Edit tour
Windows
Analysis Report
launch3r-v2.2.2.exe
Overview
General Information
| Sample name: | launch3r-v2.2.2.exe |
| Analysis ID: | 1663604 |
| MD5: | 2151fa14db38f5b760138ef434cf19db |
| SHA1: | e3d23e54cd659a3c79c70e6adcede8bdf7305745 |
| SHA256: | 12d1bcd5f34a5bfa63cddf972b8d51213b503b5a940cf3ba10d81104e49e930e |
| Tags: | exeLummaStealeruser-aachum |
| Infos: |   |
 | |
Detection
LummaC Stealer
| Score: | 100 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
launch3r-v2.2.2.exe (PID: 8152 cmdline: "C:\Users\ user\Deskt op\launch3 r-v2.2.2.e xe" MD5: 2151FA14DB38F5B760138EF434CF19DB) 
MSBuild.exe (PID: 7396 cmdline: "C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\MSB uild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
- cleanup
{"C2 url": ["aquesolp.run/agosoz", "jawdedmirror.run/ewqd", "changeaie.top/geps", "lonfgshadow.live/xawi", "liftally.top/xasj", "nighetwhisper.top/lekd", "salaccgfa.top/gsooz", "zestmodp.top/zeda", "owlflright.digital/qopy"], "Build id": "de1445e12af5d5c2abbd3e3cd7d95674dc60314f35cc20bd9b499627"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security |
System Summary |   |
|---|
| Source: | Author: Kiran kumar s, oscd.community: | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-04-12T01:45:03.451714+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49692 | 149.154.167.99 | 443 | TCP |
| 2025-04-12T01:45:04.302730+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49693 | 104.21.22.10 | 443 | TCP |
| 2025-04-12T01:45:06.616538+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49694 | 104.21.22.10 | 443 | TCP |
| 2025-04-12T01:45:07.638100+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49695 | 104.21.22.10 | 443 | TCP |
| 2025-04-12T01:45:08.625050+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49696 | 104.21.22.10 | 443 | TCP |
| 2025-04-12T01:45:10.574781+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49697 | 104.21.22.10 | 443 | TCP |
| 2025-04-12T01:45:11.696467+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49698 | 104.21.22.10 | 443 | TCP |
| 2025-04-12T01:45:13.695752+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49700 | 104.21.22.10 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Code function: | 3_2_0041F2A3 | |
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 3_2_0043683A | |
| Source: | Code function: | 3_2_0043683A | |
| Source: | Code function: | 3_2_0043683A | |
| Source: | Code function: | 3_2_0040E8C4 | |
| Source: | Code function: | 3_2_0044D0D0 | |
| Source: | Code function: | 3_2_00419899 | |
| Source: | Code function: | 3_2_0042F170 | |
| Source: | Code function: | 3_2_0042F170 | |
| Source: | Code function: | 3_2_0040D920 | |
| Source: | Code function: | 3_2_004422C0 | |
| Source: | Code function: | 3_2_004422C0 | |
| Source: | Code function: | 3_2_004422C0 | |
| Source: | Code function: | 3_2_00418B00 | |
| Source: | Code function: | 3_2_00418B00 | |
| Source: | Code function: | 3_2_0044C460 | |
| Source: | Code function: | 3_2_004495C0 | |
| Source: | Code function: | 3_2_00410DB0 | |
| Source: | Code function: | 3_2_00434F60 | |
| Source: | Code function: | 3_2_00434F60 | |
| Source: | Code function: | 3_2_00434F60 | |
| Source: | Code function: | 3_2_0040A040 | |
| Source: | Code function: | 3_2_0040A040 | |
| Source: | Code function: | 3_2_0042E060 | |
| Source: | Code function: | 3_2_0042E060 | |
| Source: | Code function: | 3_2_0042F8E7 | |
| Source: | Code function: | 3_2_0041A8FA | |
| Source: | Code function: | 3_2_0042C0B0 | |
| Source: | Code function: | 3_2_0044B940 | |
| Source: | Code function: | 3_2_0040C970 | |
| Source: | Code function: | 3_2_0040C970 | |
| Source: | Code function: | 3_2_00432901 | |
| Source: | Code function: | 3_2_0044D9E0 | |
| Source: | Code function: | 3_2_0044B9E0 | |
| Source: | Code function: | 3_2_0042B1E6 | |
| Source: | Code function: | 3_2_0040B1F0 | |
| Source: | Code function: | 3_2_0043FA40 | |
| Source: | Code function: | 3_2_0044BA70 | |
| Source: | Code function: | 3_2_0044CA70 | |
| Source: | Code function: | 3_2_00422A01 | |
| Source: | Code function: | 3_2_00422A01 | |
| Source: | Code function: | 3_2_004492C6 | |
| Source: | Code function: | 3_2_004492C6 | |
| Source: | Code function: | 3_2_00446B50 | |
| Source: | Code function: | 3_2_00433370 | |
| Source: | Code function: | 3_2_0044AB10 | |
| Source: | Code function: | 3_2_0044AB10 | |
| Source: | Code function: | 3_2_004023D0 | |
| Source: | Code function: | 3_2_00430382 | |
| Source: | Code function: | 3_2_00427B90 | |
| Source: | Code function: | 3_2_0041245E | |
| Source: | Code function: | 3_2_0042DC00 | |
| Source: | Code function: | 3_2_00401C30 | |
| Source: | Code function: | 3_2_004224C0 | |
| Source: | Code function: | 3_2_004224C0 | |
| Source: | Code function: | 3_2_00420CB0 | |
| Source: | Code function: | 3_2_00420CB0 | |
| Source: | Code function: | 3_2_00420CB0 | |
| Source: | Code function: | 3_2_0044CD70 | |
| Source: | Code function: | 3_2_0044CD70 | |
| Source: | Code function: | 3_2_00423D10 | |
| Source: | Code function: | 3_2_00435DF5 | |
| Source: | Code function: | 3_2_00435DF5 | |
| Source: | Code function: | 3_2_004275B0 | |
| Source: | Code function: | 3_2_00401E60 | |
| Source: | Code function: | 3_2_0040F670 | |
| Source: | Code function: | 3_2_00422E10 | |
| Source: | Code function: | 3_2_0042BEC0 | |
| Source: | Code function: | 3_2_00443EF0 | |
| Source: | Code function: | 3_2_00443EF0 | |
| Source: | Code function: | 3_2_00446680 | |
| Source: | Code function: | 3_2_004256B0 | |
| Source: | Code function: | 3_2_00449EB0 | |
| Source: | Code function: | 3_2_0044B6B0 | |
| Source: | Code function: | 3_2_00408700 | |
| Source: | Code function: | 3_2_0042F7C0 | |
| Source: | Code function: | 3_2_00421FD9 | |
| Source: | Code function: | 3_2_00426F80 | |
| Source: | Code function: | 3_2_00419F84 | |
| Source: | Code function: | 3_2_00431F9C | |
Networking | |
|---|
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 3_2_0043D630 | |
| Source: | Code function: | 3_2_030C1000 | |
| Source: | Code function: | 3_2_0043D630 | |
| Source: | Code function: | 3_2_0043D7F0 | |
| Source: | Code function: | 3_2_0040C250 | |
| Source: | Code function: | 0_2_00007FF692D13000 | |
| Source: | Code function: | 0_2_00007FF692CF55C0 | |
| Source: | Code function: | 0_2_00007FF692D9A01C | |
| Source: | Code function: | 0_2_00007FF692D0E02F | |
| Source: | Code function: | 0_2_00007FF692D1E800 | |
| Source: | Code function: | 0_2_00007FF692D9280C | |
| Source: | Code function: | 0_2_00007FF692D2C7C0 | |
| Source: | Code function: | 0_2_00007FF692D5CFC0 | |
| Source: | Code function: | 0_2_00007FF692D14FD0 | |
| Source: | Code function: | 0_2_00007FF692D167D0 | |
| Source: | Code function: | 0_2_00007FF692D8D798 | |
| Source: | Code function: | 0_2_00007FF692D0CB80 | |
| Source: | Code function: | 0_2_00007FF692D1CB80 | |
| Source: | Code function: | 0_2_00007FF692D0E790 | |
| Source: | Code function: | 0_2_00007FF692D28F40 | |
| Source: | Code function: | 0_2_00007FF692D11340 | |
| Source: | Code function: | 0_2_00007FF692D17D20 | |
| Source: | Code function: | 0_2_00007FF692D1D520 | |
| Source: | Code function: | 0_2_00007FF692D1BD20 | |
