Windows
Analysis Report
whiteee.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
whiteee.exe (PID: 7320 cmdline:
"C:\Users\ user\Deskt op\whiteee .exe" MD5: 9A961CDB405219D714347C06A7A6A995) RegSvcs.exe (PID: 7336 cmdline:
"C:\Users\ user\Deskt op\whiteee .exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "SMTP", "Username": "mmcc1@cash4cars.nz", "Password": "TeZIDzFWyl7%", "Host": "mail.cash4cars.nz", "Port": "26"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
Click to see the 16 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
Windows_Trojan_SnakeKeylogger_af3faa65 | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
INDICATOR_SUSPICIOUS_EXE_DotNetProcHook | Detects executables with potential process hoocking | ditekSHen |
| |
Click to see the 15 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Location Tracking |
---|
Source: | DNS query: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_003DDBBE | |
Source: | Code function: | 0_2_003E68EE | |
Source: | Code function: | 0_2_003E698F | |
Source: | Code function: | 0_2_003DD076 | |
Source: | Code function: | 0_2_003DD3A9 | |
Source: | Code function: | 0_2_003E9642 | |
Source: | Code function: | 0_2_003E979D | |
Source: | Code function: | 0_2_003E9B2B | |
Source: | Code function: | 0_2_003E5C97 |
Source: | Code function: | 1_2_00E3F007 | |
Source: | Code function: | 1_2_00E3F007 | |
Source: | Code function: | 1_2_00E3E528 | |
Source: | Code function: | 1_2_00E3EB5B | |
Source: | Code function: | 1_2_00E3ED3C | |
Source: | Code function: | 1_2_06568608 | |
Source: | Code function: | 1_2_06565618 | |
Source: | Code function: | 1_2_06565EC8 | |
Source: | Code function: | 1_2_06566778 | |
Source: | Code function: | 1_2_06560498 | |
Source: | Code function: | 1_2_065674A8 | |
Source: | Code function: | 1_2_06567D58 | |
Source: | Code function: | 1_2_06560D48 | |
Source: | Code function: | 1_2_06565A70 | |
Source: | Code function: | 1_2_06566320 | |
Source: | Code function: | 1_2_06566BD0 | |
Source: | Code function: | 1_2_065633B8 | |
Source: | Code function: | 1_2_065633A8 | |
Source: | Code function: | 1_2_06567050 | |
Source: | Code function: | 1_2_06560040 | |
Source: | Code function: | 1_2_065608F0 | |
Source: | Code function: | 1_2_06567900 | |
Source: | Code function: | 1_2_06565198 | |
Source: | Code function: | 1_2_065681B0 |
Networking |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_003ECE44 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Code function: | 0_2_003EEAFF |
Source: | Code function: | 0_2_003EED6A |
Source: | Code function: | 0_2_003EEAFF |
Source: | Code function: | 0_2_003DAA57 |
Source: | Code function: | 0_2_00409576 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_0c7e4f4c-c | |
Source: | String found in binary or memory: | memstr_32a79b55-9 | |
Source: | String found in binary or memory: | memstr_9ff9c25d-8 | |
Source: | String found in binary or memory: | memstr_e65ee30f-0 |
Source: | Code function: | 0_2_003DD5EB |
Source: | Code function: | 0_2_003D1201 |
Source: | Code function: | 0_2_003DE8F6 |
Source: | Code function: | 0_2_0037BF40 | |
Source: | Code function: | 0_2_00378060 | |
Source: | Code function: | 0_2_003E2046 | |
Source: | Code function: | 0_2_003D8298 | |
Source: | Code function: | 0_2_003AE4FF | |
Source: | Code function: | 0_2_003A676B | |
Source: | Code function: | 0_2_00404873 | |
Source: | Code function: | 0_2_0039CAA0 | |
Source: | Code function: | 0_2_0037CAF0 | |
Source: | Code function: | 0_2_0038CC39 | |
Source: | Code function: | 0_2_003A6DD9 | |
Source: | Code function: | 0_2_0038B119 | |
Source: | Code function: | 0_2_003791C0 | |
Source: | Code function: | 0_2_00391394 | |
Source: | Code function: | 0_2_00391706 | |
Source: | Code function: | 0_2_0039781B | |
Source: | Code function: | 0_2_00377920 | |
Source: | Code function: | 0_2_0038997D | |
Source: | Code function: | 0_2_003919B0 | |
Source: | Code function: | 0_2_00397A4A | |
Source: | Code function: | 0_2_00391C77 | |
Source: | Code function: | 0_2_00397CA7 | |
Source: | Code function: | 0_2_003FBE44 | |
Source: | Code function: | 0_2_003A9EEE | |
Source: | Code function: | 0_2_00391F32 | |
Source: | Code function: | 0_2_010F3600 | |
Source: | Code function: | 1_2_00E3F007 | |
Source: | Code function: | 1_2_00E3C190 | |
Source: | Code function: | 1_2_00E36108 | |
Source: | Code function: | 1_2_00E3B328 | |
Source: | Code function: | 1_2_00E3C470 | |
Source: | Code function: | 1_2_00E3C752 | |
Source: | Code function: | 1_2_00E36880 | |
Source: | Code function: | 1_2_00E39858 | |
Source: | Code function: | 1_2_00E34AD9 | |
Source: | Code function: | 1_2_00E3CA32 | |
Source: | Code function: | 1_2_00E3BBD2 | |
Source: | Code function: | 1_2_00E3BEB0 | |
Source: | Code function: | 1_2_00E3B4F2 | |
Source: | Code function: | 1_2_00E33572 | |
Source: | Code function: | 1_2_00E3E528 | |
Source: | Code function: | 1_2_00E3E517 | |
Source: | Code function: | 1_2_0656D670 | |
Source: | Code function: | 1_2_06568608 | |
Source: | Code function: | 1_2_0656B6E8 | |
Source: | Code function: | 1_2_06568C51 | |
Source: | Code function: | 1_2_0656A408 | |
Source: | Code function: | 1_2_0656BD38 | |
Source: | Code function: | 1_2_0656AA58 | |
Source: | Code function: | 1_2_0656C388 | |
Source: | Code function: | 1_2_0656D028 | |
Source: | Code function: | 1_2_0656B0A0 | |
Source: | Code function: | 1_2_0656C9D8 | |
Source: | Code function: | 1_2_065611A0 | |
Source: | Code function: | 1_2_0656D662 | |
Source: | Code function: | 1_2_06565611 | |
Source: | Code function: | 1_2_06565618 | |
Source: | Code function: | 1_2_0656B6D9 | |
Source: | Code function: | 1_2_06565EC3 | |
Source: | Code function: | 1_2_06565EC8 | |
Source: | Code function: | 1_2_06566773 | |
Source: | Code function: | 1_2_06566778 | |
Source: | Code function: | 1_2_06563730 | |
Source: | Code function: | 1_2_06564430 | |
Source: | Code function: | 1_2_06560493 | |
Source: | Code function: | 1_2_06560498 | |
