Windows
Analysis Report
invoice.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
invoice.exe (PID: 6892 cmdline:
"C:\Users\ user\Deskt op\invoice .exe" MD5: 57BCB61167ABD03D9D98705AB39E79AB)
- cleanup
{
"C2 url": [
"ferroyxo.run/quiwdz",
"oreheatq.live/gsopp",
"castmaxw.run/ganzde",
"weldorae.digital/geds",
"steelixr.live/aguiz",
"advennture.top/GKsiio",
"targett.top/dsANGt",
"smeltingt.run/giiaus",
"ferromny.digital/gwpd"
],
"Build id": "e91dba334d13b3862d5fcf1c07f54f82f2e4b89799"
}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-04-02T11:42:45.533112+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49681 | 172.67.131.170 | 443 | TCP |
2025-04-02T11:42:46.849307+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49682 | 172.67.131.170 | 443 | TCP |
2025-04-02T11:42:48.236401+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49683 | 172.67.131.170 | 443 | TCP |
2025-04-02T11:42:49.246361+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49684 | 172.67.131.170 | 443 | TCP |
2025-04-02T11:42:51.223014+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49685 | 172.67.131.170 | 443 | TCP |
2025-04-02T11:42:52.409357+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49686 | 172.67.131.170 | 443 | TCP |
2025-04-02T11:42:54.175757+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.7 | 49687 | 172.67.131.170 | 443 | TCP |
- • AV Detection
- • Compliance
- • Networking
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Language, Device and Operating System Detection
- • Lowering of HIPS / PFW / Operating System Security Settings
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Static PE information: |
Source: | Code function: | 0_3_007E7CF4 | |
Source: | Code function: | 0_3_007E7CF4 | |
Source: | Code function: | 0_3_007E52C9 | |
Source: | Code function: | 0_3_007E52C9 | |
Source: | Code function: | 0_3_00844699 | |
Source: | Code function: | 0_3_00844699 | |
Source: | Code function: | 0_3_00844699 | |
Source: | Code function: | 0_3_00844699 | |
Source: | Code function: | 0_3_007E7CF4 | |
Source: | Code function: | 0_3_007E7CF4 | |
Source: | Code function: | 0_3_007E52C9 | |
Source: | Code function: | 0_3_007E52C9 | |
Source: | Code function: | 0_3_007E7CF4 | |
Source: | Code function: | 0_3_007E7CF4 | |
Source: | Code function: | 0_3_007E52C9 | |
Source: | Code function: | 0_3_007E52C9 | |
Source: | Code function: | 0_3_007E7CF4 | |
Source: | Code function: | 0_3_007E7CF4 | |
Source: | Code function: | 0_3_007E52C9 | |
Source: | Code function: | 0_3_007E52C9 |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_3_007E4C9D | |
Source: | Code function: | 0_3_007E4C9D | |
Source: | Code function: | 0_3_007E6659 | |
Source: | Code function: | 0_3_007E6659 | |
Source: | Code function: | 0_3_007DC791 | |
Source: | Code function: | 0_3_007DC791 | |
Source: | Code function: | 0_3_007DC789 | |
Source: | Code function: | 0_3_007DC789 | |
Source: | Code function: | 0_3_007E4C9D | |
Source: | Code function: | 0_3_007E4C9D | |
Source: | Code function: | 0_3_007E6659 | |
Source: | Code function: | 0_3_007E6659 | |
Source: | Code function: | 0_3_007DC791 | |
Source: | Code function: | 0_3_007DC791 | |
Source: | Code function: | 0_3_007DC789 | |
Source: | Code function: | 0_3_007DC789 | |
Source: | Code function: | 0_3_007E4C9D | |
Source: | Code function: | 0_3_007E4C9D | |
Source: | Code function: | 0_3_007E6659 | |
Source: | Code function: | 0_3_007E6659 | |
Source: | Code function: | 0_3_007DC791 | |
Source: | Code function: | 0_3_007DC791 | |
Source: | Code function: | 0_3_007DC789 | |
Source: | Code function: | 0_3_007DC789 | |
Source: | Code function: | 0_3_007E4C9D | |
Source: | Code function: | 0_3_007E4C9D | |
Source: | Code function: | 0_3_007E6659 | |
Source: | Code function: | 0_3_007E6659 | |
Source: | Code function: | 0_3_007DC791 | |
Source: | Code function: | 0_3_007DC791 | |
Source: | Code function: | 0_3_007DC789 |
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 21 Virtualization/Sandbox Evasion | 2 OS Credential Dumping | 321 Security Software Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Obfuscated Files or Information | LSASS Memory | 21 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 31 Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Software Packing | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 22 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
64% | Virustotal | Browse | ||
53% | ReversingLabs | Win32.Trojan.LummaStealer |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ferroyxo.run | 172.67.131.170 | true | true | unknown | |
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
pki-goog.l.google.com | 172.217.165.131 | true | false | high | |
c.pki.goog | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high | ||
false |
| unknown | |
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.131.170 | ferroyxo.run | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1654483 |
Start date and time: | 2025-04-02 11:41:46 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 2 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | invoice.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@1/0@2/1 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): SIHClient.exe - Excluded IPs from analysis (wh
itelisted): 52.149.20.212, 52. 165.164.15 - Excluded domains from analysis
