168.2.68.8.8.80x4cc1Standard query (0)xmr.2miners.comA (IP address)IN (0x0001)

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                            Sep 20, 2021 16:17:51.934108973 CEST8.8.8.8192.168.2.60x1ec2No error (0)sg.moneroocean.stream54.255.104.167A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:51.969907999 CEST8.8.8.8192.168.2.60xd50cNo error (0)xmr-jp1.nanopool.org139.162.112.195A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:51.969907999 CEST8.8.8.8192.168.2.60xd50cNo error (0)xmr-jp1.nanopool.org172.105.211.250A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:51.969907999 CEST8.8.8.8192.168.2.60xd50cNo error (0)xmr-jp1.nanopool.org139.162.81.90A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.018109083 CEST8.8.8.8192.168.2.60xe936No error (0)xmr-asia1.nanopool.org139.99.102.73A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.018109083 CEST8.8.8.8192.168.2.60xe936No error (0)xmr-asia1.nanopool.org139.99.102.71A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.018109083 CEST8.8.8.8192.168.2.60xe936No error (0)xmr-asia1.nanopool.org139.99.102.74A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.018109083 CEST8.8.8.8192.168.2.60xe936No error (0)xmr-asia1.nanopool.org103.3.62.64A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.018109083 CEST8.8.8.8192.168.2.60xe936No error (0)xmr-asia1.nanopool.org139.99.102.70A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.018109083 CEST8.8.8.8192.168.2.60xe936No error (0)xmr-asia1.nanopool.org172.104.165.191A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.018109083 CEST8.8.8.8192.168.2.60xe936No error (0)xmr-asia1.nanopool.org139.99.101.198A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.018109083 CEST8.8.8.8192.168.2.60xe936No error (0)xmr-asia1.nanopool.org139.99.101.197A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.018109083 CEST8.8.8.8192.168.2.60xe936No error (0)xmr-asia1.nanopool.org139.99.101.232A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.018109083 CEST8.8.8.8192.168.2.60xe936No error (0)xmr-asia1.nanopool.org139.99.102.72A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.025985956 CEST8.8.8.8192.168.2.60x6567No error (0)xmr.2miners.com51.89.96.41A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.074810028 CEST8.8.8.8192.168.2.60x28No error (0)proxycenter.geekgalaxy.com51.83.61.76A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.092935085 CEST8.8.8.8192.168.2.60xdde5No error (0)xmr-eu2.nanopool.org51.255.34.79A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.092935085 CEST8.8.8.8192.168.2.60xdde5No error (0)xmr-eu2.nanopool.org51.255.34.80A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.092935085 CEST8.8.8.8192.168.2.60xdde5No error (0)xmr-eu2.nanopool.org51.15.67.17A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.092935085 CEST8.8.8.8192.168.2.60xdde5No error (0)xmr-eu2.nanopool.org151.80.144.188A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.092935085 CEST8.8.8.8192.168.2.60xdde5No error (0)xmr-eu2.nanopool.org51.15.55.100A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.092935085 CEST8.8.8.8192.168.2.60xdde5No error (0)xmr-eu2.nanopool.org213.32.74.157A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.092935085 CEST8.8.8.8192.168.2.60xdde5No error (0)xmr-eu2.nanopool.org51.15.55.162A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.104028940 CEST8.8.8.8192.168.2.60x991cNo error (0)de.moneroocean.stream195.201.124.214A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.110338926 CEST8.8.8.8192.168.2.60xad2cNo error (0)xmr-eu1.nanopool.org185.71.66.31A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.110338926 CEST8.8.8.8192.168.2.60xad2cNo error (0)xmr-eu1.nanopool.org51.68.143.81A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.110338926 CEST8.8.8.8192.168.2.60xad2cNo error (0)xmr-eu1.nanopool.org51.15.54.102A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.110338926 CEST8.8.8.8192.168.2.60xad2cNo error (0)xmr-eu1.nanopool.org51.83.33.228A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.110338926 CEST8.8.8.8192.168.2.60xad2cNo error (0)xmr-eu1.nanopool.org51.15.69.136A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.110338926 CEST8.8.8.8192.168.2.60xad2cNo error (0)xmr-eu1.nanopool.org135.125.238.108A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.110338926 CEST8.8.8.8192.168.2.60xad2cNo error (0)xmr-eu1.nanopool.org51.255.34.118A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.110338926 CEST8.8.8.8192.168.2.60xad2cNo error (0)xmr-eu1.nanopool.org51.15.65.182A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.110338926 CEST8.8.8.8192.168.2.60xad2cNo error (0)xmr-eu1.nanopool.org51.15.58.224A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.110338926 CEST8.8.8.8192.168.2.60xad2cNo error (0)xmr-eu1.nanopool.org51.15.78.68A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.110338926 CEST8.8.8.8192.168.2.60xad2cNo error (0)xmr-eu1.nanopool.org217.182.169.148A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.110338926 CEST8.8.8.8192.168.2.60xad2cNo error (0)xmr-eu1.nanopool.org46.105.31.147A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.119496107 CEST8.8.8.8192.168.2.60x4009No error (0)xmr-au1.nanopool.org139.99.156.30A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.137234926 CEST8.8.8.8192.168.2.60x3bb6No error (0)fi.moneroocean.stream195.201.124.214A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.153669119 CEST8.8.8.8192.168.2.60xfe69No error (0)us-oh.moneroocean.stream18.210.126.40A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.159672976 CEST8.8.8.8192.168.2.60x3314No error (0)xmr-us-west1.nanopool.org45.76.65.223A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.159672976 CEST8.8.8.8192.168.2.60x3314No error (0)xmr-us-west1.nanopool.org149.28.212.250A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.159672976 CEST8.8.8.8192.168.2.60x3314No error (0)xmr-us-west1.nanopool.org66.42.105.146A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.159672976 CEST8.8.8.8192.168.2.60x3314No error (0)xmr-us-west1.nanopool.org104.238.180.207A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.159672976 CEST8.8.8.8192.168.2.60x3314No error (0)xmr-us-west1.nanopool.org207.246.100.198A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.159672976 CEST8.8.8.8192.168.2.60x3314No error (0)xmr-us-west1.nanopool.org45.32.71.82A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.182756901 CEST8.8.8.8192.168.2.60x8660No error (0)gulf.moneroocean.streammonerooceans.streamCNAME (Canonical name)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.182756901 CEST8.8.8.8192.168.2.60x8660No error (0)monerooceans.stream195.201.124.214A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.189826012 CEST8.8.8.8192.168.2.60xb83fNo error (0)us-va.moneroocean.stream18.210.126.40A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.198137999 CEST8.8.8.8192.168.2.60xf765No error (0)xmr-us-east1.nanopool.org192.99.69.170A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.198137999 CEST8.8.8.8192.168.2.60xf765No error (0)xmr-us-east1.nanopool.org144.217.14.109A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.198137999 CEST8.8.8.8192.168.2.60xf765No error (0)xmr-us-east1.nanopool.org142.44.243.6A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.198137999 CEST8.8.8.8192.168.2.60xf765No error (0)xmr-us-east1.nanopool.org142.44.242.100A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.198137999 CEST8.8.8.8192.168.2.60xf765No error (0)xmr-us-east1.nanopool.org144.217.14.139A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.207367897 CEST8.8.8.8192.168.2.60x16abNo error (0)us-or.moneroocean.stream54.188.223.206A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.208287001 CEST8.8.8.8192.168.2.60x3f15No error (0)jp.moneroocean.stream18.180.72.219A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.210130930 CEST8.8.8.8192.168.2.60xd77eNo error (0)fr.moneroocean.stream195.201.124.214A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.216962099 