Source: | Code function: | 1_2_065674A3 | |
Source: | Code function: | 1_2_065674A8 | |
Source: | Code function: | 1_2_06567D53 | |
Source: | Code function: | 1_2_06567D58 | |
Source: | Code function: | 1_2_06560D48 | |
Source: | Code function: | 1_2_06560D3B | |
Source: | Code function: | 1_2_0656BD28 | |
Source: | Code function: | 1_2_065685F8 | |
Source: | Code function: | 1_2_0656AA48 | |
Source: | Code function: | 1_2_06565A70 | |
Source: | Code function: | 1_2_06565A60 | |
Source: | Code function: | 1_2_0656C378 | |
Source: | Code function: | 1_2_0656631B | |
Source: | Code function: | 1_2_06566320 | |
Source: | Code function: | 1_2_06566BD0 | |
Source: | Code function: | 1_2_06566BCB | |
Source: | Code function: | 1_2_0656A3F8 | |
Source: | Code function: | 1_2_065633B8 | |
Source: | Code function: | 1_2_065633A8 | |
Source: | Code function: | 1_2_06567050 | |
Source: | Code function: | 1_2_06560040 | |
Source: | Code function: | 1_2_0656704B | |
Source: | Code function: | 1_2_06562818 | |
Source: | Code function: | 1_2_0656D018 | |
Source: | Code function: | 1_2_06562807 | |
Source: | Code function: | 1_2_0656003B | |
Source: | Code function: | 1_2_065608F0 | |
Source: | Code function: | 1_2_065678F0 | |
Source: | Code function: | 1_2_065608E3 | |
Source: | Code function: | 1_2_0656B08F | |
Source: | Code function: | 1_2_06567900 | |
Source: | Code function: | 1_2_0656C9C8 | |
Source: | Code function: | 1_2_06565198 | |
Source: | Code function: | 1_2_0656518B | |
Source: | Code function: | 1_2_065681B0 | |
Source: | Code function: | 1_2_065681AB |
Source: | Code function: | ||
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | Code function: | 0_2_003E37B5 |
Source: | Code function: | 0_2_003D10BF | |
Source: | Code function: | 0_2_003D16C3 |
Source: | Code function: | 0_2_003E51CD |
Source: | Code function: | 0_2_003FA67C |
Source: | Code function: | 0_2_003E648E |
Source: | Code function: | 0_2_003742A2 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_003742DE |
Source: | Code function: | 0_2_00390A89 |
Source: | Code function: | 0_2_0038F98E | |
Source: | Code function: | 0_2_00401C41 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Sandbox detection routine: | graph_0-97347 |
Source: | API/Special instruction interceptor: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Code function: | 0_2_003DDBBE | |
Source: | Code function: | 0_2_003E68EE | |
Source: | Code function: | 0_2_003E698F | |
Source: | Code function: | 0_2_003DD076 | |
Source: | Code function: | 0_2_003DD3A9 | |
Source: | Code function: | 0_2_003E9642 | |
Source: | Code function: | 0_2_003E979D | |
Source: | Code function: | 0_2_003E9B2B | |
Source: | Code function: | 0_2_003E5C97 |
Source: | Code function: | 0_2_003742DE |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_003EEAA2 |
Source: | Code function: | 0_2_003A2622 |
Source: | Code function: | 0_2_003742DE |
Source: | Code function: | 0_2_00394CE8 | |
Source: | Code function: | 0_2_010F3490 | |
Source: | Code function: | 0_2_010F34F0 | |
Source: | Code function: | 0_2_010F1E70 |
Source: | Code function: | 0_2_003D0B62 |
Source: | Code function: | 0_2_003A2622 | |
Source: | Code function: | 0_2_0039083F | |
Source: | Code function: | 0_2_003909D5 | |
Source: | Code function: | 0_2_00390C21 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Code function: | 0_2_003D1201 |
Source: | Code function: | 0_2_003B2BA5 |
Source: | Code function: | 0_2_003DB226 |
Source: | Code function: | 0_2_003F22DA |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_003D0B62 |
Source: | Code function: | 0_2_003D1663 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00390698 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_003E8195 |
Source: | Code function: | 0_2_003CD27A |
Source: | Code function: | 0_2_003ABB6F |
Source: | Code function: | 0_2_003742DE |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_003F1204 | |
Source: | Code function: | 0_2_003F1806 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 2 Valid Accounts | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 21 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 1 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 2 Valid Accounts | 3 Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 127 System Information Discovery | Distributed Component Object Model | 21 Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 2 Valid Accounts | LSA Secrets | 221 Security Software Discovery | SSH | 3 Clipboard Data | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 111 Virtualization/Sandbox Evasion | Cached Domain Credentials | 111 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 21 Access Token Manipulation | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 212 Process Injection | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | HTML Smuggling | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 System Network Configuration Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | Virustotal | Browse | ||
37% | ReversingLabs | Win32.Trojan.Strab | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
3% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
reallyfreegeoip.org | 188.114.97.3 | true | true |
| unknown |
checkip.dyndns.com | 193.122.6.168 | true | false |
| unknown |
checkip.dyndns.org | unknown | unknown | true |
| unknown |
56.126.166.20.in-addr.arpa | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
188.114.97.3 | reallyfreegeoip.org | European Union | 13335 | CLOUDFLARENETUS | true | |
193.122.6.168 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1465940 |
Start date and time: | 2024-07-02 09:53:38 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | whiteee.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/4@3/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target RegSvcs.exe, PID 7336 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
03:54:27 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