(whitelisted): fe3.delivery.m p.microsoft.com, slscr.update. microsoft.com, ctldl.windowsup date.com.delivery.microsoft.co m, glb.cws.prod.dcat.dsp.traff icmanager.net, sls.update.micr osoft.com, ctldl.windowsupdate .com, wu-b-net.trafficmanager. net, glb.sls.prod.dcat.dsp.tra fficmanager.net, fe3cr.deliver y.mp.microsoft.com - Execution Graph export aborted
for target invoice.exe, PID 6 892 because there are no execu ted function - Report size getting too big, t
oo many NtOpenKeyEx calls foun d. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
Time | Type | Description |
---|---|---|
05:42:45 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
pki-goog.l.google.com | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | PureCrypter, AsyncRAT | Browse |
| ||
Get hash | malicious | PureCrypter, AsyncRAT | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
bg.microsoft.map.fastly.net | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | PureCrypter, AsyncRAT | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | PureCrypter, AsyncRAT | Browse |
| ||
Get hash | malicious | PureCrypter, AsyncRAT | Browse |
| ||
Get hash | malicious | PureCrypter, AsyncRAT | Browse |
| ||
Get hash | malicious | PureCrypter, AsyncRAT | Browse |
| ||
Get hash | malicious | PureCrypter, AsyncRAT | Browse |
| ||
Get hash | malicious | Remcos | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Amadey | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
File type: | |
Entropy (8bit): | 7.338436894896284 |
TrID: |
|
File name: | invoice.exe |
File size: | 845'824 bytes |
MD5: | 57bcb61167abd03d9d98705ab39e79ab |
SHA1: | 487af25088915c0506635a7bd44cd65177f91689 |
SHA256: | 7c321f8a0d6c357d3406afb96408968d107c81f8282e2353ea4cebed67432f88 |
SHA512: | 45779c2b678df42f9f3e36501e95a17c32c5a0a694c03b5caaf2014d07aba79b569271a6bf83a0e87836c3f78f140ab3b50bb2d7eb21de44d01bf547b249837f |
SSDEEP: | 24576:BAzEBC+2X2jofsfO1AVPul+3Dhs2ccmsh:BAz+J2mMfd1LDlRsh |
TLSH: | 2B055A816AD703E5EA0DEC35441173BE468BADDDD9E1CA1ECCC60ECA6E86BD6101335E |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...;..g.................z...j......P.............@..........................0............@.....................................<.. |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x468550 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x67E8013B [Sat Mar 29 14:18:35 2025 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 71f2fc6f961ae32c66027ae469c38c53 |
Instruction |
---|
call 00007FA0B0AABB00h |
call 00007FA0B0AAF72Bh |
call 00007FA0B0AB2F96h |
call 00007FA0B0AB66C1h |
call 00007FA0B0AB96BCh |
call 00007FA0B0ABC357h |
call 00007FA0B0AC1F72h |
call 00007FA0B0AC4D3Dh |
call 00007FA0B0AC8918h |
call 00007FA0B0ACD973h |
call 00007FA0B0AD166Eh |
call 00007FA0B0AD5369h |
call 00007FA0B0ADA274h |
call 00007FA0B0ADDB4Fh |
call 00007FA0B0AE23AAh |
call 00007FA0B0AE5F15h |
call 00007FA0B0AEA4A0h |
call 00007FA0B0AECA7Bh |
call 00007FA0B0AF0AB6h |
call 00007FA0B0AF5711h |
call 00007FA0B0AFA69Ch |
call 00007FA0B0AFD4A7h |
call 00007FA0B0B01502h |
call 00007FA0B0B04FCDh |
call 00007FA0B0B07C78h |
call 00007FA0B0B0A823h |
call 00007FA0B0B0F95Eh |
call 00007FA0B0B12AA9h |
test eax, eax |
jne 00007FA0B0B12A92h |
call 00007FA0B0AAB980h |
push 000000FFh |
call dword ptr [004698BCh] |
push 00000000h |
call dword ptr [004698BCh] |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
push ebx |
push edi |
push esi |
and esp, FFFFFFF8h |
sub esp, 000002A8h |
lea eax, dword ptr [esp+54h] |
push eax |
call dword ptr [000098CCh] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x697f4 | 0x3c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc7000 | 0x2e69 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xca000 | 0x831c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x698b4 | 0x84 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x67933 | 0x67a00 | e799d022f8043e1027820d7029de2b24 | False | 0.5544212718636912 | data | 6.099887056721714 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x69000 | 0xb36 | 0xc00 | f508e94a0d8ca49d8c474207e03c7890 | False | 0.5257161458333334 | Matlab v4 mat-file (little endian) \3551\206\230\373\264\310:\317O\274Xses?\276H\315\274\336\236&/\014\0107\2359\201)\272\022\376\257\227\362\354D\220\024\253\371\343\020\035\343\356Cn\340\020\264\021\343\210\312\327f\351, numeric, rows 3296, columns 4096, imaginary | 4.801213516305022 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x6a000 | 0x5ae00 | 0x5a600 | 9fd8572f91bd71e73607ab4ae7d92638 | False | 1.0000459241009683 | data | 7.999214056877976 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.CRT | 0xc5000 | 0x4 | 0x200 | fa59424a48b8f68036a05001c1f92210 | False | 0.03125 | data | 0.06116285224115448 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.Dota | 0xc6000 | 0x60 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xc7000 | 0x2e69 | 0x3000 | 3a75e6b37623d4e2a39a18e0d78ff559 | False | 0.23592122395833334 | data | 3.5378064234923166 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xca000 | 0x831c | 0x8400 | d127f0dc7404dddbf97ddd292674ccbf | False | 0.7922585227272727 | data | 6.837145678856392 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_MENU | 0xc73a0 | 0x3a2 | data | 0.26129032258064516 | ||
RT_MENU | 0xc7744 | 0x744 | data | 0.20376344086021506 | ||
RT_MENU | 0xc7e88 | 0x1d8 | data | 0.336864406779661 | ||
RT_MENU | 0xc8060 | 0x756 | data | 0.19808306709265175 | ||
RT_MENU | 0xc87b8 | 0x634 | data | 0.21536523929471033 | ||
RT_DIALOG | 0xc8dec | 0x212 | data | 0.5037735849056604 | ||