CEST8.8.8.8192.168.2.60x70deNo error (0)xmr.2miners.com51.89.96.41A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.286338091 CEST8.8.8.8192.168.2.60xceb0No error (0)de.moneroocean.stream195.201.124.214A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.292814970 CEST8.8.8.8192.168.2.60x8f3aNo error (0)xmr-eu2.nanopool.org151.80.144.188A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.292814970 CEST8.8.8.8192.168.2.60x8f3aNo error (0)xmr-eu2.nanopool.org51.255.34.79A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.292814970 CEST8.8.8.8192.168.2.60x8f3aNo error (0)xmr-eu2.nanopool.org213.32.74.157A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.292814970 CEST8.8.8.8192.168.2.60x8f3aNo error (0)xmr-eu2.nanopool.org51.15.55.162A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.292814970 CEST8.8.8.8192.168.2.60x8f3aNo error (0)xmr-eu2.nanopool.org51.15.55.100A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.292814970 CEST8.8.8.8192.168.2.60x8f3aNo error (0)xmr-eu2.nanopool.org51.255.34.80A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.292814970 CEST8.8.8.8192.168.2.60x8f3aNo error (0)xmr-eu2.nanopool.org51.15.67.17A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.303519964 CEST8.8.8.8192.168.2.60xc707No error (0)fi.moneroocean.stream195.201.124.214A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.308511972 CEST8.8.8.8192.168.2.60x789eNo error (0)gulf.moneroocean.streammonerooceans.streamCNAME (Canonical name)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.308511972 CEST8.8.8.8192.168.2.60x789eNo error (0)monerooceans.stream195.201.124.214A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.308804989 CEST8.8.8.8192.168.2.60x12edNo error (0)xmr-eu1.nanopool.org51.15.54.102A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.308804989 CEST8.8.8.8192.168.2.60x12edNo error (0)xmr-eu1.nanopool.org135.125.238.108A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.308804989 CEST8.8.8.8192.168.2.60x12edNo error (0)xmr-eu1.nanopool.org51.15.78.68A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.308804989 CEST8.8.8.8192.168.2.60x12edNo error (0)xmr-eu1.nanopool.org51.255.34.118A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.308804989 CEST8.8.8.8192.168.2.60x12edNo error (0)xmr-eu1.nanopool.org51.83.33.228A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.308804989 CEST8.8.8.8192.168.2.60x12edNo error (0)xmr-eu1.nanopool.org51.15.65.182A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.308804989 CEST8.8.8.8192.168.2.60x12edNo error (0)xmr-eu1.nanopool.org51.68.143.81A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.308804989 CEST8.8.8.8192.168.2.60x12edNo error (0)xmr-eu1.nanopool.org51.15.58.224A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.308804989 CEST8.8.8.8192.168.2.60x12edNo error (0)xmr-eu1.nanopool.org217.182.169.148A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.308804989 CEST8.8.8.8192.168.2.60x12edNo error (0)xmr-eu1.nanopool.org46.105.31.147A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.308804989 CEST8.8.8.8192.168.2.60x12edNo error (0)xmr-eu1.nanopool.org51.15.69.136A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.308804989 CEST8.8.8.8192.168.2.60x12edNo error (0)xmr-eu1.nanopool.org185.71.66.31A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.580248117 CEST8.8.8.8192.168.2.60xb3d3No error (0)fr.moneroocean.stream195.201.124.214A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.602947950 CEST8.8.8.8192.168.2.60xb540No error (0)sg.moneroocean.stream54.255.104.167A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.609555960 CEST8.8.8.8192.168.2.60xb036No error (0)us-oh.moneroocean.stream18.210.126.40A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.616808891 CEST8.8.8.8192.168.2.60xd01cNo error (0)xmr-us-east1.nanopool.org192.99.69.170A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.616808891 CEST8.8.8.8192.168.2.60xd01cNo error (0)xmr-us-east1.nanopool.org142.44.242.100A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.616808891 