Edit tour
Windows
Analysis Report
LaunchV.2.exe
Overview
General Information
| Sample name: | LaunchV.2.exe |
| Analysis ID: | 1639954 |
| MD5: | b7ad5811f05a5ce6664b01dd47d3a1d7 |
| SHA1: | d9555b56a89bce5149b5c6a1c99a87e7a9a098c6 |
| SHA256: | bff8217e37fe817479a614e0383f8c1d6f47999762c2005670c301927dac8a3a |
| Tags: | exeLummaStealeruser-aachum |
| Infos: |   |
 | |
Detection
LummaC Stealer
| Score: | 100 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
LaunchV.2.exe (PID: 7564 cmdline: "C:\Users\ user\Deskt op\LaunchV .2.exe" MD5: B7AD5811F05A5CE6664B01DD47D3A1D7) 
conhost.exe (PID: 7572 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - conhost.exe (PID: 7616 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) 
MSBuild.exe (PID: 7624 cmdline: "C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\MSB uild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
- cleanup
{"C2 url": ["loadoutle.life/kpLsOAm", "caliberc.today/KowpqlL", "pistolpra.bet/dABYyaz", "weaponwo.life/NghsayA", "armamenti.world/dsIOQn", "selfdefens.bet/dASBUz", "targett.top/dsANGt", "armoryarch.shop/GiqwY"], "Build id": "6565b8b3470f9d2ef261a38efc597afc778017c1c2ad2faee660"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security |
System Summary |   |
|---|
| Source: | Author: Kiran kumar s, oscd.community: | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-16T19:04:00.648820+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49710 | 188.114.96.3 | 443 | TCP |
| 2025-03-16T19:04:01.765064+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49711 | 188.114.96.3 | 443 | TCP |
| 2025-03-16T19:04:02.787127+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49712 | 188.114.96.3 | 443 | TCP |
| 2025-03-16T19:04:04.280018+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49713 | 188.114.96.3 | 443 | TCP |
| 2025-03-16T19:04:05.442238+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49716 | 188.114.96.3 | 443 | TCP |
| 2025-03-16T19:04:06.603608+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49717 | 188.114.96.3 | 443 | TCP |
| 2025-03-16T19:04:08.566598+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49719 | 188.114.96.3 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Code function: | 2_2_0041C582 | |
| Source: | Code function: | 2_2_0041EF24 | |
| Source: | Code function: | 2_2_0041C582 | |
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00007FF646E11358 | |
| Source: | Code function: | 0_2_00007FF646E111D4 | |
| Source: | Code function: | 2_2_00445140 | |
| Source: | Code function: | 2_2_0044E900 | |
| Source: | Code function: | 2_2_0040FA70 | |
| Source: | Code function: | 2_2_0044D290 | |
| Source: | Code function: | 2_2_0044B3D8 | |
| Source: | Code function: | 2_2_00448BF0 | |
| Source: | Code function: | 2_2_00445380 | |
| Source: | Code function: | 2_2_00445380 | |
| Source: | Code function: | 2_2_00438460 | |
| Source: | Code function: | 2_2_0044B473 | |
| Source: | Code function: | 2_2_0044E5E0 | |
| Source: | Code function: | 2_2_0042CE60 | |
| Source: | Code function: | 2_2_0041EF24 | |
| Source: | Code function: | 2_2_0041EF24 | |
| Source: | Code function: | 2_2_00420002 | |
| Source: | Code function: | 2_2_0044C023 | |
| Source: | Code function: | 2_2_0044D830 | |
| Source: | Code function: | 2_2_0044C0DB | |
| Source: | Code function: | 2_2_004258F0 | |
| Source: | Code function: | 2_2_0040C890 | |
| Source: | Code function: | 2_2_0044D0A0 | |
| Source: | Code function: | 2_2_0041E0A8 | |
| Source: | Code function: | 2_2_0041E0A8 | |
| Source: | Code function: | 2_2_0042F16A | |
| Source: | Code function: | 2_2_0041290A | |
| Source: | Code function: | 2_2_0041290A | |
| Source: | Code function: | 2_2_0041290A | |
| Source: | Code function: | 2_2_00428110 | |
| Source: | Code function: | 2_2_00428110 | |
| Source: | Code function: | 2_2_00428110 | |
| Source: | Code function: | 2_2_0044B1CE | |
| Source: | Code function: | 2_2_004209D2 | |
| Source: | Code function: | 2_2_004491D0 | |
| Source: | Code function: | 2_2_004491D0 | |
| Source: | Code function: | 2_2_0043924D | |
| Source: | Code function: | 2_2_0043924D | |
| Source: | Code function: | 2_2_00434A70 | |
| Source: | Code function: | 2_2_0042DA00 | |
| Source: | Code function: | 2_2_00408A20 | |
| Source: | Code function: | 2_2_0042FAD0 | |
| Source: | Code function: | 2_2_004462D0 | |
| Source: | Code function: | 2_2_00442AD0 | |
| Source: | Code function: | 2_2_00433AFF | |
| Source: | Code function: | 2_2_00424A82 | |
| Source: | Code function: | 2_2_0044EA80 | |
| Source: | Code function: | 2_2_00432A87 | |
| Source: | Code function: | 2_2_00432A87 | |
| Source: | Code function: | 2_2_00432A87 | |
| Source: | Code function: | 2_2_00437A84 | |
| Source: | Code function: | 2_2_00437A8A | |
| Source: | Code function: | 2_2_0040A290 | |
| Source: | Code function: | 2_2_0040A290 | |
| Source: | Code function: | 2_2_00411290 | |
| Source: | Code function: | 2_2_0042A340 | |
| Source: | Code function: | 2_2_0044DB50 | |
| Source: | Code function: | 2_2_0041EB60 | |
| Source: | Code function: | 2_2_0041EB60 | |
| Source: | Code function: | 2_2_004333C0 | |
| Source: | Code function: | 2_2_004333C0 | |
| Source: | Code function: | 2_2_004333C0 | |
| Source: | Code function: | 2_2_004313DA | |
| Source: | Code function: | 2_2_00411C2D | |
| Source: | Code function: | 2_2_0042DC30 | |
| Source: | Code function: | 2_2_00438550 | |
| Source: | Code function: | 2_2_00436D66 | |
| Source: | Code function: | 2_2_00436D66 | |
| Source: | Code function: | 2_2_00424A82 | |
| Source: | Code function: | 2_2_00438580 | |
| Source: | Code function: | 2_2_00431D9C | |
| Source: | Code function: | 2_2_00446DBF | |
| Source: | Code function: | 2_2_00446DBF | |
| Source: | Code function: | 2_2_0041DE50 | |
| Source: | Code function: | 2_2_00423D5B | |
| Source: | Code function: | 2_2_00423D5B | |
| Source: | Code function: | 2_2_00429E30 | |
