Edit tour
Windows
Analysis Report
Documenti di spedizione.bat.exe
Overview
General Information
| Sample name: | Documenti di spedizione.bat.exe |
| Analysis ID: | 1568249 |
| MD5: | a10e959289c077bc452de5c48abd7262 |
| SHA1: | 9b295da45f8cc4fa5e5b94ba1ad3de93c617eadf |
| SHA256: | e246806c6b16a736f29c6c3677c9f9263c8a0dc347a92a4f2606e93b13aec707 |
| Tags: | batexeGuLoaderuser-abuse_ch |
| Infos: |  |
 | |
Detection
AgentTesla, GuLoader
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Found malware configuration
Yara detected AgentTesla
Yara detected GuLoader
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Classification
- System is w10x64
Documenti di spedizione.bat.exe (PID: 3804 cmdline:
"C:\Users\ user\Deskt op\Documen ti di sped izione.bat .exe" MD5: A10E959289C077BC452DE5C48ABD7262) "C:\Users\ user\Deskt op\Documen ti di sped izione.bat .exe" MD5: A10E959289C077BC452DE5C48ABD7262)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
{"Exfil Mode": "FTP", "Host": "ftp://ftp.concaribe.com", "Username": "testi@concaribe.com", "Password": "ro}UWgz#!38E"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Click to see the 1 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-04T13:40:15.537057+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49845 | 109.248.150.252 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Directory queried: | ||
| Source: | Code function: | 0_2_004069FF | |
| Source: | Code function: | 0_2_00405DAE | |
| Source: | Code function: | 0_2_00402930 | |
| Source: | Code function: | 4_2_00402930 | |
| Source: | Code function: | 4_2_004069FF | |
| Source: | Code function: | 4_2_00405DAE | |
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00405866 | |
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00403665 | |
| Source: | Code function: | 4_2_00403665 | |
| Source: | Code function: | 0_2_00406DC0 | |
| Source: | Code function: | 0_2_73D81BFF | |
| Source: | Code function: | 4_2_00406DC0 | |
| Source: | Code function: | 4_2_000DB21D | |
| Source: | Code function: | 4_2_000DE360 | |
| Source: | Code function: | 4_2_000D4A58 | |
| Source: | Code function: | 4_2_000D3E40 | |
| Source: | Code function: | 4_2_000D4188 | |
| Source: | Code function: | 4_2_3643D690 | |
| Source: | Code function: | 4_2_364391B0 | |
| Source: | Code function: | 4_2_3643CE21 | |
| Source: | Code function: | 4_2_3643BB90 | |
| Source: | Code function: | 4_2_3643A7DC | |
| Source: | Code function: | 4_2_364456A0 | |
| Source: | Code function: | 4_2_3644C240 | |
| Source: | Code function: | 4_2_3644B2F0 | |
| Source: | Code function: | 4_2_36443158 | |
| Source: | Code function: | 4_2_36447760 | |
| Source: | Code function: | 4_2_3644E468 | |
| Source: | Code function: | 4_2_36445DB7 | |
| Source: | Code function: | 4_2_36442370 | |
| Source: | Code function: | 4_2_36440040 | |
| Source: | Code function: | 4_2_36812B98 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00403665 | |
| Source: | Code function: | 4_2_00403665 | |
| Source: | Code function: | 0_2_00404B12 | |
| Source: | Code function: | 0_2_004021CF | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File written: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_73D81BFF | |
| Source: | Code function: | 0_2_73D830EE | |
| Source: | Code function: | 4_2_000D0C7A | |
| Source: | Code function: | 4_2_36433FD5 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | WMI Queries: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Code function: | 0_2_004069FF | |
| Source: | Code function: | 0_2_00405DAE | |
| Source: | Code function: | 0_2_00402930 | |
| Source: | Code function: | 4_2_00402930 | |
| Source: | Code function: | 4_2_004069FF | |
| Source: | Code function: | 4_2_00405DAE | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4368 | ||
| Source: | API call chain: | graph_0-4597 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_73D827A4 | |
| Source: | Code function: | 0_2_73D81BFF | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00403665 | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Directory queried: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 2 OS Credential Dumping | 13 File and Directory Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 1 Native API | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | 1 Credentials in Registry | 226 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 11 Process Injection | 2 Obfuscated Files or Information | Security Account Manager | 321 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | NTDS | 1 Process Discovery | Distributed Component Object Model | 1 Clipboard Data | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Masquerading | LSA Secrets | 151 Virtualization/Sandbox Evasion | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 151 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | 1 System Network Configuration Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 11 Process Injection | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 8% | ReversingLabs |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| api.ipify.org | 104.26.13.205 | true | false | high | |
| concaribe.com | 192.185.13.234 | true | true | unknown | |
| ftp.concaribe.com | unknown | unknown | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.26.13.205 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 192.185.13.234 | concaribe.com | United States | 46606 | UNIFIEDLAYER-AS-1US | true | |
| 109.248.150.252 | unknown | Russian Federation | 52048 | DATACLUBLV | false |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1568249 |
| Start date and time: | 2024-12-04 13:38:11 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 6s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 6 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Documenti di spedizione.bat.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/7@2/3 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryDirectoryFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: Documenti di spedizione.bat.exe
| Time | Type | Description |
|---|---|---|
| 07:40:18 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.26.13.205 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, PrivateLoader, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | LummaC, PrivateLoader, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | RDPWrap Tool | Browse |
| ||
| Get hash | malicious | Node Stealer | Browse |
| ||
| Get hash | malicious | LummaC, PrivateLoader, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar | Browse |
| ||
| 192.185.13.234 | Get hash | malicious | AgentTesla, GuLoader | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| api.ipify.org | Get hash | malicious | AgentTesla, GuLoader | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, DarkTortilla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, DarkTortilla | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Lokibot | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Cobalt Strike, FormBook, HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Flawedammyy | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| DATACLUBLV | Get hash | malicious | AgentTesla, GuLoader | Browse |