| Source: | Code function: | 0_2_00007FF692D17100 | |
| Source: | Code function: | 0_2_00007FF692D24500 | |
| Source: | Code function: | 0_2_00007FF692D1AD10 | |
| Source: | Code function: | 0_2_00007FF692D108E0 | |
| Source: | Code function: | 0_2_00007FF692D0A8E0 | |
| Source: | Code function: | 0_2_00007FF692D184E0 | |
| Source: | Code function: | 0_2_00007FF692D8C4F0 | |
| Source: | Code function: | 0_2_00007FF692D060F0 | |
| Source: | Code function: | 0_2_00007FF692D0F8C0 | |
| Source: | Code function: | 0_2_00007FF692D2ACD0 | |
| Source: | Code function: | 0_2_00007FF692D1B8D0 | |
| Source: | Code function: | 0_2_00007FF692D18CB0 | |
| Source: | Code function: | 0_2_00007FF692CF50B0 | |
| Source: | Code function: | 0_2_00007FF692DA0C94 | |
| Source: | Code function: | 0_2_00007FF692D0C890 | |
| Source: | Code function: | 0_2_00007FF692D0F460 | |
| Source: | Code function: | 0_2_00007FF692D1A860 | |
| Source: | Code function: | 0_2_00007FF692D31220 | |
| Source: | Code function: | 0_2_00007FF692D14230 | |
| Source: | Code function: | 0_2_00007FF692D0FDE0 | |
| Source: | Code function: | 0_2_00007FF692D1D1F0 | |
| Source: | Code function: | 0_2_00007FF692D1CDF0 | |
| Source: | Code function: | 0_2_00007FF692D151C0 | |
| Source: | Code function: | 0_2_00007FF692D0D9C0 | |
| Source: | Code function: | 0_2_00007FF692D0A5A0 | |
| Source: | Code function: | 0_2_00007FF692D8D99C | |
| Source: | Code function: | 0_2_00007FF692D0D1B0 | |
| Source: | Code function: | 0_2_00007FF692D8D594 | |
| Source: | Code function: | 0_2_00007FF692D0AD90 | |
| Source: | Code function: | 0_2_00007FF692D24190 | |
| Source: | Code function: | 0_2_00007FF692D19970 | |
| Source: | Code function: | 0_2_00007FF692D0B940 | |
| Source: | Code function: | 0_2_00007FF692D30550 | |
| Source: | Code function: | 0_2_00007FF692D18950 | |
| Source: | Code function: | 0_2_00007FF692D27950 | |
| Source: | Code function: | 0_2_00007FF692D2EB30 | |
| Source: | Code function: | 0_2_00007FF692D8E728 | |
| Source: | Code function: | 0_2_00007FF692D9A304 | |
| Source: | Code function: | 0_2_00007FF692D9A6FC | |
| Source: | Code function: | 0_2_00007FF692D92F10 | |
| Source: | Code function: | 0_2_00007FF692D1AB10 | |
| Source: | Code function: | 0_2_00007FF692D2A6E0 | |
| Source: | Code function: | 0_2_00007FF692D902C0 | |
| Source: | Code function: | 0_2_00007FF692D28AC0 | |
| Source: | Code function: | 0_2_00007FF692D16AD0 | |
| Source: | Code function: | 0_2_00007FF692D276D0 | |
| Source: | Code function: | 0_2_00007FF692D8CAA0 | |
| Source: | Code function: | 0_2_00007FF692D136A0 | |
| Source: | Code function: | 0_2_00007FF692D24AB0 | |
| Source: | Code function: | 0_2_00007FF692CF32B0 | |
| Source: | Code function: | 0_2_00007FF692D29690 | |
| Source: | Code function: | 0_2_00007FF692D0C290 | |
| Source: | Code function: | 0_2_00007FF692DA3E60 | |
| Source: | Code function: | 0_2_00007FF692D2C270 | |
| Source: | Code function: | 0_2_00007FF692D23A70 | |
| Source: | Code function: | 0_2_00007FF692D0666E | |
| Source: | Code function: | 0_2_00007FF692D20640 | |
| Source: | Code function: | 0_2_00007FF692D29A50 | |
| Source: | Code function: | 3_2_0043683A | |
| Source: | Code function: | 3_2_0040E8C4 | |
| Source: | Code function: | 3_2_0044D0D0 | |
| Source: | Code function: | 3_2_00419899 | |
| Source: | Code function: | 3_2_0042F170 | |
| Source: | Code function: | 3_2_0040D920 | |
| Source: | Code function: | 3_2_00446220 | |
| Source: | Code function: | 3_2_004422C0 | |
| Source: | Code function: | 3_2_00418B00 | |
| Source: | Code function: | 3_2_00403B10 | |
| Source: | Code function: | 3_2_00414C3C | |
| Source: | Code function: | 3_2_00415C80 | |
| Source: | Code function: | 3_2_00411D54 | |
| Source: | Code function: | 3_2_0044C570 | |
| Source: | Code function: | 3_2_00410510 | |
| Source: | Code function: | 3_2_00426510 | |
| Source: | Code function: | 3_2_0041E5F2 | |
| Source: | Code function: | 3_2_00410DB0 | |
| Source: | Code function: | 3_2_00441E70 | |
| Source: | Code function: | 3_2_0040B690 | |
| Source: | Code function: | 3_2_0040EEA5 | |
| Source: | Code function: | 3_2_0043BF50 | |
| Source: | Code function: | 3_2_00434F60 | |
| Source: | Code function: | 3_2_0044877D | |
| Source: | Code function: | 3_2_0041F7B0 | |
| Source: | Code function: | 3_2_0040A040 | |
| Source: | Code function: | 3_2_0042E060 | |
| Source: | Code function: | 3_2_00447060 | |
| Source: | Code function: | 3_2_0041A07E | |
| Source: | Code function: | 3_2_00413813 | |
| Source: | Code function: | 3_2_00402020 | |
| Source: | Code function: | 3_2_0043B020 | |
| Source: | Code function: | 3_2_0042C0C1 | |
| Source: | Code function: | 3_2_0044A8C0 | |
| Source: | Code function: | 3_2_0042F8E7 | |
| Source: | Code function: | 3_2_0041A8FA | |
| Source: | Code function: | 3_2_00424090 | |
| Source: | Code function: | 3_2_0042D8A5 | |
| Source: | Code function: | 3_2_0044B940 | |
| Source: | Code function: | 3_2_0040C970 | |
| Source: | Code function: | 3_2_00432901 | |
| Source: | Code function: | 3_2_0044B9E0 | |
| Source: | Code function: | 3_2_0042B9F0 | |
| Source: | Code function: | 3_2_0044A180 | |
| Source: | Code function: | 3_2_00423990 | |
| Source: | Code function: | 3_2_004391BA | |
| Source: | Code function: | 3_2_0040AA40 | |
| Source: | Code function: | 3_2_0040C250 | |
| Source: | Code function: | 3_2_00409260 | |
| Source: | Code function: | 3_2_0044BA70 | |
| Source: | Code function: | 3_2_0044CA70 | |
| Source: | Code function: | 3_2_00422A01 | |
| Source: | Code function: | 3_2_00407A10 | |
| Source: | Code function: | 3_2_004152C1 | |
| Source: | Code function: | 3_2_004482C0 | |
| Source: | Code function: | 3_2_0041C2D7 | |
| Source: | Code function: | 3_2_0044AB10 | |
| Source: | Code function: | 3_2_0043D320 | |
| Source: | Code function: | 3_2_0041C32F | |
| Source: | Code function: | 3_2_004023D0 | |
| Source: | Code function: | 3_2_004433D0 | |
| Source: | Code function: | 3_2_00430382 | |
| Source: | Code function: | 3_2_0041245E | |
| Source: | Code function: | 3_2_00423479 | |
| Source: | Code function: | 3_2_0042DC00 | |
| Source: | Code function: | 3_2_00404422 | |
| Source: | Code function: | 3_2_004224C0 | |
| Source: | Code function: | 3_2_00408CE0 | |
| Source: | Code function: | 3_2_0042B4E8 | |
| Source: | Code function: | 3_2_00410CF1 | |
| Source: | Code function: | 3_2_00443CF0 | |
| Source: | Code function: | 3_2_0043AC80 | |
| Source: | Code function: | 3_2_00438C88 | |
| Source: | Code function: | 3_2_00423497 | |
| Source: | Code function: | 3_2_00420CB0 | |
| Source: | Code function: | 3_2_0044A550 | |
| Source: | Code function: | 3_2_00441560 | |
| Source: | Code function: | 3_2_0044CD70 | |
| Source: | Code function: | 3_2_00412D00 | |
| Source: | Code function: | 3_2_00430D0D | |
| Source: | Code function: | 3_2_00423D10 | |
| Source: | Code function: | 3_2_0043CDD0 | |
| Source: | Code function: | 3_2_00435DF5 | |
| Source: | Code function: | 3_2_004275B0 | |
| Source: | Code function: | 3_2_00447640 | |
| Source: | Code function: | 3_2_0040F670 | |
| Source: | Code function: | 3_2_00428E72 | |
| Source: | Code function: | 3_2_00422E10 | |