188.114.97.3 | Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
193.122.6.168 | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
reallyfreegeoip.org | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ORACLE-BMC-31898US | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Process: | C:\Users\user\Desktop\whiteee.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94302 |
Entropy (8bit): | 7.917642664391931 |
Encrypted: | false |
SSDEEP: | 1536:93QKWvqNhX1wt2JN7uYBIErjo51aDJwzLqQO7uS585KsZOE5omTbGb:JQKMqNhlwt2JNyeDJ4LqQO7uSaL5Tab |
MD5: | 08E69F513E7135B7F341730C2EB9AE0C |
SHA1: | F1C465DB20849547B40408A3D10476D6FB7588B2 |
SHA-256: | CB38FA0173C8D4328AE2D6B3ECAFF70EB2A370788768AA1C75F5E2900DDE0F3B |
SHA-512: | 1916976DCBE1F93D647DD5737574AF05F2CE05892C47C9A958DAA32D0000F1ADD0FED98907C19F0D1AA2F274E48E1EBA65EBF0C7F9B7A386C0C09CA6BDD2B65A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\whiteee.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9756 |
Entropy (8bit): | 7.59858423713064 |
Encrypted: | false |
SSDEEP: | 192:Zj4X4BSXRq4D63ILqnXTj9aiAjtFMw5V8vdjE6TH8XyMBMEuVV:l4oBSfD6YLCTEbjMwYvdkyJEI |
MD5: | E6437615E55D65F684E3B1225B1A154D |
SHA1: | 6626CBA35D589C334597BEF3B683134A2B731529 |
SHA-256: | 14422302512F449ABD823C0E3AE8BFEACC008597714B8FA010DDFE1DB8BFC73A |
SHA-512: | FC315B301BFEB27C8070D793F2224F146F42222EEA21C658686B096D9F23AF4569CE938AF0AAF8D1879BB0780DE4957F9E7C7116144EC24780029ED8DE1AFAAF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\whiteee.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28680 |
Entropy (8bit): | 3.5819791737673996 |
Encrypted: | false |
SSDEEP: | 384:YzJejro12+7eXZdNPlWrqGjfOtr+KJmJEcouNlLmmuN0b0mTTqLOTHhC:YNegs6eXDNPlWrGtwJEcouNpuXIT0KC |
MD5: | A327834B411331A2A30DD0982B1B0FD0 |
SHA1: | CFED37E33A24005D85BF1C9F70ED67AB517F8FBF |
SHA-256: | 5E9FA4E8A141D8720FF63B2ADD4A8D22046F1B8A177725FE2F89852AC1F2AF55 |
SHA-512: | 84BB685943B0953137BC1F676C66CE950815BB2D076AB2E51AD91F5EF4522A74322A329D89C3917361F6F08C53F00FE5E36A76C01B45D7871F9FD8B25EA04B20 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\whiteee.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 133120 |
Entropy (8bit): | 6.981698798475341 |
Encrypted: | false |
SSDEEP: | 3072:mdfi0JI5x2QxTz0qJteWhqUZXxLYGlaCB4I5WHn1:mdXeDlQetThqokMaCaIEV |
MD5: | 4C2A282BAB95F9DA2CFE55CEF1A10DF4 |
SHA1: | 4B1DCC4B7D0DD47E643B423480C0DB7BF55FDBD6 |
SHA-256: | 45F186D0F1364BAC390B52C5E872CC731EB18D754151EF096D82A16FC73BB819 |
SHA-512: | 76DD642F670ED04992E42C09EC7003E3EDF5E49B6870E869C1257A115AF2F8EFBAD1DB6BF05591114114212F4353B1556C522622A6085DD5B78761DDE6A5AD52 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.789821451267343 |
TrID: |
|
File name: | whiteee.exe |
File size: | 1'078'272 bytes |
MD5: | 9a961cdb405219d714347c06a7a6a995 |
SHA1: | 2bf6f2e31d453c52685f8ffeaa52056aa727674d |
SHA256: | 2cbc13099ee1ba4b8c671bfca525bb2c5c057c2fc13df105dec2852a8b672e50 |
SHA512: | c016af696bf4b3eb6d27a61afc6760eee7d50624ee198e9d64562564ee6f5243508edf215b5325010ee9a484cbe4d218bc6beb52eefe9a548738022e82fedf3f |
SSDEEP: | 24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8af3BG5kPJ:tTvC/MTQYxsWR7afJ |
TLSH: | 70358D03738D822EFF9A91721B76E23146BC6F270123A55F32D85D7EB970165063E6E2 |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z.... |
Icon Hash: | 6ced8d96b2ace4b2 |
Entrypoint: | 0x420577 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66834214 [Mon Jul 1 23:56:04 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 948cc502fe9226992dce9417f952fce3 |
Instruction |
---|
call 00007F10688B7A73h |
jmp 00007F10688B737Fh |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F10688B755Dh |
mov dword ptr [esi], 0049FDF0h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FDF8h |
mov dword ptr [ecx], 0049FDF0h |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F10688B752Ah |
mov dword ptr [esi], 0049FE0Ch |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FE14h |
mov dword ptr [ecx], 0049FE0Ch |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
and dword ptr [eax], 00000000h |
and dword ptr [eax+04h], 00000000h |
push eax |
mov eax, dword ptr [ebp+08h] |
add eax, 04h |
push eax |
call 00007F10688BA11Dh |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
lea eax, dword ptr [ecx+04h] |
mov dword ptr [ecx], 0049FDD0h |
push eax |
call 00007F10688BA168h |
pop ecx |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
push eax |
call 00007F10688BA151h |
test byte ptr [ebp+08h], 00000001h |
pop ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc8e64 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd4000 | 0x309d4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x105000 | 0x7594 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb0ff0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xc3400 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xb1010 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9c000 | 0x894 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x9ab1d | 0x9ac00 | 0a1473f3064dcbc32ef93c5c8a90f3a6 | False | 0.565500681542811 | data | 6.668273581389308 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x9c000 | 0x2fb82 | 0x2fc00 | c9cf2468b60bf4f80f136ed54b3989fb | False | 0.35289185209424084 | data | 5.691811547483722 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xcc000 | 0x706c | 0x4800 | 53b9025d545d65e23295e30afdbd16d9 | False | 0.04356553819444445 | DOS executable (block device driver @\273\) | 0.5846666986982398 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xd4000 | 0x309d4 | 0x30a00 | 53b90fe8965d1e582c974302cca02fb6 | False | 0.6482567480719794 | data | 7.032311781909001 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x105000 | 0x7594 | 0x7600 | c68ee8931a32d45eb82dc450ee40efc3 | False | 0.7628111758474576 | data | 6.7972128181359786 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xd4458 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xd4580 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xd46a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xd47d0 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 34556 x 34556 px/m | English | Great Britain | 0.07952797823258015 |