| |
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | Remcos, GuLoader | Browse |
| ||
| Get hash | malicious | FormBook, GuLoader | Browse |
| ||
| Get hash | malicious | FormBook, GuLoader | Browse |
| ||
| Get hash | malicious | NoCry, XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| UNIFIEDLAYER-AS-1US | Get hash | malicious | AgentTesla, GuLoader | Browse |
| |
| Get hash | malicious | Gafgyt, Mirai, Moobot, Okiru | Browse |
| ||
| Get hash | malicious | HTMLPhisher, ReCaptcha Phish | Browse |
| ||
| Get hash | malicious | Captcha Phish | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Phisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Cobalt Strike, FormBook, HTMLPhisher | Browse |
| |
| Get hash | malicious | Cobalt Strike, HTMLPhisher | Browse |
| ||
| Get hash | malicious | Cobalt Strike, HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | GuLoader, MassLogger RAT | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nso28B6.tmp\System.dll | Get hash | malicious | AgentTesla, GuLoader | Browse | ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | PureLog Stealer, zgRAT | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | FormBook, GuLoader | Browse |
| Process: | C:\Users\user\Desktop\Documenti di spedizione.bat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 41 |
| Entropy (8bit): | 4.159517480745798 |
| Encrypted: | false |
| SSDEEP: | 3:aZxyzAXMD6WG4AQGNy:/sodMy |
| MD5: | 72AA3249175DB3140CA2417E0D3734AF |
| SHA1: | 26C42DF76BAE28052FE718345719D9C63C1D0CE5 |
| SHA-256: | 805937F3343642A10631ED3C4829F25DDFECB4EC9CB240D59C2BC8D57A9BFD83 |
| SHA-512: | 62B7380DB3DDCEB487C74400AE6640E4AECBAFBBFD9B5D30766EB14E04B968220A739D5E951EDC9D40EE649D2AEE7159258095D49A75E62890211FB64BD9FE59 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Documenti di spedizione.bat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1228397 |
| Entropy (8bit): | 3.963610153001338 |
| Encrypted: | false |
| SSDEEP: | 12288:iRSJxWzlZ+ZIY5+Sa1+l3zGPrqnZb+5BBz/IwTz9PP8Nl:Cy0zlZAZa1ofY5Nk |
| MD5: | D3B041FCA53F1D168CAA6D02DEC54281 |
| SHA1: | E8338CC68628C210AF2551D10BB7D2C961606DE9 |
| SHA-256: | 3A88E38B169C63B0C11EEEEA815D3704E39060F9D2CF4AD5BBC7EEACE7667192 |
| SHA-512: | 8B4415938D77828E929D5626476DB041D30C474E055D31D4ACF9F37A2CE25D484E806776CF6A6DA977B46B9D2C82D816A9E8A703AB04C876224E17E6D3CAF87F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Documenti di spedizione.bat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 5.804946284177748 |
| Encrypted: | false |
| SSDEEP: | 192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr |
| MD5: | 192639861E3DC2DC5C08BB8F8C7260D5 |
| SHA1: | 58D30E460609E22FA0098BC27D928B689EF9AF78 |
| SHA-256: | 23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6 |
| SHA-512: | 6E573D8B2EF6ED719E271FD0B2FD9CD451F61FC9A9459330108D6D7A65A0F64016303318CAD787AA1D5334BA670D8F1C7C13074E1BE550B4A316963ECC465CDC |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\Documenti di spedizione.bat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 195813 |
| Entropy (8bit): | 7.551514422413719 |
| Encrypted: | false |
| SSDEEP: | 3072:DxmxSxO4IDzoUrsKwBJm8ARd+BFg854zeZEQ+NLY5+LfWRoqFEL+a+lamtBtM:DxmYxOZzleod+CeDMY5+LfWRofL+a+lc |
| MD5: | A3DD8B9EC16C93FA601C948C71D62C54 |
| SHA1: | C463421F2CC6AC30DCE4D6F90D28FD7FE5DE2A90 |
| SHA-256: | A9EE0EB3558337ED45A056E16D0E3452D80CEB2DF6294C5DCA250DBBEE8DAAED |
| SHA-512: | 3CA40EEF5D5B1AFD33AD39A22DEEC43C754E7F871E8162D0D420262C574D8EAB37B380906F993D95CF507F706D6FCB56873D6799279F4283361B8D0E586B3BF2 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Documenti di spedizione.bat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 94010 |
| Entropy (8bit): | 1.2383342979277752 |
| Encrypted: | false |
| SSDEEP: | 768:i9qrj3bsBMZsVMzeC+Uo6XHavWZQvXee9rq:xk2hQNrq |
| MD5: | 9F64F450771196B87786BE2512310627 |
| SHA1: | 3A8ED73D8F37B79E1825CECA4E9FAF95CD69C41E |
| SHA-256: | 2B3AEEDC78F7BF296454E5D28457B9B19F081DC637FE0680C748B3D670BA3395 |
| SHA-512: | 1558AFC4DE1058307867C54BDF660422D2117D5FDF47B6C141E68F701F1770048D3D5AB99895AAA4F058304B0BB24EA89BDFCB1381FECD7775D4BF65055B9CB3 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Documenti di spedizione.bat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 435446 |
| Entropy (8bit): | 2.6546865339410535 |
| Encrypted: | false |
| SSDEEP: | 3072:PszGhVrr2nZb+5aKHhWh6/3y/5m/uSz9C0P84:EGPrqnZb+5BBWk/IwTz9C0P84 |
| MD5: | 3AB79F3588459D7B35273BDBF6B2BAE2 |
| SHA1: | C5C937FEAC2490B619DC158AE439A4C96B643DE6 |
| SHA-256: | 5120B4C695953506E1DCA8619BD8D082F63E80B194BD79927617EED3EFD6A26B |
| SHA-512: | 477A98445038CA61DDDE8442E4F87DC505D667EC7A9011ACB72D68E9B5DDC815A223AD3551F3E7C804B6AA590CB5FE8FFB74D59898600D191DF4DA4D8085A4A6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Documenti di spedizione.bat.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 480148 |
| Entropy (8bit): | 1.2440412261746137 |
| Encrypted: | false |
| SSDEEP: | 1536:JwEDT97SToCGRVFl5C1SX6/eibc4YMhoEw2T:eQcop5CP/eyYLEtT |
| MD5: | 4593D427554A1F61D609FF98908779B3 |
| SHA1: | F377A88EB1E9BD29DC1A2730EE3E85651D56C6A0 |
| SHA-256: | 2209B57FABE05E4E314D5FE84BC99892BC189F11B7793DD7F658E3D403D5FD3C |
| SHA-512: | 33A2F6E58DFC1AA7B38E4AA1085B8740CFF02E1A42DB09F46C0516C3F9D9526A6D94D8CF9A6204A289BD6D8110FFD59B6A338F0B81EE1612FD8FD7B29EF272C7 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.564428301032185 |
| TrID: |
|
| File name: | Documenti di spedizione.bat.exe |
| File size: | 602'669 bytes |
| MD5: | a10e959289c077bc452de5c48abd7262 |
| SHA1: | 9b295da45f8cc4fa5e5b94ba1ad3de93c617eadf |
| SHA256: | e246806c6b16a736f29c6c3677c9f9263c8a0dc347a92a4f2606e93b13aec707 |
| SHA512: | 67e5e6cd4f850f889cc09ee909310691968dc6f44c8ab2a2c1628a42605c42b6c767fefe5454d6d29fbf0aeced3f99626f5bf4037a2f3de942a0156318015778 |
| SSDEEP: | 12288:tHadcxTchoKjyaOA/krybKcHGLoejfuLo8i5Zk4:VadhaKuaOA/NYfuLo8iHk4 |
| TLSH: | 1FD4E06626E2EC23E38457748662F73E89A2BE961971C2333AF56D8F7504F353C1C261 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN..s~..PN..VH..PN.Rich.PN.........................PE..L....C.f.................h..."..... |
 | |
| Icon Hash: | 7b7b6a6666766633 |
| Entrypoint: | 0x403665 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x660843F7 [Sat Mar 30 16:55:19 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 9dda1a1d1f8a1d13ae0297b47046b26e |
| Instruction |
|---|
| sub esp, 000003F8h |
| push ebp |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebp, ebp |
| push 00008001h |
| mov dword ptr [esp+20h], ebp |
| mov dword ptr [esp+18h], 0040A230h |
| mov dword ptr [esp+14h], ebp |
| call dword ptr [004080A0h] |
| mov esi, dword ptr [004080A4h] |
| lea eax, dword ptr [esp+34h] |
| push eax |
| mov dword ptr [esp+4Ch], ebp |
| mov dword ptr [esp+0000014Ch], ebp |
| mov dword ptr [esp+00000150h], ebp |
| mov dword ptr [esp+38h], 0000011Ch |
| call esi |
| test eax, eax |
| jne 00007F44212BDF1Ah |
| lea eax, dword ptr [esp+34h] |
| mov dword ptr [esp+34h], 00000114h |
| push eax |
| call esi |
| mov ax, word ptr [esp+48h] |
