Edit tour
Windows
Analysis Report
5vBN4LO7PH.exe
Overview
General Information
| Sample name: | 5vBN4LO7PH.exerenamed because original name is a hash value |
| Original sample name: | 353aaedc333d9c8c63b741f0183ca0856355f8da.exe |
| Analysis ID: | 1546809 |
| MD5: | 36afcebdc35386cfcc65b675b7788c08 |
| SHA1: | 353aaedc333d9c8c63b741f0183ca0856355f8da |
| SHA256: | 49478ec269d224b2ff1dc745e6ff8053d3040f9c7e0338bb1a2049c380f1f5b9 |
| Tags: | exeReversingLabsuser-NDA0E |
| Infos: | |
 | |
Detection
| Score: | 52 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
5vBN4LO7PH.exe (PID: 4940 cmdline: "C:\Users\ user\Deskt op\5vBN4LO 7PH.exe" MD5: 36AFCEBDC35386CFCC65B675B7788C08)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-11-01T16:05:23.355836+0100 | 2022930 | 1 | A Network Trojan was detected | 20.12.23.50 | 443 | 192.168.2.8 | 49704 | TCP |
| 2024-11-01T16:06:03.835592+0100 | 2022930 | 1 | A Network Trojan was detected | 20.12.23.50 | 443 | 192.168.2.8 | 51270 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_007043C0 | |
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 0_2_00A580B0 | |
| Source: | Code function: | 0_2_00974080 | |
| Source: | Code function: | 0_2_008AC040 | |
| Source: | Code function: | 0_2_0089C050 | |
| Source: | Code function: | 0_2_00840060 | |
| Source: | Code function: | 0_2_008801F0 | |
| Source: | Code function: | 0_2_008B0150 | |
| Source: | Code function: | 0_2_00978170 | |
| Source: | Code function: | 0_2_0075C220 | |
| Source: | Code function: | 0_2_008CC230 | |
| Source: | Code function: | 0_2_00864300 | |
| Source: | Code function: | 0_2_007544D0 | |
| Source: | Code function: | 0_2_0089C470 | |
| Source: | Code function: | 0_2_007EC540 | |
| Source: | Code function: | 0_2_00758590 | |
| Source: | Code function: | 0_2_008D0690 | |
| Source: | Code function: | 0_2_00714640 | |
| Source: | Code function: | 0_2_0079C620 | |
| Source: | Code function: | 0_2_008A4640 | |
| Source: | Code function: | 0_2_00974660 | |
| Source: | Code function: | 0_2_008147EC | |
| Source: | Code function: | 0_2_007707E0 | |
| Source: | Code function: | 0_2_00814730 | |
| Source: | Code function: | 0_2_009188C0 | |
| Source: | Code function: | 0_2_009A8830 | |
| Source: | Code function: | 0_2_00730880 | |
| Source: | Code function: | 0_2_0087C920 | |
| Source: | Code function: | 0_2_00840AF0 | |
| Source: | Code function: | 0_2_00898A20 | |
| Source: | Code function: | 0_2_00A6CA60 | |
| Source: | Code function: | 0_2_008ACA50 | |
| Source: | Code function: | 0_2_00704A80 | |
| Source: | Code function: | 0_2_009B8B90 | |
| Source: | Code function: | 0_2_00974B80 | |
| Source: | Code function: | 0_2_008A0BA0 | |
| Source: | Code function: | 0_2_007DCBFC | |
| Source: | Code function: | 0_2_007DCBF4 | |
| Source: | Code function: | 0_2_008A4B10 | |
| Source: | Code function: | 0_2_007DCBE0 | |
| Source: | Code function: | 0_2_00824B30 | |
| Source: | Code function: | 0_2_00888CB0 | |
| Source: | Code function: | 0_2_007DCC44 | |
| Source: | Code function: | 0_2_0081CCC0 | |
| Source: | Code function: | 0_2_007DCC3C | |
| Source: | Code function: | 0_2_007DCC2C | |
| Source: | Code function: | 0_2_007DCC14 | |
| Source: | Code function: | 0_2_007DCC0C | |
| Source: | Code function: | 0_2_008ECCF0 | |
| Source: | Code function: | 0_2_007DCCC0 | |
| Source: | Code function: | 0_2_007DCCB8 | |
| Source: | Code function: | 0_2_007DCCA8 | |
| Source: | Code function: | 0_2_007DCCA0 | |
| Source: | Code function: | 0_2_007DCC8C | |
| Source: | Code function: | 0_2_007DCC84 | |
| Source: | Code function: | 0_2_007DCD74 | |
| Source: | Code function: | 0_2_007DCC84 | |
| Source: | Code function: | 0_2_007F4D40 | |
| Source: | Code function: | 0_2_00918DF0 | |
| Source: | Code function: | 0_2_00720D10 | |
| Source: | Code function: | 0_2_00800D50 | |
| Source: | Code function: | 0_2_0070CD97 | |
| Source: | Code function: | 0_2_008C4EA0 | |
| Source: | Code function: | 0_2_0081CEC0 | |
| Source: | Code function: | 0_2_007ACE30 | |
| Source: | Code function: | 0_2_00774E20 | |
| Source: | Code function: | 0_2_008C0E10 | |
| Source: | Code function: | 0_2_00984E50 | |
| Source: | Code function: | 0_2_007A0F30 | |
| Source: | Code function: | 0_2_0073CF20 | |
| Source: | Code function: | 0_2_007E4FD0 | |
| Source: | Code function: | 0_2_009BCF70 | |
| Source: | Code function: | 0_2_0074D030 | |
| Source: | Code function: | 0_2_00705010 | |
| Source: | Code function: | 0_2_007550D0 | |
| Source: | Code function: | 0_2_007591F0 | |
| Source: | Code function: | 0_2_009B9110 | |
| Source: | Code function: | 0_2_008B5130 | |
| Source: | Code function: | 0_2_008E5150 | |
| Source: | Code function: | 0_2_007E11A0 | |
| Source: | Code function: | 0_2_00801160 | |
| Source: | Code function: | 0_2_007DD230 | |
| Source: | Code function: | 0_2_00749220 | |
| Source: | Code function: | 0_2_009212E0 | |
| Source: | Code function: | 0_2_00729370 | |
| Source: | Code function: | 0_2_0085D320 | |
| Source: | Code function: | 0_2_008914D0 | |
| Source: | Code function: | 0_2_00825410 | |
| Source: | Code function: | 0_2_007994B0 | |
| Source: | Code function: | 0_2_00751560 | |
| Source: | Code function: | 0_2_008AD5E0 | |
| Source: | Code function: | 0_2_007FD5C0 | |
| Source: | Code function: | 0_2_0070D297 | |
| Source: | Code function: | 0_2_00708B97 | |
| Source: | Code function: | 0_2_008D8C70 | |
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | ReversingLabs: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_009203CE | |
| Source: | Code function: | 0_2_00849525 | |
| Source: | Code function: | 0_2_0079C510 | |
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_0079C510 | |
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_00701000 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | Path Interception | Path Interception | 2 Obfuscated Files or Information | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 89% | ReversingLabs | Win32.Virus.Floxif | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown |
⊘No contacted IP infos
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1546809 |
| Start date and time: | 2024-11-01 16:04:04 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 17s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 6 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | 5vBN4LO7PH.exerenamed because original name is a hash value |
| Original Sample Name: | 353aaedc333d9c8c63b741f0183ca0856355f8da.exe |
| Detection: | MAL |
| Classification: | mal52.winEXE@1/0@0/0 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target 5vBN4LO7PH.exe, PID 4940 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: 5vBN4LO7PH.exe
⊘No simulations
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.8082376325746985 |
| TrID: |
|
| File name: | 5vBN4LO7PH.exe |
| File size: | 5'585'447 bytes |
| MD5: | 36afcebdc35386cfcc65b675b7788c08 |
| SHA1: | 353aaedc333d9c8c63b741f0183ca0856355f8da |
| SHA256: | 49478ec269d224b2ff1dc745e6ff8053d3040f9c7e0338bb1a2049c380f1f5b9 |
| SHA512: | a59239ec370296909b7421d27d42c6f72116d00ffc53aa928e213a8db28e1cc36d12f21860e6e3607846f5829d57aaaa7ef0f403673de34df358fb5d7a0d53cc |
| SSDEEP: | 98304:NcFdYcc8M9AE4MaqCWx/4c5UwNlxw0UVRuGXNRp45RK0wtIFC7Vjwizv:NcLYcp/E4oz94c5tC0UVDuC0wtIFC7JL |
| TLSH: | 9E468C12F6A09170E5A23232B93D673E49363E339B358ADB86442CDC2FB47D1653935B |
| File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.........."......x=..b........"...........@...........................U.....)bT...@...........................G.P.....G.... |
 | |
| Icon Hash: | 2f232d67b7934633 |
| Entrypoint: | 0x620680 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x670C89AA [Mon Oct 14 03:02:02 2024 UTC] |