| Source: | Code function: | 3_2_0042BEC0 | |
| Source: | Code function: | 3_2_0040BEE0 | |
| Source: | Code function: | 3_2_00443EF0 | |
| Source: | Code function: | 3_2_00446680 | |
| Source: | Code function: | 3_2_00429684 | |
| Source: | Code function: | 3_2_004256B0 | |
| Source: | Code function: | 3_2_00449EB0 | |
| Source: | Code function: | 3_2_0044B6B0 | |
| Source: | Code function: | 3_2_0043A75F | |
| Source: | Code function: | 3_2_0041577B | |
| Source: | Code function: | 3_2_00408700 | |
| Source: | Code function: | 3_2_004417C0 | |
| Source: | Code function: | 3_2_00421FD9 | |
| Source: | Code function: | 3_2_00442FE0 | |
| Source: | Code function: | 3_2_00426F80 | |
| Source: | Code function: | 3_2_0042FF94 | |
| Source: | Code function: | 3_2_00431F9C | |
| Source: | Code function: | 3_2_004317A2 | |
| Source: | Code function: | 3_2_004377B0 | |
| Source: | Code function: | 3_2_030C11E0 | |
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 3_2_004422C0 | |
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00007FF692D11831 | |
| Source: | Code function: | 0_2_00007FF692D08438 | |
| Source: | Code function: | 0_2_00007FF692D1180F | |
| Source: | Code function: | 0_2_00007FF692D07422 | |
| Source: | Code function: | 0_2_00007FF692D117F2 | |
| Source: | Code function: | 0_2_00007FF692D07395 | |
| Source: | Code function: | 0_2_00007FF692D117B4 | |
| Source: | Code function: | 0_2_00007FF692CF37B9 | |
| Source: | Code function: | 0_2_00007FF692D0776E | |
| Source: | Code function: | 0_2_00007FF692D07D36 | |
| Source: | Code function: | 0_2_00007FF692CF3CD8 | |
| Source: | Code function: | 0_2_00007FF692D07CD0 | |
| Source: | Code function: | 0_2_00007FF692D118F5 | |
| Source: | Code function: | 0_2_00007FF692D084C6 | |
| Source: | Code function: | 0_2_00007FF692D09C97 | |
| Source: | Code function: | 0_2_00007FF692D08C63 | |
| Source: | Code function: | 0_2_00007FF692D1180F | |
| Source: | Code function: | 0_2_00007FF692D07062 | |
| Source: | Code function: | 0_2_00007FF692D07E2F | |
| Source: | Code function: | 0_2_00007FF692D11A0C | |
| Source: | Code function: | 0_2_00007FF692CF3DF5 | |
| Source: | Code function: | 0_2_00007FF692D065E9 | |
| Source: | Code function: | 0_2_00007FF692D081CF | |
| Source: | Code function: | 0_2_00007FF692D06D99 | |
| Source: | Code function: | 0_2_00007FF692D099A6 | |
| Source: | Code function: | 0_2_00007FF692D06586 | |
| Source: | Code function: | 0_2_00007FF692D119B1 | |
| Source: | Code function: | 0_2_00007FF692CF397E | |
| Source: | Code function: | 0_2_00007FF692D0759C | |
| Source: | Code function: | 0_2_00007FF692D07EFE | |
| Source: | Code function: | 0_2_00007FF692CF371D | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | WMI Queries: | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_3-22207 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 3_2_00448BF0 | |
| Source: | Code function: | 0_2_00007FF692D90E14 | |
| Source: | Code function: | 0_2_00007FF692D89384 | |
| Source: | Code function: | 0_2_00007FF692D90E14 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF692D9D808 | |
| Source: | Code function: | 0_2_00007FF692D9D4F0 | |
| Source: | Code function: | 0_2_00007FF692D98200 | |
| Source: | Code function: | 0_2_00007FF692D9D1F0 | |
| Source: | Code function: | 0_2_00007FF692D9DA90 | |
| Source: | Code function: | 0_2_00007FF692D97A88 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00007FF692D8A19C | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Windows Management Instrumentation | 1 DLL Side-Loading | 311 Process Injection | 21 Virtualization/Sandbox Evasion | 2 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Screen Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 311 Process Injection | LSASS Memory | 231 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 31 Data from Local System | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 4 Obfuscated Files or Information | NTDS | 1 Process Discovery | Distributed Component Object Model | 3 Clipboard Data | 114 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 33 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 31% | Virustotal | Browse | ||
| 28% | ReversingLabs | Win64.Malware.Generic |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
| ax-9999.ax-msedge.net | 150.171.28.254 | true | false | high | |
| edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | 217.20.55.34 | true | false | high | |
| t.me | 149.154.167.99 | true | false | high | |
| aquesolp.run | 104.21.22.10 | true | true | unknown | |
| pki-goog.l.google.com | 142.250.9.94 | true | false | high | |
| c2a9c95e369881c67228a6591cac2686.clo.footprintdns.com | unknown | unknown | false | high | |
| c.pki.goog | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| false | high | ||
| true |
| unknown | |
| true |
| unknown | |
| false |
| unknown | |
| false | high | ||
| true |
| unknown | |
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.21.22.10 | aquesolp.run | United States | 13335 | CLOUDFLARENETUS | true | |
| 149.154.167.99 | t.me | United Kingdom | 62041 | TELEGRAMRU | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1663604 |
| Start date and time: | 2025-04-12 01:44:08 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 0s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 11 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | launch3r-v2.2.2.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/0@4/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.213.193, 199.232.210.172, 4.175.87.197, 52.165.164.15, 13.95.31.18, 217.20.55.34, 150.171.28.254
- Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, ax-ring.msedge.net, fe3.delivery.mp.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 19:45:02 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.99 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cinoshi Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| t.me | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Amadey, LummaC Stealer, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | LummaC Stealer, PrivateLoader, Vidar | Browse |
| ||
| Get hash | malicious | Amadey, LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Amadey, LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| ax-9999.ax-msedge.net | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | AsyncRAT, DcRat | Browse |
| ||
| Get hash | malicious | DarkCloud | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Quasar | Browse |
| ||
| bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | ScreenConnect Tool | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Metasploit | Browse |
| ||
| Get hash | malicious | DcRat | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Amadey, LummaC Stealer, Vidar | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher, Invisible JS, Tycoon2FA | Browse |
| |
| Get hash | malicious | Latrodectus | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Captcha Phish | Browse |
| ||
| Get hash | malicious | Captcha Phish | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher, LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 7.61985788210772 |
| TrID: |
|
| File name: | launch3r-v2.2.2.exe |