| mov ecx, dword ptr [esp+62h] |
| sub ax, 00000053h |
| add ecx, FFFFFFD0h |
| neg ax |
| sbb eax, eax |
| mov byte ptr [esp+0000014Eh], 00000004h |
| not eax |
| and eax, ecx |
| mov word ptr [esp+00000148h], ax |
| cmp dword ptr [esp+38h], 0Ah |
| jnc 00007F44212BDEE8h |
| and word ptr [esp+42h], 0000h |
| mov eax, dword ptr [esp+40h] |
| movzx ecx, byte ptr [esp+3Ch] |
| mov dword ptr [00429B18h], eax |
| xor eax, eax |
| mov ah, byte ptr [esp+38h] |
| movzx eax, ax |
| or eax, ecx |
| xor ecx, ecx |
| mov ch, byte ptr [esp+00000148h] |
| movzx ecx, cx |
| shl eax, 10h |
| or eax, ecx |
| movzx ecx, byte ptr [esp+0000004Eh] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x84fc | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x50000 | 0x30ed8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2a8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x66d7 | 0x6800 | 4e97e586f167bf2d2eddcdba22e25c0e | False | 0.6615835336538461 | data | 6.441769857560007 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x1358 | 0x1400 | bd82d08a08da8783923a22b467699302 | False | 0.4431640625 | data | 5.103358601944578 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x1fb78 | 0x600 | e411b225ac3cd03a5dad8143ae82958d | False | 0.5091145833333334 | data | 4.122928093833695 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2a000 | 0x26000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x50000 | 0x30ed8 | 0x31000 | 31e8deac1d179a39ac604bee10e25c60 | False | 0.4523875956632653 | data | 6.027927468960251 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x50388 | 0x10a00 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.2914121240601504 |
| RT_ICON | 0x60d88 | 0x9600 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States | 0.341015625 |
| RT_ICON | 0x6a388 | 0x8000 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.99249267578125 |
| RT_ICON | 0x72388 | 0x5600 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | English | United States | 0.36664244186046513 |
| RT_ICON | 0x77988 | 0x4400 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.40768612132352944 |
| RT_ICON | 0x7bd88 | 0x2600 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.42948190789473684 |
| RT_ICON | 0x7e388 | 0x1200 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.4815538194444444 |
| RT_ICON | 0x7f588 | 0xa00 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.55078125 |
| RT_ICON | 0x7ff88 | 0x600 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.4811197916666667 |
| RT_DIALOG | 0x80588 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x80688 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x807a8 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x80870 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x808d0 | 0x84 | data | English | United States | 0.6742424242424242 |
| RT_VERSION | 0x80958 | 0x23c | data | English | United States | 0.5314685314685315 |
| RT_MANIFEST | 0x80b98 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| ADVAPI32.dll | RegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW |
| SHELL32.dll | SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW |
| ole32.dll | CoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree |
| COMCTL32.dll | ImageList_Destroy, ImageList_AddMasked, ImageList_Create |
| USER32.dll | MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics |
| GDI32.dll | GetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor |
| KERNEL32.dll | RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, WriteFile, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, CopyFileW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-04T13:40:15.537057+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.6 | 49845 | 109.248.150.252 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 4, 2024 13:40:14.127605915 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:14.247387886 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:14.247473955 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:14.248409033 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:14.368124962 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.536971092 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.537056923 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.537138939 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.537153006 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.537193060 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.537210941 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.537456036 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.537467957 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.537508011 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.617566109 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.617719889 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.617729902 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.617742062 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.617927074 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.617927074 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.656800032 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.656929016 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.657089949 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.661067009 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.661123037 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.661189079 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.738028049 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.738167048 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.738363981 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.742240906 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.742347002 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.742413998 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.750683069 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.750907898 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.750972986 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.758987904 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.759103060 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.759169102 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.767420053 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.767436981 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.767501116 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.818403006 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.818526983 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.818598032 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.822309971 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.822643042 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.823787928 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.823973894 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.824029922 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.831705093 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.831861019 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.832032919 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.839540005 