RT_MENU | 0xe4ff8 | 0x50 | data | English | Great Britain | 0.9 |
RT_STRING | 0xe5048 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
RT_STRING | 0xe55dc | 0x68a | data | English | Great Britain | 0.2735961768219833 |
RT_STRING | 0xe5c68 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
RT_STRING | 0xe60f8 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0xe66f4 | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0xe6d50 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
RT_STRING | 0xe71b8 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
RT_RCDATA | 0xe7310 | 0x1d176 | data | 1.0003860420618003 | ||
RT_GROUP_ICON | 0x104488 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0x10449c | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0x1044b0 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0x1044c4 | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0x1044d8 | 0x10c | data | English | Great Britain | 0.5970149253731343 |
RT_MANIFEST | 0x1045e4 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
DLL | Import |
---|---|
WSOCK32.dll | gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect |
VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
MPR.dll | WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W |
WININET.dll | HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable |
PSAPI.DLL | GetProcessMemoryInfo |
IPHLPAPI.DLL | IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile |
USERENV.dll | DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile |
UxTheme.dll | IsThemeActive |
KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW |
USER32.dll | GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient |
GDI32.dll | EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath |
COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW |
SHELL32.dll | DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW |
ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
OLEAUT32.dll | CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 09:54:26.952009916 CEST | 49730 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:26.956883907 CEST | 80 | 49730 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:26.957026005 CEST | 49730 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:26.957138062 CEST | 49730 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:26.962318897 CEST | 80 | 49730 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:27.591464996 CEST | 80 | 49730 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:27.615267038 CEST | 49730 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:27.620173931 CEST | 80 | 49730 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:27.802650928 CEST | 80 | 49730 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:27.854101896 CEST | 49730 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:27.864638090 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:27.864675999 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:27.864742994 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:27.873584032 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:27.873594999 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:28.369517088 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:28.369602919 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:28.375020981 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:28.375035048 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:28.375300884 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:28.416838884 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:28.423181057 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:28.464500904 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:28.535621881 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:28.535717010 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:28.535900116 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:28.541799068 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:28.544725895 CEST | 49730 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:28.549573898 CEST | 80 | 49730 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:28.733041048 CEST | 80 | 49730 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:28.735745907 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:28.735775948 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:28.735896111 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:28.736105919 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:28.736120939 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:28.775952101 CEST | 49730 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:29.210735083 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:29.212488890 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:29.212506056 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:29.364985943 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:29.365082979 CEST | 443 | 49732 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:29.365155935 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:29.365729094 CEST | 49732 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:29.368902922 CEST | 49730 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:29.370198011 CEST | 49733 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:29.375358105 CEST | 80 | 49733 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:29.375435114 CEST | 49733 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:29.375497103 CEST | 49733 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:29.375535011 CEST | 80 | 49730 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:29.375583887 CEST | 49730 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:29.380410910 CEST | 80 | 49733 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:30.077723980 CEST | 80 | 49733 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:30.078860044 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:30.078896046 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:30.078973055 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:30.079211950 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:30.079222918 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:30.119700909 CEST | 49733 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:30.546875000 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:30.548466921 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:30.548497915 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:30.674258947 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:30.674348116 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:30.674412966 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:30.674931049 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:30.679080009 CEST | 49735 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:30.683907032 CEST | 80 | 49735 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:30.683990955 CEST | 49735 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:30.684071064 CEST | 49735 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:30.689568996 CEST | 80 | 49735 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:31.321958065 CEST | 80 | 49735 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:31.323283911 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:31.323317051 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:31.323394060 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:31.323617935 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:31.323633909 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:31.369812012 CEST | 49735 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:31.787070036 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:31.788564920 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:31.788592100 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:31.939837933 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:31.939913988 CEST | 443 | 49736 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:31.939965010 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:31.940423965 CEST | 49736 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:31.943430901 CEST | 49735 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:31.944395065 CEST | 49737 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:31.949563026 CEST | 80 | 49737 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:31.949651003 CEST | 80 | 49735 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:31.949702978 CEST | 49737 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:31.949728012 CEST | 49735 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:31.949815035 CEST | 49737 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:31.954617977 CEST | 80 | 49737 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:32.590656042 CEST | 80 | 49737 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:32.592087984 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:32.592112064 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:32.592179060 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:32.592421055 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:32.592432976 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:32.635338068 CEST | 49737 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:33.066376925 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:33.067858934 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:33.067883015 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:33.192188025 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:33.192250013 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:33.192301989 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:33.192662954 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:33.195447922 CEST | 49737 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:33.196407080 CEST | 49739 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:33.201359987 CEST | 80 | 49737 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:33.201426029 CEST | 49737 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:33.202235937 CEST | 80 | 49739 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:33.202347994 CEST | 49739 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:33.202431917 CEST | 49739 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:33.208538055 CEST | 80 | 49739 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:33.841557980 CEST | 80 | 49739 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:33.842823029 CEST | 49740 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:33.842861891 CEST | 443 | 49740 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:33.842947006 CEST | 49740 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:33.843190908 CEST | 49740 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:33.843202114 CEST | 443 | 49740 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:33.885453939 CEST | 49739 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:34.311857939 CEST | 443 | 49740 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:34.314580917 CEST | 49740 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:34.314604044 CEST | 443 | 49740 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:34.454984903 CEST | 443 | 49740 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:34.455037117 CEST | 443 | 49740 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:34.455096960 CEST | 49740 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:34.455508947 CEST | 49740 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:34.458550930 CEST | 49739 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:34.459732056 CEST | 49741 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:34.464507103 CEST | 80 | 49739 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:34.464575052 CEST | 49739 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:34.464658976 CEST | 80 | 49741 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:34.464734077 CEST | 49741 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:34.464793921 CEST | 49741 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:34.469630003 CEST | 80 | 49741 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:35.102057934 CEST | 80 | 49741 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:35.103156090 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:35.103199005 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:35.103261948 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:35.103502035 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:35.103518009 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:35.150958061 CEST | 49741 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:35.579931974 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:35.581551075 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:35.581581116 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:35.705929041 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:35.705997944 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:35.706052065 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:35.708117008 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:35.711590052 CEST | 49741 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:35.712743044 CEST | 49743 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:35.717230082 CEST | 80 | 49741 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:35.717292070 CEST | 49741 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:35.717577934 CEST | 80 | 49743 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:35.717638016 CEST | 49743 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:35.717850924 CEST | 49743 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:35.723162889 CEST | 80 | 49743 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:36.359414101 CEST | 80 | 49743 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:54:36.373446941 CEST | 49744 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:36.373505116 CEST | 443 | 49744 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:36.373577118 CEST | 49744 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:36.380245924 CEST | 49744 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:36.380261898 CEST | 443 | 49744 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:36.403595924 CEST | 49743 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:54:36.846780062 CEST | 443 | 49744 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:36.848429918 CEST | 49744 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:36.848457098 CEST | 443 | 49744 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:36.987566948 CEST | 443 | 49744 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:36.987653971 CEST | 443 | 49744 | 188.114.97.3 | 192.168.2.4 |
Jul 2, 2024 09:54:36.987694025 CEST | 49744 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:54:36.988120079 CEST | 49744 | 443 | 192.168.2.4 | 188.114.97.3 |
Jul 2, 2024 09:55:35.030750990 CEST | 80 | 49733 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:55:35.030827999 CEST | 49733 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:55:41.359831095 CEST | 80 | 49743 | 193.122.6.168 | 192.168.2.4 |
Jul 2, 2024 09:55:41.360004902 CEST | 49743 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:56:16.385663033 CEST | 49743 | 80 | 192.168.2.4 | 193.122.6.168 |
Jul 2, 2024 09:56:16.390964031 CEST | 80 | 49743 | 193.122.6.168 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 2, 2024 09:54:26.938918114 CEST | 60294 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 2, 2024 09:54:26.947499990 CEST | 53 | 60294 | 1.1.1.1 | 192.168.2.4 |
Jul 2, 2024 09:54:27.844763994 CEST | 59144 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 2, 2024 09:54:27.864085913 CEST | 53 | 59144 | 1.1.1.1 | 192.168.2.4 |
Jul 2, 2024 09:54:59.861407995 CEST | 53 | 61614 | 162.159.36.2 | 192.168.2.4 |
Jul 2, 2024 09:55:00.338304043 CEST | 64060 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 2, 2024 09:55:00.347007990 CEST | 53 | 64060 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 2, 2024 09:54:26.938918114 CEST | 192.168.2.4 | 1.1.1.1 | 0xbb6f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 2, 2024 09:54:27.844763994 CEST | 192.168.2.4 | 1.1.1.1 | 0xf943 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 2, 2024 09:55:00.338304043 CEST | 192.168.2.4 | 1.1.1.1 | 0xe57a | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 2, 2024 09:54:26.947499990 CEST | 1.1.1.1 | 192.168.2.4 | 0xbb6f | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 2, 2024 09:54:26.947499990 CEST | 1.1.1.1 | 192.168.2.4 | 0xbb6f | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 09:54:26.947499990 CEST | 1.1.1.1 | 192.168.2.4 | 0xbb6f | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 09:54:26.947499990 CEST | 1.1.1.1 | 192.168.2.4 | 0xbb6f | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 09:54:26.947499990 CEST | 1.1.1.1 | 192.168.2.4 | 0xbb6f | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 09:54:26.947499990 CEST | 1.1.1.1 | 192.168.2.4 | 0xbb6f | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 09:54:27.864085913 CEST | 1.1.1.1 | 192.168.2.4 | 0xf943 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 09:54:27.864085913 CEST | 1.1.1.1 | 192.168.2.4 | 0xf943 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Jul 2, 2024 09:55:00.347007990 CEST | 1.1.1.1 | 192.168.2.4 | 0xe57a | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 193.122.6.168 | 80 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 09:54:26.957138062 CEST | 151 | OUT | |
Jul 2, 2024 09:54:27.591464996 CEST | 320 | IN | |
Jul 2, 2024 09:54:27.615267038 CEST | 127 | OUT | |
Jul 2, 2024 09:54:27.802650928 CEST | 320 | IN | |
Jul 2, 2024 09:54:28.544725895 CEST | 127 | OUT | |
Jul 2, 2024 09:54:28.733041048 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49733 | 193.122.6.168 | 80 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 09:54:29.375497103 CEST | 127 | OUT | |
Jul 2, 2024 09:54:30.077723980 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49735 | 193.122.6.168 | 80 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 09:54:30.684071064 CEST | 151 | OUT | |
Jul 2, 2024 09:54:31.321958065 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49737 | 193.122.6.168 | 80 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 09:54:31.949815035 CEST | 151 | OUT | |
Jul 2, 2024 09:54:32.590656042 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49739 | 193.122.6.168 | 80 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 09:54:33.202431917 CEST | 151 | OUT | |
Jul 2, 2024 09:54:33.841557980 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49741 | 193.122.6.168 | 80 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 09:54:34.464793921 CEST | 151 | OUT | |
Jul 2, 2024 09:54:35.102057934 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49743 | 193.122.6.168 | 80 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Jul 2, 2024 09:54:35.717850924 CEST | 151 | OUT | |
Jul 2, 2024 09:54:36.359414101 CEST | 320 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49731 | 188.114.97.3 | 443 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 07:54:28 UTC | 84 | OUT | |
2024-07-02 07:54:28 UTC | 720 | IN | |
2024-07-02 07:54:28 UTC | 340 | IN | |
2024-07-02 07:54:28 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49732 | 188.114.97.3 | 443 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 07:54:29 UTC | 60 | OUT | |
2024-07-02 07:54:29 UTC | 704 | IN | |
2024-07-02 07:54:29 UTC | 340 | IN | |
2024-07-02 07:54:29 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49734 | 188.114.97.3 | 443 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 07:54:30 UTC | 60 | OUT | |
2024-07-02 07:54:30 UTC | 706 | IN | |
2024-07-02 07:54:30 UTC | 340 | IN | |
2024-07-02 07:54:30 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49736 | 188.114.97.3 | 443 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 07:54:31 UTC | 84 | OUT | |
2024-07-02 07:54:31 UTC | 700 | IN | |
2024-07-02 07:54:31 UTC | 340 | IN | |
2024-07-02 07:54:31 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49738 | 188.114.97.3 | 443 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 07:54:33 UTC | 84 | OUT | |
2024-07-02 07:54:33 UTC | 708 | IN | |
2024-07-02 07:54:33 UTC | 340 | IN | |
2024-07-02 07:54:33 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49740 | 188.114.97.3 | 443 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 07:54:34 UTC | 84 | OUT | |
2024-07-02 07:54:34 UTC | 704 | IN | |
2024-07-02 07:54:34 UTC | 340 | IN | |
2024-07-02 07:54:34 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49742 | 188.114.97.3 | 443 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 07:54:35 UTC | 84 | OUT | |
2024-07-02 07:54:35 UTC | 714 | IN | |
2024-07-02 07:54:35 UTC | 340 | IN | |
2024-07-02 07:54:35 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49744 | 188.114.97.3 | 443 | 7336 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-02 07:54:36 UTC | 60 | OUT | |
2024-07-02 07:54:36 UTC | 704 | IN | |
2024-07-02 07:54:36 UTC | 340 | IN | |
2024-07-02 07:54:36 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:54:24 |
Start date: | 02/07/2024 |
Path: | C:\Users\user\Desktop\whiteee.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x370000 |
File size: | 1'078'272 bytes |
MD5 hash: | 9A961CDB405219D714347C06A7A6A995 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 03:54:25 |
Start date: | 02/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x810000 |
File size: | 45'984 bytes |
MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 3.4% |
Dynamic/Decrypted Code Coverage: | 0.4% |
Signature Coverage: | 4.8% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 39 |
Graph
Function 003742DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0037BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0037D730 Relevance: 21.6, APIs: 14, Instructions: 625windowsleeptimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00372CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003A8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003B065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0037344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00372B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00373170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010F25E0 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010F23B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 146fileCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003A5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00373B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00373923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003F7F59 Relevance: 4.9, APIs: 3, Instructions: 430COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003710F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003754C6 Relevance: 4.6, APIs: 3, Instructions: 103COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00373837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00375745 Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00374ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003A8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00379A40 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0039E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003A4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003A3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00374F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00372DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E2693 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00372B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00371CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E744A Relevance: 1.5, APIs: 1, Instructions: 220COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0038FC70 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010F22A0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0038F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003EED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003F22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0038997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00378060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D8298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003ABB6F Relevance: 6.1, APIs: 4, Instructions: 90timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0039CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0037CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0038B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003909D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0039781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E2046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003A6DD9 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0038CC39 Relevance: .6, Instructions: 635COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00377920 Relevance: .6, Instructions: 563COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003791C0 Relevance: .5, Instructions: 475COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00391C77 Relevance: .3, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003919B0 Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00397A4A Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00391706 Relevance: .2, Instructions: 232COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010F3600 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010F3490 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010F34F0 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 010F1E70 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003F2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004070D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00388D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003F2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00400FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00388891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003FC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0037326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003EC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003FB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003F255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003FCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00388BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00389838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003F3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003F055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003F372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003A2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00371410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00375BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003EC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003ACE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0038F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003B1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0038948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003A542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004040AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003A01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003A61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003CF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0038920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004081DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003C7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00394D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00374E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00374E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003FA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003F0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003ACDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00389639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003A22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003895C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003A0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003A8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003F304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004037B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004041EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003CD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003F342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003AB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003AD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004052C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004016DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0039D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0037600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003A3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003DB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003898B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003CD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003CD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003E4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0038F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003ED0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004031EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003ECD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 003D0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|