| TLS Callbacks: | 0x53b250, 0x61f580, 0x5060d0, 0x61ed10, 0x4a3500, 0x52b860 |
| CLR (.Net) Version: | |
| OS Version Major: | 10 |
| OS Version Minor: | 0 |
| File Version Major: | 10 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 10 |
| Subsystem Version Minor: | 0 |
| Import Hash: | d01d67eb7b8fe5e4fc4c9e4ed4a1cb1a |
| Signature Valid: | |
| Signature Issuer: | |
| Signature Validation Error: | |
| Error Number: | |
| Not Before, Not After | |
| Subject Chain | |
| Version: | |
| Thumbprint MD5: | |
| Thumbprint SHA-1: | |
| Thumbprint SHA-256: | |
| Serial: |
| Instruction |
|---|
| jmp 00007F6488A4FEE2h |
| jmp 00007F6488B24CFDh |
| mov ecx, dword ptr [00882040h] |
| push esi |
| push edi |
| mov edi, BB40E64Eh |
| mov esi, FFFF0000h |
| cmp ecx, edi |
| je 00007F6488B24E86h |
| test esi, ecx |
| jne 00007F6488B24EA8h |
| call 00007F6488B24EB1h |
| mov ecx, eax |
| cmp ecx, edi |
| jne 00007F6488B24E89h |
| mov ecx, BB40E64Fh |
| jmp 00007F6488B24E90h |
| test esi, ecx |
| jne 00007F6488B24E8Ch |
| or eax, 00004711h |
| shl eax, 10h |
| or ecx, eax |
| mov dword ptr [00882040h], ecx |
| not ecx |
| pop edi |
| mov dword ptr [00882080h], ecx |
| pop esi |
| ret |
| push ebp |
| mov ebp, esp |
| sub esp, 14h |
| and dword ptr [ebp-0Ch], 00000000h |
| lea eax, dword ptr [ebp-0Ch] |
| and dword ptr [ebp-08h], 00000000h |
| push eax |
| call dword ptr [0087BD70h] |
| mov eax, dword ptr [ebp-08h] |
| xor eax, dword ptr [ebp-0Ch] |
| mov dword ptr [ebp-04h], eax |
| call dword ptr [0087BCC8h] |
| xor dword ptr [ebp-04h], eax |
| call dword ptr [0087BCC0h] |
| xor dword ptr [ebp-04h], eax |
| lea eax, dword ptr [ebp-14h] |
| push eax |
| call dword ptr [0087BE7Ch] |
| mov eax, dword ptr [ebp-10h] |
| lea ecx, dword ptr [ebp-04h] |
| xor eax, dword ptr [ebp-14h] |
| xor eax, dword ptr [ebp-04h] |
| xor eax, ecx |
| leave |
| ret |
| mov eax, 00004000h |
| ret |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| mov al, 01h |
| ret |
| push 00030000h |
| push 00010000h |
| push 00000000h |
| call 00007F6488B34B3Ah |
| add esp, 0Ch |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x47ad9f | 0x50 | .rdata |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x47adf0 | 0x1a4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4a1000 | 0x99320 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x53e000 | 0x2860 | .reloc |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x474e60 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x474bf0 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x3d9218 | 0xc0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x47b838 | 0x8a4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x47ad18 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x3d7603 | 0x3d7800 | 6bf99ccc072eb6b0ab38449041b162f3 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x3d9000 | 0xa83a0 | 0xa8400 | 20e8cb664b2e39c72a4495207f79e050 | False | 0.36478309574665674 | data | 6.207134557049836 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x482000 | 0x1b724 | 0x6000 | 511a4682839cac54b665709579c9e1c2 | False | 0.13423665364583334 | data | 3.4305525777257166 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .tls | 0x49e000 | 0x175 | 0x200 | 07bf5c8b09259f0612960ce0ed90bda0 | False | 0.07421875 | data | 0.33872122993819864 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| CPADinfo | 0x49f000 | 0x28 | 0x200 | 842689af09e7bf563672a4b43f1a2286 | False | 0.04296875 | data | 0.12227588125913882 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| malloc_h | 0x4a0000 | 0xb9 | 0x200 | 637f3b764567070a303fd288b3f0b16c | False | 0.369140625 | data | 3.047583126549454 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x4a1000 | 0x99320 | 0x99400 | b8da5ef50f408e39b9a7dd352ef3a560 | False | 0.29167038387030997 | DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 8589938688.000000 | 5.370731403497337 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x53b000 | 0x1e550 | 0x1e600 | 6d5dc01eee4e7be7e63641885797cc4b | False | 0.6525286136831275 | data | 6.702974326392581 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| TYPELIB | 0x4ac290 | 0x1f30 | data | English | United States | 0.3572144288577154 |
| TYPELIB | 0x4ae1c0 | 0x974 | data | English | United States | 0.34628099173553717 |
| TYPELIB | 0x4aeb38 | 0x5198 | data | English | United States | 0.2967732669475297 |
| TYPELIB | 0x4b3cd0 | 0x1fac | data | English | United States | 0.35360138135175134 |
| TYPELIB | 0x4b5c80 | 0x984 | data | English | United States | 0.3464696223316913 |
| TYPELIB | 0x4b6608 | 0x5858 | data | English | United States | 0.2998761938450654 |
| RT_BITMAP | 0x4a7950 | 0x4678 | Device independent bitmap graphic, 100 x 60 x 24, image size 18000, resolution 3780 x 3780 px/m | English | United States | 0.020343680709534368 |
| RT_ICON | 0x4a51c0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192, 16 important colors | English | United States | 0.6317567567567568 |
| RT_ICON | 0x4a52e8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colors | English | United States | 0.5823699421965318 |
| RT_ICON | 0x4a5850 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640, 16 important colors | English | United States | 0.5120967741935484 |
| RT_ICON | 0x4a5b38 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.5455776173285198 |
| RT_ICON | 0x4a63e0 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1536 | English | United States | 0.36341463414634145 |
| RT_ICON | 0x4a6a48 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2688 | English | United States | 0.42350746268656714 |
| RT_DIALOG | 0x4abfc8 | 0x204 | data | English | United States | 0.46124031007751937 |
| RT_DIALOG | 0x4ac1d0 | 0xc0 | data | English | United States | 0.5572916666666666 |
| RT_STRING | 0x4bc2d8 | 0xd0a | data | English | United States | 0.4682444577591372 |
| RT_STRING | 0x4bcfe8 | 0xdd2 | data | English | United States | 0.38157150932730355 |
| RT_STRING | 0x4bddc0 | 0xc0c | data | English | United States | 0.5239948119325551 |
| RT_STRING | 0x4be9d0 | 0xd3c | Targa image data - Color 1072 x 1093 x 32 +1083 +1075 "\257\0045\0044\004 " | English | United States | 0.4542502951593861 |
| RT_STRING | 0x4bf710 | 0xbac | data | English | United States | 0.499665327978581 |
| RT_STRING | 0x4c02c0 | 0x396 | data | English | United States | 0.6285403050108932 |
| RT_STRING | 0x4c0658 | 0x2dc | data | English | United States | 0.4959016393442623 |
| RT_STRING | 0x4c0938 | 0x282 | data | English | United States | 0.7819314641744548 |
| RT_STRING | 0x4c0bc0 | 0x2be | data | English | United States | 0.603988603988604 |
| RT_STRING | 0x4c0e80 | 0x2ce | data | English | United States | 0.6782729805013927 |
| RT_STRING | 0x4c1150 | 0x1c6 | data | English | United States | 0.7026431718061674 |
| RT_STRING | 0x4c1318 | 0x1d6 | data | English | United States | 0.5808510638297872 |
| RT_STRING | 0x4c14f0 | 0x1f0 | data | English | United States | 0.7701612903225806 |
| RT_STRING | 0x4c16e0 | 0x1d8 | data | English | United States | 0.6334745762711864 |
| RT_STRING | 0x4c18b8 | 0x1ca | data | English | United States | 0.7183406113537117 |
| RT_STRING | 0x4c1a88 | 0x21a | data | English | United States | 0.6672862453531598 |
| RT_STRING | 0x4c1ca8 | 0x28e | data | English | United States | 0.43577981651376146 |
| RT_STRING | 0x4c1f38 | 0x27c | data | English | United States | 0.7468553459119497 |
| RT_STRING | 0x4c21b8 | 0x2ae | data | English | United States | 0.6749271137026239 |
| RT_STRING | 0x4c2468 | 0x280 | data | English | United States | 0.6296875 |
| RT_STRING | 0x4c26e8 | 0x152 | data | English | United States | 0.7958579881656804 |
| RT_STRING | 0x4c2840 | 0xcc | data | English | United States | 0.7401960784313726 |
| RT_STRING | 0x4c2910 | 0xd2 | data | English | United States | 0.8904761904761904 |
| RT_STRING | 0x4c29e8 | 0xea | data | English | United States | 0.8974358974358975 |
| RT_STRING | 0x4c2ad8 | 0xe8 | data | English | United States | 0.7931034482758621 |
| RT_STRING | 0x4c2bc0 | 0x124 | data | English | United States | 0.8561643835616438 |
| RT_STRING | 0x4c2ce8 | 0x20c | Targa image data - RLE 1083 x 1103 x 32 +1077 +1075 "A\0045\004." | English | United States | 0.601145038167939 |
| RT_STRING | 0x4c2ef8 | 0x21c | data | English | United States | 0.6611111111111111 |
| RT_STRING | 0x4c3118 | 0x24c | data | English | United States | 0.7261904761904762 |
| RT_STRING | 0x4c3368 | 0x1d2 | data | English | United States | 0.6609442060085837 |
| RT_STRING | 0x4c3540 | 0x200 | data | English | United States | 0.75 |
| RT_STRING | 0x4c3740 | 0x2ce | data | English | United States | 0.564066852367688 |
| RT_STRING | 0x4c3a10 | 0x298 | data | English | United States | 0.6204819277108434 |
| RT_STRING | 0x4c3ca8 | 0x278 | data | English | United States | 0.7848101265822784 |
| RT_STRING | 0x4c3f20 | 0x2d2 | Targa image data - Color 2379 x 2337 x 32 +2344 +2354 "8\011.\011M\011*\011(\011M\011(\011 " | English | United States | 0.6481994459833795 |
| RT_STRING | 0x4c41f8 | 0x29a | data | English | United States | 0.7087087087087087 |
| RT_STRING | 0x4c4498 | 0x488 | data | English | United States | 0.5198275862068965 |
| RT_STRING | 0x4c4920 | 0x476 | data | English | United States | 0.4956217162872154 |
| RT_STRING | 0x4c4d98 | 0x49c | data | English | United States | 0.6466101694915254 |
| RT_STRING | 0x4c5238 | 0x456 | data | English | United States | 0.5540540540540541 |
| RT_STRING | 0x4c5690 | 0x3f8 | data | English | United States | 0.5974409448818898 |
| RT_STRING | 0x4c5a88 | 0x460 | data | English | United States | 0.575 |
| RT_STRING | 0x4c5ee8 | 0x4b4 | data | English | United States | 0.46677740863787376 |
| RT_STRING | 0x4c63a0 | 0x478 | data | English | United States | 0.6354895104895105 |
| RT_STRING | 0x4c6818 | 0x470 | data | English | United States | 0.5598591549295775 |
| RT_STRING | 0x4c6c88 | 0x41c | data | English | United States | 0.5807984790874525 |
| RT_STRING | 0x4c70a8 | 0x426 | data | English | United States | 0.5790960451977402 |
| RT_STRING | 0x4c74d0 | 0x488 | data | English | United States | 0.45775862068965517 |
| RT_STRING | 0x4c7958 | 0x424 | data | English | United States | 0.6490566037735849 |
| RT_STRING | 0x4c7d80 | 0x42c | data | English | United States | 0.5608614232209738 |
| RT_STRING | 0x4c81b0 | 0x43a | data | English | United States | 0.6090573012939002 |
| RT_STRING | 0x4c85f0 | 0x43c | data | English | United States | 0.6199261992619927 |
| RT_STRING | 0x4c8a30 | 0x59c | data | English | United States | 0.435933147632312 |
| RT_STRING | 0x4c8fd0 | 0x500 | Targa image data - Color 2379 x 2337 x 32 +2344 +2354 "\025\011@\011 " | English | United States | 0.6640625 |
| RT_STRING | 0x4c94d0 | 0x59c | data | English | United States | 0.5682451253481894 |
| RT_STRING | 0x4c9a70 | 0x536 | data | English | United States | 0.5907046476761619 |
| RT_STRING | 0x4c9fa8 | 0x8e6 | data | English | United States | 0.5258999122036875 |
| RT_STRING | 0x4ca890 | 0xc92 | data | English | United States | 0.3334369173399627 |
| RT_STRING | 0x4cb528 | 0xbf4 | data | English | United States | 0.5320261437908497 |
| RT_STRING | 0x4cc120 | 0xc5e | data | English | United States | 0.48673404927353126 |
| RT_STRING | 0x4ccd80 | 0xcd8 | data | English | United States | 0.4382603406326034 |
| RT_STRING | 0x4cda58 | 0x92c | data | English | United States | 0.5404599659284497 |
| RT_STRING | 0x4ce388 | 0x9ce | data | English | United States | 0.3669322709163347 |
| RT_STRING | 0x4ced58 | 0x962 | data | English | United States | 0.5104079933388843 |
| RT_STRING | 0x4cf6c0 | 0x986 | data | English | United States | 0.5332239540607056 |
| RT_STRING | 0x4d0048 | 0x9d8 | data | English | United States | 0.4765873015873016 |
| RT_STRING | 0x4d0a20 | 0x8ec | data | English | United States | 0.563922942206655 |
| RT_STRING | 0x4d1310 | 0xcc6 | data | English | United States | 0.382262996941896 |
| RT_STRING | 0x4d1fd8 | 0xca8 | data | English | United States | 0.4367283950617284 |
| RT_STRING | 0x4d2c80 | 0xcbe | data | English | United States | 0.5076640098099325 |
| RT_STRING | 0x4d3940 | 0xd0c | data | English | United States | 0.4224550898203593 |
| RT_STRING | 0x4d4650 | 0x8a6 | data | English | United States | 0.5519421860885275 |
| RT_STRING | 0x4d4ef8 | 0x256 | data | English | United States | 0.4983277591973244 |
| RT_STRING | 0x4d5150 | 0x260 | data | English | United States | 0.5444078947368421 |
| RT_STRING | 0x4d53b0 | 0x22e | data | English | United States | 0.6505376344086021 |
| RT_STRING | 0x4d55e0 | 0x23a | data | English | United States | 0.5333333333333333 |
| RT_STRING | 0x4d5820 | 0x288 | data | English | United States | 0.6388888888888888 |
| RT_STRING | 0x4d5aa8 | 0x7a6 | data | English | United States | 0.49284984678243104 |
| RT_STRING | 0x4d6250 | 0x820 | data | English | United States | 0.46923076923076923 |
| RT_STRING | 0x4d6a70 | 0x6be | data | English | United States | 0.6292004634994206 |
| RT_STRING | 0x4d7130 | 0x7d8 | data | English | United States | 0.4960159362549801 |
| RT_STRING | 0x4d7908 | 0x636 | data | English | United States | 0.5943396226415094 |
| RT_STRING | 0x4d7f40 | 0xe0 | data | English | United States | 0.10714285714285714 |
| RT_STRING | 0x4d8020 | 0xe0 | data | English | United States | 0.10714285714285714 |
| RT_STRING | 0x4d8100 | 0xe0 | data | English | United States | 0.10714285714285714 |
| RT_STRING | 0x4d81e0 | 0xe0 | data | English | United States | 0.10714285714285714 |
| RT_STRING | 0x4d82c0 | 0xe0 | data | English | United States | 0.10714285714285714 |
| RT_STRING | 0x4d83a0 | 0x2c4 | data | English | United States | 0.634180790960452 |
| RT_STRING | 0x4d8668 | 0x30e | data | English | United States | 0.45524296675191817 |
| RT_STRING | 0x4d8978 | 0x2b2 | data | English | United States | 0.6768115942028986 |
| RT_STRING | 0x4d8c30 | 0x318 | data | English | United States | 0.5732323232323232 |
| RT_STRING | 0x4d8f48 | 0x326 | data | English | United States | 0.6178660049627791 |
| RT_STRING | 0x4d9270 | 0x2da | data | English | United States | 0.6328767123287671 |
| RT_STRING | 0x4d9550 | 0x362 | data | English | United States | 0.3972286374133949 |
| RT_STRING | 0x4d98b8 | 0x2f4 | data | English | United States | 0.6666666666666666 |
| RT_STRING | 0x4d9bb0 | 0x302 | data | English | United States | 0.5324675324675324 |
| RT_STRING | 0x4d9eb8 | 0x35a | data | English | United States | 0.5722610722610723 |
| RT_STRING | 0x4da218 | 0x2ca | data | English | United States | 0.6442577030812325 |
| RT_STRING | 0x4da4e8 | 0x2b0 | data | English | United States | 0.39098837209302323 |
| RT_STRING | 0x4da798 | 0x2ba | data | English | United States | 0.670487106017192 |
| RT_STRING | 0x4daa58 | 0x2f0 | data | English | United States | 0.6316489361702128 |
| RT_STRING | 0x4dad48 | 0x2fa | data | English | United States | 0.573490813648294 |
| RT_STRING | 0x4db048 | 0x2c2 | data | English | United States | 0.6147308781869688 |
| RT_STRING | 0x4db310 | 0x34c | data | English | United States | 0.39691943127962087 |
| RT_STRING | 0x4db660 | 0x3a4 | data | English | United States | 0.5482832618025751 |
| RT_STRING | 0x4dba08 | 0x34c | data | English | United States | 0.566350710900474 |
| RT_STRING | 0x4dbd58 | 0x372 | data | English | United States | 0.4580498866213152 |
| RT_STRING | 0x4dc0d0 | 0x2a4 | data | English | United States | 0.628698224852071 |
| RT_STRING | 0x4dc378 | 0x29a | data | English | United States | 0.506006006006006 |
| RT_STRING | 0x4dc618 | 0x2b4 | data | English | United States | 0.5520231213872833 |
| RT_STRING | 0x4dc8d0 | 0x290 | data | English | United States | 0.6829268292682927 |
| RT_STRING | 0x4dcb60 | 0x274 | data | English | United States | 0.5589171974522293 |
| RT_STRING | 0x4dcdd8 | 0x25e | data | English | United States | 0.6897689768976898 |
| RT_STRING | 0x4dd038 | 0x304 | data | English | United States | 0.5375647668393783 |
| RT_STRING | 0x4dd340 | 0x334 | data | English | United States | 0.5536585365853659 |
| RT_STRING | 0x4dd678 | 0x2e6 | data | English | United States | 0.6819407008086253 |
| RT_STRING | 0x4dd960 | 0x2fa | data | English | United States | 0.5603674540682415 |
| RT_STRING | 0x4ddc60 | 0x274 | data | English | United States | 0.6449044585987261 |
| RT_STRING | 0x4dded8 | 0x33a | data | English | United States | 0.5581113801452785 |
| RT_STRING | 0x4de218 | 0x37c | data | English | United States | 0.5302690582959642 |
| RT_STRING | 0x4de598 | 0x2fe | data | English | United States | 0.6945169712793734 |
| RT_STRING | 0x4de898 | 0x34c | data | English | United States | 0.5592417061611374 |
| RT_STRING | 0x4debe8 | 0x31c | data | English | United States | 0.6344221105527639 |
| RT_STRING | 0x4def08 | 0x464 | data | English | United States | 0.5729537366548043 |
| RT_STRING | 0x4df370 | 0x4d8 | data | English | United States | 0.46048387096774196 |
| RT_STRING | 0x4df848 | 0x3bc | data | English | United States | 0.6527196652719666 |
| RT_STRING | 0x4dfc08 | 0x45e | data | English | United States | 0.5330948121645797 |
| RT_STRING | 0x4e0068 | 0x44a | data | English | United States | 0.5819672131147541 |
| RT_STRING | 0x4e04b8 | 0x10c | data | English | United States | 0.8470149253731343 |
| RT_STRING | 0x4e05c8 | 0xc0 | data | English | United States | 0.7864583333333334 |
| RT_STRING | 0x4e0688 | 0xe6 | StarOffice Gallery theme \372, 154195760 objects, 1st \356\020\333\020\320\020\340\020\324\020\321\020\320\020\010 | English | United States | 0.9304347826086956 |
| RT_STRING | 0x4e0770 | 0xce | data | English | United States | 0.7766990291262136 |
| RT_STRING | 0x4e0840 | 0xe6 | data | English | United States | 0.8608695652173913 |
| RT_STRING | 0x4e0928 | 0x872 | data | English | United States | 0.543940795559667 |
| RT_STRING | 0x4e11a0 | 0xbf6 | data | English | United States | 0.3791639451338994 |
| RT_STRING | 0x4e1d98 | 0xa84 | data | English | United States | 0.5824665676077266 |
| RT_STRING | 0x4e2820 | 0xba8 | data | English | United States | 0.47989276139410186 |
| RT_STRING | 0x4e33c8 | 0xb46 | data | English | United States | 0.5246015246015246 |
| RT_STRING | 0x4e3f10 | 0x406 | data | English | United States | 0.629126213592233 |
| RT_STRING | 0x4e4318 | 0x216 | data | English | United States | 0.50187265917603 |
| RT_STRING | 0x4e4530 | 0x204 | data | English | United States | 0.7596899224806202 |
| RT_STRING | 0x4e4738 | 0x212 | data | English | United States | 0.6754716981132075 |
| RT_STRING | 0x4e4950 | 0x22c | data | English | United States | 0.6151079136690647 |
| RT_STRING | 0x4e4b80 | 0x230 | data | English | United States | 0.6839285714285714 |
| RT_STRING | 0x4e4db0 | 0x2fe | data | English | United States | 0.46344647519582244 |
| RT_STRING | 0x4e50b0 | 0x312 | data | English | United States | 0.6743002544529262 |
| RT_STRING | 0x4e53c8 | 0x2e8 | data | English | United States | 0.706989247311828 |
| RT_STRING | 0x4e56b0 | 0x2f0 | data | English | United States | 0.5651595744680851 |
| RT_STRING | 0x4e59a0 | 0x1ee | data | English | United States | 0.7489878542510121 |
| RT_STRING | 0x4e5b90 | 0x2c0 | data | English | United States | 0.48579545454545453 |
| RT_STRING | 0x4e5e50 | 0x25e | data | English | United States | 0.5429042904290429 |
| RT_STRING | 0x4e60b0 | 0x20c | data | English | United States | 0.6717557251908397 |
| RT_STRING | 0x4e62c0 | 0x272 | data | English | United States | 0.5015974440894568 |
| RT_STRING | 0x4e6538 | 0x2e4 | data | English | United States | 0.6851351351351351 |
| RT_STRING | 0x4e6820 | 0x846 | data | English | United States | 0.40557129367327666 |
| RT_STRING | 0x4e7068 | 0x7b8 | data | English | United States | 0.4473684210526316 |
| RT_STRING | 0x4e7820 | 0x716 | data | English | United States | 0.5931642778390298 |
| RT_STRING | 0x4e7f38 | 0x7c4 | data | English | United States | 0.44969818913480886 |
| RT_STRING | 0x4e8700 | 0x65c | data | English | United States | 0.5706388206388207 |
| RT_STRING | 0x4e8d60 | 0xa9e | data | English | United States | 0.40066225165562913 |
| RT_STRING | 0x4e9800 | 0xa76 | data | English | United States | 0.39357729648991785 |
| RT_STRING | 0x4ea278 | 0x93c | data | English | United States | 0.5376480541455161 |
| RT_STRING | 0x4eabb8 | 0xa4a | data | English | United States | 0.43242217160212604 |
| RT_STRING | 0x4eb608 | 0x8b8 | data | English | United States | 0.5013440860215054 |
| RT_STRING | 0x4ebec0 | 0x238 | data | English | United States | 0.6355633802816901 |
| RT_STRING | 0x4ec0f8 | 0x1f2 | data | English | United States | 0.5120481927710844 |
| RT_STRING | 0x4ec2f0 | 0x1de | data | English | United States | 0.7510460251046025 |
| RT_STRING | 0x4ec4d0 | 0x200 | Targa image data - Color 1072 x 1078 x 32 +1083 +1075 "1\0040\0049\004=\0040\004." | English | United States | 0.615234375 |
| RT_STRING | 0x4ec6d0 | 0x1d8 | data | English | United States | 0.6758474576271186 |
| RT_STRING | 0x4ec8a8 | 0x2fe | data | English | United States | 0.6292428198433421 |
| RT_STRING | 0x4ecba8 | 0x376 | data | English | United States | 0.5079006772009029 |
| RT_STRING | 0x4ecf20 | 0x328 | data | English | United States | 0.681930693069307 |
| RT_STRING | 0x4ed248 | 0x34a | data | English | United States | 0.5653206650831354 |
| RT_STRING | 0x4ed598 | 0x31e | data | English | United States | 0.6290726817042607 |
| RT_STRING | 0x4ed8b8 | 0x5e4 | data | English | United States | 0.5663129973474801 |
| RT_STRING | 0x4edea0 | 0x836 | data | English | United States | 0.42055185537583256 |
| RT_STRING | 0x4ee6d8 | 0x68e | data | English | United States | 0.6495828367103695 |
| RT_STRING | 0x4eed68 | 0x7c2 | data | English | United States | 0.5171198388721048 |
| RT_STRING | 0x4ef530 | 0x72c | data | English | United States | 0.5620915032679739 |
| RT_STRING | 0x4efc60 | 0x4c8 | data | English | United States | 0.6111111111111112 |
| RT_STRING | 0x4f0128 | 0x57a | data | English | United States | 0.43009985734664763 |
| RT_STRING | 0x4f06a8 | 0x4d6 | data | English | United States | 0.6639741518578353 |
| RT_STRING | 0x4f0b80 | 0x55a | data | English | United States | 0.6197080291970803 |
| RT_STRING | 0x4f10e0 | 0x52c | data | English | United States | 0.554380664652568 |
| RT_STRING | 0x4f1610 | 0x5d8 | data | English | United States | 0.608957219251337 |
| RT_STRING | 0x4f1be8 | 0x95a | data | English | United States | 0.38345864661654133 |
| RT_STRING | 0x4f2548 | 0x876 | data | English | United States | 0.5198522622345337 |
| RT_STRING | 0x4f2dc0 | 0x800 | data | English | United States | 0.5810546875 |
| RT_STRING | 0x4f35c0 | 0x8ba | data | English | United States | 0.486123545210385 |
| RT_STRING | 0x4f3e80 | 0x592 | data | English | United States | 0.6227208976157083 |
| RT_STRING | 0x4f4418 | 0x494 | data | English | United States | 0.39505119453924914 |
| RT_STRING | 0x4f48b0 | 0x414 | data | English | United States | 0.4272030651340996 |
| RT_STRING | 0x4f4cc8 | 0x44e | data | English | United States | 0.5444646098003629 |
| RT_STRING | 0x4f5118 | 0x44a | data | English | United States | 0.43169398907103823 |
| RT_STRING | 0x4f5568 | 0x4c0 | data | English | United States | 0.537828947368421 |
| RT_STRING | 0x4f5a28 | 0xa62 | data | English | United States | 0.41346877351392025 |
| RT_STRING | 0x4f6490 | 0xa88 | data | English | United States | 0.4328635014836795 |
| RT_STRING | 0x4f6f18 | 0x946 | data | English | United States | 0.5686604886267902 |
| RT_STRING | 0x4f7860 | 0xa5e | data | English | United States | 0.45139412207987945 |
| RT_STRING | 0x4f82c0 | 0x70c | data | English | United States | 0.5609756097560976 |
| RT_STRING | 0x4f89d0 | 0x14a | data | English | United States | 0.6606060606060606 |
| RT_STRING | 0x4f8b20 | 0x136 | data | English | United States | 0.635483870967742 |
| RT_STRING | 0x4f8c58 | 0x112 | data | English | United States | 0.9051094890510949 |
| RT_STRING | 0x4f8d70 | 0x17a | data | English | United States | 0.6084656084656085 |
| RT_STRING | 0x4f8ef0 | 0x104 | data | English | United States | 0.8961538461538462 |
| RT_STRING | 0x4f8ff8 | 0xb3a | data | English | United States | 0.4826026443980515 |
| RT_STRING | 0x4f9b38 | 0xc7a | data | English | United States | 0.40388227927363807 |
| RT_STRING | 0x4fa7b8 | 0xa4c | data | English | United States | 0.571320182094082 |
| RT_STRING | 0x4fb208 | 0xb48 | data | English | United States | 0.4878808864265928 |
| RT_STRING | 0x4fbd50 | 0xa54 | data | English | United States | 0.5268532526475038 |
| RT_STRING | 0x4fc7a8 | 0xcf0 | data | English | United States | 0.5135869565217391 |
| RT_STRING | 0x4fd498 | 0xe28 | data | English | United States | 0.38051876379690946 |
| RT_STRING | 0x4fe2c0 | 0xd0c | data | English | United States | 0.5586826347305389 |
| RT_STRING | 0x4fefd0 | 0xedc | data | English | United States | 0.47003154574132494 |
| RT_STRING | 0x4ffeb0 | 0xe64 | data | English | United States | 0.503257328990228 |
| RT_STRING | 0x500d18 | 0x452 | data | English | United States | 0.6301989150090416 |
| RT_STRING | 0x501170 | 0x3f0 | data | English | United States | 0.4742063492063492 |
| RT_STRING | 0x501560 | 0x32a | data | English | United States | 0.7358024691358025 |
| RT_STRING | 0x501890 | 0x34e | data | English | United States | 0.5921985815602837 |
| RT_STRING | 0x501be0 | 0x39e | data | English | United States | 0.6479481641468683 |
| RT_STRING | 0x501f80 | 0x6ce | data | English | United States | 0.5597014925373134 |
| RT_STRING | 0x502650 | 0xa78 | data | English | United States | 0.37089552238805973 |
| RT_STRING | 0x5030c8 | 0x932 | data | English | United States | 0.5739167374681393 |
| RT_STRING | 0x503a00 | 0x9a8 | data | English | United States | 0.5234627831715211 |
| RT_STRING | 0x5043a8 | 0x9a4 | data | English | United States | 0.4813614262560778 |
| RT_STRING | 0x504d50 | 0x4bc | data | English | United States | 0.6452145214521452 |
| RT_STRING | 0x505210 | 0x2aa | data | English | United States | 0.5381231671554252 |
| RT_STRING | 0x5054c0 | 0x27c | data | English | United States | 0.6839622641509434 |
| RT_STRING | 0x505740 | 0x2a4 | data | English | United States | 0.7144970414201184 |
| RT_STRING | 0x5059e8 | 0x2a0 | data | English | United States | 0.6502976190476191 |
| RT_STRING | 0x505c88 | 0x246 | AmigaOS bitmap font "5\016*\016\025\0162\016#\016L\016\027\016 \0162\016"\016+\016%\0161\016\007\016\031", fc_YSize 26880, 8974 elements, 2nd "s", 3rd "e" | English | United States | 0.738831615120275 |
| RT_STRING | 0x505ed0 | 0x214 | data | English | United States | 0.5921052631578947 |
| RT_STRING | 0x5060e8 | 0x23e | data | English | United States | 0.6515679442508711 |
| RT_STRING | 0x506328 | 0x27e | data | English | United States | 0.7523510971786834 |
| RT_STRING | 0x5065a8 | 0x21c | data | English | United States | 0.6388888888888888 |
| RT_STRING | 0x5067c8 | 0x386 | data | English | United States | 0.6862527716186253 |
| RT_STRING | 0x506b50 | 0x8a0 | data | English | United States | 0.458786231884058 |
| RT_STRING | 0x5073f0 | 0x872 | data | English | United States | 0.49167437557816834 |
| RT_STRING | 0x507c68 | 0x7a4 | data | English | United States | 0.6492842535787321 |
| RT_STRING | 0x508410 | 0x83c | data | English | United States | 0.50853889943074 |
| RT_STRING | 0x508c50 | 0x644 | data | English | United States | 0.6315461346633416 |
| RT_STRING | 0x509298 | 0x2c2 | AmigaOS bitmap font "3\006*\006&\006F\006'\006A\006 ", fc_YSize 4294936073, 9990 elements, 2nd "\276\011\260\011 ", 3rd "r" | English | United States | 0.5821529745042493 |
| RT_STRING | 0x509560 | 0x2f6 | data | English | United States | 0.5672823218997362 |
| RT_STRING | 0x509858 | 0x27a | data | English | United States | 0.8028391167192429 |
| RT_STRING | 0x509ad8 | 0x2de | data | English | United States | 0.6335149863760218 |
| RT_STRING | 0x509db8 | 0x276 | data | English | United States | 0.7126984126984127 |
| RT_STRING | 0x50a030 | 0x392 | data | English | United States | 0.5831509846827133 |
| RT_STRING | 0x50a3c8 | 0x3a8 | data | English | United States | 0.5160256410256411 |
| RT_STRING | 0x50a770 | 0x31c | data | English | United States | 0.7273869346733668 |
| RT_STRING | 0x50aa90 | 0x386 | Targa image data - Color 1072 x 1093 x 32 +1083 +1075 "\257\0049\004;\0044\004;\0048\0049\0043\004 " | English | United States | 0.5986696230598669 |
| RT_STRING | 0x50ae18 | 0x334 | data | English | United States | 0.6487804878048781 |
| RT_STRING | 0x50b150 | 0xa24 | data | English | United States | 0.5161787365177196 |
| RT_STRING | 0x50bb78 | 0xbd6 | data | English | United States | 0.4062706270627063 |
| RT_STRING | 0x50c750 | 0xaf6 | data | English | United States | 0.5823235923022095 |
| RT_STRING | 0x50d248 | 0xc5a | data | English | United States | 0.48007590132827327 |
| RT_STRING | 0x50dea8 | 0xc86 | data | English | United States | 0.5028072364316906 |
| RT_STRING | 0x50eb30 | 0x952 | data | English | United States | 0.5431684828164292 |
| RT_STRING | 0x50f488 | 0xabe | data | English | United States | 0.3916363636363636 |
| RT_STRING | 0x50ff48 | 0xa8a | data | English | United States | 0.5830244625648628 |
| RT_STRING | 0x5109d8 | 0xb78 | data | English | United States | 0.4887602179836512 |
| RT_STRING | 0x511550 | 0xb80 | data | English | United States | 0.5040760869565217 |
| RT_STRING | 0x5120d0 | 0x96a | data | English | United States | 0.5439834024896265 |
| RT_STRING | 0x512a40 | 0xaa2 | data | English | United States | 0.39162380602498165 |
| RT_STRING | 0x5134e8 | 0xa86 | data | English | United States | 0.5783221974758723 |
| RT_STRING | 0x513f70 | 0xb70 | data | English | United States | 0.5215163934426229 |
| RT_STRING | 0x514ae0 | 0xb38 | data | English | United States | 0.4794568245125348 |
| RT_STRING | 0x515618 | 0x9c2 | data | English | United States | 0.5612489991993594 |
| RT_STRING | 0x515fe0 | 0xc0e | data | English | United States | 0.41088788075178223 |
| RT_STRING | 0x516bf0 | 0xb3e | data | English | United States | 0.5111188325225852 |
| RT_STRING | 0x517730 | 0xbac | data | English | United States | 0.5471887550200804 |
| RT_STRING | 0x5182e0 | 0xb70 | data | English | United States | 0.48189890710382516 |
| RT_STRING | 0x518e50 | 0x84e | data | English | United States | 0.5973659454374413 |
| RT_STRING | 0x5196a0 | 0x7c0 | data | English | United States | 0.4329637096774194 |
| RT_STRING | 0x519e60 | 0x7b4 | data | English | United States | 0.49898580121703856 |
| RT_STRING | 0x51a618 | 0x70c | data | English | United States | 0.5909090909090909 |
| RT_STRING | 0x51ad28 | 0x7b0 | data | English | United States | 0.4949186991869919 |
| RT_STRING | 0x51b4d8 | 0x606 | data | English | United States | 0.6465629053177692 |
| RT_STRING | 0x51bae0 | 0x8a4 | data | English | United States | 0.4462025316455696 |
| RT_STRING | 0x51c388 | 0x8d8 | data | English | United States | 0.4620141342756184 |
| RT_STRING | 0x51cc60 | 0x786 | data | English | United States | 0.6246105919003115 |
| RT_STRING | 0x51d3e8 | 0x872 | Targa image data - Color 2379 x 2337 x 32 +2344 +2354 "\027\0110\011?\011\017\011\025\011K\011 " | English | United States | 0.48103607770582796 |
| RT_STRING | 0x51dc60 | 0x6f0 | data | English | United States | 0.5996621621621622 |
| RT_STRING | 0x51e350 | 0x896 | data | English | United States | 0.47952684258416745 |
| RT_STRING | 0x51ebe8 | 0x872 | data | English | United States | 0.4398704902867715 |
| RT_STRING | 0x51f460 | 0x77a | data | English | United States | 0.6212121212121212 |
| RT_STRING | 0x51fbe0 | 0x824 | data | English | United States | 0.4923224568138196 |
| RT_STRING | 0x520408 | 0x6fc | data | English | United States | 0.5956375838926175 |
| RT_STRING | 0x520b08 | 0xdc | data | English | United States | 0.8772727272727273 |
| RT_STRING | 0x520be8 | 0xd8 | data | English | United States | 0.7407407407407407 |
| RT_STRING | 0x520cc0 | 0xcc | data | English | United States | 0.9215686274509803 |
| RT_STRING | 0x520d90 | 0xf0 | data | English | United States | 0.7958333333333333 |
| RT_STRING | 0x520e80 | 0xca | data | English | United States | 0.8712871287128713 |
| RT_STRING | 0x520f50 | 0x7da | data | English | United States | 0.5084577114427861 |
| RT_STRING | 0x521730 | 0x97e | data | English | United States | 0.4020576131687243 |
| RT_STRING | 0x5220b0 | 0x7ec | data | English | United States | 0.5729783037475346 |
| RT_STRING | 0x5228a0 | 0x8ee | data | English | United States | 0.47112860892388453 |
| RT_STRING | 0x523190 | 0x8ba | data | English | United States | 0.517905102954342 |
| RT_STRING | 0x523a50 | 0x1f20 | data | English | United States | 0.38679718875502006 |
| RT_STRING | 0x525970 | 0x2b14 | data | English | United States | 0.2920747188973522 |
| RT_STRING | 0x528488 | 0x2756 | CLIPPER COFF executable (VAX #) not stripped - version 71 | English | United States | 0.40625620655412115 |
| RT_STRING | 0x52abe0 | 0x2aee | data | English | United States | 0.34795268425841674 |
| RT_STRING | 0x52d6d0 | 0x27b2 | data | English | United States | 0.37699271796890377 |
| RT_STRING | 0x52fe88 | 0xc1c | data | English | United States | 0.4483870967741935 |
| RT_STRING | 0x530aa8 | 0x364 | data | English | United States | 0.3467741935483871 |
| RT_STRING | 0x530e10 | 0x32a | data | English | United States | 0.5530864197530864 |
| RT_STRING | 0x531140 | 0x33e | data | English | United States | 0.4867469879518072 |
| RT_STRING | 0x531480 | 0x330 | data | English | United States | 0.4215686274509804 |
| RT_STRING | 0x5317b0 | 0x340 | data | English | United States | 0.6153846153846154 |
| RT_STRING | 0x531af0 | 0x3ae | data | English | United States | 0.4447983014861996 |
| RT_STRING | 0x531ea0 | 0x366 | data | English | United States | 0.6091954022988506 |
| RT_STRING | 0x532208 | 0x3b0 | data | English | United States | 0.6038135593220338 |
| RT_STRING | 0x5325b8 | 0x390 | data | English | United States | 0.5537280701754386 |
| RT_STRING | 0x532948 | 0x2f4 | data | English | United States | 0.6917989417989417 |
| RT_STRING | 0x532c40 | 0x332 | Targa image data - RLE 1074 x 1072 x 32 +1072 +1082 "A\0045\004 " | English | United States | 0.5158924205378973 |
| RT_STRING | 0x532f78 | 0x36c | data | English | United States | 0.5901826484018264 |
| RT_STRING | 0x5332e8 | 0x376 | data | English | United States | 0.6557562076749436 |
| RT_STRING | 0x533660 | 0x33e | data | English | United States | 0.5783132530120482 |
| RT_STRING | 0x5339a0 | 0x4b4 | data | English | United States | 0.6395348837209303 |
| RT_STRING | 0x533e58 | 0xba2 | data | English | United States | 0.40597716588314303 |
| RT_STRING | 0x534a00 | 0xc80 | data | English | United States | 0.4353125 |
| RT_STRING | 0x535680 | 0xb54 | data | English | United States | 0.5582758620689655 |
| RT_STRING | 0x5361d8 | 0xb5c | data | English | United States | 0.4470426409903714 |
| RT_STRING | 0x536d38 | 0x9b8 | data | English | United States | 0.5542604501607717 |
| RT_STRING | 0x5376f0 | 0x86e | data | English | United States | 0.4712696941612604 |
| RT_STRING | 0x537f60 | 0x8ec | data | English | United States | 0.44089316987740806 |
| RT_STRING | 0x538850 | 0x7d2 | data | English | United States | 0.5934065934065934 |
| RT_STRING | 0x539028 | 0x7d4 | data | English | United States | 0.49650698602794413 |
| RT_STRING | 0x539800 | 0x748 | data | English | United States | 0.5574034334763949 |
| RT_GROUP_ICON | 0x4a78f0 | 0x5a | data | English | United States | 0.7333333333333333 |
| RT_VERSION | 0x4bbe60 | 0x474 | data | English | United States | 0.44035087719298244 |
| RT_MANIFEST | 0x539f48 | 0x3d2 | XML 1.0 document, ASCII text, with very long lines (864) | English | United States | 0.5398773006134969 |
| DLL | Import |
|---|---|
| ADVAPI32.dll | AddAce, AllocateAndInitializeSid, BuildExplicitAccessWithNameW, BuildSecurityDescriptorW, BuildTrusteeWithSidW, ChangeServiceConfig2W, ChangeServiceConfigW, CheckTokenMembership, CloseServiceHandle, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertStringSidToSidW, CopySid, CreateProcessAsUserW, CreateServiceW, DeleteService, DuplicateTokenEx, EqualSid, FreeSid, GetAce, GetAclInformation, GetLengthSid, GetNamedSecurityInfoW, GetSecurityDescriptorControl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorLength, GetSecurityDescriptorOwner, GetSecurityDescriptorSacl, GetSecurityInfo, GetSidIdentifierAuthority, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetTokenInformation, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, ImpersonateLoggedOnUser, ImpersonateNamedPipeClient, InitializeAcl, InitializeSecurityDescriptor, InitializeSid, IsValidAcl, IsValidSecurityDescriptor, IsValidSid, LookupAccountSidW, MakeAbsoluteSD, MakeSelfRelativeSD, OpenProcessToken, OpenSCManagerW, OpenServiceW, OpenThreadToken, QueryServiceConfigW, RegCloseKey, RegCreateKeyExW, RegDeleteKeyExW, RegDeleteValueW, RegEnumKeyExW, RegEnumValueW, RegOpenKeyExW, RegQueryInfoKeyW, RegQueryValueExA, RegQueryValueExW, RegSetValueExW, RegisterServiceCtrlHandlerW, RegisterTraceGuidsW, RevertToSelf, SetEntriesInAclW, SetNamedSecurityInfoW, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityInfo, SetServiceStatus, StartServiceCtrlDispatcherW, TraceEvent, UnregisterTraceGuids |
| dbghelp.dll | SymCleanup, SymFromAddr, SymGetLineFromAddr64, SymGetSearchPathW, SymInitialize, SymSetOptions, SymSetSearchPathW |
| GDI32.dll | BitBlt, CombineRgn, CreateCompatibleBitmap, CreateCompatibleDC, CreateFontIndirectW, CreateRectRgn, CreateRectRgnIndirect, CreateSolidBrush, DPtoLP, DeleteDC, DeleteObject, ExtTextOutW, FillRgn, GetDeviceCaps, GetObjectW, GetRegionData, GetStockObject, GetTextMetricsW, OffsetRgn, SelectObject, SetBkColor, SetTextColor, SetViewportOrgEx |
| MSIMG32.dll | GradientFill |
| OLEAUT32.dll | LoadRegTypeLib, LoadTypeLib, OleCreateFontIndirect, OleLoadPicturePath, SafeArrayAccessData, SafeArrayCreateVector, SafeArrayDestroy, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayGetVartype, SafeArrayUnaccessData, SysAllocString, SysAllocStringByteLen, SysAllocStringLen, SysFreeString, SysStringLen, SystemTimeToVariantTime, VariantClear, VariantInit |
| SHELL32.dll | CommandLineToArgvW, SHGetFolderPathW, SHGetKnownFolderPath, ShellExecuteExW |
| USER32.dll | AllowSetForegroundWindow, BeginPaint, CallWindowProcW, CharNextW, CharUpperW, ClientToScreen, CopyImage, CopyRect, CreateAcceleratorTableW, CreateDialogIndirectParamW, CreateWindowExW, DefWindowProcW, DestroyAcceleratorTable, DestroyIcon, DestroyWindow, DispatchMessageW, EnableMenuItem, EnableWindow, EndDialog, EndPaint, EnumChildWindows, FillRect, FrameRect, GetActiveWindow, GetClassInfoExW, GetClassNameW, GetClientRect, GetCursorPos, GetDC, GetDesktopWindow, GetDlgItem, GetFocus, GetMenuState, GetMessageW, GetMonitorInfoW, GetParent, GetQueueStatus, GetSysColor, GetSysColorBrush, GetSystemMenu, GetSystemMetrics, GetTopWindow, GetWindow, GetWindowLongW, GetWindowRect, GetWindowTextLengthW, GetWindowTextW, InflateRect, InvalidateRect, InvalidateRgn, IsChild, IsDialogMessageW, IsMenu, IsRectEmpty, IsWindow, IsWindowVisible, KillTimer, LoadCursorW, LoadImageW, MapDialogRect, MapWindowPoints, MonitorFromWindow, MoveWindow, MsgWaitForMultipleObjectsEx, OffsetRect, PeekMessageW, PostMessageW, PostQuitMessage, PostThreadMessageW, RedrawWindow, RegisterClassExW, RegisterClassW, RegisterWindowMessageW, ReleaseCapture, ReleaseDC, ScreenToClient, SendDlgItemMessageW, SendMessageW, SetActiveWindow, SetCapture, SetDlgItemTextW, SetFocus, SetForegroundWindow, SetTimer, SetWindowContextHelpId, SetWindowLongW, SetWindowPos, SetWindowTextW, ShowWindow, SystemParametersInfoW, TranslateMessage, UnregisterClassW, UpdateWindow |
| KERNEL32.dll | AcquireSRWLockExclusive, AcquireSRWLockShared, AddVectoredExceptionHandler, AssignProcessToJobObject, CancelIo, CloseHandle, CompareStringW, ConnectNamedPipe, CopyFileW, CreateDirectoryW, CreateEventW, CreateFileA, CreateFileMappingW, CreateFileW, CreateIoCompletionPort, CreateMutexW, CreateNamedPipeW, CreatePipe, CreateProcessW, CreateSemaphoreW, CreateThread, CreateToolhelp32Snapshot, DecodePointer, DeleteCriticalSection, DeleteFileW, DeleteProcThreadAttributeList, DisconnectNamedPipe, DuplicateHandle, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, ExpandEnvironmentStringsW, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileExW, FindNextFileW, FindResourceExW, FindResourceW, FlushFileBuffers, FlushInstructionCache, FlushViewOfFile, FormatMessageA, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetComputerNameW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatW, GetDiskFreeSpaceExW, GetDriveTypeW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFileSizeEx, GetFileTime, GetFileType, GetFullPathNameW, GetLastError, GetLocalTime, GetLocaleInfoW, GetLogicalProcessorInformation, GetLogicalProcessorInformationEx, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNamedPipeClientProcessId, GetNamedPipeServerProcessId, GetNativeSystemInfo, GetOEMCP, GetProcAddress, GetProcessHeap, GetProcessId, GetProcessMitigationPolicy, GetProcessTimes, GetProductInfo, GetQueuedCompletionStatus, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDefaultLCID, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetSystemTimePreciseAsFileTime, GetTempPathW, GetThreadContext, GetThreadId, GetThreadLocale, GetThreadPreferredUILanguages, GetThreadPriority, GetTickCount, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserPreferredUILanguages, GetVersionExW, GetWindowsDirectoryW, GlobalAlloc, GlobalFree, GlobalHandle, GlobalLock, GlobalMemoryStatusEx, GlobalUnlock, HeapAlloc, HeapDestroy, HeapFree, HeapReAlloc, HeapSetInformation, HeapSize, InitOnceExecuteOnce, InitializeConditionVariable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeProcThreadAttributeList, InitializeSListHead, InitializeSRWLock, InterlockedPopEntrySList, InterlockedPushEntrySList, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32GetModuleInformation, K32QueryWorkingSetEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadResource, LocalFree, LockFileEx, LockResource, MapViewOfFile, MoveFileExW, MoveFileW, MulDiv, MultiByteToWideChar, OpenProcess, OutputDebugStringA, OutputDebugStringW, PeekNamedPipe, PostQueuedCompletionStatus, Process32FirstW, Process32NextW, ProcessIdToSessionId, QueryFullProcessImageNameW, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, RaiseException, ReadConsoleW, ReadFile, ReadProcessMemory, RegisterWaitForSingleObject, ReleaseMutex, ReleaseSRWLockExclusive, ReleaseSRWLockShared, ReleaseSemaphore, RemoveDirectoryW, RemoveVectoredExceptionHandler, ReplaceFileW, ResetEvent, ResumeThread, RtlCaptureStackBackTrace, RtlUnwind, SetConsoleCtrlHandler, SetCurrentDirectoryW, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFileInformationByHandle, SetFilePointer, SetFilePointerEx, SetFileTime, SetHandleInformation, SetLastError, SetNamedPipeHandleState, SetProcessShutdownParameters, SetStdHandle, SetThreadInformation, SetThreadPriority, SetUnhandledExceptionFilter, SizeofResource, Sleep, SleepConditionVariableSRW, SleepEx, SuspendThread, SwitchToThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TransactNamedPipe, TryAcquireSRWLockExclusive, TzSpecificLocalTimeToSystemTime, UnhandledExceptionFilter, UnlockFileEx, UnmapViewOfFile, UnregisterWaitEx, UpdateProcThreadAttribute, VerSetConditionMask, VerifyVersionInfoW, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, VirtualQueryEx, WTSGetActiveConsoleSessionId, WaitForMultipleObjects, WaitForSingleObject, WaitNamedPipeW, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile, lstrcmpW |
| ole32.dll | CLSIDFromProgID, CLSIDFromString, CoAddRefServerProcess, CoCreateGuid, CoCreateInstance, CoGetCallContext, CoGetClassObject, CoInitializeEx, CoInitializeSecurity, CoRegisterClassObject, CoRegisterInitializeSpy, CoReleaseServerProcess, CoResumeClassObjects, CoRevokeClassObject, CoRevokeInitializeSpy, CoSetProxyBlanket, CoTaskMemAlloc, CoTaskMemFree, CoUninitialize, CreateStreamOnHGlobal, IIDFromString, OleInitialize, OleLockRunning, OleUninitialize, StringFromGUID2 |
| Secur32.dll | GetUserNameExW |
| WTSAPI32.dll | WTSEnumerateSessionsW, WTSFreeMemory, WTSQuerySessionInformationW |
| USERENV.dll | CreateEnvironmentBlock, DestroyEnvironmentBlock, EnterCriticalPolicySection, LeaveCriticalPolicySection, UnloadUserProfile |
| COMCTL32.dll | InitCommonControlsEx, _TrackMouseEvent |
| WINHTTP.dll | WinHttpAddRequestHeaders, WinHttpCloseHandle, WinHttpConnect, WinHttpCrackUrl, WinHttpGetProxyForUrl, WinHttpOpen, WinHttpOpenRequest, WinHttpQueryHeaders, WinHttpReadData, WinHttpReceiveResponse, WinHttpSendRequest, WinHttpSetOption, WinHttpSetStatusCallback, WinHttpSetTimeouts, WinHttpWriteData |
| UxTheme.dll | SetWindowTheme |
| SHLWAPI.dll | PathMatchSpecW |
| ntdll.dll | NtDeleteKey, RtlGetLastNtStatus |
| WINMM.dll | timeBeginPeriod, timeEndPeriod, timeGetTime |
| VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
| api-ms-win-core-winrt-l1-1-0.dll | RoInitialize, RoUninitialize |
| Name | Ordinal | Address |
|---|---|---|
| GetHandleVerifier | 1 | 0x4f28a0 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Nov 1, 2024 16:05:25.501008987 CET | 53 | 63929 | 1.1.1.1 | 192.168.2.8 |
| Target ID: | 0 |
| Start time: | 11:05:04 |
| Start date: | 01/11/2024 |
| Path: | C:\Users\user\Desktop\5vBN4LO7PH.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x700000 |
| File size: | 5'585'447 bytes |
| MD5 hash: | 36AFCEBDC35386CFCC65B675B7788C08 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | false |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00751560 Relevance: 7.9, Strings: 5, Instructions: 1682COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007EC540 Relevance: 7.7, Strings: 5, Instructions: 1442COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008147EC Relevance: 6.4, APIs: 4, Instructions: 387COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00898A20 Relevance: 3.8, APIs: 2, Instructions: 803COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008D0690 Relevance: 3.6, Strings: 2, Instructions: 1120COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008C0E10 Relevance: 3.5, APIs: 2, Instructions: 486COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0081CEC0 Relevance: 3.4, APIs: 2, Instructions: 419COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00978170 Relevance: 3.4, APIs: 2, Instructions: 359COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008ECCF0 Relevance: 3.3, APIs: 2, Instructions: 315COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 009BCF70 Relevance: 3.2, Strings: 2, Instructions: 674COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007550D0 Relevance: 3.1, Strings: 2, Instructions: 639COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008AD5E0 Relevance: 3.1, Strings: 2, Instructions: 636COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007ACE30 Relevance: 3.0, Strings: 2, Instructions: 492COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0075C220 Relevance: 2.6, APIs: 1, Instructions: 1082COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A580B0 Relevance: 2.5, APIs: 1, Instructions: 977COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00840AF0 Relevance: 2.1, Strings: 1, Instructions: 879COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007E11A0 Relevance: 1.9, APIs: 1, Instructions: 418COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008A4B10 Relevance: 1.9, APIs: 1, Instructions: 379COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008914D0 Relevance: 1.8, APIs: 1, Instructions: 286COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00814730 Relevance: 1.8, APIs: 1, Instructions: 254COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007E4FD0 Relevance: 1.7, Strings: 1, Instructions: 438COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008A4640 Relevance: 1.6, Strings: 1, Instructions: 385COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 009A8830 Relevance: 1.6, Instructions: 1583COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00974080 Relevance: 1.5, Strings: 1, Instructions: 249COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00984E50 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCD74 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0087C920 Relevance: .9, Instructions: 856COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008801F0 Relevance: .8, Instructions: 769COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0074D030 Relevance: .7, Instructions: 717COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007F4D40 Relevance: .7, Instructions: 707COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008A0BA0 Relevance: .6, Instructions: 636COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007544D0 Relevance: .6, Instructions: 628COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008C4EA0 Relevance: .6, Instructions: 591COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00840060 Relevance: .6, Instructions: 590COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007FD5C0 Relevance: .6, Instructions: 567COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 009B9110 Relevance: .6, Instructions: 555COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073CF20 Relevance: .5, Instructions: 524COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00758590 Relevance: .5, Instructions: 493COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007707E0 Relevance: .5, Instructions: 492COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008ACA50 Relevance: .5, Instructions: 475COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008CC230 Relevance: .5, Instructions: 462COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00704A80 Relevance: .4, Instructions: 443COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008B5130 Relevance: .4, Instructions: 437COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00720D10 Relevance: .4, Instructions: 415COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 009B8B90 Relevance: .4, Instructions: 399COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0089C470 Relevance: .4, Instructions: 397COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007A0F30 Relevance: .4, Instructions: 388COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 009188C0 Relevance: .4, Instructions: 385COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008B0150 Relevance: .4, Instructions: 380COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00729370 Relevance: .3, Instructions: 344COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0070CD97 Relevance: .3, Instructions: 341COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00705010 Relevance: .3, Instructions: 336COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0089C050 Relevance: .3, Instructions: 334COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007591F0 Relevance: .3, Instructions: 318COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0085D320 Relevance: .3, Instructions: 288COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00888CB0 Relevance: .3, Instructions: 282COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DD230 Relevance: .3, Instructions: 279COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008E5150 Relevance: .3, Instructions: 268COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00974B80 Relevance: .3, Instructions: 253COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00864300 Relevance: .2, Instructions: 237COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A6CA60 Relevance: .2, Instructions: 229COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007994B0 Relevance: .2, Instructions: 222COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00825410 Relevance: .2, Instructions: 212COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00824B30 Relevance: .2, Instructions: 211COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 008AC040 Relevance: .2, Instructions: 160COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0081CCC0 Relevance: .1, Instructions: 143COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00918DF0 Relevance: .1, Instructions: 141COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00800D50 Relevance: .1, Instructions: 126COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCBE0 Relevance: .1, Instructions: 115COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00974660 Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCBFC Relevance: .1, Instructions: 96COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCBF4 Relevance: .1, Instructions: 96COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCC2C Relevance: .1, Instructions: 90COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCC0C Relevance: .1, Instructions: 90COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCC14 Relevance: .1, Instructions: 89COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCC3C Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00701000 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 009212E0 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCC44 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCC84 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCC8C Relevance: .1, Instructions: 58COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCCA0 Relevance: .1, Instructions: 53COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCCA8 Relevance: .0, Instructions: 50COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCCB8 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007DCCC0 Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007043C0 Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0079C510 Relevance: .0, Instructions: 5COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0094C07C Relevance: 7.7, APIs: 5, Instructions: 248COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00941090 Relevance: 7.7, APIs: 5, Instructions: 178COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00A8CA20 Relevance: 6.4, Strings: 5, Instructions: 158COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0093C875 Relevance: 6.2, APIs: 4, Instructions: 168COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|