| Source: | Code function: | 2_2_0043863F | |
| Source: | Code function: | 2_2_004386C0 | |
| Source: | Code function: | 2_2_0044A6A9 | |
| Source: | Code function: | 2_2_0044BEB5 | |
| Source: | Code function: | 2_2_0042D6BB | |
| Source: | Code function: | 2_2_0044B746 | |
| Source: | Code function: | 2_2_00448F40 | |
| Source: | Code function: | 2_2_00402770 | |
| Source: | Code function: | 2_2_00432F70 | |
| Source: | Code function: | 2_2_00432F70 | |
| Source: | Code function: | 2_2_00433F74 | |
| Source: | Code function: | 2_2_00432F08 | |
| Source: | Code function: | 2_2_00432F08 | |
| Source: | Code function: | 2_2_0041B7D0 | |
| Source: | Code function: | 2_2_00446790 | |
| Source: | Code function: | 2_2_0044BFA8 | |
| Source: | Code function: | 2_2_004297B0 | |
Networking | |
|---|
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 2_2_0043FF70 | |
| Source: | Code function: | 2_2_03401000 | |
| Source: | Code function: | 2_2_0043FF70 | |
| Source: | Code function: | 2_2_004406C2 | |
| Source: | Code function: | 0_2_00007FF646E172EC | |
| Source: | Code function: | 0_2_00007FF646DFD3F0 | |
| Source: | Code function: | 0_2_00007FF646E01FA0 | |
| Source: | Code function: | 0_2_00007FF646E01BB0 | |
| Source: | Code function: | 0_2_00007FF646DF4790 | |
| Source: | Code function: | 0_2_00007FF646E11358 | |
| Source: | Code function: | 0_2_00007FF646DF2B70 | |
| Source: | Code function: | 0_2_00007FF646DFBB40 | |
| Source: | Code function: | 0_2_00007FF646DFD920 | |
| Source: | Code function: | 0_2_00007FF646E008E0 | |
| Source: | Code function: | 0_2_00007FF646E07880 | |
| Source: | Code function: | 0_2_00007FF646E04060 | |
| Source: | Code function: | 0_2_00007FF646DFF440 | |
| Source: | Code function: | 0_2_00007FF646E02450 | |
| Source: | Code function: | 0_2_00007FF646E05E00 | |
| Source: | Code function: | 0_2_00007FF646E04DE0 | |
| Source: | Code function: | 0_2_00007FF646E051F0 | |
| Source: | Code function: | 0_2_00007FF646E111D4 | |
| Source: | Code function: | 0_2_00007FF646DFDD60 | |
| Source: | Code function: | 0_2_00007FF646E00170 | |
| Source: | Code function: | 0_2_00007FF646E19708 | |
| Source: | Code function: | 0_2_00007FF646DFF710 | |
| Source: | Code function: | 0_2_00007FF646DF6EE0 | |
| Source: | Code function: | 0_2_00007FF646DFC2C0 | |
| Source: | Code function: | 0_2_00007FF646DF3ED0 | |
| Source: | Code function: | 0_2_00007FF646E05AD0 | |
| Source: | Code function: | 0_2_00007FF646E04AD0 | |
| Source: | Code function: | 0_2_00007FF646E0A29C | |
| Source: | Code function: | 0_2_00007FF646E17A6C | |
| Source: | Code function: | 0_2_00007FF646DF2640 | |
| Source: | Code function: | 2_2_00445140 | |
| Source: | Code function: | 2_2_00422100 | |
| Source: | Code function: | 2_2_0040B990 | |
| Source: | Code function: | 2_2_004182C0 | |
| Source: | Code function: | 2_2_00448BF0 | |
| Source: | Code function: | 2_2_00445380 | |
| Source: | Code function: | 2_2_0044D3A0 | |
| Source: | Code function: | 2_2_00438460 | |
| Source: | Code function: | 2_2_00428CA0 | |
| Source: | Code function: | 2_2_0041C582 | |
| Source: | Code function: | 2_2_0042CE60 | |
| Source: | Code function: | 2_2_00416637 | |
| Source: | Code function: | 2_2_004306A0 | |
| Source: | Code function: | 2_2_00411EAA | |
| Source: | Code function: | 2_2_0044DEB0 | |
| Source: | Code function: | 2_2_0041EF24 | |
| Source: | Code function: | 2_2_004137DF | |
| Source: | Code function: | 2_2_0044B783 | |
| Source: | Code function: | 2_2_00438FAC | |
| Source: | Code function: | 2_2_00401040 | |
| Source: | Code function: | 2_2_0042105B | |
| Source: | Code function: | 2_2_00436830 | |
| Source: | Code function: | 2_2_0044D830 | |
| Source: | Code function: | 2_2_0044C0DB | |
| Source: | Code function: | 2_2_0043D8E0 | |
| Source: | Code function: | 2_2_004340E6 | |
| Source: | Code function: | 2_2_0044C8F0 | |
| Source: | Code function: | 2_2_0040C890 | |
| Source: | Code function: | 2_2_004448A0 | |
| Source: | Code function: | 2_2_0041E0A8 | |
| Source: | Code function: | 2_2_0042B947 | |
| Source: | Code function: | 2_2_00425160 | |
| Source: | Code function: | 2_2_00428110 | |
| Source: | Code function: | 2_2_0043193D | |
| Source: | Code function: | 2_2_004491D0 | |
| Source: | Code function: | 2_2_004269E0 | |
| Source: | Code function: | 2_2_004109F3 | |
| Source: | Code function: | 2_2_0043F9F0 | |
| Source: | Code function: | 2_2_0043C9F8 | |
| Source: | Code function: | 2_2_0044C9B0 | |
| Source: | Code function: | 2_2_0044CA40 | |
| Source: | Code function: | 2_2_0043924D | |
| Source: | Code function: | 2_2_00438A51 | |
| Source: | Code function: | 2_2_00438A6E | |
| Source: | Code function: | 2_2_0042DA00 | |
| Source: | Code function: | 2_2_00408A20 | |
| Source: | Code function: | 2_2_00438224 | |
| Source: | Code function: | 2_2_0042FAD0 | |
| Source: | Code function: | 2_2_004462D0 | |
| Source: | Code function: | 2_2_00402AE0 | |
| Source: | Code function: | 2_2_00421AE5 | |
| Source: | Code function: | 2_2_004172F5 | |
| Source: | Code function: | 2_2_00433AFF | |
| Source: | Code function: | 2_2_00424A82 | |
| Source: | Code function: | 2_2_00432A87 | |
| Source: | Code function: | 2_2_0040A290 | |
| Source: | Code function: | 2_2_0040DA90 | |
| Source: | Code function: | 2_2_00411290 | |
| Source: | Code function: | 2_2_0044AA95 | |
| Source: | Code function: | 2_2_0041C582 | |
| Source: | Code function: | 2_2_0044DB50 | |
| Source: | Code function: | 2_2_00428B57 | |
| Source: | Code function: | 2_2_0041E360 | |
| Source: | Code function: | 2_2_00444B00 | |
| Source: | Code function: | 2_2_0042FB2B | |
| Source: | Code function: | 2_2_004333C0 | |
| Source: | Code function: | 2_2_0041CBC4 | |
| Source: | Code function: | 2_2_004393C4 | |
| Source: | Code function: | 2_2_0040C440 | |
| Source: | Code function: | 2_2_00425450 | |
| Source: | Code function: | 2_2_0041FC79 | |