| File size: | 1'577'984 bytes |
| MD5: | 2151fa14db38f5b760138ef434cf19db |
| SHA1: | e3d23e54cd659a3c79c70e6adcede8bdf7305745 |
| SHA256: | 12d1bcd5f34a5bfa63cddf972b8d51213b503b5a940cf3ba10d81104e49e930e |
| SHA512: | 2853bba9b0bb2f29b8bb989c8451553bb17008ab58ef4fab09758c276bff8df071784febf550d994c2568316fc22e8cc144248236f2eac4fec71cc71e4c5d577 |
| SSDEEP: | 24576:kFtBhmrPJpYSHCLuc/NS4W0eLXnGDQ84W0eLXnGDQ:Yfo6NChLXGD1hLXGD |
| TLSH: | 4475D12A605692DAF69544F23A45A2A0B463F573873D1FEF80F4E3252507EE40F3E71A |
| File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...gA.g.........."......|.....................@.....................................g....`........................................ |
 | |
| Icon Hash: | 90cececece8e8eb0 |
| Entrypoint: | 0x14009a188 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x140000000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x67F94167 [Fri Apr 11 16:20:55 2025 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | a898adc0428740dd4fad8431feafaf7a |
| Instruction |
|---|
| dec eax |
| sub esp, 28h |
| call 00007F66E07E75E0h |
| dec eax |
| add esp, 28h |
| jmp 00007F66E07E744Fh |
| int3 |
| int3 |
| dec eax |
| mov dword ptr [esp+18h], ebx |
| push ebp |
| dec eax |
| mov ebp, esp |
| dec eax |
| sub esp, 30h |
| dec eax |
| mov eax, dword ptr [000310D0h] |
| dec eax |
| mov ebx, 2DDFA232h |
| cdq |
| sub eax, dword ptr [eax] |
| add byte ptr [eax+3Bh], cl |
| ret |
| jne 00007F66E07E7646h |
| dec eax |
| and dword ptr [ebp+10h], 00000000h |
| dec eax |
| lea ecx, dword ptr [ebp+10h] |
| call dword ptr [0002C042h] |
| dec eax |
| mov eax, dword ptr [ebp+10h] |
| dec eax |
| mov dword ptr [ebp-10h], eax |
| call dword ptr [0002BFACh] |
| mov eax, eax |
| dec eax |
| xor dword ptr [ebp-10h], eax |
| call dword ptr [0002BF98h] |
| mov eax, eax |
| dec eax |
| lea ecx, dword ptr [ebp+18h] |
| dec eax |
| xor dword ptr [ebp-10h], eax |
| call dword ptr [0002C0B8h] |
| mov eax, dword ptr [ebp+18h] |
| dec eax |
| lea ecx, dword ptr [ebp-10h] |
| dec eax |
| shl eax, 20h |
| dec eax |
| xor eax, dword ptr [ebp+18h] |
| dec eax |
| xor eax, dword ptr [ebp-10h] |
| dec eax |
| xor eax, ecx |
| dec eax |
| mov ecx, FFFFFFFFh |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc5d50 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x18c000 | 0x7cb | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0xd0000 | 0x31ec | .pdata |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xdd000 | 0xaa0 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0xc16c0 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xbb200 | 0x140 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xc6090 | 0x318 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xb7a2e | 0xb7c00 | 95b7b1836694c92f6874e40f5216f1fb | False | 0.514859693877551 | data | 7.049880263957565 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0xb9000 | 0x101cc | 0x10200 | 9461490fcd9fdc1d1fb916349bae1ce3 | False | 0.4074309593023256 | OpenPGP Secret Key Version 6 | 4.8837328659943715 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xca000 | 0x5ad8 | 0x2400 | eeed9b9b3929e95e2f9accf23ca9bb80 | False | 0.1616753472222222 | data | 3.921203399253688 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .pdata | 0xd0000 | 0x31ec | 0x3200 | 6cbba02ee6fcebeda3c818e974065395 | False | 0.50171875 | data | 5.792295577943378 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .B5 | 0xd4000 | 0x3229 | 0x3400 | 75cda5ec0badb9868a9b1af833ca345b | False | 0.5454477163461539 | data | 6.940675920308152 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .gxfg | 0xd8000 | 0x1c70 | 0x1e00 | e1645edf2fc209056c11ba2648aac183 | False | 0.41692708333333334 | data | 4.978526138512825 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .retplne | 0xda000 | 0x8c | 0x200 | 8c950f651287cbc1296bcb4e8cd7e990 | False | 0.126953125 | data | 1.050583247971927 | |
| .tls | 0xdb000 | 0x9 | 0x200 | 1f354d76203061bfdd5a53dae48d5435 | False | 0.033203125 | data | 0.020393135236084953 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| _RDATA | 0xdc000 | 0x1f4 | 0x200 | 4c3192380a3877e08356b066c9690811 | False | 0.541015625 | data | 4.232091808468937 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0xdd000 | 0xaa0 | 0xc00 | c0d3f84af9e48e1df863556f22715610 | False | 0.4775390625 | data | 5.201784219915228 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| .jss | 0xde000 | 0x56600 | 0x56600 | d3758b95c0f27440babfd26d6525715c | False | 1.0003278762662808 | data | 7.9995463555560224 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .jss | 0x135000 | 0x56600 | 0x56600 | d3758b95c0f27440babfd26d6525715c | False | 1.0003278762662808 | data | 7.9995463555560224 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x18c000 | 0x7cb | 0x800 | f635ea042fd2036c44cd7e7f38cfd43e | False | 0.4345703125 | data | 4.563754337342242 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_VERSION | 0x18c0a0 | 0x364 | data | English | United States | 0.4608294930875576 |
| RT_MANIFEST | 0x18c404 | 0x3c7 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.46328852119958636 |
| DLL | Import |
|---|---|
| KERNEL32.dll | AcquireSRWLockExclusive, CloseHandle, CloseThreadpoolWork, CreateFileA, CreateFileW, CreateThreadpoolWork, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlsAlloc, FlsFree, FlsGetValue, FlsSetValue, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryWhenCallbackReturns, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitOnceBeginInitialize, InitOnceComplete, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, QueryPerformanceFrequency, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlCaptureContext, RtlLookupFunctionEntry, RtlPcToFileHeader, RtlUnwind, RtlUnwindEx, RtlVirtualUnwind, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, Sleep, SleepConditionVariableSRW, SubmitThreadpoolWork, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile |
| Description | Data |
|---|---|
| CompanyName | Microsoft Corporation |
| FileDescription | Microsoft HTML Help Executable |
| FileVersion | 10.0.19041.1 (WinBuild.160101.0800) |
| InternalName | HH 1.41 |
| LegalCopyright | Microsoft Corporation. All rights reserved. |
| OriginalFilename | HH.exe |
| ProductName | HTML Help |
| ProductVersion | 10.0.19041.1 |
| Translation | 0x0409 0x04b0 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-04-12T01:45:03.451714+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49692 | 149.154.167.99 | 443 | TCP |
| 2025-04-12T01:45:04.302730+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49693 | 104.21.22.10 | 443 | TCP |
| 2025-04-12T01:45:06.616538+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49694 | 104.21.22.10 | 443 | TCP |
| 2025-04-12T01:45:07.638100+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49695 | 104.21.22.10 | 443 | TCP |
| 2025-04-12T01:45:08.625050+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49696 | 104.21.22.10 | 443 | TCP |
| 2025-04-12T01:45:10.574781+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49697 | 104.21.22.10 | 443 | TCP |
| 2025-04-12T01:45:11.696467+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49698 | 104.21.22.10 | 443 | TCP |