RT_DIALOG | 0xc9000 | 0x184 | data | 0.5463917525773195 | ||
RT_DIALOG | 0xc9184 | 0x314 | data | 0.4213197969543147 | ||
RT_STRING | 0xc9498 | 0x23c | data | 0.3706293706293706 | ||
RT_STRING | 0xc96d4 | 0x1f4 | AmigaOS bitmap font "t", fc_YSize 28672, 21248 elements, 2nd "o", 3rd | 0.39 | ||
RT_ACCELERATOR | 0xc98c8 | 0x70 | data | 0.7946428571428571 | ||
RT_ACCELERATOR | 0xc9938 | 0x50 | data | 0.875 | ||
RT_ACCELERATOR | 0xc9988 | 0x50 | data | 0.8875 | ||
RT_ACCELERATOR | 0xc99d8 | 0x40 | data | 0.953125 | ||
RT_VERSION | 0xc9a18 | 0x244 | data | 0.5465517241379311 | ||
RT_MANIFEST | 0xc9c5c | 0x20d | XML 1.0 document, ASCII text | English | United States | 0.5352380952380953 |
DLL | Import |
---|---|
KERNEL32.dll | CloseHandle, CreateToolhelp32Snapshot, ExitProcess, GetCommandLineW, GetLastError, GetModuleHandleW, GetSystemInfo, GetTickCount, GlobalMemoryStatusEx, Process32FirstW, Process32NextW, Sleep, lstrcmpiW |
USER32.dll | BeginPaint, DefWindowProcW, DestroyWindow, DispatchMessageW, DrawTextW, EndPaint, FillRect, GetDC, GetMessageW, LoadCursorW, PostQuitMessage, RegisterClassExW, ReleaseDC, SetCursor, SetFocus, ShowWindow, TranslateMessage, UpdateWindow |
Description | Data |
---|---|
CompanyName | TechPro |
FileDescription | Process network |
FileVersion | 2.36.213.3383 |
ProductName | DataPro System |
LegalCopyright | 2025 TechPro |
InternalName | ProTech |
Translation | 0x0409 0x04e4 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-04-02T11:42:45.533112+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49681 | 172.67.131.170 | 443 | TCP |
2025-04-02T11:42:46.849307+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49682 | 172.67.131.170 | 443 | TCP |
2025-04-02T11:42:48.236401+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49683 | 172.67.131.170 | 443 | TCP |
2025-04-02T11:42:49.246361+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49684 | 172.67.131.170 | 443 | TCP |
2025-04-02T11:42:51.223014+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49685 | 172.67.131.170 | 443 | TCP |
2025-04-02T11:42:52.409357+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49686 | 172.67.131.170 | 443 | TCP |
2025-04-02T11:42:54.175757+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.7 | 49687 | 172.67.131.170 | 443 | TCP |
- Total Packets: 99
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 11:42:45.311676979 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:45.311729908 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:45.311795950 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:45.314977884 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:45.314996004 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:45.533039093 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:45.533112049 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:45.537491083 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:45.537504911 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:45.537789106 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:45.582853079 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:45.589519024 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:45.589519024 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:45.589770079 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.039433956 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.039557934 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.039614916 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.039644957 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.039717913 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.039768934 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.039777040 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.039895058 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.039947033 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.039954901 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.040081024 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.040124893 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.040132046 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.040725946 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.040774107 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.040781975 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.040875912 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.040921926 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.040929079 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.082885027 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.141397953 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.141609907 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.141704082 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.141729116 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.141748905 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.141807079 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.141813993 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.141972065 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.142024040 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.142034054 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.142216921 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.142263889 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.142271042 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.142385960 