| Source: | Code function: | 2_2_0042DC0A | |
| Source: | Code function: | 2_2_0040EC10 | |
| Source: | Code function: | 2_2_0043FC20 | |
| Source: | Code function: | 2_2_00420C32 | |
| Source: | Code function: | 2_2_0042DC30 | |
| Source: | Code function: | 2_2_0044A43E | |
| Source: | Code function: | 2_2_004034F0 | |
| Source: | Code function: | 2_2_00430CF0 | |
| Source: | Code function: | 2_2_004434F9 | |
| Source: | Code function: | 2_2_004094B0 | |
| Source: | Code function: | 2_2_00407D40 | |
| Source: | Code function: | 2_2_00425D40 | |
| Source: | Code function: | 2_2_00437555 | |
| Source: | Code function: | 2_2_00436D66 | |
| Source: | Code function: | 2_2_00424500 | |
| Source: | Code function: | 2_2_00424A82 | |
| Source: | Code function: | 2_2_00431D9C | |
| Source: | Code function: | 2_2_00439DA0 | |
| Source: | Code function: | 2_2_0043D5B0 | |
| Source: | Code function: | 2_2_00417DBB | |
| Source: | Code function: | 2_2_00446DBF | |
| Source: | Code function: | 2_2_0043BE43 | |
| Source: | Code function: | 2_2_0041DE50 | |
| Source: | Code function: | 2_2_00449660 | |
| Source: | Code function: | 2_2_0044C670 | |
| Source: | Code function: | 2_2_00437678 | |
| Source: | Code function: | 2_2_0040D620 | |
| Source: | Code function: | 2_2_0041D623 | |
| Source: | Code function: | 2_2_00429E30 | |
| Source: | Code function: | 2_2_0040FEF0 | |
| Source: | Code function: | 2_2_00430EF0 | |
| Source: | Code function: | 2_2_00403E90 | |
| Source: | Code function: | 2_2_0042F690 | |
| Source: | Code function: | 2_2_0044A6A9 | |
| Source: | Code function: | 2_2_0042D6BB | |
| Source: | Code function: | 2_2_0044C750 | |
| Source: | Code function: | 2_2_0040CF70 | |
| Source: | Code function: | 2_2_00404772 | |
| Source: | Code function: | 2_2_00432F70 | |
| Source: | Code function: | 2_2_00406F76 | |
| Source: | Code function: | 2_2_00432F08 | |
| Source: | Code function: | 2_2_00421710 | |
| Source: | Code function: | 2_2_00408F30 | |
| Source: | Code function: | 2_2_00445FD0 | |
| Source: | Code function: | 2_2_0041F7F1 | |
| Source: | Code function: | 2_2_004297B0 | |
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 2_2_00445380 | |
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 2_2_004506E7 | |
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | WMI Queries: | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Code function: | 0_2_00007FF646E11358 | |
| Source: | Code function: | 0_2_00007FF646E111D4 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_2-22081 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 2_2_0044B180 | |
| Source: | Code function: | 0_2_00007FF646E0AB04 | |
| Source: | Code function: | 0_2_00007FF646E0E2EC | |
| Source: | Code function: | 0_2_00007FF646E08088 | |
| Source: | Code function: | 0_2_00007FF646E0AB04 | |
| Source: | Code function: | 0_2_00007FF646E08704 | |
| Source: | Code function: | 0_2_00007FF646E086F4 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF646E19520 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF646E08570 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Windows Management Instrumentation | 1 DLL Side-Loading | 311 Process Injection | 21 Virtualization/Sandbox Evasion | 2 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Screen Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 311 Process Injection | LSASS Memory | 241 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 41 Data from Local System | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 1 Process Discovery | Distributed Component Object Model | 3 Clipboard Data | 114 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Software Packing | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 11 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 33 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 38% | Virustotal | Browse | ||
| 39% | ReversingLabs | Win64.Trojan.Generic |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | high | |
| loadoutle.life | 188.114.96.3 | true | true | unknown | |
| pki-goog.l.google.com | 142.250.186.99 | true | false | high | |
| c.pki.goog | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 188.114.96.3 | loadoutle.life | European Union | 13335 | CLOUDFLARENETUS | true |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1639954 |
| Start date and time: | 2025-03-16 19:03:03 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 45s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 12 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | LaunchV.2.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@5/0@2/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.60.203.209, 2.23.77.188, 199.232.214.172, 172.202.163.200, 13.85.23.206, 52.149.20.212, 20.3.187.198
- Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, slscr.update.microsoft.com, e3913.cd.akamaiedge.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, cac-ocsp.digicert.com.edgekey.net, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 14:04:00 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 188.114.96.3 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| pki-goog.l.google.com | Get hash | malicious | XWorm | Browse |
| |
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | SugarDump, XWorm | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer, Xmrig | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| loadoutle.life | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer, Xmrig | Browse |
| ||
| bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | XWorm | Browse |
| ||
| Get hash | malicious | SugarDump, XWorm | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Blank Grabber, Umbral Stealer | Browse |
| |
| Get hash | malicious | CobaltStrike | Browse |
| ||
| Get hash | malicious | Python Stealer, Blank Grabber, Umbral Stealer, XWorm | Browse |
| ||