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.839664936 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.839720964 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.847429037 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.847558975 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.847616911 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.855334997 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.855417013 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.855478048 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.855633974 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.863183022 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.863332033 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.863358974 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.863369942 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.939220905 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.939335108 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.939378977 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.939519882 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.942954063 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.943018913 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.943072081 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.943125010 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.950500965 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.950593948 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.950700998 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.950747013 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.957988024 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.958053112 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.958076954 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.958277941 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.965549946 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.965595007 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.965625048 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.965658903 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.973032951 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.973088980 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.973124981 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.973164082 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.980083942 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.980164051 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.980180979 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.980217934 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.986709118 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.986789942 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.986841917 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.992980003 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.993153095 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.993220091 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:15.998861074 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:15.999735117 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.019484997 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.019602060 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.019658089 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.021342039 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.021465063 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.021560907 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.025222063 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.026534081 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.026586056 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.026657104 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.026695967 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.030488014 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.030591011 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.030747890 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.034254074 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.034368992 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.034440041 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.038031101 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.038126945 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.038177967 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.041778088 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.041879892 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.041928053 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.046175957 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.046268940 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.046319008 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.050215960 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.050265074 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.050539017 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.050585985 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.054481030 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.054528952 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.054636955 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.054680109 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.057694912 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.057742119 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.057769060 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.057811975 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.060822010 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.060883999 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.060935974 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.060977936 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.064666033 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.064713955 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.064786911 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.064834118 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.068519115 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.068574905 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.068578005 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.068615913 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.140245914 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.140320063 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.140336990 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.140367031 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.142149925 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.142205000 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.142266035 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.142307043 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.145062923 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.145118952 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.145163059 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.145205975 