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.142441988 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.142450094 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.142551899 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.142640114 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.142647982 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.142748117 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.142797947 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.142803907 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.142990112 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.143049002 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.145817041 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.145838022 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.145848036 CEST | 49681 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.145853043 CEST | 443 | 49681 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.636013031 CEST | 49682 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.636049986 CEST | 443 | 49682 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.636142015 CEST | 49682 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.636420965 CEST | 49682 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.636435986 CEST | 443 | 49682 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.849170923 CEST | 443 | 49682 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.849307060 CEST | 49682 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.850704908 CEST | 49682 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.850719929 CEST | 443 | 49682 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.851072073 CEST | 443 | 49682 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:46.852328062 CEST | 49682 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.852464914 CEST | 49682 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:46.852488995 CEST | 443 | 49682 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:47.378072977 CEST | 443 | 49682 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:47.378209114 CEST | 443 | 49682 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:47.378258944 CEST | 49682 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:47.378355980 CEST | 49682 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:47.378375053 CEST | 443 | 49682 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:48.033591032 CEST | 49683 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:48.033664942 CEST | 443 | 49683 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:48.033751011 CEST | 49683 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:48.034084082 CEST | 49683 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:48.034101963 CEST | 443 | 49683 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:48.236269951 CEST | 443 | 49683 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:48.236401081 CEST | 49683 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:48.237664938 CEST | 49683 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:48.237675905 CEST | 443 | 49683 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:48.237921000 CEST | 443 | 49683 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:48.239198923 CEST | 49683 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:48.239327908 CEST | 49683 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:48.239356995 CEST | 443 | 49683 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:48.239409924 CEST | 49683 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:48.239415884 CEST | 443 | 49683 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:48.787517071 CEST | 443 | 49683 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:48.787636995 CEST | 443 | 49683 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:48.787934065 CEST | 49683 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:48.789530039 CEST | 49683 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:48.789547920 CEST | 443 | 49683 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:49.035032988 CEST | 49684 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:49.035089970 CEST | 443 | 49684 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:49.036088943 CEST | 49684 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:49.041476965 CEST | 49684 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:49.041512966 CEST | 443 | 49684 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:49.246228933 CEST | 443 | 49684 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:49.246361017 CEST | 49684 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:49.247682095 CEST | 49684 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:49.247699976 CEST | 443 | 49684 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:49.247958899 CEST | 443 | 49684 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:49.249392033 CEST | 49684 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:49.249510050 CEST | 49684 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:49.249538898 CEST | 443 | 49684 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:49.249591112 CEST | 49684 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:49.249602079 CEST | 443 | 49684 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:49.834147930 CEST | 443 | 49684 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:49.834321976 CEST | 443 | 49684 