Windows
Analysis Report
mozglue.dll.dll
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
loaddll64.exe (PID: 6412 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\moz glue.dll.d ll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52) conhost.exe (PID: 5300 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) cmd.exe (PID: 4428 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\moz glue.dll.d ll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) rundll32.exe (PID: 7192 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\mozg lue.dll.dl l",#1 MD5: EF3179D498793BF4234F708D3BE28633) WerFault.exe (PID: 7316 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 192 -s 292 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) rundll32.exe (PID: 7176 cmdline:
rundll32.e xe C:\User s\user\Des ktop\mozgl ue.dll.dll ,HeapAlloc MD5: EF3179D498793BF4234F708D3BE28633) WerFault.exe (PID: 7296 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 176 -s 296 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) rundll32.exe (PID: 7468 cmdline:
rundll32.e xe C:\User s\user\Des ktop\mozgl ue.dll.dll ,HeapFree MD5: EF3179D498793BF4234F708D3BE28633) WerFault.exe (PID: 7512 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 468 -s 284 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0) rundll32.exe (PID: 7668 cmdline:
rundll32.e xe C:\User s\user\Des ktop\mozgl ue.dll.dll ,HeapReAll oc MD5: EF3179D498793BF4234F708D3BE28633) WerFault.exe (PID: 7704 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 7 668 -s 236 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Code function: | 0_2_00007FFDFF1B2EF0 |
Source: | Static PE information: |
Source: | Binary string: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00007FFDFF1AE840 | |
Source: | Code function: | 0_2_00007FFDFF1AE030 | |
Source: | Code function: | 0_2_00007FFDFF1B14C0 | |
Source: | Code function: | 0_2_00007FFDFF1B2D10 | |
Source: | Code function: | 0_2_00007FFDFF1B0550 |
Source: | Code function: | 0_2_00007FFDFF1B8BC0 | |
Source: | Code function: | 0_2_00007FFDFF1B3FC0 | |
Source: | Code function: | 0_2_00007FFDFF1A2FC0 | |
Source: | Code function: | 0_2_00007FFDFF1E5BC0 | |
Source: | Code function: | 0_2_00007FFDFF1A73A0 | |
Source: | Code function: | 0_2_00007FFDFF1E5FA0 | |
Source: | Code function: | 0_2_00007FFDFF1D5000 | |
Source: | Code function: | 0_2_00007FFDFF1E33E0 | |
Source: | Code function: | 0_2_00007FFDFF1BD430 | |
Source: | Code function: | 0_2_00007FFDFF1BC830 | |
Source: | Code function: | 0_2_00007FFDFF1AD830 | |
Source: | Code function: | 0_2_00007FFDFF1BE280 | |
Source: | Code function: | 0_2_00007FFDFF1ABE80 | |
Source: | Code function: | 0_2_00007FFDFF28C290 | |
Source: | Code function: | 0_2_00007FFDFF1A7A90 | |
Source: | Code function: | 0_2_00007FFDFF1AEA70 | |
Source: | Code function: | 0_2_00007FFDFF1A76D0 | |
Source: | Code function: | 0_2_00007FFDFF1D5AD0 | |
Source: | Code function: | 0_2_00007FFDFF288700 | |
Source: | Code function: | 0_2_00007FFDFF1A3EEA | |
Source: | Code function: | 0_2_00007FFDFF1B2EF0 | |
Source: | Code function: | 0_2_00007FFDFF1A3720 | |
Source: | Code function: | 0_2_00007FFDFF1AE170 | |
Source: | Code function: | 0_2_00007FFDFF1B1A10 | |
Source: | Code function: | 0_2_00007FFDFF1D3A10 | |
Source: | Code function: | 0_2_00007FFDFF1A5DF0 | |
Source: | Code function: | 0_2_00007FFDFF1A2240 | |
Source: | Code function: | 0_2_00007FFDFF1D1080 | |
Source: | Code function: | 0_2_00007FFDFF1BD090 | |
Source: | Code function: | 0_2_00007FFDFF1BA8C0 | |
Source: | Code function: | 0_2_00007FFDFF1A80A0 | |
Source: | Code function: | 0_2_00007FFDFF1F30A0 | |
Source: | Code function: | 0_2_00007FFDFF1B6110 | |
Source: | Code function: | 0_2_00007FFDFF1A2910 | |
Source: | Code function: | 0_2_00007FFDFF1E3110 | |
Source: | Code function: | 0_2_00007FFDFF1B9D40 | |
Source: | Code function: | 0_2_00007FFDFF1B5940 | |
Source: | Code function: | 0_2_00007FFDFF1ADD20 | |
Source: | Code function: | 0_2_00007FFDFF28C530 |
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Code function: | 0_2_00007FFDFF1F30A0 |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_00007FFDFF1F56A0 |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FFDFF1A3605 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 0_2_00007FFDFF1B0810 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FFDFF1F56A0 |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00007FFDFF1F4870 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 11 Process Injection | 1 Rundll32 | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Process Injection | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 3 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
45% | ReversingLabs | Win64.Trojan.Generic | ||
55% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1448265 |
Start date and time: | 2024-05-28 07:27:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 19s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | mozglue.dll.dll (renamed file extension from exe to dll) |
Original Sample Name: | mozglue.dll.exe |
Detection: | MAL |
Classification: | mal48.winDLL@16/17@0/0 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.73.29
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target loaddll64.exe, PID 6412 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
01:28:07 | API Interceptor |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_moz_27ecf4c285b5182533f7b3a93e8a8a8fddc58761_134389a9_1de486fd-c9ab-489c-aa10-0c38cdabb530\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7553661107287909 |
Encrypted: | false |
SSDEEP: | 96:1XF4WikayKyFsjB4RvCdJfmQXIDcQfc6n8cE8cw3zXaXz+HbHgSQgJjGckIkpkoa:dPikayFg0h4G/jgzuiFHZ24lO8yMc |
MD5: | 51D73750F8EC3782D0B0A3DC7BC2B996 |
SHA1: | 17DCA2C60BB391002751BA2A7856A1C3FC24EE38 |
SHA-256: | 352911EA726D68E166BF1C655D4AD5E784694C19D342C878C2EE2327639FB71D |
SHA-512: | FA4379F2154609EFBBA2A24F17294698305AA21C02C89B7660FA31C61ACCA5014185D904ADC8487A91AEF651ABEC1C12EB1D3A8BAFC6D52E5B5978DFC018D056 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_moz_27ecf4c285b5182533f7b3a93e8a8a8fddc58761_134389a9_273e8517-c54d-470f-b1be-6f82d7b9a01d\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7552936570865588 |
Encrypted: | false |
SSDEEP: | 96:ewTFFlXTyWihyKy6ssjB4RvCdJfmQXIDcQfc6n8cE8cw3zXaXz+HbHgSQgJjGckk:rTPlihy6sg0h4G/j4zuiFHZ24lO8yMc |
MD5: | C0C4019315E8C68952699B07050B4C5D |
SHA1: | 0DA07544FA24C6312A433904C8065AD72FDCB664 |
SHA-256: | 13FE8447BFB8C40BA18C0AB4938406E9EA834A6825379F136A0E3945B401FF2F |
SHA-512: | C1582928ABFA598A9878CF650B78976E66C58B49BA45FA302F47386B7DB5372257AE2E1D40253182BD3CA416049D3B66E3319EA72BED0DE43CA283162442AB62 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_moz_27ecf4c285b5182533f7b3a93e8a8a8fddc58761_134389a9_a4d72ff2-2d42-46e7-9cd5-bbc934cbba1b\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7557099160110828 |
Encrypted: | false |
SSDEEP: | 96:+wFZyPWikyKydsjB4RvCdJfmQXIDcQfc6n8cE8cw3zXaXz+HbHgSQgJjGckICoY+:Dpikydg0h4G/j4zuiFHZ24lO8yMc |
MD5: | 4DA3CA8E1F1E0F4863CF75C7802F24F6 |
SHA1: | 6EDAE2F10979F116FD23346005185C03EE2AA126 |
SHA-256: | 80BF49AFC5745A1FB8D7CC92703A43E6E0804579D75519B07450A1C6B831EC59 |
SHA-512: | C8ABDE9E92722DB1DA3FDA7A2750A97D7C660958C6BBCF7094C92FEE7011962B13D3CCAB5E6D4EF52042E46C7E4A88E30A1B6D803D4A12C46B97C83096BFD1EA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_moz_27ecf4c285b5182533f7b3a93e8a8a8fddc58761_134389a9_e9164dc1-577d-4bcf-b83d-667d25519d07\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7556316461208111 |
Encrypted: | false |
SSDEEP: | 96:94FFaWiOyKyUsjB4RvCdJfmQXIDcQfc6n8cE8cw3zXaXz+HbHgSQgJjGckICoYhI:epiOyUg0h4G/j4zuiFHZ24lO8yMc |
MD5: | D232FBAD78841FD314495724A070ABC6 |
SHA1: | 3E20FF8F926F8AF2D96F30DAE22152D584698589 |
SHA-256: | D8C2E77E7086DDF39E534AFE6595B85C6F33A32BCC48A0E5C5694DEDEDC84FDE |
SHA-512: | 15AABDBA0A1180F5BDF62E11D9C834739DA291C323DC6521F369E4AD58DF2346AFC043FE52B75BAC925EC1BE346229A7B940FA988DCBC3AFD5F89C1E3AA5F609 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 52362 |
Entropy (8bit): | 1.5373039531820891 |
Encrypted: | false |
SSDEEP: | 192:foy5leN1OM9Ns5bTVcYV/RuYyhpnNBGMF2/k:T5leNY6Ns5bTVcYV/RuYyhpnNP2s |
MD5: | 4F9D59DF6CC4E4EE68E70264D0532F4B |
SHA1: | C5D9E5F39E074397BC0284062DE8D4DFEE9CD683 |
SHA-256: | EE8C122A5E7A3FCE55470B24B7E0707BC53FF02F6DCDC84DADB07A2AC0A176F6 |
SHA-512: | 76114E912BF3A9C9ECA88DB61B4C1ADF6B9BFF41EA014A9FF284988FC219DAB7FD251E13476DA3F20A8262E7F102C7E4F1813046C3DBD10F5DCBEFBEF17B5E20 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 52358 |
Entropy (8bit): | 1.5419125043685036 |
Encrypted: | false |
SSDEEP: | 192:fQU1BT1WKOMJ4Vu8/JKk6zdUUU5kRSyCe:Jd1WVMQu8xB+ayCe |
MD5: | FA254B9291AA9D0F3AB808C80C3EABBC |
SHA1: | 36CE45A7E646EF674A0FC6C4F245E3F1031B2537 |
SHA-256: | 1821FBF7E508344AF996D1FD75C69063A3BE5F9241CB4F3739846BAD21C65038 |
SHA-512: | E16E1EA94AA1739E4719535706C520AB12249C942CEBBB70A3D2B9CDC6FE9B497EEE4C984BFB60976E511289E341C6B31A654CA65F3810B704EBB0D5D50EBCCB |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8516 |
Entropy (8bit): | 3.696289323447424 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJidB3V6YYSwUgmfHASpDRC89bdD5LfXXbm:R6lXJoD6Y9RgmfHAk7dDlfHS |
MD5: | 4F3C42FCCEC73F01B560F93AE253A118 |
SHA1: | B75561E8A7868A7CE679C515D44A40CA851F811A |
SHA-256: | 2555A39A9C20AB470295CB75FBF7CAFED56ECD1044E9E7B6FACE843A648FCD72 |
SHA-512: | 40B9919164E183D542F217A2DFC446C25D2BCE2171B4182B5ED0D1382D9F996726896B7378AE1D4756E2D6A8C7D08029D6C3569ED60276B9A28F0946530A4883 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8524 |
Entropy (8bit): | 3.69662732712095 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJI/Bi6YBXLfgmfHASpDa89bdDqLfVXbm:R6lXJAE6YRzgmfHAsdDOfVS |
MD5: | 2F816E24EAE903D7323DF7ACE10D3522 |
SHA1: | F97F5351FCE2707FCBD64C70233FDDA0F53B19DE |
SHA-256: | 7E0C7E1BEE25D2169F2A34B2415497B14244F935DCEE0970BD7EB9353DD3D1C6 |
SHA-512: | 1AD94A06AED1C3A0C947A0063B38715FE56432EB9B190F0E3E13FBA12A837767AC758D9F2F2D7991485E3CD5F444A9399947FF4DD844FA60E3F628D16E15B982 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4766 |
Entropy (8bit): | 4.472760542446161 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsNJg771I9hP9AWpW8VYoPYm8M4JC8Ca/4FPPyq85mOUDoptSTShhd:uIjfnI7ij7VkJcPPopoOhhd |
MD5: | AF944479A21FAB454FF430630D0672AC |
SHA1: | DF7F9D108899A48E1AE683E0A6D4E01961EE222E |
SHA-256: | 61817BDE60F078AE0E3373CFB8CF0FD05B195049578963C31505BE9E05D58DA3 |
SHA-512: | 2D7E9FDB1EC920AE8CD64180EBC7027D706D4C57E5190566500F1B9E73579BAE1B41D52C27340CC5702EDAFDFF1CDA6826CA62EB09E2FBE0C0AF5A2FB22FEDF7 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4766 |
Entropy (8bit): | 4.4717799680230845 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsNJg771I9hP9AWpW8VYM5Ym8M4JC8Ca/4FZyq85mOU7E2ptSTSgd:uIjfnI7ij7VHoJQ02poOgd |
MD5: | 1B0B8A6BDAE16DCB9E36132B2FA49888 |
SHA1: | D5A6FD881C9B05F024D7AA8FEDEF696C8A1A7B7E |
SHA-256: | 9EEE3D72426398C40BE9684D7E257473EBFF2E2192FED7621F49C28EFBF0A801 |
SHA-512: | EBC2B8B59B7CEFD895388C55DE046114A95314A70BD2698B78017B52479936CE7163F1E9298CBC7656A40164D6E1FCBF715FB320F3A5043F20BD4DC8DD1D8BA2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 51210 |
Entropy (8bit): | 1.5616217785847768 |
Encrypted: | false |
SSDEEP: | 96:5b8pwzkg2GVUJc9edlTahCqroi7MzjgWfarFWr9OQYWIcdxIBwGEv9:iuAleQZOMP9f5rnLG+9 |
MD5: | 3362249B03A506AFAC2CD42E5F5ACB0F |
SHA1: | D14B3D8F522B96FD7ACA7CCCA0F73586127682F3 |
SHA-256: | A35B42B67532D370F25157661A6744C64C73FC3B836C46DF90B827D8EDB5262C |
SHA-512: | 45EA29E38BA0F0DBC85B3A740DD0E78E6B9D7D2A67CBD6CD2F4E7D655AAC1F4B78C80786B56181AFA88AFF4BFA646D184D5FFD07D694BDF7EC861014982B0232 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8516 |
Entropy (8bit): | 3.6964479357443722 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJQTB46YYDwUgmfHASpDl89bdmqbf0hX8m:R6lXJk+6YURgmfHA1dmufgJ |
MD5: | FC872BBFE2CA6740A2138A765405200F |
SHA1: | FCB85E241AE88A561BD15F721EE2BEA4BEC4B8E6 |
SHA-256: | B5B4E47833DF60E47984765C92B593C7CE3F38D3C5A914DBA90E346F434234E9 |
SHA-512: | BAA4DCF7EEC8FC1513FE320964AA494E3F2E0909DFFFA664F2A5C03F4C5B9204D30F9E565A13717663D3CBAFA6339C9A6136AA44A2A247B6D18E357D4DA995D4 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4766 |
Entropy (8bit): | 4.472820808514949 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsNJg771I9hP9AWpW8VY+Ym8M4JC8Ca/4FyBDyq85mOU2ptSTS4d:uIjfnI7ij7VKJTSpoO4d |
MD5: | A77280A71C1D4DF59288F1E8D5C8C1C4 |
SHA1: | CA7EB518E1CB4942FA2D82E67AA0E49BD02DC4D7 |
SHA-256: | B63717899AD03009284281FE3358F281AB2AF065BAAECE494A7B34EDBA93BEC6 |
SHA-512: | 9D7EB4FCF9DDCB3815C080D6849F53A865DDD6D43B3229ABFB92BC0EEF871A4B8417646808A47F776FD7FCAF715BDBF22E10103442FB170A9F540E1B12B1AEA2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 51178 |
Entropy (8bit): | 1.5619391023963358 |
Encrypted: | false |
SSDEEP: | 96:5M8ST6va5Wkg2GVUJc9edlTahvY2+0INW9oi7M7loa5VeFMQYJGqd7HOwBdKWIrk:9S+vile1l+ZNWKOM7lorA7HNdU+ |
MD5: | A440CAFA943773EFDBB6791F121372C9 |
SHA1: | E98658B01BE6480BB4E63280BDB90C69CED8FC69 |
SHA-256: | 61115D076C9214F47CDEBFD0CE4B299CA045B6EEDB3DD8EB4A39B186123F08AC |
SHA-512: | A72D055ED9FB64387C6738F08EAA2FE061FC053C5E21FE181FAFB820654A172C4228F7BD73FB870862C20D02A4D46599D2D1369E87588E00EA897B13C154E69E |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8516 |
Entropy (8bit): | 3.696238245506731 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJieBn6YYSLwUgmfHASpDl89bPcbfWDFm:R6lXJrB6YvRgmfHA1PIfWM |
MD5: | 493CADE46004DC4AA12DD74F8FF946CA |
SHA1: | 54CE9C467FE938D63880E5731B7DBCAB9BA45F15 |
SHA-256: | CCCC28D2272DE8F18F32B248FB6A4C06699EEC29071F6CF49AFC4BC29284FFB7 |
SHA-512: | EF06C8B58C7BCAB7348DA98B07B9615479DD53FEACE1E627F87DC23534C45B34762AEED6CD318E624D0D8690203A30B41CEDF060A1B864306934B226D356518D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4766 |
Entropy (8bit): | 4.473329859349416 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsNJg771I9hP9AWpW8VYhYm8M4JC8Ca/4FVWyq85mOUptptSTSyd:uIjfnI7ij7VhJZttpoOyd |
MD5: | B1EBA76BA5ACF604BCF074C7C58D50E5 |
SHA1: | 6040673B09079C1260A4A15B5B0B458B750F7F96 |
SHA-256: | 6B44610C8AF7B0481872E035759397A7F62AF1C07D898B0E855A725CC1823E7B |
SHA-512: | 45D42941BE626E231147E1422EA213BC9B1799443B75CB92BB12FBF3FA374ABDA35D46687F60C33139515C25CD18D6EEEB6F09FBAE87ECCE6D9C9C1A2973C3F7 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.466386427651027 |
Encrypted: | false |
SSDEEP: | 6144:rIXfpi67eLPU9skLmb0b4zWSPKaJG8nAgejZMMhA2gX4WABl0uNcdwBCswSb9:sXD94zWlLZMM6YFHa+9 |
MD5: | 3750BE69071D154E0BEA4FAE7BE93F8F |
SHA1: | CC4D8FB18B507201587CCEA9D10D03839A541950 |
SHA-256: | 0F333C9DABAFB11CB1E06BFE16A10F6630186E88F4699A06BF25589010FB59BD |
SHA-512: | 86471F103790F5ED0A285333C46E44658C005D785D8B0213D874E9041741291C70D739A515611906A502E8D6948B6F8837DC24EF4110CDB08FFBA11BDFC6BC53 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.535545454809225 |
TrID: |
|
File name: | mozglue.dll.dll |
File size: | 1'420'288 bytes |
MD5: | 805c3d7c57adfa1b6da148b1330fe00e |
SHA1: | b732a4b1b914647034041d4c6465071e06d127cb |
SHA256: | bbc93694f969ff53e2a99b46935b116ca2b241083a9df3eea953dd02ab344a67 |
SHA512: | e6f8b93a67ae249c9fc3cb0dbdb6d6e1bc1b0b1e16d41c6cbfb0a6f1d393effa85bd5f289b1299b2d5ca430ab1e573f0e240f25c840db2a4082ab14f9f73435c |
SSDEEP: | 24576:0skfObOBBsHGID3eteae2egpYvYeiLMf8WhT5xyvS:0skfEXv3eteae2NciLMf8WhA |
TLSH: | CD658D0BE29610FDC16EE27897475A12F931BC514320BEEB57A067312E65FE0A73E724 |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d................." .........................................................@............`........................................ |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x1800011a0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x180000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x0 [Thu Jan 1 00:00:00 1970 UTC] |
TLS Callbacks: | 0x800e63d0, 0x1, 0x800e5cf0, 0x1, 0x800e5d70, 0x1 |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | fc4862845a8a8738f4c893f705252fe2 |
Instruction |
---|
jmp 00007F6038DC32BDh |
adc dword ptr [eax], eax |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x1391e8 | 0x4b19 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x13dd01 | 0x1a4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x161000 | 0x6a0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x159000 | 0x6984 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x162000 | 0x1bb0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x153000 | 0x1c | .buildid |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x1317a0 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x13e780 | 0x8d8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x139010 | 0x80 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x118df7 | 0x118e00 | ebdcc4ed07a4ed034fbbd6128dc9448a | False | 0.43936185747663553 | data | 6.402513762926191 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x11a000 | 0x38328 | 0x38400 | a1b76c60ba71fdf71df3264b4ee1bfcc | False | 0.32470052083333334 | data | 6.22405255070616 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.buildid | 0x153000 | 0x7c | 0x200 | a20050ef740833989e097493e8ed1ee6 | False | 0.220703125 | data | 1.7541840484216018 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x154000 | 0x4538 | 0x400 | af394729e3ddf4c222b3a6529ec442ca | False | 0.291015625 | data | 2.6274236756303253 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x159000 | 0x6984 | 0x6a00 | b72b1efee46977ba7561434bb2f02006 | False | 0.5407208136792453 | PEX Binary Archive | 5.977085832835681 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0x160000 | 0x28 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x161000 | 0x6a0 | 0x800 | 43c2a63ee1e6e6e440590188b9e58fd7 | False | 0.388671875 | data | 3.981181978625902 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x162000 | 0x1bb0 | 0x1c00 | 6b4eadf51ab093ff8443b762e231cc01 | False | 0.37374441964285715 | data | 5.438881736459346 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x161288 | 0x320 | data | English | United States | 0.48625 |
RT_MANIFEST | 0x1615a8 | 0xf8 | XML 1.0 document, ASCII text | English | United States | 0.6975806451612904 |
RT_MANIFEST | 0x1610d0 | 0x1b3 | XML 1.0 document, ASCII text | English | United States | 0.696551724137931 |
DLL | Import |
---|---|
CRYPT32.dll | CertCloseStore, CertFindCertificateInStore, CertFreeCertificateContext, CertGetNameStringW, CryptBinaryToStringW, CryptMsgClose, CryptMsgGetParam, CryptQueryObject |
ntdll.dll | NtQueryVirtualMemory, RtlAllocateHeap, RtlCaptureContext, RtlCaptureStackBackTrace, RtlCompareMemory, RtlDuplicateUnicodeString, RtlFreeHeap, RtlFreeUnicodeString, RtlLookupFunctionEntry, RtlNtStatusToDosError, RtlReAllocateHeap, RtlRestoreContext, RtlSetLastWin32Error, RtlUnwindEx, RtlVirtualUnwind, VerSetConditionMask |
VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
WINTRUST.dll | WinVerifyTrust |
dbghelp.dll | EnumerateLoadedModules64, SymFromAddr, SymGetLineFromAddr64, SymGetModuleInfo64, SymInitialize, SymLoadModule64, SymSetOptions |
OLEAUT32.dll | SetOaNoCache |
api-ms-win-crt-convert-l1-1-0.dll | _ltoa_s, _strtod_l, _strtoi64_l, _strtoui64, _strtoui64_l, mbrtowc, mbsrtowcs, strtod, strtol, strtoul, wcrtomb, wcrtomb_s, wcstod, wcstol, wcstoul |
api-ms-win-crt-environment-l1-1-0.dll | __p__environ, __p__wenviron, getenv |
api-ms-win-crt-math-l1-1-0.dll | _fdopen |
api-ms-win-crt-private-l1-1-0.dll | memchr, memcmp, memcpy, memmove, strchr |
api-ms-win-crt-runtime-l1-1-0.dll | __p___argc, __p___argv, __p___wargv, __sys_nerr, _assert, _beginthreadex, _configure_narrow_argv, _configure_wide_argv, _crt_at_quick_exit, _crt_atexit, _errno, _execute_onexit_table, _exit, _getpid, _initialize_narrow_environment, _initialize_onexit_table, _initialize_wide_environment, _initterm, _register_onexit_function, _register_thread_local_exe_atexit_callback, abort, exit, strerror_s |
api-ms-win-crt-stdio-l1-1-0.dll | __acrt_iob_func, __stdio_common_vfprintf, __stdio_common_vfwprintf, __stdio_common_vsprintf, __stdio_common_vsscanf, __stdio_common_vswprintf, _close, _dup, _fileno, _open, _wfopen, _write, fclose, fflush, fopen, fputc, fputs, fread, fseek, ftell, fwrite |
api-ms-win-crt-string-l1-1-0.dll | _isctype_l, _iswalpha_l, _iswcntrl_l, _iswdigit_l, _iswlower_l, _iswprint_l, _iswpunct_l, _iswspace_l, _iswupper_l, _iswxdigit_l, _strcoll_l, _stricmp, _strnicmp, _strxfrm_l, _tolower_l, _toupper_l, _towlower_l, _towupper_l, _wcscoll_l, _wcsupr_s, _wcsxfrm_l, islower, isspace, isupper, iswctype, isxdigit, mbrlen, memset, strcmp, strlen, strncmp, strncpy, tolower, wcscpy_s, wcslen, wcsncpy, wcsncpy_s |
api-ms-win-crt-utility-l1-1-0.dll | rand_s |
ADVAPI32.dll | CreateWellKnownSid, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, GetTokenInformation, InitializeSecurityDescriptor, OpenProcessToken, RegCloseKey, RegCreateKeyExW, RegGetValueW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, SetEntriesInAclW, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SystemFunction036 |
KERNEL32.dll | AcquireSRWLockExclusive, AcquireSRWLockShared, ActivateActCtx, AddRefActCtx, CloseHandle, CreateActCtxW, CreateFileA, CreateFileMappingW, CreateFileW, CreateThread, DeactivateActCtx, DeleteCriticalSection, DuplicateHandle, EncodePointer, EnterCriticalSection, FlsAlloc, FlsGetValue, FlsSetValue, FlushInstructionCache, FormatMessageA, FreeLibrary, GetCurrentProcess, GetCurrentThread, GetCurrentThreadId, GetEnvironmentVariableA, GetLastError, GetModuleFileNameW, GetModuleHandleExW, GetModuleHandleW, GetProcAddress, GetProcessTimes, GetSystemInfo, GetSystemTime, GetSystemTimeAdjustment, GetSystemTimeAsFileTime, GetThreadContext, GetThreadId, GetTickCount64, InitOnceExecuteOnce, InitializeConditionVariable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSRWLock, IsDebuggerPresent, K32EnumProcessModules, LeaveCriticalSection, LoadLibraryA, LoadLibraryExW, LoadLibraryW, LocalAlloc, LocalFree, MapViewOfFile, MultiByteToWideChar, OutputDebugStringA, QueryPerformanceCounter, QueryPerformanceFrequency, QueryUnbiasedInterruptTime, RaiseException, ReleaseActCtx, ReleaseSRWLockExclusive, ReleaseSRWLockShared, ResumeThread, SearchPathW, SetEnvironmentVariableW, SetLastError, Sleep, SleepConditionVariableSRW, SuspendThread, SwitchToThread, SystemTimeToFileTime, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, TryEnterCriticalSection, UnmapViewOfFile, VerifyVersionInfoW, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, WaitForSingleObject, WaitForSingleObjectEx, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte |
api-ms-win-crt-locale-l1-1-0.dll | ___lc_codepage_func, ___mb_cur_max_func, __pctype_func, _configthreadlocale, _create_locale, _free_locale, localeconv, setlocale |
api-ms-win-crt-time-l1-1-0.dll | __daylight, __timezone, __tzname, _strftime_l, _tzset |
api-ms-win-crt-multibyte-l1-1-0.dll | _mbtowc_l |
api-ms-win-crt-heap-l1-1-0.dll | _set_new_mode |
Name | Ordinal | Address |
---|---|---|
HeapAlloc | 1 | 0x18000ba00 |
HeapFree | 2 | 0x18000ba40 |
HeapReAlloc | 3 | 0x18000ba20 |
MOZ_CrashPrintf | 4 | 0x18008aa3c |
MozDescribeCodeAddress | 5 | 0x1800532b0 |
MozFormatCodeAddress | 6 | 0x180053630 |
MozFormatCodeAddressDetails | 7 | 0x1800535a0 |
MozStackWalk | 8 | 0x180053070 |
MozWalkTheStack | 9 | 0x180053780 |
MozWalkTheStackWithWriter | 10 | 0x180053990 |
_Z18MozStackWalkThreadPFvjPvS_S_EjS_S_P8_CONTEXT | 11 | 0x180052de0 |
_Z19mozalloc_handle_oomy | 12 | 0x18000ba90 |
_Z21RegisterJitCodeRegionPhy | 13 | 0x180052d30 |
_Z23DllBlocklist_Initializej | 14 | 0x18000c1a0 |
_Z23DllBlocklist_WriteNotesRN13CrashReporter16AnnotationWriterE | 15 | 0x18000ccb0 |
_Z23UnregisterJitCodeRegionPhy | 16 | 0x180052d80 |
_Z24DllBlocklist_CheckStatusv | 17 | 0x18000ccc0 |
_Z31DllBlocklist_SetFullDllServicesPN7mozilla4glue6detail15DllServicesBaseE | 18 | 0x18000cce0 |
_Z32DllBlocklist_SetBasicDllServicesPN7mozilla4glue6detail15DllServicesBaseE | 19 | 0x18000cd40 |
_ZN17double_conversion23DoubleToStringConverter13DoubleToAsciiEdNS0_8DtoaModeEiPciPbPiS4_ | 20 | 0x180092000 |
_ZN17double_conversion23DoubleToStringConverter19EcmaScriptConverterEv | 21 | 0x180091780 |
_ZN24AutoSuppressStackWalkingC1Ev | 22 | 0x180052d10 |
_ZN24AutoSuppressStackWalkingC2Ev | 23 | 0x180052d10 |
_ZN24AutoSuppressStackWalkingD1Ev | 24 | 0x180052d20 |
_ZN24AutoSuppressStackWalkingD2Ev | 25 | 0x180052d20 |
_ZN5blink7Decimal10fromDoubleEd | 26 | 0x180057b30 |
_ZN5blink7Decimal10fromStringERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEE | 27 | 0x180057c00 |
_ZN5blink7Decimal13alignOperandsERKS0_S2_ | 28 | 0x180056fd0 |
_ZN5blink7Decimal3nanEv | 29 | 0x180056fb0 |
_ZN5blink7Decimal4zeroENS0_4SignE | 30 | 0x180057280 |
_ZN5blink7Decimal8infinityENS0_4SignE | 31 | 0x180057260 |
_ZN5blink7DecimalC1ENS0_4SignEiy | 32 | 0x1800563f0 |
_ZN5blink7DecimalC1ERKNS0_11EncodedDataE | 33 | 0x1800564b0 |
_ZN5blink7DecimalC1ERKS0_ | 34 | 0x1800564c0 |
_ZN5blink7DecimalC1Ei | 35 | 0x1800563c0 |
_ZN5blink7DecimalC2ENS0_4SignEiy | 36 | 0x1800563f0 |
_ZN5blink7DecimalC2ERKNS0_11EncodedDataE | 37 | 0x1800564b0 |
_ZN5blink7DecimalC2ERKS0_ | 38 | 0x1800564c0 |
_ZN5blink7DecimalC2Ei | 39 | 0x1800563c0 |
_ZN5blink7DecimalaSERKS0_ | 40 | 0x1800564d0 |
_ZN5blink7DecimaldVERKS0_ | 41 | 0x180056c50 |
_ZN5blink7DecimalmIERKS0_ | 42 | 0x180056710 |
_ZN5blink7DecimalmLERKS0_ | 43 | 0x180056960 |
_ZN5blink7DecimalpLERKS0_ | 44 | 0x1800564e0 |
_ZN7mozilla11Compression26LZ4FrameCompressionContext14EndCompressingEv | 45 | 0x18008af20 |
_ZN7mozilla11Compression26LZ4FrameCompressionContext16BeginCompressingENS_4SpanIcLy18446744073709551615EEE | 46 | 0x18008ad30 |
_ZN7mozilla11Compression26LZ4FrameCompressionContext19ContinueCompressingENS_4SpanIKcLy18446744073709551615EEE | 47 | 0x18008ae30 |
_ZN7mozilla11Compression26LZ4FrameCompressionContextC1Eiybb | 48 | 0x18008ac50 |
_ZN7mozilla11Compression26LZ4FrameCompressionContextC2Eiybb | 49 | 0x18008ac50 |
_ZN7mozilla11Compression26LZ4FrameCompressionContextD1Ev | 50 | 0x18008ad20 |
_ZN7mozilla11Compression26LZ4FrameCompressionContextD2Ev | 51 | 0x18008ad20 |
_ZN7mozilla11Compression28LZ4FrameDecompressionContext10DecompressENS_4SpanIcLy18446744073709551615EEENS2_IKcLy18446744073709551615EEE | 52 | 0x18008b000 |
_ZN7mozilla11Compression28LZ4FrameDecompressionContextC1Eb | 53 | 0x18008afb0 |
_ZN7mozilla11Compression28LZ4FrameDecompressionContextC2Eb | 54 | 0x18008afb0 |
_ZN7mozilla11Compression28LZ4FrameDecompressionContextD1Ev | 55 | 0x18008aff0 |
_ZN7mozilla11Compression28LZ4FrameDecompressionContextD2Ev | 56 | 0x18008aff0 |
_ZN7mozilla11Compression3LZ410decompressEPKcyPcyPy | 57 | 0x18008abe0 |
_ZN7mozilla11Compression3LZ417decompressPartialEPKcyPcyPy | 58 | 0x18008ac10 |
_ZN7mozilla11Compression3LZ421compressLimitedOutputEPKcyPcy | 59 | 0x18008abc0 |
_ZN7mozilla11Compression3LZ48compressEPKcyPc | 60 | 0x18008ab80 |
_ZN7mozilla11sse_private11aes_enabledE | 61 | 0x180156890 |
_ZN7mozilla11sse_private11avx_enabledE | 62 | 0x180156891 |
_ZN7mozilla11sse_private12avx2_enabledE | 63 | 0x180156892 |
_ZN7mozilla11sse_private12sse3_enabledE | 64 | 0x180156893 |
_ZN7mozilla11sse_private13sse4a_enabledE | 65 | 0x180156894 |
_ZN7mozilla11sse_private13ssse3_enabledE | 66 | 0x180156895 |
_ZN7mozilla11sse_private14sse4_1_enabledE | 67 | 0x180156896 |
_ZN7mozilla11sse_private14sse4_2_enabledE | 68 | 0x180156897 |
_ZN7mozilla12MarkerSchema18FormatToStringSpanENS0_6FormatE | 69 | 0x180022370 |
_ZN7mozilla12MarkerSchema20LocationToStringSpanENS0_8LocationE | 70 | 0x180022310 |
_ZN7mozilla12PrintfTarget12appendIntDecEi | 71 | 0x180050ef0 |
_ZN7mozilla12PrintfTarget12appendIntDecEj | 72 | 0x1800510e0 |
_ZN7mozilla12PrintfTarget12appendIntDecEx | 73 | 0x180051340 |
_ZN7mozilla12PrintfTarget12appendIntDecEy | 74 | 0x180051560 |
_ZN7mozilla12PrintfTarget12appendIntHexEj | 75 | 0x180051280 |
_ZN7mozilla12PrintfTarget12appendIntHexEy | 76 | 0x180051720 |
_ZN7mozilla12PrintfTarget12appendIntOctEj | 77 | 0x1800511c0 |
_ZN7mozilla12PrintfTarget12appendIntOctEy | 78 | 0x180051650 |
_ZN7mozilla12PrintfTarget5printEPKcz | 79 | 0x180052c90 |
_ZN7mozilla12PrintfTarget6vprintEPKcPc | 80 | 0x180051b80 |
_ZN7mozilla12PrintfTargetC2Ev | 81 | 0x180051b60 |
_ZN7mozilla12RandomUint64Ev | 82 | 0x18008b240 |
_ZN7mozilla12baseprofiler13profiler_initEPv | 83 | 0x180027370 |
_ZN7mozilla12baseprofiler13profiler_stopEv | 84 | 0x18002c820 |
_ZN7mozilla12baseprofiler13profiler_timeEv | 85 | 0x18002cbe0 |
_ZN7mozilla12baseprofiler14ProfilingStack18ensureCapacitySlowEv | 86 | 0x1800234d6 |
_ZN7mozilla12baseprofiler14ProfilingStackD1Ev | 87 | 0x180023490 |
_ZN7mozilla12baseprofiler14ProfilingStackD2Ev | 88 | 0x180023490 |
_ZN7mozilla12baseprofiler14profiler_pauseEv | 89 | 0x18002ca60 |
_ZN7mozilla12baseprofiler14profiler_startENS_10PowerOfTwoIjEEdjPPKcjRKNS_5MaybeIdEE | 90 | 0x18002c3b0 |
_ZN7mozilla12baseprofiler15profiler_resumeEv | 91 | 0x18002cce0 |
_ZN7mozilla12baseprofiler17AddMarkerToBufferINS0_7markers10TextMarkerEJNSt3__112basic_stringIcNS4_11char_traitsIcEENS4_9allocatorIcEEEEEEENS_23ProfileBufferBlockIndexERNS_20ProfileChunkedBufferERKNS_18ProfilerStringViewIcEERKNS_14MarkerCategoryEONS_13MarkerOptionsET_DpRKT0_ | 92 | 0x180022540 |
_ZN7mozilla12baseprofiler17AddMarkerToBufferINS0_7markers9NoPayloadEJEEENS_23ProfileBufferBlockIndexERNS_20ProfileChunkedBufferERKNS_18ProfilerStringViewIcEERKNS_14MarkerCategoryEONS_13MarkerOptionsET_DpRKT0_ | 93 | 0x180022650 |
_ZN7mozilla12baseprofiler17AutoProfilerLabel17GetProfilingStackEv | 94 | 0x180023a80 |
_ZN7mozilla12baseprofiler17UniqueJSONStrings13GetOrAddIndexERKNS_4SpanIKcLy18446744073709551615EEE | 95 | 0x18001f1d0 |
_ZN7mozilla12baseprofiler17UniqueJSONStrings25SpliceStringTableElementsERNS0_20SpliceableJSONWriterE | 96 | 0x18001f1b0 |
_ZN7mozilla12baseprofiler17UniqueJSONStringsC1ENS_10JSONWriter15CollectionStyleE | 97 | 0x18001eb20 |
_ZN7mozilla12baseprofiler17UniqueJSONStringsC1ERKS1_NS_10JSONWriter15CollectionStyleE | 98 | 0x18001ec00 |
_ZN7mozilla12baseprofiler17UniqueJSONStringsC2ENS_10JSONWriter15CollectionStyleE | 99 | 0x18001eb20 |
_ZN7mozilla12baseprofiler17UniqueJSONStringsC2ERKS1_NS_10JSONWriter15CollectionStyleE | 100 | 0x18001ec00 |
_ZN7mozilla12baseprofiler17UniqueJSONStringsD1Ev | 101 | 0x18001f150 |
_ZN7mozilla12baseprofiler17UniqueJSONStringsD2Ev | 102 | 0x18001f150 |
_ZN7mozilla12baseprofiler17profiler_shutdownEv | 103 | 0x180029cb0 |
_ZN7mozilla12baseprofiler18profiler_is_pausedEv | 104 | 0x18002c9d0 |
_ZN7mozilla12baseprofiler20profiler_get_profileEdbb | 105 | 0x18002a9b0 |
_ZN7mozilla12baseprofiler20profiler_thread_wakeEv | 106 | 0x18002eb50 |
_ZN7mozilla12baseprofiler21profiler_thread_sleepEv | 107 | 0x18002eaf0 |
_ZN7mozilla12baseprofiler22profiler_add_js_markerEPKcS2_ | 108 | 0x18002f0c0 |
_ZN7mozilla12baseprofiler22profiler_get_backtraceEv | 109 | 0x18002ef20 |
_ZN7mozilla12baseprofiler22profiler_register_pageEyyRKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEy | 110 | 0x18002e1a0 |
_ZN7mozilla12baseprofiler22scProfilerMainThreadIdE | 111 | 0x1801568d8 |
_ZN7mozilla12baseprofiler23profiler_ensure_startedENS_10PowerOfTwoIjEEdjPPKcjRKNS_5MaybeIdEE | 112 | 0x18002c570 |
_ZN7mozilla12baseprofiler23profiler_feature_activeEj | 113 | 0x18002d210 |
_ZN7mozilla12baseprofiler23profiler_pause_samplingEv | 114 | 0x18002cf00 |
_ZN7mozilla12baseprofiler24profiler_get_buffer_infoEv | 115 | 0x18002c2c0 |
_ZN7mozilla12baseprofiler24profiler_get_core_bufferEv | 116 | 0x1800239a0 |
_ZN7mozilla12baseprofiler24profiler_register_threadEPKcPv | 117 | 0x18002d540 |
_ZN7mozilla12baseprofiler24profiler_resume_samplingEv | 118 | 0x18002d080 |
_ZN7mozilla12baseprofiler24profiler_unregister_pageEy | 119 | 0x18002e6e0 |
_ZN7mozilla12baseprofiler25profiler_get_start_paramsEPiPNS_5MaybeIdEEPdPjPNS_6VectorIPKcLy0ENS_17MallocAllocPolicyEEE | 120 | 0x18002b480 |
_ZN7mozilla12baseprofiler25profiler_set_process_nameERKNSt3__112basic_stringIcNS1_11char_traitsIcEENS1_9allocatorIcEEEEPS8_ | 121 | 0x18002a860 |
_ZN7mozilla12baseprofiler26profiler_capture_backtraceEv | 122 | 0x18002eca0 |
_ZN7mozilla12baseprofiler26profiler_current_thread_idEv | 123 | 0x180024310 |
_ZN7mozilla12baseprofiler26profiler_unregister_threadEv | 124 | 0x18002da30 |
_ZN7mozilla12baseprofiler27ProfilerBacktraceDestructorclEPNS0_17ProfilerBacktraceE | 125 | 0x18002f000 |
_ZN7mozilla12baseprofiler27profiler_current_process_idEv | 126 | 0x180021000 |
_ZN7mozilla12baseprofiler27profiler_is_sampling_pausedEv | 127 | 0x18002ce70 |
_ZN7mozilla12baseprofiler27profiler_thread_is_sleepingEv | 128 | 0x18002ec10 |
_ZN7mozilla12baseprofiler28GetProfilingCategoryPairInfoENS0_21ProfilingCategoryPairE | 129 | 0x18001e280 |
_ZN7mozilla12baseprofiler28InitializeWin64ProfilerHooksEv | 130 | 0x180026d00 |
_ZN7mozilla12baseprofiler28profiler_add_sampled_counterEPNS0_17BaseProfilerCountE | 131 | 0x18002d260 |
_ZN7mozilla12baseprofiler29profiler_save_profile_to_fileEPKc | 132 | 0x18002c120 |
_ZN7mozilla12baseprofiler31profiler_capture_backtrace_intoERNS_20ProfileChunkedBufferENS_19StackCaptureOptionsE | 133 | 0x180022b10 |
_ZN7mozilla12baseprofiler31profiler_get_available_featuresEv | 134 | 0x18002c280 |
_ZN7mozilla12baseprofiler31profiler_remove_sampled_counterEPNS0_17BaseProfilerCountE | 135 | 0x18002d3b0 |
_ZN7mozilla12baseprofiler33GetProfilerEnvVarsForChildProcessEONSt3__18functionIFvPKcS4_EEE | 136 | 0x18002b670 |
_ZN7mozilla12baseprofiler34profiler_suspend_and_sample_threadEijRNS0_22ProfilerStackCollectorEb | 137 | 0x18002f350 |
_ZN7mozilla12baseprofiler37profiler_stream_json_for_this_processERNS0_20SpliceableJSONWriterEdbb | 138 | 0x180024180 |
_ZN7mozilla12baseprofiler6detail12RacyFeatures11SetInactiveEv | 139 | 0x1800239c0 |
_ZN7mozilla12baseprofiler6detail12RacyFeatures11SetUnpausedEv | 140 | 0x1800239f0 |
_ZN7mozilla12baseprofiler6detail12RacyFeatures17SetSamplingPausedEv | 141 | 0x180023a00 |
_ZN7mozilla12baseprofiler6detail12RacyFeatures19IsActiveAndUnpausedEv | 142 | 0x180023a40 |
_ZN7mozilla12baseprofiler6detail12RacyFeatures19IsActiveWithFeatureEj | 143 | 0x180023a20 |
_ZN7mozilla12baseprofiler6detail12RacyFeatures19SetSamplingUnpausedEv | 144 | 0x180023a10 |
_ZN7mozilla12baseprofiler6detail12RacyFeatures27IsActiveAndSamplingUnpausedEv | 145 | 0x180023a60 |
_ZN7mozilla12baseprofiler6detail12RacyFeatures8IsActiveEv | 146 | 0x1800239d0 |
_ZN7mozilla12baseprofiler6detail12RacyFeatures9SetActiveEj | 147 | 0x1800239b0 |
_ZN7mozilla12baseprofiler6detail12RacyFeatures9SetPausedEv | 148 | 0x1800239e0 |
_ZN7mozilla12baseprofiler6detail21IsThreadBeingProfiledEv | 149 | 0x18002ebb0 |
_ZN7mozilla12baseprofiler9AddMarkerINS0_7markers10TextMarkerEJNSt3__112basic_stringIcNS4_11char_traitsIcEENS4_9allocatorIcEEEEEEENS_23ProfileBufferBlockIndexERKNS_18ProfilerStringViewIcEERKNS_14MarkerCategoryEONS_13MarkerOptionsET_DpRKT0_ | 150 | 0x1800223d0 |
_ZN7mozilla14AwakeTimeStamp8NowLoResEv | 151 | 0x180048670 |
_ZN7mozilla14AwakeTimeStampmIERKNS_17AwakeTimeDurationE | 152 | 0x180048660 |
_ZN7mozilla14AwakeTimeStamppLERKNS_17AwakeTimeDurationE | 153 | 0x180048650 |
_ZN7mozilla14TimeStampValueC1Eyybb | 154 | 0x180053f60 |
_ZN7mozilla14TimeStampValueC2Eyybb | 155 | 0x180053f60 |
_ZN7mozilla14TimeStampValuemIEx | 156 | 0x180053fa0 |
_ZN7mozilla14TimeStampValuepLEx | 157 | 0x180053f80 |
_ZN7mozilla15CacheNtDllThunkEv | 158 | 0x180013fc0 |
_ZN7mozilla15ProcessUptimeMsEv | 159 | 0x180054cd0 |
_ZN7mozilla16InitializeUptimeEv | 160 | 0x180054a80 |
_ZN7mozilla16IsEafPlusEnabledEv | 161 | 0x180055880 |
_ZN7mozilla17AwakeTimeDurationC1Ev | 162 | 0x180048500 |
_ZN7mozilla17AwakeTimeDurationC2Ev | 163 | 0x1800484f0 |
_ZN7mozilla17AwakeTimeDurationmIERKS0_ | 164 | 0x180048540 |
_ZN7mozilla17AwakeTimeDurationpLERKS0_ | 165 | 0x180048510 |
_ZN7mozilla17RandomUint64OrDieEv | 166 | 0x18008b2b0 |
_ZN7mozilla18IsWin32kLockedDownEv | 167 | 0x1800556a0 |
_ZN7mozilla19GetCachedNtDllThunkEv | 168 | 0x1800145b0 |
_ZN7mozilla19MapRemoteViewOfFileEPvS0_yS0_ymm | 169 | 0x180055130 |
_ZN7mozilla21CleanupProcessRuntimeEv | 170 | 0x18004eca0 |
_ZN7mozilla21FramePointerStackWalkEPFvjPvS0_S0_EjS0_PS0_S0_ | 171 | 0x180053520 |
_ZN7mozilla21IsDynamicCodeDisabledEv | 172 | 0x180055790 |
_ZN7mozilla21UnmapRemoteViewOfFileEPvS0_ | 173 | 0x180055360 |
_ZN7mozilla22IsFloat32RepresentableEd | 174 | 0x18008b0e0 |
_ZN7mozilla24WindowsDpiInitializationEv | 175 | 0x180054e80 |
_ZN7mozilla26GetPreXULSkeletonUIEnabledEv | 176 | 0x18004f4b0 |
_ZN7mozilla26PollPreXULSkeletonUIEventsEv | 177 | 0x18004fc00 |
_ZN7mozilla26SetPreXULSkeletonUIThemeIdENS_9ThemeModeE | 178 | 0x18004f9e0 |
_ZN7mozilla27GetPreXULSkeletonUIWasShownEv | 179 | 0x18004ed00 |
_ZN7mozilla28WasPreXULSkeletonUIMaximizedEv | 180 | 0x18004ecf0 |
_ZN7mozilla28base_profiler_markers_detail9Streaming18DeserializerForTagEh | 181 | 0x180021780 |
_ZN7mozilla28base_profiler_markers_detail9Streaming24MarkerTypeFunctionsArrayEv | 182 | 0x1800217d0 |
_ZN7mozilla28base_profiler_markers_detail9Streaming25TagForMarkerTypeFunctionsEPFvRNS_24ProfileBufferEntryReaderERNS_12baseprofiler20SpliceableJSONWriterEEPFNS_4SpanIKcLy18446744073709551615EEEvEPFNS_12MarkerSchemaEvE | 183 | 0x1800216a0 |
_ZN7mozilla29BaseTimeDurationPlatformUtils17ResolutionInTicksEv | 184 | 0x180054200 |
_ZN7mozilla29BaseTimeDurationPlatformUtils18ToSecondsSigDigitsEx | 185 | 0x180054140 |
_ZN7mozilla29BaseTimeDurationPlatformUtils21TicksFromMillisecondsEd | 186 | 0x1800541a0 |
_ZN7mozilla29BaseTimeDurationPlatformUtils9ToSecondsEx | 187 | 0x180054100 |
_ZN7mozilla29ConsumePreXULSkeletonUIHandleEv | 188 | 0x18004ed10 |
_ZN7mozilla29PersistPreXULSkeletonUIValuesERKNS_18SkeletonUISettingsE | 189 | 0x18004edd0 |
_ZN7mozilla30CreateAndStorePreXULSkeletonUIEP11HINSTANCE__iPPc | 190 | 0x18004cd90 |
_ZN7mozilla30GetPreXULSkeletonUIErrorReasonEv | 191 | 0x18004edc0 |
_ZN7mozilla30NotePreXULSkeletonUIRestartingEv | 192 | 0x18004fc80 |
_ZN7mozilla30RegisterProfilerLabelEnterExitEPFPvPKcS2_S0_EPFvS0_E | 193 | 0x1800482a0 |
_ZN7mozilla31ProcessUptimeExcludingSuspendMsEv | 194 | 0x180054d70 |
_ZN7mozilla34GetQueryPerformanceFrequencyPerSecEv | 195 | 0x180053f50 |
_ZN7mozilla35SetPreXULSkeletonUIEnabledIfAllowedEb | 196 | 0x18004f4c0 |
_ZN7mozilla5mscom14ActCtxResource24GetAccessibilityResourceEv | 197 | 0x1800592c0 |
_ZN7mozilla5mscom6detail21EndProcessRuntimeInitEv | 198 | 0x1800593c0 |
_ZN7mozilla5mscom6detail23BeginProcessRuntimeInitEv | 199 | 0x1800593a0 |
_ZN7mozilla6UnusedE | 200 | 0x180123220 |
_ZN7mozilla6detail11IsValidUtf8EPKvy | 201 | 0x18008c500 |
_ZN7mozilla6detail14gChaosFeaturesE | 202 | 0x180158178 |
_ZN7mozilla6detail15gTwoCharEscapesE | 203 | 0x1801230e0 |
_ZN7mozilla6detail17FileHandleDeleterclENS0_16FileHandleHelperE | 204 | 0x18008c4e0 |
_ZN7mozilla6detail17gChaosModeCounterE | 205 | 0x18015817c |
_ZN7mozilla6detail21ConditionVariableImpl10notify_allEv | 206 | 0x1800486f0 |
_ZN7mozilla6detail21ConditionVariableImpl10notify_oneEv | 207 | 0x1800486e0 |
_ZN7mozilla6detail21ConditionVariableImpl4waitERNS0_9MutexImplE | 208 | 0x180048700 |
_ZN7mozilla6detail21ConditionVariableImpl8wait_forERNS0_9MutexImplERKNS_16BaseTimeDurationINS_27TimeDurationValueCalculatorEEE | 209 | 0x180048760 |
_ZN7mozilla6detail21ConditionVariableImplC1Ev | 210 | 0x1800486d0 |
_ZN7mozilla6detail21ConditionVariableImplC2Ev | 211 | 0x1800486d0 |
_ZN7mozilla6detail21ConditionVariableImplD1Ev | 212 | 0x180048890 |
_ZN7mozilla6detail21ConditionVariableImplD2Ev | 213 | 0x180048890 |
_ZN7mozilla6detail9MutexImpl4lockEv | 214 | 0x180048980 |
_ZN7mozilla6detail9MutexImpl6unlockEv | 215 | 0x1800489d0 |
_ZN7mozilla6detail9MutexImpl7tryLockEv | 216 | 0x180048990 |
_ZN7mozilla6detail9MutexImplC1Ev | 217 | 0x180048950 |
_ZN7mozilla6detail9MutexImplC2Ev | 218 | 0x180048950 |
_ZN7mozilla6detail9MutexImplD1Ev | 219 | 0x180048970 |
_ZN7mozilla6detail9MutexImplD2Ev | 220 | 0x180048970 |
_ZN7mozilla6xgetbvEj | 221 | 0x1800013f0 |
_ZN7mozilla7SHA1Sum6finishERA20_h | 222 | 0x18008c430 |
_ZN7mozilla7SHA1Sum6updateEPKvj | 223 | 0x18008b350 |
_ZN7mozilla7SHA1SumC1Ev | 224 | 0x18008b320 |
_ZN7mozilla7SHA1SumC2Ev | 225 | 0x18008b320 |
_ZN7mozilla9HashBytesEPKvy | 226 | 0x18008b130 |
_ZN7mozilla9TimeStamp11NowUnfuzzedEb | 227 | 0x180054870 |
_ZN7mozilla9TimeStamp12NowFuzzyTimeEv | 228 | 0x180053e70 |
_ZN7mozilla9TimeStamp15ProcessCreationEPb | 229 | 0x180053b70 |
_ZN7mozilla9TimeStamp15UpdateFuzzyTimeEx | 230 | 0x180053e80 |
_ZN7mozilla9TimeStamp18GetFuzzyfoxEnabledEv | 231 | 0x180053b40 |
_ZN7mozilla9TimeStamp18SetFuzzyfoxEnabledEb | 232 | 0x180053b50 |
_ZN7mozilla9TimeStamp20ComputeProcessUptimeEv | 233 | 0x180054940 |
_ZN7mozilla9TimeStamp20RecordProcessRestartEv | 234 | 0x180053d80 |
_ZN7mozilla9TimeStamp20UpdateFuzzyTimeStampES0_ | 235 | 0x180053e50 |
_ZN7mozilla9TimeStamp3NowEb | 236 | 0x180054790 |
_ZN7mozilla9TimeStamp7StartupEv | 237 | 0x180054210 |
_ZN7mozilla9TimeStamp8NowFuzzyENS_14TimeStampValueE | 238 | 0x180053da0 |
_ZN7mozilla9TimeStamp8ShutdownEv | 239 | 0x1800546c0 |
_ZNK17double_conversion23DoubleToStringConverter11ToPrecisionEdiPNS_13StringBuilderE | 240 | 0x180092720 |
_ZNK17double_conversion23DoubleToStringConverter13ToExponentialEdiPNS_13StringBuilderE | 241 | 0x180092420 |
_ZNK17double_conversion23DoubleToStringConverter19HandleSpecialValuesEdPNS_13StringBuilderE | 242 | 0x180091800 |
_ZNK17double_conversion23DoubleToStringConverter20ToShortestIeeeNumberEdPNS_13StringBuilderENS0_8DtoaModeE | 243 | 0x180091ea0 |
_ZNK17double_conversion23DoubleToStringConverter27CreateDecimalRepresentationEPKciiiPNS_13StringBuilderE | 244 | 0x180091b20 |
_ZNK17double_conversion23DoubleToStringConverter31CreateExponentialRepresentationEPKciiPNS_13StringBuilderE | 245 | 0x1800918b0 |
_ZNK17double_conversion23DoubleToStringConverter7ToFixedEdiPNS_13StringBuilderE | 246 | 0x180092220 |
_ZNK5blink7Decimal3absEv | 247 | 0x180057710 |
_ZNK5blink7Decimal4ceilEv | 248 | 0x180057730 |
_ZNK5blink7Decimal5floorEv | 249 | 0x180057940 |
_ZNK5blink7Decimal5roundEv | 250 | 0x180058190 |
_ZNK5blink7Decimal8toDoubleEv | 251 | 0x1800582e0 |
_ZNK5blink7Decimal8toStringEPcy | 252 | 0x180058950 |
_ZNK5blink7Decimal8toStringEv | 253 | 0x180058450 |
_ZNK5blink7Decimal9compareToERKS0_ | 254 | 0x180057330 |
_ZNK5blink7Decimal9remainderERKS0_ | 255 | 0x1800580d0 |
_ZNK5blink7DecimaldvERKS0_ | 256 | 0x180056cb0 |
_ZNK5blink7DecimaleqERKS0_ | 257 | 0x1800572a0 |
_ZNK5blink7DecimalgeERKS0_ | 258 | 0x180057660 |
_ZNK5blink7DecimalgtERKS0_ | 259 | 0x1800575e0 |
_ZNK5blink7DecimalleERKS0_ | 260 | 0x180057530 |
_ZNK5blink7DecimalltERKS0_ | 261 | 0x1800574b0 |
_ZNK5blink7DecimalmiERKS0_ | 262 | 0x180056770 |
_ZNK5blink7DecimalmlERKS0_ | 263 | 0x1800569c0 |
_ZNK5blink7DecimalneERKS0_ | 264 | 0x180057400 |
_ZNK5blink7DecimalngEv | 265 | 0x180056f70 |
_ZNK5blink7DecimalplERKS0_ | 266 | 0x180056540 |
_ZNK7mozilla12baseprofiler10ThreadInfo6AddRefEv | 267 | 0x18001f530 |
_ZNK7mozilla12baseprofiler10ThreadInfo7ReleaseEv | 268 | 0x18001f540 |
_ZNK7mozilla12baseprofiler15PageInformation6AddRefEv | 269 | 0x18001bf60 |
_ZNK7mozilla12baseprofiler15PageInformation7ReleaseEv | 270 | 0x18001bf70 |
_ZNK7mozilla14AwakeTimeStampeqERKS0_ | 271 | 0x1800484d0 |
_ZNK7mozilla14AwakeTimeStampgeERKS0_ | 272 | 0x1800484b0 |
_ZNK7mozilla14AwakeTimeStampgtERKS0_ | 273 | 0x1800484c0 |
_ZNK7mozilla14AwakeTimeStampleERKS0_ | 274 | 0x1800484a0 |
_ZNK7mozilla14AwakeTimeStampltERKS0_ | 275 | 0x180048490 |
_ZNK7mozilla14AwakeTimeStampmiERKS0_ | 276 | 0x180048630 |
_ZNK7mozilla14AwakeTimeStampneERKS0_ | 277 | 0x1800484e0 |
_ZNK7mozilla14AwakeTimeStampplERKNS_17AwakeTimeDurationE | 278 | 0x180048640 |
_ZNK7mozilla14TimeStampValue8CheckQPCERKS0_ | 279 | 0x180053fc0 |
_ZNK7mozilla14TimeStampValuemiERKS0_ | 280 | 0x1800540e0 |
_ZNK7mozilla17AwakeTimeDuration14ToMicrosecondsEv | 281 | 0x180048610 |
_ZNK7mozilla17AwakeTimeDuration14ToMillisecondsEv | 282 | 0x1800485e0 |
_ZNK7mozilla17AwakeTimeDuration9ToSecondsEv | 283 | 0x1800485b0 |
_ZNK7mozilla17AwakeTimeDurationeqERKS0_ | 284 | 0x180048590 |
_ZNK7mozilla17AwakeTimeDurationgeERKS0_ | 285 | 0x180048570 |
_ZNK7mozilla17AwakeTimeDurationgtERKS0_ | 286 | 0x180048580 |
_ZNK7mozilla17AwakeTimeDurationleERKS0_ | 287 | 0x180048560 |
_ZNK7mozilla17AwakeTimeDurationltERKS0_ | 288 | 0x180048550 |
_ZNK7mozilla17AwakeTimeDurationmiERKS0_ | 289 | 0x180048530 |
_ZNK7mozilla17AwakeTimeDurationneERKS0_ | 290 | 0x1800485a0 |
_ZNK7mozilla17AwakeTimeDurationplERKS0_ | 291 | 0x180048520 |
_ZNO7mozilla12MarkerSchema6StreamERNS_10JSONWriterERKNS_4SpanIKcLy18446744073709551615EEE | 292 | 0x1800217f0 |
_aligned_free | 293 | 0x1800045a0 |
_aligned_malloc | 294 | 0x180005d50 |
_expand | 295 | 0x180005a40 |
_msize | 296 | 0x180005af0 |
_recalloc | 297 | 0x180005900 |
_strdup | 298 | 0x180005c50 |
_wcsdup | 299 | 0x180005cd0 |
calloc | 300 | 0x180004500 |
free | 301 | 0x1800045a0 |
gMozCrashReason | 302 | 0x180158500 |
gMozillaPoisonBase | 303 | 0x180158508 |
gMozillaPoisonSize | 304 | 0x180158510 |
gMozillaPoisonValue | 305 | 0x180158518 |
gOOMAllocationSize | 306 | 0x180158520 |
jemalloc_free_dirty_pages | 307 | 0x1800050e0 |
jemalloc_ptr_info | 308 | 0x1800052a0 |
jemalloc_purge_freed_pages | 309 | 0x1800050d0 |
jemalloc_stats_internal | 310 | 0x180004b30 |
jemalloc_thread_local_arena | 311 | 0x180005250 |
malloc | 312 | 0x1800044b0 |
malloc_good_size | 313 | 0x180004aa0 |
malloc_usable_size | 314 | 0x1800049c0 |
moz_arena_calloc | 315 | 0x180005490 |
moz_arena_free | 316 | 0x180005670 |
moz_arena_malloc | 317 | 0x1800053b0 |
moz_arena_memalign | 318 | 0x1800057c0 |
moz_arena_realloc | 319 | 0x180005580 |
moz_create_arena_with_params | 320 | 0x1800052b0 |
moz_dispose_arena | 321 | 0x1800052e0 |
moz_malloc_enclosing_size_of | 322 | 0x18000bcb0 |
moz_malloc_size_of | 323 | 0x18000bca0 |
moz_malloc_usable_size | 324 | 0x18000bc90 |
moz_xcalloc | 325 | 0x18000bb10 |
moz_xmalloc | 326 | 0x18000ba60 |
moz_xmemalign | 327 | 0x18000bc50 |
moz_xmemdup | 328 | 0x18000bc00 |
moz_xrealloc | 329 | 0x18000bb50 |
moz_xstrdup | 330 | 0x18000bb80 |
mozalloc_abort | 331 | 0x18000b9a0 |
posix_memalign | 332 | 0x1800046d0 |
realloc | 333 | 0x180004550 |
strdup | 334 | 0x180005c50 |
strndup | 335 | 0x180005bd0 |
wcsdup | 336 | 0x180005cd0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 01:27:54 |
Start date: | 28/05/2024 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff743eb0000 |
File size: | 165'888 bytes |
MD5 hash: | 763455F9DCB24DFEECC2B9D9F8D46D52 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 01:27:54 |
Start date: | 28/05/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 01:27:55 |
Start date: | 28/05/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 01:27:55 |
Start date: | 28/05/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff605d10000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 01:27:55 |
Start date: | 28/05/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff605d10000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 01:27:55 |
Start date: | 28/05/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7b0d10000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 01:27:55 |
Start date: | 28/05/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7b0d10000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 01:27:58 |
Start date: | 28/05/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff605d10000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 01:27:58 |
Start date: | 28/05/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7b0d10000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 14 |
Start time: | 01:28:01 |
Start date: | 28/05/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff605d10000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 16 |
Start time: | 01:28:01 |
Start date: | 28/05/2024 |
Path: | C:\Windows\System32\WerFault.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7b0d10000 |
File size: | 570'736 bytes |
MD5 hash: | FD27D9F6D02763BDE32511B5DF7FF7A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Function 00007FFDFF1B2EF0 Relevance: 135.6, APIs: 63, Strings: 14, Instructions: 843libraryencryptionloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1ABE80 Relevance: 132.1, APIs: 63, Strings: 12, Instructions: 842stringlibraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1F30A0 Relevance: 59.8, APIs: 29, Strings: 5, Instructions: 336stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A5DF0 Relevance: 59.2, APIs: 31, Strings: 2, Instructions: 1440memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1D3A10 Relevance: 50.2, APIs: 9, Strings: 19, Instructions: 1189COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AE170 Relevance: 49.3, APIs: 26, Strings: 2, Instructions: 277COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A2240 Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 274memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1BA8C0 Relevance: 41.2, APIs: 17, Strings: 6, Instructions: 903librarystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A80A0 Relevance: 35.3, APIs: 15, Strings: 5, Instructions: 252COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1D1080 Relevance: 28.6, APIs: 5, Strings: 11, Instructions: 619stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1F56A0 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 182libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1BE280 Relevance: 21.6, APIs: 11, Strings: 1, Instructions: 579threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1F4870 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B3FC0 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 259COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1BC830 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 427threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B14C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 173nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B2D10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109nativelibraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AE030 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89nativelibraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AEA70 Relevance: 10.3, APIs: 4, Strings: 1, Instructions: 1524COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A2910 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 412COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B0550 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1BD090 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 255COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AE840 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 158COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B0810 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B8BC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A7A90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1BD430 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 236COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF288700 Relevance: .4, Instructions: 403COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1E5BC0 Relevance: .2, Instructions: 246COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1D5AD0 Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1D5000 Relevance: .2, Instructions: 223COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1E3110 Relevance: .2, Instructions: 213COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1E5FA0 Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1E33E0 Relevance: .2, Instructions: 206COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1ADD20 Relevance: .2, Instructions: 183COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A3EEA Relevance: .1, Instructions: 140COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A76D0 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF287B00 Relevance: 33.4, APIs: 9, Strings: 10, Instructions: 182COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A3AB0 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 245memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1C35B0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 232threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B1150 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 211memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B86F0 Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 290COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A8670 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 174COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1F32B0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 94stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B9310 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A3120 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 137COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1F2E10 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 159threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF287940 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 80COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A7930 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 79COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1C16A0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 72COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF23D020 Relevance: 16.9, APIs: 10, Strings: 1, Instructions: 426COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1BDCE0 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 308COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B7DE0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 112COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A4280 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 98COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1CFC20 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 272COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A230A Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 79memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF2318B0 Relevance: 12.5, APIs: 7, Strings: 1, Instructions: 465COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B9840 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 147COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AE5E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 129memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AA210 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 371COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AADF0 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 370COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A9680 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A8B60 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 320COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B63D0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 262threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1D21A0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 216COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B46B0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 173stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1BC000 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 145COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AB9A0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF28F9E0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 35COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B7570 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 109COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A6010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 217COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A9EB0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 211COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AB690 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 198COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A9370 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 195COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A7C60 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 192COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AAB00 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 183COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B09E0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 165COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A9C90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 138COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AB470 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 138COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A9150 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 138COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AA8D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 137COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B9A40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 136COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF290A60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF239766 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 98COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B5C50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1D0F60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AD070 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF2911B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B8E20 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B8020 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B7F90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF2910A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF291130 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF291030 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF2878D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B9100 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A6610 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A7170 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 21COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B9190 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B2060 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 236COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1ABB10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1BDB30 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 106COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AA780 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A9010 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A9B50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1AB330 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A7020 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A64D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1A6830 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00007FFDFF1B5540 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|