CEST8.8.8.8192.168.2.60xd01cNo error (0)xmr-us-east1.nanopool.org144.217.14.109A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.616808891 CEST8.8.8.8192.168.2.60xd01cNo error (0)xmr-us-east1.nanopool.org142.44.243.6A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.616808891 CEST8.8.8.8192.168.2.60xd01cNo error (0)xmr-us-east1.nanopool.org144.217.14.139A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.719399929 CEST8.8.8.8192.168.2.60x3c90No error (0)us-va.moneroocean.stream18.210.126.40A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.741450071 CEST8.8.8.8192.168.2.60xa6abNo error (0)xmr-asia1.nanopool.org139.99.102.71A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.741450071 CEST8.8.8.8192.168.2.60xa6abNo error (0)xmr-asia1.nanopool.org139.99.101.232A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.741450071 CEST8.8.8.8192.168.2.60xa6abNo error (0)xmr-asia1.nanopool.org139.99.102.70A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.741450071 CEST8.8.8.8192.168.2.60xa6abNo error (0)xmr-asia1.nanopool.org139.99.102.72A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.741450071 CEST8.8.8.8192.168.2.60xa6abNo error (0)xmr-asia1.nanopool.org172.104.165.191A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.741450071 CEST8.8.8.8192.168.2.60xa6abNo error (0)xmr-asia1.nanopool.org139.99.101.198A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.741450071 CEST8.8.8.8192.168.2.60xa6abNo error (0)xmr-asia1.nanopool.org139.99.102.74A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.741450071 CEST8.8.8.8192.168.2.60xa6abNo error (0)xmr-asia1.nanopool.org139.99.102.73A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.741450071 CEST8.8.8.8192.168.2.60xa6abNo error (0)xmr-asia1.nanopool.org103.3.62.64A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.741450071 CEST8.8.8.8192.168.2.60xa6abNo error (0)xmr-asia1.nanopool.org139.99.101.197A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.821621895 CEST8.8.8.8192.168.2.60xa53fNo error (0)us-or.moneroocean.stream54.188.223.206A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.851711035 CEST8.8.8.8192.168.2.60xff1dNo error (0)jp.moneroocean.stream18.180.72.219A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.967212915 CEST8.8.8.8192.168.2.60x9c32No error (0)xmr-us-west1.nanopool.org207.246.100.198A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.967212915 CEST8.8.8.8192.168.2.60x9c32No error (0)xmr-us-west1.nanopool.org66.42.105.146A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.967212915 CEST8.8.8.8192.168.2.60x9c32No error (0)xmr-us-west1.nanopool.org45.76.65.223A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.967212915 CEST8.8.8.8192.168.2.60x9c32No error (0)xmr-us-west1.nanopool.org149.28.212.250A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.967212915 CEST8.8.8.8192.168.2.60x9c32No error (0)xmr-us-west1.nanopool.org104.238.180.207A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:52.967212915 CEST8.8.8.8192.168.2.60x9c32No error (0)xmr-us-west1.nanopool.org45.32.71.82A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:53.033525944 CEST8.8.8.8192.168.2.60x7b3cNo error (0)xmr-jp1.nanopool.org139.162.112.195A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:53.033525944 CEST8.8.8.8192.168.2.60x7b3cNo error (0)xmr-jp1.nanopool.org172.105.211.250A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:53.033525944 CEST8.8.8.8192.168.2.60x7b3cNo error (0)xmr-jp1.nanopool.org139.162.81.90A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:53.211309910 CEST8.8.8.8192.168.2.60xb719No error (0)xmr-au1.nanopool.org139.99.156.30A (IP address)IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:53.733613968 CEST8.8.8.8192.168.2.60x5401No error (0)xmr.2miners.com28IN (0x0001)
                                                                                                            Sep 20, 2021 16:17:53.756797075 CEST8.8.8.8192.168.2.60x4cc1No error (0)xmr.2miners.com51.89.96.41A (IP address)IN (0x0001)

                                                                                                            HTTP Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                            0192.168.2.64976751.83.61.7680C:\Users\user\Desktop\dllhost.exe
                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                            Sep 20, 2021 16:17:52.167704105 CEST1065OUTData Raw: 16 03 01 01 11 01 00 01 0d 03 03 81 34 0f c0 5d 8c 8c 57 15 e7 2d 02 c4 c6 c8 24 71 c4 ed 9a fb 72 3c 24 7b fb 7a 56 0e 7e 04 fe 20 4d dc 1f c9 31 48 39 ae 70 19 f8 81 07 75 4f ad 62 df 71 9d 2c 4d cb 7c fc 84 43 b3 43 b5 93 22 00 26 c0 2f c0 30
                                                                                                            Data Ascii: 4]W-$qr<${zV~ M1H9puObq,M|CC"&/0+,/5proxycenter.geekgalaxy.com+3&$
                                                                                                            Sep 20, 2021 16:17:52.199449062 CEST1070INData Raw: 16 03 03 00 7a 02 00 00 76 03 03 06 7f 2a 23 41 d6 39 a5 a1 4e 98 e8 af 37 74 95 56 1c e8 3f 76 08 e3 db cb be 88 a7 08 15 31 c2 20 4d dc 1f c9 31 48 39 ae 70 19 f8 81 07 75 4f ad 62 df 71 9d 2c 4d cb 7c fc 84 43 b3 43 b5 93 22 13 02 00 00 2e 00
                                                                                                            Data Ascii: zv*#A9N7tV?v1 M1H9puObq,M|CC".+3$ 5q$?z#PG&]yp.]/!&E6H_cHlr:x'H95Q;=)=oqylr\@]2H]&a
                                                                                                            Sep 20, 2021 16:17:52.206331968 CEST1072OUTData Raw: 14 03 03 00 01 01 17 03 03 00 45 a1 f8 55 22 b1 bc 70 d3 6e 86 35 9f 6f d4 f6 52 af ea 79 3e e5 57 41 ab 0c 79 7d b0 a6 9c ab 69 7f 4a aa 6f 09 07 7a 98 63 cd 9d 8d 4e d1 d6 27 a6 f3 0d b0 40 f7 e9 12 c2 3e 08 21 5c c5 fa 61 d2 6f 71 dd 60
                                                                                                            Data Ascii: EU"pn5oRy>WAy}iJozcN'@>!\aoq`
                                                                                                            Sep 20, 2021 16:17:52.207072973 CEST1072OUTData Raw: 17 03 03 00 13 08 32 ef a4 79 8d a6 59 b2 b5 7b 75 98 63 3a 15 59 64 6c
                                                                                                            Data Ascii: 2yY{uc:Ydl
                                                                                                            Sep 20, 2021 16:17:52.232741117 CEST1075INData Raw: 17 03 03 00 ea 50 ce 86 8b 66 75 0d 7e 51 9c 49 a5 9d 76 55 93 36 63 08 93 96 48 49 49 f6 18 2d 56 ee 04 9b e3 d2 61 eb 99 80 84 99 e3 7f 64 3c 77 ab 3c b6 99 73 55 57 b9 4d 08 31 bc 78 d2 a5 73 ee 6f 2a 27 12 96 93 7b 2a bb fb 19 ff 6a 47 3e 40
                                                                                                            Data Ascii: Pfu~QIvU6cHII-Vad<w<sUWM1xso*'{*jG>@)"paDd*+{>WD-#`}bu0@B#w%}@QY;bhH*72j_ugtxd8hZ@DeZL3(`s};)T&S<WT9$*-k


                                                                                                            Code Manipulations

                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            Analysis Process: dllhost.exe PID: 2276 Parent PID: 5756

                                                                                                            General

                                                                                                            Start time:16:17:21
                                                                                                            Start date:20/09/2021
                                                                                                            Path:C:\Users\user\Desktop\dllhost.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:'C:\Users\user\Desktop\dllhost.exe'
                                                                                                            Imagebase:0x7ff6e50b0000
                                                                                                            File size:67306240 bytes
                                                                                                            MD5 hash:FB4C1F5EC7701209F0A1DCD0726DC403
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_Nanominer, Description: Yara detected Nanominer, Source: 00000001.00000003.449048598.0000028FA8CD4000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                            Reputation:low

                                                                                                            Chronological Activities

                                                                                                            Analysis Process: conhost.exe PID: 5356 Parent PID: 2276

                                                                                                            General

                                                                                                            Start time:16:17:30
                                                                                                            Start date:20/09/2021
                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                            Imagebase:0x7ff61de10000
                                                                                                            File size:625664 bytes
                                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high

                                                                                                            Chronological Activities

                                                                                                            Disassembly

                                                                                                            Code Analysis

                                                                                                            Reset < >