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:49.834388971 CEST | 49684 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:49.834508896 CEST | 49684 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:49.834527016 CEST | 443 | 49684 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:51.018771887 CEST | 49685 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:51.018831968 CEST | 443 | 49685 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:51.018970966 CEST | 49685 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:51.019515038 CEST | 49685 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:51.019526958 CEST | 443 | 49685 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:51.222918987 CEST | 443 | 49685 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:51.223014116 CEST | 49685 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:51.224272966 CEST | 49685 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:51.224282980 CEST | 443 | 49685 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:51.224524975 CEST | 443 | 49685 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:51.225707054 CEST | 49685 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:51.225877047 CEST | 49685 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:51.225900888 CEST | 443 | 49685 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:51.742768049 CEST | 443 | 49685 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:51.742886066 CEST | 443 | 49685 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:51.742965937 CEST | 49685 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:51.743225098 CEST | 49685 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:51.743247032 CEST | 443 | 49685 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.206156969 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.206211090 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.206284046 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.206621885 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.206638098 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.409286976 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.409357071 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.410897970 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.410904884 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.411147118 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.431097031 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.432260990 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.432286978 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.432374954 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.432399988 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.432487965 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.432534933 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.432837009 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.432854891 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.432987928 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.433002949 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.433088064 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.433099031 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.433140039 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.433180094 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.433202028 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.476279974 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.476459980 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.476505995 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.476515055 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.520287037 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.520402908 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.520494938 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.520535946 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.564290047 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.564522982 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:52.612273932 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:52.631499052 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:53.922930002 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:53.923063993 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:53.923130035 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:53.923227072 CEST | 49686 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:53.923243999 CEST | 443 | 49686 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:53.974617004 CEST | 49687 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:53.974657059 CEST | 443 | 49687 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:53.974735022 CEST | 49687 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:53.975181103 CEST | 49687 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:53.975203991 CEST | 443 | 49687 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:54.175365925 CEST | 443 | 49687 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:54.175756931 CEST | 49687 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:54.180274010 CEST | 49687 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:54.180291891 CEST | 443 | 49687 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:54.180600882 CEST | 443 | 49687 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:54.181925058 CEST | 49687 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:54.181925058 CEST | 49687 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:54.182033062 CEST | 443 | 49687 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:54.698894024 CEST | 443 | 49687 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:54.698961973 CEST | 443 | 49687 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:54.699088097 CEST | 49687 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:54.699331045 CEST | 49687 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:54.699348927 CEST | 443 | 49687 | 172.67.131.170 | 192.168.2.7 |