| Get hash | malicious | Blank Grabber, Umbral Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Go Stealer, Skuld Stealer | Browse |
| ||
| Get hash | malicious | Python Stealer, Blank Grabber | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | CobaltStrike | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer, RHADAMANTHYS | Browse |
|
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 7.646831278811739 |
| TrID: |
|
| File name: | LaunchV.2.exe |
| File size: | 592'896 bytes |
| MD5: | b7ad5811f05a5ce6664b01dd47d3a1d7 |
| SHA1: | d9555b56a89bce5149b5c6a1c99a87e7a9a098c6 |
| SHA256: | bff8217e37fe817479a614e0383f8c1d6f47999762c2005670c301927dac8a3a |
| SHA512: | 243ae1105c17c4601a6802ae6a1886d6d5aee50d026761c830d14231287646c3200e18aaf735dd866f40f5d620eb28754b178eb48aba7f2bc5d17550c6516276 |
| SSDEEP: | 12288:VWCzTM2dzPblUrAv5oS6FwdOalD2jZVlLHr1h+Pgze/51NTL7E714:VUePptvDI/vGGeDRm4 |
| TLSH: | 60C4F2AE26A758D6ED73847CCED07A51D77378268F10CBFB06E441211E235D29D2AB23 |
| File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....}.g.........."............................@..........................................`........................................ |
 | |
| Icon Hash: | 90cececece8e8eb0 |
| Entrypoint: | 0x14001831c |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x140000000 |
| Subsystem: | windows cui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x67D57DF5 [Sat Mar 15 13:17:41 2025 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | fd2739e7ebf69dea0556a52b87570850 |
| Instruction |
|---|
| dec eax |
| sub esp, 28h |
| call 00007F2144C82B40h |
| dec eax |
| add esp, 28h |
| jmp 00007F2144C82767h |
| int3 |
| int3 |
| dec eax |
| sub esp, 28h |
| call 00007F2144C82904h |
| dec eax |
| neg eax |
| sbb eax, eax |
| neg eax |
| dec eax |
| dec eax |
| add esp, 28h |
| ret |
| int3 |
| inc eax |
| push ebx |
| dec eax |
| sub esp, 20h |
| dec eax |
| cmp dword ptr [0001E092h], FFFFFFFFh |
| dec eax |
| mov ebx, ecx |
| jne 00007F2144C828F9h |
| call 00007F2144C84821h |
| jmp 00007F2144C82901h |
| dec eax |
| mov edx, ebx |
| dec eax |
| lea ecx, dword ptr [0001E07Ch] |
| call 00007F2144C84784h |
| xor edx, edx |
| test eax, eax |
| dec eax |
| cmove edx, ebx |
| dec eax |
| mov eax, edx |
| dec eax |
| add esp, 20h |
| pop ebx |
| ret |
| int3 |
| int3 |
| dec eax |
| sub esp, 18h |
| dec esp |
| mov eax, ecx |
| mov eax, 00005A4Dh |
| cmp word ptr [FFFE7C69h], ax |
| jne 00007F2144C8296Ah |
| dec eax |
| arpl word ptr [FFFE7C9Ch], cx |
| dec eax |
| lea edx, dword ptr [FFFE7C59h] |
| dec eax |
| add ecx, edx |
| cmp dword ptr [ecx], 00004550h |
| jne 00007F2144C82951h |
| mov eax, 0000020Bh |
| cmp word ptr [ecx+18h], ax |
| jne 00007F2144C82946h |
| dec esp |
| sub eax, edx |
| movzx edx, word ptr [ecx+14h] |
| dec eax |
| add edx, 18h |
| dec eax |
| add edx, ecx |
| movzx eax, word ptr [ecx+06h] |
| dec eax |
| lea ecx, dword ptr [eax+eax*4] |
| dec esp |
| lea ecx, dword ptr [edx+ecx*8] |
| dec eax |
| mov dword ptr [esp], edx |
| dec ecx |
| cmp edx, ecx |
| je 00007F2144C8290Ah |
| mov ecx, dword ptr [edx+0Ch] |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x32c78 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x38000 | 0x15b4 | .pdata |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x3e000 | 0x668 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2b1e0 | 0x140 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x32f08 | 0x268 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x29aa7 | 0x29c00 | bc39eb6dd60785e4180e7c7cbb3afa99 | False | 0.5047717065868264 | data | 6.600671819762486 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x2b000 | 0x9c0c | 0x9e00 | 87242c2b164715b145e7eeeb049c8f17 | False | 0.41544699367088606 | data | 4.795620390693286 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x35000 | 0x2040 | 0xc00 | da54f09d231e8fd39b1de467f9d4a7c5 | False | 0.17805989583333334 | data | 2.440587319916063 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .pdata | 0x38000 | 0x15b4 | 0x1600 | 092a09f2375815764b7919ab42978e4d | False | 0.4836647727272727 | data | 5.410912571801746 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .gxfg | 0x3a000 | 0x13e0 | 0x1400 | 07ef09fd727107c6620b60102558fa00 | False | 0.43828125 | PGP symmetric key encrypted data - Plaintext or unencrypted data | 5.090449058306497 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .retplne | 0x3c000 | 0x8c | 0x200 | 8c950f651287cbc1296bcb4e8cd7e990 | False | 0.126953125 | data | 1.050583247971927 | |
| _RDATA | 0x3d000 | 0x1f4 | 0x200 | 7b11f7add986212d544d974c3e5f9c4f | False | 0.53125 | data | 4.225546917809558 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x3e000 | 0x668 | 0x800 | edea3649b03d6ab7210f59a9f658694e | False | 0.501953125 | data | 4.9254112948995346 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| .bss | 0x3f000 | 0x58a00 | 0x58a00 | a9b71459afea845debb1c770cb028691 | False | 1.000333325987306 | data | 7.999482203248212 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| DLL | Import |
|---|---|
| KERNEL32.dll | CloseHandle, CompareStringW, CreateFileW, DeleteCriticalSection, EncodePointer, EnterCriticalSection, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlsAlloc, FlsFree, FlsGetValue, FlsSetValue, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileType, GetLastError, GetModuleFileNameW, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, RtlCaptureContext, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwindEx, RtlVirtualUnwind, SetEndOfFile, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, WideCharToMultiByte, WriteConsoleW, WriteFile |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-16T19:04:00.648820+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49710 | 188.114.96.3 | 443 | TCP |
| 2025-03-16T19:04:01.765064+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49711 | 188.114.96.3 | 443 | TCP |