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.148880005 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.148946047 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.148978949 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.149017096 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.152684927 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.152760983 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.152793884 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.152836084 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.156482935 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.156532049 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.156580925 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.156625032 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.160329103 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.160377026 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.160420895 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.160459995 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.164132118 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.164189100 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.164221048 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.164268017 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.167901993 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.167963982 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.167999029 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.168040991 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.171758890 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.171813011 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.171855927 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.171902895 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.175445080 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.175534010 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.175544977 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.175585985 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.178991079 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.179044008 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.179109097 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.179161072 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.182399035 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.182455063 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.182483912 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.182527065 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.220850945 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.220956087 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.220999956 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.221057892 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.222044945 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.222090960 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.222203016 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.222248077 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.223794937 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.223845959 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.223881006 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.223929882 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.225682020 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.225732088 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.225801945 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.225852966 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.227639914 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.227689981 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.227726936 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.227776051 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.229648113 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.229696035 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.229756117 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.229804039 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.231610060 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.231658936 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.231681108 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.231734037 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.233572006 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.233620882 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.233634949 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.233685970 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.235531092 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.235596895 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.235613108 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.235667944 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.237504005 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.237585068 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.237587929 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.237628937 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.239514112 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.239557028 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.239573002 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.239599943 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.241498947 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.241533041 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.241552114 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.241573095 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.243705034 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.243779898 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.243781090 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.243827105 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.245383024 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.245433092 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.245467901 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.245513916 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.247347116 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.247397900 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.247507095 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.247556925 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.249293089 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.249339104 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.249394894 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.249434948 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.251329899 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.251377106 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.251456022 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.251502991 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.253273010 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.253325939 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.253443003 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.253493071 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.255214930 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.255268097 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.255348921 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.255393028 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.257139921 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.257186890 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.257234097 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.257277012 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.259097099 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.259156942 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.259203911 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.259246111 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.261080980 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.261154890 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.261190891 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.261240959 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.263073921 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.263139963 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.263165951 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.263207912 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.265016079 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.265074968 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.265111923 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.265158892 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.267003059 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.267090082 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.267138958 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.267185926 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.268939972 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.268991947 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.269036055 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.269077063 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.270931959 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.270987988 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.271018982 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.271058083 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.273228884 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.273286104 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.273299932 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.273339033 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.275074959 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.275129080 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.341922045 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.342036963 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.342051029 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.342103958 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.343071938 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.343120098 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.343189955 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.343233109 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.344892025 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.344938040 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.345019102 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.345061064 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.346883059 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.346962929 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.347083092 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.347131968 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.348824978 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.348885059 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.348934889 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.348978996 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.350815058 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.350869894 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.350955009 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.351001978 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.352739096 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.352794886 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.352873087 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.352916002 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.354779959 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.354840994 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.354887009 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.354933977 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.356700897 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.356754065 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.356926918 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.356995106 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.358701944 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.358750105 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.358999968 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.359044075 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.360747099 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.360810041 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.360883951 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.360938072 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.362670898 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.362725019 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.362850904 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.362900019 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.364540100 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.364602089 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.364696980 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.364742994 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.366560936 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.366619110 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.366733074 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.366777897 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.368520021 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.368594885 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.368629932 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.368676901 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.370511055 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.370568037 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:16.370604038 CET | 80 | 49845 | 109.248.150.252 | 192.168.2.6 |
| Dec 4, 2024 13:40:16.370649099 CET | 49845 | 80 | 192.168.2.6 | 109.248.150.252 |
| Dec 4, 2024 13:40:17.151731968 CET | 49853 | 443 | 192.168.2.6 | 104.26.13.205 |
| Dec 4, 2024 13:40:17.151776075 CET | 443 | 49853 | 104.26.13.205 | 192.168.2.6 |
| Dec 4, 2024 13:40:17.151854992 CET | 49853 | 443 | 192.168.2.6 | 104.26.13.205 |
| Dec 4, 2024 13:40:17.165534973 CET | 49853 | 443 | 192.168.2.6 | 104.26.13.205 |
| Dec 4, 2024 13:40:17.165550947 CET | 443 | 49853 | 104.26.13.205 | 192.168.2.6 |
| Dec 4, 2024 13:40:18.426090002 CET | 443 | 49853 | 104.26.13.205 | 192.168.2.6 |
| Dec 4, 2024 13:40:18.426203012 CET | 49853 | 443 | 192.168.2.6 | 104.26.13.205 |
| Dec 4, 2024 13:40:18.428172112 CET | 49853 | 443 | 192.168.2.6 | 104.26.13.205 |
| Dec 4, 2024 13:40:18.428194046 CET | 443 | 49853 | 104.26.13.205 | 192.168.2.6 |
| Dec 4, 2024 13:40:18.428457022 CET | 443 | 49853 | 104.26.13.205 | 192.168.2.6 |
| Dec 4, 2024 13:40:18.471939087 CET | 49853 | 443 | 192.168.2.6 | 104.26.13.205 |
| Dec 4, 2024 13:40:18.488265991 CET | 49853 | 443 | 192.168.2.6 | 104.26.13.205 |
| Dec 4, 2024 13:40:18.535336018 CET | 443 | 49853 | 104.26.13.205 | 192.168.2.6 |
| Dec 4, 2024 13:40:18.874541044 CET | 443 | 49853 | 104.26.13.205 | 192.168.2.6 |
| Dec 4, 2024 13:40:18.874605894 CET | 443 | 49853 | 104.26.13.205 | 192.168.2.6 |
| Dec 4, 2024 13:40:18.874694109 CET | 49853 | 443 | 192.168.2.6 | 104.26.13.205 |
| Dec 4, 2024 13:40:18.887998104 CET | 49853 | 443 | 192.168.2.6 | 104.26.13.205 |
| Dec 4, 2024 13:40:20.339139938 CET | 49862 | 21 | 192.168.2.6 | 192.185.13.234 |
| Dec 4, 2024 13:40:20.459275007 CET | 21 | 49862 | 192.185.13.234 | 192.168.2.6 |
| Dec 4, 2024 13:40:20.459418058 CET | 49862 | 21 | 192.168.2.6 | 192.185.13.234 |
| Dec 4, 2024 13:40:20.463634968 CET | 49862 | 21 | 192.168.2.6 | 192.185.13.234 |
| Dec 4, 2024 13:40:20.583533049 CET | 21 | 49862 | 192.185.13.234 | 192.168.2.6 |
| Dec 4, 2024 13:40:20.583822012 CET | 49862 | 21 | 192.168.2.6 | 192.185.13.234 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 4, 2024 13:40:17.007365942 CET | 54825 | 53 | 192.168.2.6 | 1.1.1.1 |
| Dec 4, 2024 13:40:17.145405054 CET | 53 | 54825 | 1.1.1.1 | 192.168.2.6 |
| Dec 4, 2024 13:40:19.650450945 CET | 52912 | 53 | 192.168.2.6 | 1.1.1.1 |
| Dec 4, 2024 13:40:20.337759972 CET | 53 | 52912 | 1.1.1.1 | 192.168.2.6 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 4, 2024 13:40:17.007365942 CET | 192.168.2.6 | 1.1.1.1 | 0x848e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Dec 4, 2024 13:40:19.650450945 CET | 192.168.2.6 | 1.1.1.1 | 0x4d56 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 4, 2024 13:40:17.145405054 CET | 1.1.1.1 | 192.168.2.6 | 0x848e | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2024 13:40:17.145405054 CET | 1.1.1.1 | 192.168.2.6 | 0x848e | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2024 13:40:17.145405054 CET | 1.1.1.1 | 192.168.2.6 | 0x848e | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false | ||
| Dec 4, 2024 13:40:20.337759972 CET | 1.1.1.1 | 192.168.2.6 | 0x4d56 | No error (0) | concaribe.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Dec 4, 2024 13:40:20.337759972 CET | 1.1.1.1 | 192.168.2.6 | 0x4d56 | No error (0) | 192.185.13.234 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49845 | 109.248.150.252 | 80 | 5684 | C:\Users\user\Desktop\Documenti di spedizione.bat.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Dec 4, 2024 13:40:14.248409033 CET | 187 | OUT | |
| Dec 4, 2024 13:40:15.536971092 CET | 1236 | IN | |
| Dec 4, 2024 13:40:15.537138939 CET | 1236 | IN | |
| Dec 4, 2024 13:40:15.537153006 CET | 1236 | IN | |
| Dec 4, 2024 13:40:15.537456036 CET | 1236 | IN | |
| Dec 4, 2024 13:40:15.537467957 CET | 896 | IN | |
| Dec 4, 2024 13:40:15.617566109 CET | 1236 | IN | |
| Dec 4, 2024 13:40:15.617719889 CET | 224 | IN | |
| Dec 4, 2024 13:40:15.617729902 CET | 1236 | IN | |
| Dec 4, 2024 13:40:15.617742062 CET | 1236 | IN | |
| Dec 4, 2024 13:40:15.656800032 CET | 1236 | IN | |
| Dec 4, 2024 13:40:15.656929016 CET | 1236 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49853 | 104.26.13.205 | 443 | 5684 | C:\Users\user\Desktop\Documenti di spedizione.bat.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-04 12:40:18 UTC | 155 | OUT | |
| 2024-12-04 12:40:18 UTC | 424 | IN | |
| 2024-12-04 12:40:18 UTC | 12 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 07:39:02 |
| Start date: | 04/12/2024 |
| Path: | C:\Users\user\Desktop\Documenti di spedizione.bat.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 602'669 bytes |
| MD5 hash: | A10E959289C077BC452DE5C48ABD7262 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 4 |
| Start time: | 07:40:03 |
| Start date: | 04/12/2024 |
| Path: | C:\Users\user\Desktop\Documenti di spedizione.bat.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 602'669 bytes |
| MD5 hash: | A10E959289C077BC452DE5C48ABD7262 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 16.2% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 16.1% |
| Total number of Nodes: | 1600 |
| Total number of Limit Nodes: | 34 |
Graph
Function 00403665 Relevance: 88.0, APIs: 32, Strings: 18, Instructions: 464stringfilecomCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73D81BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DAE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DC0 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403D74 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004030F5 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 204memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004066DF Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 204stringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401794 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402711 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406A26 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004024AF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004071F5 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004073F6 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040710C Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406C11 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040705F Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040717D Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004070C9 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004020FD Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403396 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405BF6 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406192 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405C50 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73D82B98 Relevance: 1.6, APIs: 1, Instructions: 143memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004028B6 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004023D7 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406244 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406215 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73D82A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040361D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73D812BB Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405866 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B12 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402930 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73D827A4 Relevance: 1.3, APIs: 1, Instructions: 30memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040508E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404122 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004047E0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062E8 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404688 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404FDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402FB8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73D82655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404ECE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73D81979 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73D82480 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DA6 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401E73 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73D816BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C68 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406079 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405F71 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 73D810E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402663 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040569B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406570 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405FBD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004060F7 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 8.9% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 0% |
| Total number of Nodes: | 100 |
| Total number of Limit Nodes: | 11 |
Graph
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36442370 Relevance: 3.5, Strings: 2, Instructions: 1039COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 364456A0 Relevance: 1.8, Strings: 1, Instructions: 588COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36443158 Relevance: 1.8, Strings: 1, Instructions: 545COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3644C240 Relevance: .6, Instructions: 635COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3644B2F0 Relevance: .6, Instructions: 565COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3643320B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36433210 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36444C68 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36444C59 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3643D7F0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36810040 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36433450 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36433458 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DE8E0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36812570 Relevance: 1.5, APIs: 1, Instructions: 49comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36811780 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36444399 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 364446B8 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 364446D0 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 364462C0 Relevance: .2, Instructions: 229COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3644EBD0 Relevance: .2, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3644EBE0 Relevance: .2, Instructions: 201COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36449200 Relevance: .2, Instructions: 177COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3644FC68 Relevance: .2, Instructions: 176COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3644FA28 Relevance: .2, Instructions: 163COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36445511 Relevance: .1, Instructions: 132COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3644DB7D Relevance: .1, Instructions: 125COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 364421E5 Relevance: .1, Instructions: 111COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 364421F8 Relevance: .1, Instructions: 105COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36443B98 Relevance: .1, Instructions: 80COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36443BA8 Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD030 Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3644EF0F Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 364442F8 Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36443CB8 Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3644EE51 Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36443970 Relevance: .1, Instructions: 54COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD02B Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36443CA8 Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36443978 Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36444308 Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3644EE60 Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 3644A3D8 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36448390 Relevance: .0, Instructions: 40COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 36446540 Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403665 Relevance: 74.0, APIs: 32, Strings: 10, Instructions: 464stringfilecomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405DAE Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406DC0 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00405866 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040508E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404122 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403D74 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004047E0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004062E8 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404B12 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004030F5 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 204memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004066DF Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 204stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404688 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402711 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404FDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00402FB8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404ECE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406A26 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401DA6 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401E73 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00401C68 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406079 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040569B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004071F5 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004073F6 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040710C Relevance: 5.2, APIs: 4, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00406C11 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040705F Relevance: 5.2, APIs: 4, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040717D Relevance: 5.2, APIs: 4, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004070C9 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004060F7 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|