Apr 2, 2025 11:42:54.699361086 CEST | 49687 | 443 | 192.168.2.7 | 172.67.131.170 |
Apr 2, 2025 11:42:54.699368000 CEST | 443 | 49687 | 172.67.131.170 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 11:42:45.181822062 CEST | 63511 | 53 | 192.168.2.7 | 1.1.1.1 |
Apr 2, 2025 11:42:45.298235893 CEST | 53 | 63511 | 1.1.1.1 | 192.168.2.7 |
Apr 2, 2025 11:43:00.279706001 CEST | 61158 | 53 | 192.168.2.7 | 1.1.1.1 |
Apr 2, 2025 11:43:00.377604008 CEST | 53 | 61158 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 2, 2025 11:42:45.181822062 CEST | 192.168.2.7 | 1.1.1.1 | 0xded0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 2, 2025 11:43:00.279706001 CEST | 192.168.2.7 | 1.1.1.1 | 0xaf79 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 2, 2025 11:42:45.298235893 CEST | 1.1.1.1 | 192.168.2.7 | 0xded0 | No error (0) | 172.67.131.170 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 11:42:45.298235893 CEST | 1.1.1.1 | 192.168.2.7 | 0xded0 | No error (0) | 104.21.4.48 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 11:42:59.953512907 CEST | 1.1.1.1 | 192.168.2.7 | 0x8627 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 11:42:59.953512907 CEST | 1.1.1.1 | 192.168.2.7 | 0x8627 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 11:43:00.377604008 CEST | 1.1.1.1 | 192.168.2.7 | 0xaf79 | No error (0) | pki-goog.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 2, 2025 11:43:00.377604008 CEST | 1.1.1.1 | 192.168.2.7 | 0xaf79 | No error (0) | 172.217.165.131 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49681 | 172.67.131.170 | 443 | 6892 | C:\Users\user\Desktop\invoice.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 09:42:45 UTC | 263 | OUT | |
2025-04-02 09:42:45 UTC | 51 | OUT | |
2025-04-02 09:42:46 UTC | 244 | IN | |
2025-04-02 09:42:46 UTC | 1125 | IN | |
2025-04-02 09:42:46 UTC | 1369 | IN | |
2025-04-02 09:42:46 UTC | 1369 | IN | |
2025-04-02 09:42:46 UTC | 1369 | IN | |
2025-04-02 09:42:46 UTC | 1369 | IN | |
2025-04-02 09:42:46 UTC | 1369 | IN | |
2025-04-02 09:42:46 UTC | 1369 | IN | |
2025-04-02 09:42:46 UTC | 1369 | IN | |
2025-04-02 09:42:46 UTC | 211 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.7 | 49682 | 172.67.131.170 | 443 | 6892 | C:\Users\user\Desktop\invoice.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 09:42:46 UTC | 279 | OUT | |
2025-04-02 09:42:46 UTC | 14498 | OUT | |
2025-04-02 09:42:47 UTC | 804 | IN | |
2025-04-02 09:42:47 UTC | 73 | IN | |
2025-04-02 09:42:47 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.7 | 49683 | 172.67.131.170 | 443 | 6892 | C:\Users\user\Desktop\invoice.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 09:42:48 UTC | 281 | OUT | |
2025-04-02 09:42:48 UTC | 15070 | OUT | |
2025-04-02 09:42:48 UTC | 806 | IN | |
2025-04-02 09:42:48 UTC | 73 | IN | |
2025-04-02 09:42:48 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.7 | 49684 | 172.67.131.170 | 443 | 6892 | C:\Users\user\Desktop\invoice.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 09:42:49 UTC | 275 | OUT | |
2025-04-02 09:42:49 UTC | 15331 | OUT | |
2025-04-02 09:42:49 UTC | 5034 | OUT | |
2025-04-02 09:42:49 UTC | 806 | IN | |
2025-04-02 09:42:49 UTC | 73 | IN | |
2025-04-02 09:42:49 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.7 | 49685 | 172.67.131.170 | 443 | 6892 | C:\Users\user\Desktop\invoice.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 09:42:51 UTC | 281 | OUT | |
2025-04-02 09:42:51 UTC | 2404 | OUT | |
2025-04-02 09:42:51 UTC | 264 | IN | |
2025-04-02 09:42:51 UTC | 73 | IN | |
2025-04-02 09:42:51 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.7 | 49686 | 172.67.131.170 | 443 | 6892 | C:\Users\user\Desktop\invoice.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 09:42:52 UTC | 276 | OUT | |
2025-04-02 09:42:52 UTC | 15331 | OUT | |
2025-04-02 09:42:52 UTC | 15331 | OUT | |
2025-04-02 09:42:52 UTC | 15331 | OUT | |
2025-04-02 09:42:52 UTC | 15331 | OUT | |
2025-04-02 09:42:52 UTC | 15331 | OUT | |
2025-04-02 09:42:52 UTC | 15331 | OUT | |
2025-04-02 09:42:52 UTC | 15331 | OUT | |
2025-04-02 09:42:52 UTC | 15331 | OUT | |
2025-04-02 09:42:52 UTC | 15331 | OUT | |
2025-04-02 09:42:52 UTC | 15331 | OUT | |
2025-04-02 09:42:53 UTC | 264 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.7 | 49687 | 172.67.131.170 | 443 | 6892 | C:\Users\user\Desktop\invoice.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2025-04-02 09:42:54 UTC | 263 | OUT | |
2025-04-02 09:42:54 UTC | 89 | OUT | |
2025-04-02 09:42:54 UTC | 241 | IN | |
2025-04-02 09:42:54 UTC | 43 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 05:42:41 |
Start date: | 02/04/2025 |
Path: | C:\Users\user\Desktop\invoice.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x300000 |
File size: | 845'824 bytes |
MD5 hash: | 57BCB61167ABD03D9D98705AB39E79AB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|