| 2025-03-16T19:04:02.787127+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49712 | 188.114.96.3 | 443 | TCP |
| 2025-03-16T19:04:04.280018+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49713 | 188.114.96.3 | 443 | TCP |
| 2025-03-16T19:04:05.442238+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49716 | 188.114.96.3 | 443 | TCP |
| 2025-03-16T19:04:06.603608+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49717 | 188.114.96.3 | 443 | TCP |
| 2025-03-16T19:04:08.566598+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49719 | 188.114.96.3 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 16, 2025 19:04:00.140960932 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:00.140997887 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:00.141098976 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:00.143889904 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:00.143907070 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:00.648585081 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:00.648819923 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:00.653186083 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:00.653194904 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:00.653469086 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:00.696316957 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:00.726372957 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:00.726409912 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:00.726674080 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:00.932554007 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
| Mar 16, 2025 19:04:01.123153925 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.123200893 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.123229980 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.123255968 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.123284101 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.123303890 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.123310089 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.123322010 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.123362064 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.123610973 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.123653889 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.123663902 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.123702049 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.123724937 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.123739004 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.123745918 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.123778105 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.231009007 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.231089115 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.231134892 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.232219934 CET | 49710 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.232234955 CET | 443 | 49710 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.244719982 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
| Mar 16, 2025 19:04:01.301422119 CET | 49711 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.301465988 CET | 443 | 49711 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.301543951 CET | 49711 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.301877975 CET | 49711 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.301882029 CET | 443 | 49711 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.765000105 CET | 443 | 49711 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.765064001 CET | 49711 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.766661882 CET | 49711 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.766680002 CET | 443 | 49711 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.767118931 CET | 443 | 49711 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.768471003 CET | 49711 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.768593073 CET | 49711 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.768877983 CET | 443 | 49711 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.768920898 CET | 49711 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:01.768934965 CET | 443 | 49711 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:01.854269981 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
| Mar 16, 2025 19:04:02.300709009 CET | 443 | 49711 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:02.300815105 CET | 443 | 49711 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:02.300970078 CET | 49711 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:02.301189899 CET | 49711 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:02.301239967 CET | 443 | 49711 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:02.321224928 CET | 49712 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:02.321278095 CET | 443 | 49712 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:02.321391106 CET | 49712 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:02.321702003 CET | 49712 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:02.321712971 CET | 443 | 49712 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:02.787033081 CET | 443 | 49712 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:02.787127018 CET | 49712 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:02.788317919 CET | 49712 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:02.788343906 CET | 443 | 49712 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:02.788589954 CET | 443 | 49712 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:02.789695024 CET | 49712 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:02.789802074 CET | 49712 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:02.789841890 CET | 443 | 49712 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:03.057269096 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