| 2025-04-12T01:45:13.695752+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49700 | 104.21.22.10 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 12, 2025 01:44:51.999083996 CEST | 49672 | 443 | 192.168.2.5 | 204.79.197.203 |
| Apr 12, 2025 01:44:54.405380964 CEST | 49672 | 443 | 192.168.2.5 | 204.79.197.203 |
| Apr 12, 2025 01:44:58.259835005 CEST | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
| Apr 12, 2025 01:44:58.561845064 CEST | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
| Apr 12, 2025 01:44:59.170857906 CEST | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
| Apr 12, 2025 01:44:59.217797995 CEST | 49672 | 443 | 192.168.2.5 | 204.79.197.203 |
| Apr 12, 2025 01:45:00.373989105 CEST | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
| Apr 12, 2025 01:45:01.056371927 CEST | 49691 | 80 | 192.168.2.5 | 142.250.9.94 |
| Apr 12, 2025 01:45:01.163872004 CEST | 80 | 49691 | 142.250.9.94 | 192.168.2.5 |
| Apr 12, 2025 01:45:01.164048910 CEST | 49691 | 80 | 192.168.2.5 | 142.250.9.94 |
| Apr 12, 2025 01:45:01.164108992 CEST | 49691 | 80 | 192.168.2.5 | 142.250.9.94 |
| Apr 12, 2025 01:45:01.272099018 CEST | 80 | 49691 | 142.250.9.94 | 192.168.2.5 |
| Apr 12, 2025 01:45:01.272645950 CEST | 80 | 49691 | 142.250.9.94 | 192.168.2.5 |
| Apr 12, 2025 01:45:01.272691965 CEST | 80 | 49691 | 142.250.9.94 | 192.168.2.5 |
| Apr 12, 2025 01:45:01.272767067 CEST | 49691 | 80 | 192.168.2.5 | 142.250.9.94 |
| Apr 12, 2025 01:45:01.277698994 CEST | 49691 | 80 | 192.168.2.5 | 142.250.9.94 |
| Apr 12, 2025 01:45:01.387940884 CEST | 80 | 49691 | 142.250.9.94 | 192.168.2.5 |
| Apr 12, 2025 01:45:01.436552048 CEST | 49691 | 80 | 192.168.2.5 | 142.250.9.94 |
| Apr 12, 2025 01:45:02.780400038 CEST | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
| Apr 12, 2025 01:45:03.016113043 CEST | 49692 | 443 | 192.168.2.5 | 149.154.167.99 |
| Apr 12, 2025 01:45:03.016164064 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.016366959 CEST | 49692 | 443 | 192.168.2.5 | 149.154.167.99 |
| Apr 12, 2025 01:45:03.017442942 CEST | 49692 | 443 | 192.168.2.5 | 149.154.167.99 |
| Apr 12, 2025 01:45:03.017486095 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.451644897 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.451714039 CEST | 49692 | 443 | 192.168.2.5 | 149.154.167.99 |
| Apr 12, 2025 01:45:03.454901934 CEST | 49692 | 443 | 192.168.2.5 | 149.154.167.99 |
| Apr 12, 2025 01:45:03.454914093 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.455317974 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.498977900 CEST | 49692 | 443 | 192.168.2.5 | 149.154.167.99 |
| Apr 12, 2025 01:45:03.507873058 CEST | 49692 | 443 | 192.168.2.5 | 149.154.167.99 |
| Apr 12, 2025 01:45:03.548275948 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.872505903 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.872567892 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.872589111 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.872626066 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.872631073 CEST | 49692 | 443 | 192.168.2.5 | 149.154.167.99 |
| Apr 12, 2025 01:45:03.872654915 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.872663021 CEST | 49692 | 443 | 192.168.2.5 | 149.154.167.99 |
| Apr 12, 2025 01:45:03.872678995 CEST | 49692 | 443 | 192.168.2.5 | 149.154.167.99 |
| Apr 12, 2025 01:45:03.872695923 CEST | 49692 | 443 | 192.168.2.5 | 149.154.167.99 |
| Apr 12, 2025 01:45:03.872709990 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.872786999 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.872834921 CEST | 49692 | 443 | 192.168.2.5 | 149.154.167.99 |
| Apr 12, 2025 01:45:03.875258923 CEST | 49692 | 443 | 192.168.2.5 | 149.154.167.99 |
| Apr 12, 2025 01:45:03.875281096 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.875298023 CEST | 49692 | 443 | 192.168.2.5 | 149.154.167.99 |
| Apr 12, 2025 01:45:03.875304937 CEST | 443 | 49692 | 149.154.167.99 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.041865110 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:04.041930914 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.042007923 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:04.042351961 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:04.042371988 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.302395105 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.302730083 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:04.305658102 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:04.305674076 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.306068897 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.307780027 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:04.307873011 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:04.307890892 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.887835979 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.887885094 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.887919903 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.887958050 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.887996912 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.888067007 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.888087988 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:04.888088942 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:04.888103962 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.888120890 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.888178110 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:04.888178110 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:04.888205051 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.893083096 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.893127918 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.893158913 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:04.893189907 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.893584967 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:04.893594980 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:04.936670065 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:05.005170107 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.005234003 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.005450010 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:05.005482912 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.005578995 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.005650997 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.005692005 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:05.005702972 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.005892038 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:05.006002903 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.006170988 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.006241083 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.006561041 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:05.006568909 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.006633043 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.006670952 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:05.006678104 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.006922960 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.006958961 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:05.006966114 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.007074118 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.007112980 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:05.007119894 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.007282972 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.007327080 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:05.007441998 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:05.007905006 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:05.007905006 CEST | 49693 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:05.007924080 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:05.007934093 CEST | 443 | 49693 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:06.357023001 CEST | 49694 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:06.357079029 CEST | 443 | 49694 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:06.357178926 CEST | 49694 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:06.357507944 CEST | 49694 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:06.357526064 CEST | 443 | 49694 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:06.616470098 CEST | 443 | 49694 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:06.616538048 CEST | 49694 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:06.622905970 CEST | 49694 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:06.622917891 CEST | 443 | 49694 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:06.623245001 CEST | 443 | 49694 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:06.624845028 CEST | 49694 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:06.625355005 CEST | 49694 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:06.625403881 CEST | 443 | 49694 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:06.625488997 CEST | 49694 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:06.625495911 CEST | 443 | 49694 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:07.215351105 CEST | 443 | 49694 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:07.215635061 CEST | 443 | 49694 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:07.215790987 CEST | 49694 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:07.215953112 CEST | 49694 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:07.215972900 CEST | 443 | 49694 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:07.411345959 CEST | 49695 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:07.411398888 CEST | 443 | 49695 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:07.411474943 CEST | 49695 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:07.411848068 CEST | 49695 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:07.411869049 CEST | 443 | 49695 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:07.592737913 CEST | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
| Apr 12, 2025 01:45:07.638025999 CEST | 443 | 49695 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:07.638099909 CEST | 49695 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:07.639403105 CEST | 49695 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:07.639413118 CEST | 443 | 49695 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:07.639736891 CEST | 443 | 49695 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:07.640958071 CEST | 49695 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:07.641093016 CEST | 49695 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:07.641132116 CEST | 443 | 49695 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:07.641187906 CEST | 49695 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:07.684305906 CEST | 443 | 49695 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:08.241137981 CEST | 443 | 49695 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:08.241451025 CEST | 443 | 49695 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:08.241503954 CEST | 49695 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:08.241584063 CEST | 49695 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:08.394316912 CEST | 49696 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:08.394361019 CEST | 443 | 49696 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:08.394831896 CEST | 49696 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:08.394831896 CEST | 49696 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:08.394862890 CEST | 443 | 49696 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:08.624938965 CEST | 443 | 49696 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:08.625050068 CEST | 49696 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:08.626667023 CEST | 49696 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:08.626677990 CEST | 443 | 49696 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:08.627002954 CEST | 443 | 49696 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:08.632781029 CEST | 49696 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:08.633023024 CEST | 49696 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:08.633058071 CEST | 443 | 49696 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:08.633219004 CEST | 49696 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:08.633229971 CEST | 443 | 49696 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:08.828432083 CEST | 49672 | 443 | 192.168.2.5 | 204.79.197.203 |
| Apr 12, 2025 01:45:09.237238884 CEST | 443 | 49696 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:09.237521887 CEST | 443 | 49696 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:09.237535954 CEST | 49696 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:09.237596035 CEST | 49696 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:10.340990067 CEST | 49697 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:10.341041088 CEST | 443 | 49697 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:10.341367960 CEST | 49697 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:10.341367960 CEST | 49697 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:10.341408968 CEST | 443 | 49697 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:10.574609995 CEST | 443 | 49697 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:10.574780941 CEST | 49697 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:10.575709105 CEST | 49697 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:10.575726032 CEST | 443 | 49697 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:10.576066971 CEST | 443 | 49697 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:10.577410936 CEST | 49697 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:10.577410936 CEST | 49697 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:10.577454090 CEST | 443 | 49697 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.113081932 CEST | 443 | 49697 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.113348961 CEST | 49697 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.438071966 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.438163996 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.438261032 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.438621044 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.438647032 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.696369886 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.696466923 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.697698116 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.697726965 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.698069096 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.699213982 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.700043917 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.700094938 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.700227976 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.700287104 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.700421095 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.700463057 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.700615883 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.700663090 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.700843096 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.700891972 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.701097012 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.701150894 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.701179028 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.701356888 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.701419115 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.744276047 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.744611979 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.744723082 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.744756937 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.788275003 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.788505077 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.788566113 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.788626909 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.832267046 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:11.832408905 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:11.876266003 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:12.071475029 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:13.454682112 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:13.454978943 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:13.455060959 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:13.455151081 CEST | 49698 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:13.455193996 CEST | 443 | 49698 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:13.465508938 CEST | 49700 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:13.465603113 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:13.465688944 CEST | 49700 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:13.466244936 CEST | 49700 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:13.466284990 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:13.695643902 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:13.695751905 CEST | 49700 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:13.710413933 CEST | 49700 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:13.710463047 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:13.711209059 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:13.712886095 CEST | 49700 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:13.712886095 CEST | 49700 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:13.713100910 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:14.216957092 CEST | 49675 | 443 | 192.168.2.5 | 2.23.227.208 |
| Apr 12, 2025 01:45:14.216994047 CEST | 443 | 49675 | 2.23.227.208 | 192.168.2.5 |
| Apr 12, 2025 01:45:14.268979073 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:14.269118071 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:14.269205093 CEST | 49700 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:14.269211054 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:14.269275904 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:14.269370079 CEST | 49700 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:14.269380093 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:14.269409895 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:14.269565105 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:14.269623041 CEST | 49700 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:14.269640923 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:14.269692898 CEST | 49700 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:14.269706964 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:14.269850969 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:14.273658037 CEST | 49700 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:14.288259983 CEST | 49700 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:14.288300037 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:14.288325071 CEST | 49700 | 443 | 192.168.2.5 | 104.21.22.10 |
| Apr 12, 2025 01:45:14.288340092 CEST | 443 | 49700 | 104.21.22.10 | 192.168.2.5 |
| Apr 12, 2025 01:45:17.202162981 CEST | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
| Apr 12, 2025 01:46:01.500293970 CEST | 49691 | 80 | 192.168.2.5 | 142.250.9.94 |
| Apr 12, 2025 01:46:01.607074022 CEST | 80 | 49691 | 142.250.9.94 | 192.168.2.5 |
| Apr 12, 2025 01:46:01.608294010 CEST | 49691 | 80 | 192.168.2.5 | 142.250.9.94 |
| Apr 12, 2025 01:46:35.124443054 CEST | 49682 | 443 | 192.168.2.5 | 150.171.28.10 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 12, 2025 01:45:00.948101044 CEST | 49890 | 53 | 192.168.2.5 | 1.1.1.1 |
| Apr 12, 2025 01:45:01.055605888 CEST | 53 | 49890 | 1.1.1.1 | 192.168.2.5 |
| Apr 12, 2025 01:45:02.878690004 CEST | 64610 | 53 | 192.168.2.5 | 1.1.1.1 |
| Apr 12, 2025 01:45:02.985050917 CEST | 53 | 64610 | 1.1.1.1 | 192.168.2.5 |
| Apr 12, 2025 01:45:03.880110025 CEST | 63409 | 53 | 192.168.2.5 | 1.1.1.1 |
| Apr 12, 2025 01:45:04.040831089 CEST | 53 | 63409 | 1.1.1.1 | 192.168.2.5 |
| Apr 12, 2025 01:45:13.668268919 CEST | 64278 | 53 | 192.168.2.5 | 1.1.1.1 |
| Apr 12, 2025 01:45:13.821827888 CEST | 53 | 64278 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Apr 12, 2025 01:45:00.948101044 CEST | 192.168.2.5 | 1.1.1.1 | 0xb9ef | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Apr 12, 2025 01:45:02.878690004 CEST | 192.168.2.5 | 1.1.1.1 | 0xef5e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Apr 12, 2025 01:45:03.880110025 CEST | 192.168.2.5 | 1.1.1.1 | 0x6ab1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Apr 12, 2025 01:45:13.668268919 CEST | 192.168.2.5 | 1.1.1.1 | 0x920a | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Apr 12, 2025 01:45:00.394963026 CEST | 1.1.1.1 | 192.168.2.5 | 0x6c6d | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:45:00.394963026 CEST | 1.1.1.1 | 192.168.2.5 | 0x6c6d | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:45:01.055605888 CEST | 1.1.1.1 | 192.168.2.5 | 0xb9ef | No error (0) | pki-goog.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Apr 12, 2025 01:45:01.055605888 CEST | 1.1.1.1 | 192.168.2.5 | 0xb9ef | No error (0) | 142.250.9.94 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:45:02.985050917 CEST | 1.1.1.1 | 192.168.2.5 | 0xef5e | No error (0) | 149.154.167.99 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:45:04.040831089 CEST | 1.1.1.1 | 192.168.2.5 | 0x6ab1 | No error (0) | 104.21.22.10 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:45:04.040831089 CEST | 1.1.1.1 | 192.168.2.5 | 0x6ab1 | No error (0) | 172.67.201.178 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:45:13.821827888 CEST | 1.1.1.1 | 192.168.2.5 | 0x920a | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Apr 12, 2025 01:45:14.493256092 CEST | 1.1.1.1 | 192.168.2.5 | 0x925f | No error (0) | ax-9999.ax-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Apr 12, 2025 01:45:14.493256092 CEST | 1.1.1.1 | 192.168.2.5 | 0x925f | No error (0) | 150.171.28.254 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:45:14.493256092 CEST | 1.1.1.1 | 192.168.2.5 | 0x925f | No error (0) | 150.171.27.254 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:45:26.890918016 CEST | 1.1.1.1 | 192.168.2.5 | 0x9aff | No error (0) | ax-9999.ax-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Apr 12, 2025 01:45:26.890918016 CEST | 1.1.1.1 | 192.168.2.5 | 0x9aff | No error (0) | 150.171.28.254 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:45:26.890918016 CEST | 1.1.1.1 | 192.168.2.5 | 0x9aff | No error (0) | 150.171.27.254 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:46:14.695910931 CEST | 1.1.1.1 | 192.168.2.5 | 0x78c2 | No error (0) | 217.20.55.34 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:46:14.695910931 CEST | 1.1.1.1 | 192.168.2.5 | 0x78c2 | No error (0) | 217.20.55.37 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:46:14.695910931 CEST | 1.1.1.1 | 192.168.2.5 | 0x78c2 | No error (0) | 217.20.48.35 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:46:14.695910931 CEST | 1.1.1.1 | 192.168.2.5 | 0x78c2 | No error (0) | 217.20.48.37 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:46:14.695910931 CEST | 1.1.1.1 | 192.168.2.5 | 0x78c2 | No error (0) | 217.20.55.21 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:46:14.695910931 CEST | 1.1.1.1 | 192.168.2.5 | 0x78c2 | No error (0) | 217.20.55.35 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:46:14.695910931 CEST | 1.1.1.1 | 192.168.2.5 | 0x78c2 | No error (0) | 217.20.55.38 | A (IP address) | IN (0x0001) | false | ||
| Apr 12, 2025 01:46:14.695910931 CEST | 1.1.1.1 | 192.168.2.5 | 0x78c2 | No error (0) | 217.20.48.18 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 0 | 192.168.2.5 | 49691 | 142.250.9.94 | 80 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Apr 12, 2025 01:45:01.164108992 CEST | 202 | OUT | |
| Apr 12, 2025 01:45:01.272645950 CEST | 1358 | IN | |
| Apr 12, 2025 01:45:01.272691965 CEST | 1093 | IN | |
| Apr 12, 2025 01:45:01.277698994 CEST | 200 | OUT | |
| Apr 12, 2025 01:45:01.387940884 CEST | 1241 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49692 | 149.154.167.99 | 443 | 7396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-11 23:45:03 UTC | 61 | OUT | |
| 2025-04-11 23:45:03 UTC | 512 | IN | |
| 2025-04-11 23:45:03 UTC | 12315 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49693 | 104.21.22.10 | 443 | 7396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-11 23:45:04 UTC | 263 | OUT | |
| 2025-04-11 23:45:04 UTC | 65 | OUT | |
| 2025-04-11 23:45:04 UTC | 786 | IN | |
| 2025-04-11 23:45:04 UTC | 583 | IN | |
| 2025-04-11 23:45:04 UTC | 1369 | IN | |
| 2025-04-11 23:45:04 UTC | 1369 | IN | |
| 2025-04-11 23:45:04 UTC | 1369 | IN | |
| 2025-04-11 23:45:04 UTC | 1369 | IN | |
| 2025-04-11 23:45:04 UTC | 1369 | IN | |
| 2025-04-11 23:45:04 UTC | 1369 | IN | |
| 2025-04-11 23:45:04 UTC | 1369 | IN | |
| 2025-04-11 23:45:04 UTC | 753 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.5 | 49694 | 104.21.22.10 | 443 | 7396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-11 23:45:06 UTC | 279 | OUT | |
| 2025-04-11 23:45:06 UTC | 14927 | OUT | |
| 2025-04-11 23:45:07 UTC | 804 | IN | |
| 2025-04-11 23:45:07 UTC | 76 | IN | |
| 2025-04-11 23:45:07 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.5 | 49695 | 104.21.22.10 | 443 | 7396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-11 23:45:07 UTC | 273 | OUT | |
| 2025-04-11 23:45:07 UTC | 15046 | OUT | |
| 2025-04-11 23:45:08 UTC | 809 | IN | |
| 2025-04-11 23:45:08 UTC | 76 | IN | |
| 2025-04-11 23:45:08 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.5 | 49696 | 104.21.22.10 | 443 | 7396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-11 23:45:08 UTC | 281 | OUT | |
| 2025-04-11 23:45:08 UTC | 15331 | OUT | |
| 2025-04-11 23:45:08 UTC | 5244 | OUT | |
| 2025-04-11 23:45:09 UTC | 814 | IN | |
| 2025-04-11 23:45:09 UTC | 76 | IN | |
| 2025-04-11 23:45:09 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.5 | 49697 | 104.21.22.10 | 443 | 7396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-11 23:45:10 UTC | 281 | OUT | |
| 2025-04-11 23:45:10 UTC | 2599 | OUT | |
| 2025-04-11 23:45:11 UTC | 806 | IN | |
| 2025-04-11 23:45:11 UTC | 76 | IN | |
| 2025-04-11 23:45:11 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.5 | 49698 | 104.21.22.10 | 443 | 7396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-11 23:45:11 UTC | 273 | OUT | |
| 2025-04-11 23:45:11 UTC | 15331 | OUT | |
| 2025-04-11 23:45:11 UTC | 15331 | OUT | |
| 2025-04-11 23:45:11 UTC | 15331 | OUT | |
| 2025-04-11 23:45:11 UTC | 15331 | OUT | |
| 2025-04-11 23:45:11 UTC | 15331 | OUT | |
| 2025-04-11 23:45:11 UTC | 15331 | OUT | |
| 2025-04-11 23:45:11 UTC | 15331 | OUT | |
| 2025-04-11 23:45:11 UTC | 15331 | OUT | |
| 2025-04-11 23:45:11 UTC | 15331 | OUT | |
| 2025-04-11 23:45:11 UTC | 15331 | OUT | |
| 2025-04-11 23:45:13 UTC | 808 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.5 | 49700 | 104.21.22.10 | 443 | 7396 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-11 23:45:13 UTC | 264 | OUT | |
| 2025-04-11 23:45:13 UTC | 103 | OUT | |
| 2025-04-11 23:45:14 UTC | 783 | IN | |
| 2025-04-11 23:45:14 UTC | 586 | IN | |
| 2025-04-11 23:45:14 UTC | 1369 | IN | |
| 2025-04-11 23:45:14 UTC | 1369 | IN | |
| 2025-04-11 23:45:14 UTC | 1369 | IN | |
| 2025-04-11 23:45:14 UTC | 1369 | IN | |
| 2025-04-11 23:45:14 UTC | 1369 | IN | |
| 2025-04-11 23:45:14 UTC | 1369 | IN | |
| 2025-04-11 23:45:14 UTC | 1369 | IN | |
| 2025-04-11 23:45:14 UTC | 1055 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 19:44:54 |
| Start date: | 11/04/2025 |
| Path: | C:\Users\user\Desktop\launch3r-v2.2.2.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff692cf0000 |
| File size: | 1'577'984 bytes |
| MD5 hash: | 2151FA14DB38F5B760138EF434CF19DB |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 19:44:58 |
| Start date: | 11/04/2025 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x630000 |
| File size: | 262'432 bytes |
| MD5 hash: | 8FDF47E0FF70C40ED3A17014AEEA4232 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | false |