| Mar 16, 2025 19:04:03.245770931 CET | 443 | 49712 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:03.246598959 CET | 443 | 49712 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:03.246701002 CET | 49712 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:03.277580023 CET | 49712 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:03.277611971 CET | 443 | 49712 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:03.822113037 CET | 49713 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:03.822160959 CET | 443 | 49713 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:03.822221994 CET | 49713 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:03.822757959 CET | 49713 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:03.822765112 CET | 443 | 49713 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:04.279916048 CET | 443 | 49713 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:04.280018091 CET | 49713 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:04.281263113 CET | 49713 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:04.281286001 CET | 443 | 49713 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:04.281507969 CET | 443 | 49713 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:04.282830000 CET | 49713 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:04.282968998 CET | 49713 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:04.282993078 CET | 443 | 49713 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:04.283051968 CET | 49713 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:04.283062935 CET | 443 | 49713 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:04.816122055 CET | 443 | 49713 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:04.816216946 CET | 443 | 49713 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:04.816260099 CET | 49713 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:04.816406012 CET | 49713 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:04.816436052 CET | 443 | 49713 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:04.916387081 CET | 49716 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:04.916448116 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:04.916527987 CET | 49716 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:04.936420918 CET | 49716 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:04.936445951 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:05.442166090 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:05.442238092 CET | 49716 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:05.443456888 CET | 49716 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:05.443468094 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:05.443686962 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:05.444889069 CET | 49716 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:05.444994926 CET | 49716 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:05.445008993 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:05.463471889 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
| Mar 16, 2025 19:04:05.820334911 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:05.820446968 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:05.820525885 CET | 49716 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:05.820856094 CET | 49716 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:05.820880890 CET | 443 | 49716 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.123332024 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.123378038 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.123446941 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.123748064 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.123753071 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.603521109 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.603607893 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.604907990 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.604922056 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.605145931 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.606357098 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.607048988 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.607074976 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.607155085 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.607180119 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.607264996 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.607295036 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.607388973 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.607414007 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.607521057 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.607549906 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.607672930 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.607701063 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.607716084 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.607820988 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.607851028 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.618000031 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.618134022 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.618159056 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.618177891 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.618192911 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.618402958 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.618438005 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.624138117 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:06.624277115 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:06.624317884 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.095216990 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.095304012 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.095346928 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.095525026 CET | 49717 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.095545053 CET | 443 | 49717 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.100157022 CET | 49719 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.100235939 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.100327969 CET | 49719 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.100600004 CET | 49719 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.100627899 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.566513062 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.566597939 CET | 49719 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.567790031 CET | 49719 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.567827940 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.568094969 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.569386005 CET | 49719 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.569426060 CET | 49719 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.569467068 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.972058058 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.972105026 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.972135067 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.972148895 CET | 49719 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.972174883 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.972212076 CET | 49719 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.972213030 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.972223997 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.972270012 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.972278118 CET | 49719 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.972284079 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.972323895 CET | 49719 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.972330093 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.972548008 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.972588062 CET | 49719 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.973380089 CET | 49719 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.973408937 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:08.973424911 CET | 49719 | 443 | 192.168.2.4 | 188.114.96.3 |
| Mar 16, 2025 19:04:08.973431110 CET | 443 | 49719 | 188.114.96.3 | 192.168.2.4 |
| Mar 16, 2025 19:04:09.700464964 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
| Mar 16, 2025 19:04:10.012465000 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
| Mar 16, 2025 19:04:10.275996923 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
| Mar 16, 2025 19:04:10.619770050 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
| Mar 16, 2025 19:04:11.822861910 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
| Mar 16, 2025 19:04:13.111166000 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
| Mar 16, 2025 19:04:13.416665077 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
| Mar 16, 2025 19:04:13.762012005 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
| Mar 16, 2025 19:04:13.762681961 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
| Mar 16, 2025 19:04:13.762878895 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
| Mar 16, 2025 19:04:13.769392014 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
| Mar 16, 2025 19:04:13.770453930 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
| Mar 16, 2025 19:04:13.770469904 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
| Mar 16, 2025 19:04:13.866744041 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
| Mar 16, 2025 19:04:13.866794109 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
| Mar 16, 2025 19:04:13.996553898 CET | 443 | 49708 | 52.113.196.254 | 192.168.2.4 |
| Mar 16, 2025 19:04:13.996612072 CET | 49708 | 443 | 192.168.2.4 | 52.113.196.254 |
| Mar 16, 2025 19:04:14.026011944 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
| Mar 16, 2025 19:04:14.235285997 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
| Mar 16, 2025 19:04:14.284487963 CET | 49724 | 80 | 192.168.2.4 | 142.250.186.99 |
| Mar 16, 2025 19:04:14.289237022 CET | 80 | 49724 | 142.250.186.99 | 192.168.2.4 |
| Mar 16, 2025 19:04:14.289297104 CET | 49724 | 80 | 192.168.2.4 | 142.250.186.99 |
| Mar 16, 2025 19:04:14.289405107 CET | 49724 | 80 | 192.168.2.4 | 142.250.186.99 |
| Mar 16, 2025 19:04:14.294110060 CET | 80 | 49724 | 142.250.186.99 | 192.168.2.4 |
| Mar 16, 2025 19:04:14.946543932 CET | 80 | 49724 | 142.250.186.99 | 192.168.2.4 |
| Mar 16, 2025 19:04:14.952136040 CET | 49724 | 80 | 192.168.2.4 | 142.250.186.99 |
| Mar 16, 2025 19:04:14.956842899 CET | 80 | 49724 | 142.250.186.99 | 192.168.2.4 |
| Mar 16, 2025 19:04:15.132726908 CET | 80 | 49724 | 142.250.186.99 | 192.168.2.4 |
| Mar 16, 2025 19:04:15.182290077 CET | 49724 | 80 | 192.168.2.4 | 142.250.186.99 |
| Mar 16, 2025 19:04:15.230370045 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
| Mar 16, 2025 19:04:17.635385990 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
| Mar 16, 2025 19:04:19.041690111 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
| Mar 16, 2025 19:04:19.885392904 CET | 49671 | 443 | 192.168.2.4 | 204.79.197.203 |
| Mar 16, 2025 19:04:22.448128939 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
| Mar 16, 2025 19:04:28.651140928 CET | 49678 | 443 | 192.168.2.4 | 20.189.173.27 |
| Mar 16, 2025 19:04:32.057356119 CET | 49681 | 80 | 192.168.2.4 | 2.17.190.73 |
| Mar 16, 2025 19:05:15.792216063 CET | 49724 | 80 | 192.168.2.4 | 142.250.186.99 |
| Mar 16, 2025 19:05:15.797363043 CET | 80 | 49724 | 142.250.186.99 | 192.168.2.4 |
| Mar 16, 2025 19:05:15.797467947 CET | 49724 | 80 | 192.168.2.4 | 142.250.186.99 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 16, 2025 19:04:00.002619028 CET | 59082 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 16, 2025 19:04:00.133869886 CET | 53 | 59082 | 1.1.1.1 | 192.168.2.4 |
| Mar 16, 2025 19:04:14.277107954 CET | 63313 | 53 | 192.168.2.4 | 1.1.1.1 |
| Mar 16, 2025 19:04:14.283926964 CET | 53 | 63313 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 16, 2025 19:04:00.002619028 CET | 192.168.2.4 | 1.1.1.1 | 0x257d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 16, 2025 19:04:14.277107954 CET | 192.168.2.4 | 1.1.1.1 | 0x1a1e | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 16, 2025 19:04:00.133869886 CET | 1.1.1.1 | 192.168.2.4 | 0x257d | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
| Mar 16, 2025 19:04:00.133869886 CET | 1.1.1.1 | 192.168.2.4 | 0x257d | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
| Mar 16, 2025 19:04:13.795176029 CET | 1.1.1.1 | 192.168.2.4 | 0x7940 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 16, 2025 19:04:13.795176029 CET | 1.1.1.1 | 192.168.2.4 | 0x7940 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Mar 16, 2025 19:04:14.283926964 CET | 1.1.1.1 | 192.168.2.4 | 0x1a1e | No error (0) | pki-goog.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 16, 2025 19:04:14.283926964 CET | 1.1.1.1 | 192.168.2.4 | 0x1a1e | No error (0) | 142.250.186.99 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 0 | 192.168.2.4 | 49724 | 142.250.186.99 | 80 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 16, 2025 19:04:14.289405107 CET | 202 | OUT | |
| Mar 16, 2025 19:04:14.946543932 CET | 223 | IN | |
| Mar 16, 2025 19:04:14.952136040 CET | 200 | OUT | |
| Mar 16, 2025 19:04:15.132726908 CET | 223 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49710 | 188.114.96.3 | 443 | 7624 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-16 18:04:00 UTC | 266 | OUT | |
| 2025-03-16 18:04:00 UTC | 61 | OUT | |
| 2025-03-16 18:04:01 UTC | 786 | IN | |
| 2025-03-16 18:04:01 UTC | 583 | IN | |
| 2025-03-16 18:04:01 UTC | 1369 | IN | |
| 2025-03-16 18:04:01 UTC | 1369 | IN | |
| 2025-03-16 18:04:01 UTC | 1369 | IN | |
| 2025-03-16 18:04:01 UTC | 1369 | IN | |
| 2025-03-16 18:04:01 UTC | 1369 | IN | |
| 2025-03-16 18:04:01 UTC | 1369 | IN | |
| 2025-03-16 18:04:01 UTC | 1369 | IN | |
| 2025-03-16 18:04:01 UTC | 1369 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49711 | 188.114.96.3 | 443 | 7624 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-16 18:04:01 UTC | 284 | OUT | |
| 2025-03-16 18:04:01 UTC | 15331 | OUT | |
| 2025-03-16 18:04:01 UTC | 4300 | OUT | |
| 2025-03-16 18:04:02 UTC | 272 | IN | |
| 2025-03-16 18:04:02 UTC | 74 | IN | |
| 2025-03-16 18:04:02 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49712 | 188.114.96.3 | 443 | 7624 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-16 18:04:02 UTC | 279 | OUT | |
| 2025-03-16 18:04:02 UTC | 8768 | OUT | |
| 2025-03-16 18:04:03 UTC | 272 | IN | |
| 2025-03-16 18:04:03 UTC | 74 | IN | |
| 2025-03-16 18:04:03 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49713 | 188.114.96.3 | 443 | 7624 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-16 18:04:04 UTC | 282 | OUT | |
| 2025-03-16 18:04:04 UTC | 15331 | OUT | |
| 2025-03-16 18:04:04 UTC | 5100 | OUT | |
| 2025-03-16 18:04:04 UTC | 828 | IN | |
| 2025-03-16 18:04:04 UTC | 74 | IN | |
| 2025-03-16 18:04:04 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49716 | 188.114.96.3 | 443 | 7624 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-16 18:04:05 UTC | 274 | OUT | |
| 2025-03-16 18:04:05 UTC | 2541 | OUT | |
| 2025-03-16 18:04:05 UTC | 810 | IN | |
| 2025-03-16 18:04:05 UTC | 74 | IN | |
| 2025-03-16 18:04:05 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49717 | 188.114.96.3 | 443 | 7624 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-16 18:04:06 UTC | 278 | OUT | |
| 2025-03-16 18:04:06 UTC | 15331 | OUT | |
| 2025-03-16 18:04:06 UTC | 15331 | OUT | |
| 2025-03-16 18:04:06 UTC | 15331 | OUT | |
| 2025-03-16 18:04:06 UTC | 15331 | OUT | |
| 2025-03-16 18:04:06 UTC | 15331 | OUT | |
| 2025-03-16 18:04:06 UTC | 15331 | OUT | |
| 2025-03-16 18:04:06 UTC | 15331 | OUT | |
| 2025-03-16 18:04:06 UTC | 15331 | OUT | |
| 2025-03-16 18:04:06 UTC | 15331 | OUT | |
| 2025-03-16 18:04:06 UTC | 15331 | OUT | |
| 2025-03-16 18:04:08 UTC | 822 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49719 | 188.114.96.3 | 443 | 7624 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-16 18:04:08 UTC | 266 | OUT | |
| 2025-03-16 18:04:08 UTC | 99 | OUT | |
| 2025-03-16 18:04:08 UTC | 787 | IN | |
| 2025-03-16 18:04:08 UTC | 582 | IN | |
| 2025-03-16 18:04:08 UTC | 1369 | IN | |
| 2025-03-16 18:04:08 UTC | 1369 | IN | |
| 2025-03-16 18:04:08 UTC | 1369 | IN | |
| 2025-03-16 18:04:08 UTC | 1369 | IN | |
| 2025-03-16 18:04:08 UTC | 1369 | IN | |
| 2025-03-16 18:04:08 UTC | 1369 | IN | |
| 2025-03-16 18:04:08 UTC | 1369 | IN | |
| 2025-03-16 18:04:08 UTC | 283 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 14:03:58 |
| Start date: | 16/03/2025 |
| Path: | C:\Users\user\Desktop\LaunchV.2.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff646df0000 |
| File size: | 592'896 bytes |
| MD5 hash: | B7AD5811F05A5CE6664B01DD47D3A1D7 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 14:03:58 |
| Start date: | 16/03/2025 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff62fc20000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 14:03:58 |
| Start date: | 16/03/2025 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x980000 |
| File size: | 262'432 bytes |
| MD5 hash: | 8FDF47E0FF70C40ED3A17014AEEA4232 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | false |
| Target ID: | 11 |
| Start time: | 14:05:09 |
| Start date: | 16/03/2025 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff62fc20000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |