Edit tour
Windows
Analysis Report
AdobeReaderPDFonline.exe
Overview
General Information
| Sample name: | AdobeReaderPDFonline.exe |
| Analysis ID: | 1587434 |
| MD5: | af1d0f01b01da4da3a9a54b2bee820e9 |
| SHA1: | 859814a52ba8c1a67468cce646974be9bdece0cb |
| SHA256: | d883efc9e3f21d039ba1bec082b390432ea3f3608657e9ced8682be27c318ec2 |
| Tags: | exeuser-zhuzhu0009 |
| Infos: |   |
 | |
Detection
| Score: | 88 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
AI detected suspicious sample
Allocates memory in foreign processes
Drops PE files to the document folder of the user
Drops large PE files
Injects a PE file into a foreign processes
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains functionality to query CPU information (cpuid)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
AdobeReaderPDFonline.exe (PID: 5056 cmdline: "C:\Users\ user\Deskt op\AdobeRe aderPDFonl ine.exe" MD5: AF1D0F01B01DA4DA3A9A54B2BEE820E9) 
csc.exe (PID: 2760 cmdline: "C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\csc .exe" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security | ||
| JoeSecurity_CosturaAssemblyLoader | Yara detected Costura Assembly Loader | Joe Security |
System Summary |   |
|---|
| Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): | ||
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | TCP traffic: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
System Summary | |
|---|
| Source: | File dump: | Jump to dropped file | ||
| Source: | Code function: | 1_2_02603A1D | |
| Source: | Code function: | 1_2_025E573A | |
| Source: | Code function: | 1_2_025FE508 | |
| Source: | Code function: | 1_2_025F95B4 | |
| Source: | Code function: | 1_2_025EAA05 | |
| Source: | Code function: | 1_2_025E323F | |
| Source: | Code function: | 1_2_025FBA3C | |
| Source: | Code function: | 1_2_025E723B | |
| Source: | Code function: | 1_2_025F0A21 | |
| Source: | Code function: | 1_2_025F1221 | |
| Source: | Code function: | 1_2_025E22D5 | |
| Source: | Code function: | 1_2_025F12CE | |
| Source: | Code function: | 1_2_025F12C3 | |
| Source: | Code function: | 1_2_025EE282 | |
| Source: | Code function: | 1_2_025EC35D | |
| Source: | Code function: | 1_2_025F0B6E | |
| Source: | Code function: | 1_2_025ED30E | |
| Source: | Code function: | 1_2_025F0B3F | |
| Source: | Code function: | 1_2_025F0B2C | |
| Source: | Code function: | 1_2_025E2327 | |
| Source: | Code function: | 1_2_025F1BDF | |
| Source: | Code function: | 1_2_025F0BF7 | |
| Source: | Code function: | 1_2_025FC3EE | |
| Source: | Code function: | 1_2_025EF390 | |
| Source: | Code function: | 1_2_025F0BB0 | |
| Source: | Code function: | 1_2_025EC852 | |
| Source: | Code function: | 1_2_025ED871 | |
| Source: | Code function: | 1_2_025E4863 | |
| Source: | Code function: | 1_2_025FF061 | |
| Source: | Code function: | 1_2_0260282C | |
| Source: | Code function: | 1_2_025F1011 | |
| Source: | Code function: | 1_2_025EE00A | |
| Source: | Code function: | 1_2_025ED809 | |
| Source: | Code function: | 1_2_025F1038 | |
| Source: | Code function: | 1_2_025ED82E | |
| Source: | Code function: | 1_2_025F102F | |
| Source: | Code function: | 1_2_025E48D4 | |
| Source: | Code function: | 1_2_025EC0C1 | |
| Source: | Code function: | 1_2_025EC0BA | |
| Source: | Code function: | 1_2_025ED950 | |
| Source: | Code function: | 1_2_025ED96E | |
| Source: | Code function: | 1_2_02603955 | |
| Source: | Code function: | 1_2_025EC111 | |
| Source: | Code function: | 1_2_025EC90E | |
| Source: | Code function: | 1_2_025EC104 | |
| Source: | Code function: | 1_2_025E1939 | |
| Source: | Code function: | 1_2_025E212E | |
| Source: | Code function: | 1_2_025ED920 | |
| Source: | Code function: | 1_2_025F1199 | |
| Source: | Code function: | 1_2_025E5992 | |
| Source: | Code function: | 1_2_026021B0 | |
| Source: | Code function: | 1_2_025FE98E | |
| Source: | Code function: | 1_2_025F11A6 | |
| Source: | Code function: | 1_2_025EC9A1 | |
| Source: | Code function: | 1_2_02602E78 | |
| Source: | Code function: | 1_2_025EC63D | |
| Source: | Code function: | 1_2_025EC637 | |
| Source: | Code function: | 1_2_025F0E2E | |
| Source: | Code function: | 1_2_025EAEF4 | |
| Source: | Code function: | 1_2_025F5E87 | |
| Source: | Code function: | 1_2_025E5745 | |
| Source: | Code function: | 1_2_025EA76F | |
| Source: | Code function: | 1_2_025F176D | |
| Source: | Code function: | 1_2_025E1F3C | |
| Source: | Code function: | 1_2_025F27DA | |
| Source: | Code function: | 1_2_025ED7D6 | |
| Source: | Code function: | 1_2_025F279E | |
| Source: | Code function: | 1_2_025EC785 | |
| Source: | Code function: | 1_2_025ED7BE | |
| Source: | Code function: | 1_2_025ED7A7 | |
| Source: | Code function: | 1_2_025E2C7B | |
| Source: | Code function: | 1_2_025E3473 | |
| Source: | Code function: | 1_2_025F0C1F | |
| Source: | Code function: | 1_2_025EDC30 | |
| Source: | Code function: | 1_2_025EDCF6 | |
| Source: | Code function: | 1_2_025E3C95 | |
| Source: | Code function: | 1_2_025EDC8E | |
| Source: | Code function: | 1_2_025EDC86 | |
| Source: | Code function: | 1_2_025F2CB8 | |
| Source: | Code function: | 1_2_025F1559 | |
| Source: | Code function: | 1_2_025F1568 | |
| Source: | Code function: | 1_2_025EDD24 | |
| Source: | Code function: | 1_2_025FBDD6 | |
| Source: | Code function: | 1_2_025ED5FF | |
| Source: | Code function: | 1_2_025E65E7 | |
| Source: | Code function: | 1_2_025EC59E | |
| Source: | Code function: | 1_2_026035B9 | |
| Source: | Code function: | 1_2_025F2585 | |
| Source: | Code function: | 1_2_025EC5BA | |
| Source: | Code function: | 1_2_025EC5A5 | |
| Source: | Code function: | 1_2_02663E0B | |
| Source: | Code function: | 1_2_0266D740 | |
| Source: | Code function: | 1_2_0266788D | |
| Source: | Code function: | 1_2_02664672 | |
| Source: | Code function: | 1_2_0266D643 | |
| Source: | Code function: | 1_2_0266464D | |
| Source: | Code function: | 1_2_0266C24D | |
| Source: | Code function: | 1_2_02664A58 | |
| Source: | Code function: | 1_2_02669A2F | |
| Source: | Code function: | 1_2_0266BA36 | |
| Source: | Code function: | 1_2_0266D635 | |
| Source: | Code function: | 1_2_0266D6E3 | |
| Source: | Code function: | 1_2_02664AFD | |
| Source: | Code function: | 1_2_026686F9 | |
| Source: | Code function: | 1_2_02666AD6 | |
| Source: | Code function: | 1_2_026682A4 | |
| Source: | Code function: | 1_2_0266C6A5 | |
| Source: | Code function: | 1_2_0266D6A3 | |
| Source: | Code function: | 1_2_0266C282 | |
| Source: | Code function: | 1_2_0266D68A | |
| Source: | Code function: | 1_2_02668689 | |
| Source: | Code function: | 1_2_0266D777 | |
| Source: | Code function: | 1_2_02668B7F | |
| Source: | Code function: | 1_2_02668743 | |
| Source: | Code function: | 1_2_0266CF4C | |
| Source: | Code function: | 1_2_0266CF51 | |
| Source: | Code function: | 1_2_0266835C | |
| Source: | Code function: | 1_2_02668337 | |
| Source: | Code function: | 1_2_0266A706 | |
| Source: | Code function: | 1_2_0266B7EC | |
| Source: | Code function: | 1_2_0266CFF4 | |
| Source: | Code function: | 1_2_0266CFFF | |
| Source: | Code function: | 1_2_0266D3F8 | |
| Source: | Code function: | 1_2_026697C5 | |
| Source: | Code function: | 1_2_026683C8 | |
| Source: | Code function: | 1_2_026683D9 | |
| Source: | Code function: | 1_2_0266D3A3 | |
| Source: | Code function: | 1_2_026697AE | |
| Source: | Code function: | 1_2_0266B7AB | |
| Source: | Code function: | 1_2_026647BA | |
| Source: | Code function: | 1_2_026697B8 | |
| Source: | Code function: | 1_2_02664B81 | |
| Source: | Code function: | 1_2_0266479B | |
| Source: | Code function: | 1_2_0266C471 | |
| Source: | Code function: | 1_2_02664C48 | |
| Source: | Code function: | 1_2_0266C449 | |
| Source: | Code function: | 1_2_02664C5A | |
| Source: | Code function: | 1_2_0266B82D | |
| Source: | Code function: | 1_2_0266C429 | |
| Source: | Code function: | 1_2_0266C412 | |
| Source: | Code function: | 1_2_0266481A | |
| Source: | Code function: | 1_2_02667418 | |
| Source: | Code function: | 1_2_0266C4F5 | |
| Source: | Code function: | 1_2_0266D8FE | |
| Source: | Code function: | 1_2_02664C92 | |
| Source: | Code function: | 1_2_02665172 | |
| Source: | Code function: | 1_2_0266B179 | |
| Source: | Code function: | 1_2_0266854F | |
| Source: | Code function: | 1_2_0266B54F | |
| Source: | Code function: | 1_2_0266B94A | |
| Source: | Code function: | 1_2_02667155 | |
| Source: | Code function: | 1_2_02669955 | |
| Source: | Code function: | 1_2_02664D22 | |
| Source: | Code function: | 1_2_0266D93C | |
| Source: | Code function: | 1_2_02664D11 | |
| Source: | Code function: | 1_2_026649EA | |
| Source: | Code function: | 1_2_026695FC | |
| Source: | Code function: | 1_2_0266D9D8 | |
| Source: | Code function: | 1_2_02664DA7 | |
| Source: | Code function: | 1_2_0266C5A7 | |
| Source: | Code function: | 1_2_02664DAC | |
| Source: | Code function: | 1_2_026685B2 | |
| Source: | Code function: | 1_2_02669182 | |
| Source: | Code function: | 5_2_04E93060 | |
| Source: | Code function: | 5_2_04E93054 | |
| Source: | Code function: | 5_2_06B24798 | |
| Source: | Code function: | 5_2_06B2C220 | |
| Source: | Code function: | 5_2_06B24788 | |
| Source: | Code function: | 5_2_06B2C547 | |
| Source: | Code function: | 5_2_06B2D250 | |
| Source: | Code function: | 5_2_06B23E56 | |
| Source: | Code function: | 5_2_06B23DB0 | |
| Source: | Code function: | 5_2_06B23DE0 | |
| Source: | Code function: | 5_2_06B24A4A | |
| Source: | Code function: | 5_2_06B24922 | |
| Source: | Code function: | 5_2_093D3120 | |
| Source: | Code function: | 5_2_093D5F80 | |
| Source: | Code function: | 5_2_093D13F0 | |
| Source: | Code function: | 5_2_093D07D8 | |
| Source: | Code function: | 5_2_093D3113 | |
| Source: | Code function: | 5_2_093D1DB0 | |
| Source: | Code function: | 5_2_093D1DC0 | |
| Source: | Code function: | 5_2_093D0B20 | |
| Source: | Code function: | 5_2_093D32FF | |
| Source: | Code function: | 5_2_095ACB38 | |
| Source: | Code function: | 5_2_095AE298 | |
| Source: | Code function: | 5_2_095AE289 | |
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | WMI Queries: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 1_2_025EEA7F | |
| Source: | Code function: | 1_2_025EEA77 | |
| Source: | Code function: | 1_2_025EE45D | |
| Source: | Code function: | 5_2_04E965CC | |
| Source: | Code function: | 5_2_04E971CC | |
| Source: | Code function: | 5_2_06B289B8 | |
| Source: | Code function: | 5_2_095ABC91 | |
| Source: | Code function: | 5_2_097D8EA4 | |
Persistence and Installation Behavior | |
|---|
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | File source: | ||
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Code function: | 1_2_02606565 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 1_2_005CD4D4 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 131 Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 31 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 11 Disable or Modify Tools | LSASS Memory | 121 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 141 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 31 Process Injection | NTDS | 141 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 134 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 54% | Virustotal | Browse | ||
| 45% | ReversingLabs | Win32.Adware.RedCap |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| newstaticfreepoint24.ddns-ip.net | 181.71.216.203 | true | false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 181.71.216.203 | newstaticfreepoint24.ddns-ip.net | Colombia | 27831 | ColombiaMovilCO | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1587434 |
| Start date and time: | 2025-01-10 11:33:09 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 9m 17s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 9 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | AdobeReaderPDFonline.exe |
| Detection: | MAL |
| Classification: | mal88.evad.winEXE@3/1@1/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 20.109.210.53
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 05:34:35 | API Interceptor | |
| 11:34:38 | Autostart | |
| 11:34:46 | Autostart |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 181.71.216.203 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Remcos | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| newstaticfreepoint24.ddns-ip.net | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ColombiaMovilCO | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
|
⊘No context
⊘No context
| Process: | C:\Users\user\Desktop\AdobeReaderPDFonline.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 959667331 |
| Entropy (8bit): | 0.08625462809460394 |
| Encrypted: | false |
| SSDEEP: | |
| MD5: | 1ED9B1C1CC1AD0A0002A3CE083DC9D5F |
| SHA1: | CA8788C1C7FA2F39304E8AA2B8276C928B4B7165 |
| SHA-256: | 50C929F7C263A067D323E03CA02B3F18EDE373CFD53E89DCE9EEF589BB469826 |
| SHA-512: | 99B974DBD3F000B44C7D2F9245AD17BD909FDCA8CE1E3196BC0162760264CD3C859488847EBFA6ADA03359B4582C248E14E96862B748887F0221DB7A84780B7D |
| Malicious: | true |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.0634954672891475 |
| TrID: |
|
| File name: | AdobeReaderPDFonline.exe |
| File size: | 5'835'776 bytes |
| MD5: | af1d0f01b01da4da3a9a54b2bee820e9 |
| SHA1: | 859814a52ba8c1a67468cce646974be9bdece0cb |
| SHA256: | d883efc9e3f21d039ba1bec082b390432ea3f3608657e9ced8682be27c318ec2 |
| SHA512: | 5ddcb57d828f1b33bed2c9a72a9eede38f7601fcf9e4e34f69f6b17363db41a2362799b3bf36be61cc0851c9d309137a1210c3d4c916349a2d1724ebb7909c35 |
| SSDEEP: | 98304:9jYWohHXZ64z3lrxA0+IbvT3916Floj9ghi1RebMIg9Cbk/VFE/nIV3MwBReUcRR:9jYWqXZ6wF3916vojDIg9Cbk/VK/nqbO |
| TLSH: | 7246BF327D4A445BD07212716A69E975A13E6D78273202C363E47F3F7831AC2293BE67 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V...V...V.......V.......V......"V.......V.......V...V...U..5....V..5....V..5...YW.......V....p..V...V...V.......V..Rich.V. |
 | |
| Icon Hash: | 335092b3b2c66517 |
| Entrypoint: | 0x5cc6df |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x67459109 [Tue Nov 26 09:12:41 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | b48ec932e0b94d3910a5e2592ad0d9cf |
| Signature Valid: | |
| Signature Issuer: | |
| Signature Validation Error: | |
| Error Number: | |
| Not Before, Not After | |
| Subject Chain | |
| Version: | |
| Thumbprint MD5: | |
| Thumbprint SHA-1: | |
| Thumbprint SHA-256: | |
| Serial: |
| Instruction |
|---|
| call 00007F165CC6DDC2h |
| jmp 00007F165CC6CDFFh |
| cmp ecx, dword ptr [006A5000h] |
| jne 00007F165CC6CF83h |
| ret |
| jmp 00007F165CC6D981h |
| push ebp |
| mov ebp, esp |
| push esi |
| mov esi, 006B34E4h |
| push esi |
| call dword ptr [006192E8h] |
| mov eax, dword ptr [ebp+08h] |
| push esi |
| and dword ptr [eax], 00000000h |
| call dword ptr [006192ECh] |
| push 006B34E0h |
| call dword ptr [006192E4h] |
| pop esi |
| pop ebp |
| ret |
| push ebp |
| mov ebp, esp |
| push esi |
| mov esi, 006B34E4h |
| push esi |
| call dword ptr [006192E8h] |
| mov ecx, dword ptr [006A4FF0h] |
| mov eax, dword ptr [ebp+08h] |
| inc ecx |
| mov dword ptr [006A4FF0h], ecx |
| push esi |
| mov dword ptr [eax], ecx |
| mov eax, dword ptr fs:[0000002Ch] |
| mov ecx, dword ptr [006B3844h] |
| mov ecx, dword ptr [eax+ecx*4] |
| mov eax, dword ptr [006A4FF0h] |
| mov dword ptr [ecx+00000004h], eax |
| call dword ptr [006192ECh] |
| push 006B34E0h |
| call dword ptr [006192E4h] |
| pop esi |
| pop ebp |
| ret |
| push ebp |
| mov ebp, esp |
| push esi |
| push edi |
| mov edi, 006B34E4h |
| push edi |
| call dword ptr [006192E8h] |
| mov esi, dword ptr [ebp+08h] |
| cmp dword ptr [esi], 00000000h |
| jne 00007F165CC6CF8Eh |
| or dword ptr [esi], FFFFFFFFh |
| jmp 00007F165CC6CFA8h |
| call 00007F165CC6CFB1h |
| jmp 00007F165CC6CF71h |
| cmp dword ptr [esi], FFFFFFFFh |
| je 00007F165CC6CF76h |
| mov eax, dword ptr fs:[0000002Ch] |
| mov ecx, dword ptr [00003844h] |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x29fe7c | 0x1b8 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2b6000 | 0x2e2234 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x458600 | 0x2800 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x436000 | 0x2ab50 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x278c70 | 0x70 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x278d00 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x278bb0 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x219000 | 0xad0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x218000 | 0x217c00 | bf8442e1a060d6a6110e5353f0b7e4f0 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x219000 | 0x8b000 | 0x8ac00 | c071b645d904afddfae36d09fbff0a76 | False | 0.33050218186936936 | data | 5.546535578758396 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x2a4000 | 0x12000 | 0xbc00 | df682c1e69ad36bfcf32c628e7178a04 | False | 0.17351645611702127 | data | 5.056360385601096 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x2b6000 | 0x2e2234 | 0x2e2400 | 7e9251cd98c2809c7f0a338118d8a199 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| AFX_DIALOG_LAYOUT | 0x2cb174 | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb178 | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb17c | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb180 | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb184 | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb188 | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb18c | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb190 | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb194 | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb198 | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb19c | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb1a0 | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb1a4 | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb1a8 | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb1ac | 0x2 | data | English | United States | 5.0 |
| AFX_DIALOG_LAYOUT | 0x2cb1b0 | 0x2 | data | English | United States | 5.0 |
| IMAGE_BLOB | 0x2cb1b4 | 0x6182 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9983174425126192 |
| IMAGE_BLOB2 | 0x2d1338 | 0x57e4 | PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced | English | United States | 0.9663111111111111 |
| IMAGE_BLOB3 | 0x2d6b1c | 0x6050 | PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced | English | United States | 0.9756245944192083 |
| LOCALE | 0x2dcb6c | 0xb1f | XML 1.0 document, ASCII text, with very long lines (345), with CRLF line terminators | English | United States | 0.4130663856691254 |
| LOCALE | 0x2dd68c | 0xb1f | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (344), with CRLF line terminators | English | United States | 0.4260625219529329 |
| LOCALE | 0x2de1ac | 0xa65 | XML 1.0 document, ASCII text, with very long lines (344), with CRLF line terminators | English | United States | 0.4269071777527245 |
| LOCALE | 0x2dec14 | 0xac8 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (343), with CRLF line terminators | English | United States | 0.43623188405797103 |
| LOCALE | 0x2df6dc | 0xafc | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (346), with CRLF line terminators | English | United States | 0.4317211948790896 |
| LOCALE | 0x2e01d8 | 0xb1a | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (367), with CRLF line terminators | English | United States | 0.45918367346938777 |
| LOCALE | 0x2e0cf4 | 0xaf3 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (353), with CRLF line terminators | English | United States | 0.4659293613985016 |
| LOCALE | 0x2e17e8 | 0xa94 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (356), with CRLF line terminators | English | United States | 0.4324224519940916 |
| LOCALE | 0x2e227c | 0xb98 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (426), with CRLF line terminators | English | United States | 0.4366576819407008 |
| LOCALE | 0x2e2e14 | 0xaa2 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (349), with CRLF line terminators | English | United States | 0.44305657604702425 |
| LOCALE | 0x2e38b8 | 0xb6b | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (381), with CRLF line terminators | English | United States | 0.43345877523092713 |
| LOCALE | 0x2e4424 | 0xad7 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (365), with CRLF line terminators | English | United States | 0.43963963963963965 |
| LOCALE | 0x2e4efc | 0xb00 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (406), with CRLF line terminators | English | United States | 0.43785511363636365 |
| LOCALE | 0x2e59fc | 0xb1a | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (367), with CRLF line terminators | English | United States | 0.45918367346938777 |
| LOCALE | 0x2e6518 | 0xde9 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (366), with CRLF line terminators | English | United States | 0.41224375175512495 |
| LOCALE | 0x2e7304 | 0xada | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (348), with CRLF line terminators | English | United States | 0.4474442044636429 |
| LOCALE | 0x2e7de0 | 0x1f1f | exported SGML document, Unicode text, UTF-8 text, with very long lines (1357), with CRLF line terminators | English | United States | 0.3887285050834693 |
| PNG | 0x2e9d00 | 0x77 | PNG image data, 4 x 4, 8-bit/color RGB, non-interlaced | English | United States | 0.9915966386554622 |
| PNG | 0x2e9d78 | 0x2f5 | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 1.0145310435931307 |
| PNG | 0x2ea070 | 0x301 | PNG image data, 70 x 31, 8-bit/color RGBA, non-interlaced | English | United States | 1.0143042912873863 |
| PNG | 0x2ea374 | 0x287 | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 1.017001545595054 |
| PNG | 0x2ea5fc | 0x36e | PNG image data, 22 x 40, 8-bit/color RGB, non-interlaced | English | United States | 1.0125284738041003 |
| PNG | 0x2ea96c | 0x15d | PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.0315186246418337 |
| PNG | 0x2eaacc | 0x13e | PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.0345911949685536 |
| PNG | 0x2eac0c | 0x115 | PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced | English | United States | 1.03971119133574 |
| PNG | 0x2ead24 | 0x12a | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | English | United States | 1.0302013422818792 |
| PNG | 0x2eae50 | 0x20c | PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced | English | United States | 1.0209923664122138 |
| PNG | 0x2eb05c | 0xfd | PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced | English | United States | 1.0276679841897234 |
| PNG | 0x2eb15c | 0xa6 | PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced | English | United States | 1.0120481927710843 |
| PNG | 0x2eb204 | 0x7c | PNG image data, 3 x 11, 8-bit/color RGBA, non-interlaced | English | United States | 0.9919354838709677 |
| PNG | 0x2eb280 | 0x96 | PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced | English | United States | 1.0133333333333334 |
| PNG | 0x2eb318 | 0x91 | PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced | English | United States | 1.006896551724138 |
| PNG | 0x2eb3ac | 0x84 | PNG image data, 15 x 3, 8-bit/color RGB, non-interlaced | English | United States | 0.9848484848484849 |
| PNG | 0x2eb430 | 0xa3 | PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced | English | United States | 1.0122699386503067 |
| PNG | 0x2eb4d4 | 0x771 | PNG image data, 13 x 156, 8-bit/color RGB, non-interlaced | English | United States | 1.005774278215223 |
| PNG | 0x2ebc48 | 0x697 | PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced | English | United States | 1.006520450503853 |
| PNG | 0x2ec2e0 | 0x342 | PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced | English | United States | 1.013189448441247 |
| PNG | 0x2ec624 | 0x45f | PNG image data, 24 x 72, 8-bit/color RGB, non-interlaced | English | United States | 1.0098302055406614 |
| PNG | 0x2eca84 | 0x1a3 | PNG image data, 20 x 12, 8-bit/color RGBA, non-interlaced | English | United States | 1.026252983293556 |
| PNG | 0x2ecc28 | 0xac8 | PNG image data, 24 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.0039855072463768 |
| PNG | 0x2ed6f0 | 0x37c | PNG image data, 8 x 88, 8-bit/color RGBA, non-interlaced | English | United States | 1.0123318385650224 |
| PNG | 0x2eda6c | 0xa50 | PNG image data, 24 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.0041666666666667 |
| PNG | 0x2ee4bc | 0x48e | PNG image data, 9 x 88, 8-bit/color RGBA, non-interlaced | English | United States | 1.009433962264151 |
| PNG | 0x2ee94c | 0xa50 | PNG image data, 24 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.0041666666666667 |
| PNG | 0x2ef39c | 0x380 | PNG image data, 8 x 88, 8-bit/color RGBA, non-interlaced | English | United States | 1.0122767857142858 |
| PNG | 0x2ef71c | 0xab0 | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0040204678362572 |
| PNG | 0x2f01cc | 0xb1f | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0038637161924833 |
| PNG | 0x2f0cec | 0xa8e | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0040710584752035 |
| PNG | 0x2f177c | 0xb30 | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.003840782122905 |
| PNG | 0x2f22ac | 0x3a6 | PNG image data, 48 x 12, 8-bit/color RGBA, non-interlaced | English | United States | 1.011777301927195 |
| PNG | 0x2f2654 | 0x111b | PNG image data, 38 x 114, 8-bit/color RGBA, non-interlaced | English | United States | 1.0025119890385932 |
| PNG | 0x2f3770 | 0x3d1 | PNG image data, 23 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0112589559877174 |
| PNG | 0x2f3b44 | 0x21b | PNG image data, 11 x 88, 8-bit/color RGB, non-interlaced | English | United States | 1.0204081632653061 |
| PNG | 0x2f3d60 | 0xb12 | PNG image data, 50 x 273, 8-bit/color RGBA, non-interlaced | English | United States | 1.003881439661256 |
| PNG | 0x2f4874 | 0x7ac | PNG image data, 50 x 162, 8-bit/color RGBA, non-interlaced | English | United States | 1.005600814663951 |
| PNG | 0x2f5020 | 0xd43 | PNG image data, 50 x 264, 8-bit/color RGB, non-interlaced | English | United States | 1.003240058910162 |
| PNG | 0x2f5d64 | 0x3a4 | PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced | English | United States | 1.011802575107296 |
| PNG | 0x2f6108 | 0x320 | PNG image data, 14 x 246, 8-bit/color RGBA, non-interlaced | English | United States | 1.01375 |
| PNG | 0x2f6428 | 0x31f | PNG image data, 14 x 246, 8-bit/color RGBA, non-interlaced | English | United States | 1.0137672090112642 |
| PNG | 0x2f6748 | 0x2bd | PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.0156918687589158 |
| PNG | 0x2f6a08 | 0x273 | PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced | English | United States | 1.0175438596491229 |
| PNG | 0x2f6c7c | 0x2c9 | PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced | English | United States | 1.0154277699859748 |
| PNG | 0x2f6f48 | 0x163 | PNG image data, 70 x 66, 8-bit/color RGBA, non-interlaced | English | United States | 1.0112676056338028 |
| PNG | 0x2f70ac | 0x152 | PNG image data, 41 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.032544378698225 |
| PNG | 0x2f7200 | 0x38a | PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0121412803532008 |
| PNG | 0x2f758c | 0x532 | PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0082706766917293 |
| PNG | 0x2f7ac0 | 0x19c | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 0.8810679611650486 |
| PNG | 0x2f7c5c | 0x2296 | PNG image data, 72 x 125, 8-bit/color RGBA, non-interlaced | English | United States | 1.001242376327084 |
| PNG | 0x2f9ef4 | 0x69e | PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced | English | United States | 1.0064935064935066 |
| PNG | 0x2fa594 | 0x1c4 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 0.8252212389380531 |
| PNG | 0x2fa758 | 0x522 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.008371385083714 |
| PNG | 0x2fac7c | 0x2475 | PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced | English | United States | 1.000750026786671 |
| PNG | 0x2fd0f4 | 0x69e | PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced | English | United States | 1.0064935064935066 |
| PNG | 0x2fd794 | 0x1c3 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 0.8314855875831486 |
| PNG | 0x2fd958 | 0x505 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0085603112840467 |
| PNG | 0x2fde60 | 0x24d3 | PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced | English | United States | 1.0004243131430997 |
| PNG | 0x300334 | 0x69e | PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced | English | United States | 1.0064935064935066 |
| PNG | 0x3009d4 | 0x1c7 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 0.832967032967033 |
| PNG | 0x300b9c | 0x536 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0082458770614693 |
| PNG | 0x3010d4 | 0x24f0 | PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced | English | United States | 1.0011632825719121 |
| PNG | 0x3035c4 | 0x69e | PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced | English | United States | 1.0064935064935066 |
| PNG | 0x303c64 | 0x1c5 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 0.8388520971302428 |
| PNG | 0x303e2c | 0x4d9 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.008863819500403 |
| PNG | 0x304308 | 0x23d3 | PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced | English | United States | 1.0 |
| PNG | 0x3066dc | 0x189 | PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced | English | United States | 1.0279898218829517 |
| PNG | 0x306868 | 0x1bc | PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced | English | United States | 0.7027027027027027 |
| PNG | 0x306a24 | 0x69e | PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced | English | United States | 1.0064935064935066 |
| PNG | 0x3070c4 | 0x1c4 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 0.827433628318584 |
| PNG | 0x307288 | 0x4ef | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0087094220110848 |
| PNG | 0x307778 | 0x23a2 | PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced | English | United States | 1.0007673755755317 |
| PNG | 0x309b1c | 0xc5 | PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0253807106598984 |
| PNG | 0x309be4 | 0x69e | PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced | English | United States | 1.0064935064935066 |
| PNG | 0x30a284 | 0x1ba | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 0.8212669683257918 |
| PNG | 0x30a440 | 0x4e4 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0087859424920127 |
| PNG | 0x30a924 | 0x250f | PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced | English | United States | 1.0005270369979973 |
| PNG | 0x30ce34 | 0x69e | PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced | English | United States | 1.0064935064935066 |
| PNG | 0x30d4d4 | 0x1c2 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 0.8288888888888889 |
| PNG | 0x30d698 | 0x4e9 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0087509944311854 |
| PNG | 0x30db84 | 0x23c6 | PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced | English | United States | 1.000436776588775 |
| PNG | 0x30ff4c | 0xb5 | PNG image data, 15 x 15, 8-bit/color RGB, non-interlaced | English | United States | 1.0165745856353592 |
| PNG | 0x310004 | 0x186 | PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced | English | United States | 1.028205128205128 |
| PNG | 0x31018c | 0x1b5 | PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced | English | United States | 0.6864988558352403 |
| PNG | 0x310344 | 0x66 | PNG image data, 1 x 46, 8-bit/color RGBA, non-interlaced | English | United States | 0.9803921568627451 |
| PNG | 0x3103ac | 0xf9 | PNG image data, 90 x 12, 8-bit/color RGBA, non-interlaced | English | United States | 1.0321285140562249 |
| PNG | 0x3104a8 | 0x17c3 | PNG image data, 86 x 240, 8-bit/color RGBA, non-interlaced | English | United States | 0.992931119513398 |
| PNG | 0x311c6c | 0x283 | PNG image data, 86 x 8, 8-bit/color RGBA, non-interlaced | English | United States | 1.0171073094867806 |
| PNG | 0x311ef0 | 0x71 | PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced | English | United States | 0.9823008849557522 |
| PNG | 0x311f64 | 0x71d | PNG image data, 16 x 48, 8-bit/color RGBA, non-interlaced | English | United States | 1.0060406370126305 |
| PNG | 0x312684 | 0x794 | PNG image data, 16 x 48, 8-bit/color RGBA, non-interlaced | English | United States | 1.0056701030927835 |
| PNG | 0x312e18 | 0x284 | PNG image data, 7 x 39, 8-bit/color RGBA, non-interlaced | English | United States | 1.0170807453416149 |
| PNG | 0x31309c | 0x203 | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 1.021359223300971 |
| PNG | 0x3132a0 | 0x1b5 | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 1.0251716247139588 |
| PNG | 0x313458 | 0xb2 | PNG image data, 2 x 20, 8-bit/color RGB, non-interlaced | English | United States | 1.0168539325842696 |
| PNG | 0x31350c | 0xd1 | PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced | English | United States | 0.9760765550239234 |
| PNG | 0x3135e0 | 0x21c | PNG image data, 21 x 42, 8-bit/color RGBA, non-interlaced | English | United States | 1.0203703703703704 |
| PNG | 0x3137fc | 0x21c | PNG image data, 21 x 42, 8-bit/color RGBA, non-interlaced | English | United States | 1.0203703703703704 |
| PNG | 0x313a18 | 0x1ae | PNG image data, 21 x 84, 8-bit/color RGBA, non-interlaced | English | United States | 1.0186046511627906 |
| PNG | 0x313bc8 | 0x13a | PNG image data, 16 x 56, 8-bit/color RGBA, non-interlaced | English | United States | 1.0222929936305734 |
| PNG | 0x313d04 | 0x13f | PNG image data, 21 x 84, 8-bit/color RGBA, non-interlaced | English | United States | 1.0344827586206897 |
| PNG | 0x313e44 | 0x135 | PNG image data, 16 x 56, 8-bit/color RGBA, non-interlaced | English | United States | 0.9967637540453075 |
| PNG | 0x313f7c | 0xdb | PNG image data, 21 x 84, 8-bit/color RGBA, non-interlaced | English | United States | 1.0228310502283104 |
| PNG | 0x314058 | 0xc6 | PNG image data, 16 x 56, 8-bit/color RGBA, non-interlaced | English | United States | 1.0252525252525253 |
| PNG | 0x314120 | 0x1a9 | PNG image data, 21 x 84, 8-bit/color RGBA, non-interlaced | English | United States | 1.0141176470588236 |
| PNG | 0x3142cc | 0x19b | PNG image data, 16 x 56, 8-bit/color RGBA, non-interlaced | English | United States | 1.0194647201946472 |
| PNG | 0x314468 | 0x2296 | PNG image data, 72 x 125, 8-bit/color RGBA, non-interlaced | English | United States | 1.001242376327084 |
| PNG | 0x316700 | 0x13e | PNG image data, 72 x 15, 8-bit/color RGB, non-interlaced | English | United States | 1.0345911949685536 |
| PNG | 0x316840 | 0x115 | PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced | English | United States | 1.03971119133574 |
| PNG | 0x316958 | 0x83 | PNG image data, 35 x 3, 8-bit/color RGB, non-interlaced | English | United States | 1.0076335877862594 |
| PNG | 0x3169dc | 0xce | PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced | English | United States | 1.0242718446601942 |
| PNG | 0x316aac | 0xb30 | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.003840782122905 |
| PNG | 0x3175dc | 0x25f | PNG image data, 72 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.0181219110378912 |
| PNG | 0x31783c | 0x79 | PNG image data, 4 x 4, 8-bit/color RGB, non-interlaced | English | United States | 0.9752066115702479 |
| PNG | 0x3178b8 | 0x170 | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 0.9755434782608695 |
| PNG | 0x317a28 | 0x26b | PNG image data, 70 x 31, 8-bit/color RGBA, non-interlaced | English | United States | 1.0177705977382876 |
| PNG | 0x317c94 | 0x105 | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 0.9731800766283525 |
| PNG | 0x317d9c | 0xe6 | PNG image data, 22 x 38, 8-bit/color RGB, non-interlaced | English | United States | 1.0260869565217392 |
| PNG | 0x317e84 | 0x38d | PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.012101210121012 |
| PNG | 0x318214 | 0x265 | PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.0179445350734095 |
| PNG | 0x31847c | 0x11a | PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.0319148936170213 |
| PNG | 0x318598 | 0xaa | PNG image data, 2 x 19, 8-bit/color RGB, non-interlaced | English | United States | 1.011764705882353 |
| PNG | 0x318644 | 0x12a | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | English | United States | 1.0268456375838926 |
| PNG | 0x318770 | 0x209 | PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced | English | United States | 1.021113243761996 |
| PNG | 0x31897c | 0xf5 | PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced | English | United States | 1.0244897959183674 |
| PNG | 0x318a74 | 0xa6 | PNG image data, 54 x 31, 8-bit/color RGB, non-interlaced | English | United States | 1.0180722891566265 |
| PNG | 0x318b1c | 0x150 | PNG image data, 54 x 124, 8-bit/color RGB, non-interlaced | English | United States | 1.0327380952380953 |
| PNG | 0x318c6c | 0xac | PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced | English | United States | 1.0174418604651163 |
| PNG | 0x318d18 | 0x89 | PNG image data, 3 x 11, 8-bit/color RGBA, non-interlaced | English | United States | 1.0 |
| PNG | 0x318da4 | 0x98 | PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced | English | United States | 1.006578947368421 |
| PNG | 0x318e3c | 0x91 | PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced | English | United States | 1.006896551724138 |
| PNG | 0x318ed0 | 0x7d | PNG image data, 15 x 3, 8-bit/color RGB, non-interlaced | English | United States | 1.008 |
| PNG | 0x318f50 | 0xa6 | PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced | English | United States | 1.0120481927710843 |
| PNG | 0x318ff8 | 0xbc | PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced | English | United States | 1.0159574468085106 |
| PNG | 0x3190b4 | 0xa07 | PNG image data, 13 x 156, 8-bit/color RGBA, non-interlaced | English | United States | 1.004285157771718 |
| PNG | 0x319abc | 0x1de1 | PNG image data, 52 x 336, 8-bit/color RGBA, non-interlaced | English | United States | 1.0014380964832004 |
| PNG | 0x31b8a0 | 0x1be | PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced | English | United States | 1.0246636771300448 |
| PNG | 0x31ba60 | 0x53b | PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced | English | United States | 1.0082150858849888 |
| PNG | 0x31bf9c | 0x440 | PNG image data, 22 x 66, 8-bit/color RGBA, non-interlaced | English | United States | 1.010110294117647 |
| PNG | 0x31c3dc | 0x12e | PNG image data, 20 x 12, 8-bit/color RGBA, non-interlaced | English | United States | 1.0298013245033113 |
| PNG | 0x31c50c | 0x5b1 | PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced | English | United States | 1.0075497597803706 |
| PNG | 0x31cac0 | 0x408 | PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.0106589147286822 |
| PNG | 0x31cec8 | 0x471 | PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced | English | United States | 1.009674582233949 |
| PNG | 0x31d33c | 0x4b7 | PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.0091135045567523 |
| PNG | 0x31d7f4 | 0x481 | PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced | English | United States | 1.0095403295750216 |
| PNG | 0x31dc78 | 0x3ec | PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.0109561752988048 |
| PNG | 0x31e064 | 0x452 | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0099457504520795 |
| PNG | 0x31e4b8 | 0x414 | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.010536398467433 |
| PNG | 0x31e8cc | 0x39e | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.011879049676026 |
| PNG | 0x31ec6c | 0x48d | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.009442060085837 |
| PNG | 0x31f0fc | 0x1b3 | PNG image data, 15 x 56, 8-bit/color RGBA, non-interlaced | English | United States | 1.025287356321839 |
| PNG | 0x31f2b0 | 0xea | PNG image data, 32 x 8, 8-bit/color RGBA, non-interlaced | English | United States | 1.0299145299145298 |
| PNG | 0x31f39c | 0x1ae0 | PNG image data, 38 x 114, 8-bit/color RGBA, non-interlaced | English | United States | 1.0015988372093023 |
| PNG | 0x320e7c | 0xb43 | PNG image data, 22 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.0038154699965314 |
| PNG | 0x3219c0 | 0x609 | PNG image data, 11 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0071197411003237 |
| PNG | 0x321fcc | 0x18ae | PNG image data, 43 x 234, 8-bit/color RGBA, non-interlaced | English | United States | 1.0017410572966128 |
| PNG | 0x32387c | 0x1177 | PNG image data, 43 x 135, 8-bit/color RGBA, non-interlaced | English | United States | 1.0024602997092373 |
| PNG | 0x3249f4 | 0x25ec | PNG image data, 43 x 330, 8-bit/color RGBA, non-interlaced | English | United States | 1.0011330861145447 |
| PNG | 0x326fe0 | 0xacb | PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced | English | United States | 1.0039811798769454 |
| PNG | 0x327aac | 0xbc8 | PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036472148541113 |
| PNG | 0x328674 | 0xc2e | PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035279025016035 |
| PNG | 0x3292a4 | 0x5dd | PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.0073284477015323 |
| PNG | 0x329884 | 0x597 | PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced | English | United States | 1.0076869322152342 |
| PNG | 0x329e1c | 0x5f8 | PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced | English | United States | 1.007198952879581 |
| PNG | 0x32a414 | 0x237 | PNG image data, 54 x 69, 8-bit/color RGBA, non-interlaced | English | United States | 1.0194003527336861 |
| PNG | 0x32a64c | 0x588 | PNG image data, 22 x 44, 8-bit/color RGBA, non-interlaced | English | United States | 1.0077683615819208 |
| PNG | 0x32abd4 | 0x4b6 | PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0091210613598673 |
| PNG | 0x32b08c | 0x532 | PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0082706766917293 |
| PNG | 0x32b5c0 | 0x5fe | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0071707953063884 |
| PNG | 0x32bbc0 | 0xdd3 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 0.9960440802486578 |
| PNG | 0x32c994 | 0x7c | PNG image data, 1 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 0.9919354838709677 |
| PNG | 0x32ca10 | 0x13c1 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021752026893416 |
| PNG | 0x32ddd4 | 0x37d | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0123180291153415 |
| PNG | 0x32e154 | 0x395 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0119956379498365 |
| PNG | 0x32e4ec | 0x125e | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0023394300297745 |
| PNG | 0x32f74c | 0x13b4 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021808088818398 |
| PNG | 0x330b00 | 0x369 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0126002290950744 |
| PNG | 0x330e6c | 0x3cc | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0113168724279835 |
| PNG | 0x331238 | 0x1320 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.002246732026144 |
| PNG | 0x332558 | 0x13ac | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021842732327244 |
| PNG | 0x333904 | 0x364 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.012672811059908 |
| PNG | 0x333c68 | 0x3ba | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0115303983228512 |
| PNG | 0x334024 | 0x1274 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0023285351397122 |
| PNG | 0x335298 | 0x139f | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021899263388414 |
| PNG | 0x336638 | 0x380 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0122767857142858 |
| PNG | 0x3369b8 | 0x352 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0129411764705882 |
| PNG | 0x336d0c | 0x1288 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.002318718381113 |
| PNG | 0x337f94 | 0x211 | PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced | English | United States | 1.0207939508506616 |
| PNG | 0x3381a8 | 0x2e4 | PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced | English | United States | 1.0148648648648648 |
| PNG | 0x33848c | 0x13ad | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021838395870557 |
| PNG | 0x33983c | 0x365 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0126582278481013 |
| PNG | 0x339ba4 | 0x374 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.012443438914027 |
| PNG | 0x339f18 | 0x126b | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0023329798515377 |
| PNG | 0x33b184 | 0xd4 | PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.028301886792453 |
| PNG | 0x33b258 | 0x1394 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.00219473264166 |
| PNG | 0x33c5ec | 0x374 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.012443438914027 |
| PNG | 0x33c960 | 0x3f4 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0108695652173914 |
| PNG | 0x33cd54 | 0x1304 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0022596548890714 |
| PNG | 0x33e058 | 0x1397 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021934197407776 |
| PNG | 0x33f3f0 | 0x373 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0124575311438277 |
| PNG | 0x33f764 | 0x33d | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0132689987937273 |
| PNG | 0x33faa4 | 0x119e | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.002439024390244 |
| PNG | 0x340c44 | 0xa6 | PNG image data, 15 x 15, 8-bit/color RGB, non-interlaced | English | United States | 1.0120481927710843 |
| PNG | 0x340cec | 0x211 | PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced | English | United States | 1.0207939508506616 |
| PNG | 0x340f00 | 0x2f7 | PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced | English | United States | 1.0144927536231885 |
| PNG | 0x3411f8 | 0x16e | PNG image data, 9 x 38, 8-bit/color RGBA, non-interlaced | English | United States | 1.030054644808743 |
| PNG | 0x341368 | 0x73 | PNG image data, 5 x 5, 8-bit/color RGB, non-interlaced | English | United States | 0.9826086956521739 |
| PNG | 0x3413dc | 0x117 | PNG image data, 11 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.021505376344086 |
| PNG | 0x3414f4 | 0x67 | PNG image data, 2 x 55, 8-bit/color RGBA, non-interlaced | English | United States | 0.9902912621359223 |
| PNG | 0x34155c | 0xce | PNG image data, 90 x 12, 8-bit/color RGBA, non-interlaced | English | United States | 1.0242718446601942 |
| PNG | 0x34162c | 0xa40 | PNG image data, 86 x 240, 8-bit/color RGBA, non-interlaced | English | United States | 0.9733231707317073 |
| PNG | 0x34206c | 0x283 | PNG image data, 86 x 8, 8-bit/color RGBA, non-interlaced | English | United States | 1.0171073094867806 |
| PNG | 0x3422f0 | 0x93 | PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced | English | United States | 1.0136054421768708 |
| PNG | 0x342384 | 0x96a | PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced | English | United States | 1.004564315352697 |
| PNG | 0x342cf0 | 0x99b | PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced | English | United States | 1.0044733631557543 |
| PNG | 0x34368c | 0x2f7 | PNG image data, 11 x 45, 8-bit/color RGBA, non-interlaced | English | United States | 1.0144927536231885 |
| PNG | 0x343984 | 0x1ff | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 1.0215264187866928 |
| PNG | 0x343b84 | 0x1f7 | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 1.021868787276342 |
| PNG | 0x343d7c | 0xb6 | PNG image data, 2 x 20, 8-bit/color RGB, non-interlaced | English | United States | 1.010989010989011 |
| PNG | 0x343e34 | 0x94 | PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced | English | United States | 1.0135135135135136 |
| PNG | 0x343ec8 | 0x3e6 | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced | English | United States | 1.0110220440881763 |
| PNG | 0x3442b0 | 0x3e6 | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced | English | United States | 1.0110220440881763 |
| PNG | 0x344698 | 0x315 | PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.0139416983523448 |
| PNG | 0x3449b0 | 0x259 | PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced | English | United States | 1.0183028286189684 |
| PNG | 0x344c0c | 0x205 | PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.0212765957446808 |
| PNG | 0x344e14 | 0x176 | PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced | English | United States | 1.0294117647058822 |
| PNG | 0x344f8c | 0x124 | PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.0136986301369864 |
| PNG | 0x3450b0 | 0xd7 | PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced | English | United States | 1.0 |
| PNG | 0x345188 | 0x28f | PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.016793893129771 |
| PNG | 0x345418 | 0x225 | PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced | English | United States | 1.0200364298724955 |
| PNG | 0x345640 | 0xdd3 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 0.9960440802486578 |
| PNG | 0x346414 | 0x123 | PNG image data, 72 x 15, 8-bit/color RGB, non-interlaced | English | United States | 1.0378006872852235 |
| PNG | 0x346538 | 0x10b | PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced | English | United States | 1.0337078651685394 |
| PNG | 0x346644 | 0x83 | PNG image data, 35 x 3, 8-bit/color RGB, non-interlaced | English | United States | 1.0076335877862594 |
| PNG | 0x3466c8 | 0x12f | PNG image data, 9 x 9, 8-bit/color RGB, non-interlaced | English | United States | 1.0264026402640265 |
| PNG | 0x3467f8 | 0x48d | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.009442060085837 |
| PNG | 0x346c88 | 0x261 | PNG image data, 72 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.0180623973727423 |
| PNG | 0x346eec | 0x79 | PNG image data, 4 x 4, 8-bit/color RGB, non-interlaced | English | United States | 0.9752066115702479 |
| PNG | 0x346f68 | 0x1b5 | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 0.9931350114416476 |
| PNG | 0x347120 | 0x293 | PNG image data, 70 x 31, 8-bit/color RGBA, non-interlaced | English | United States | 1.0166919575113809 |
| PNG | 0x3473b4 | 0x11a | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 0.9716312056737588 |
| PNG | 0x3474d0 | 0xde | PNG image data, 22 x 38, 8-bit/color RGB, non-interlaced | English | United States | 1.027027027027027 |
| PNG | 0x3475b0 | 0x38d | PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.012101210121012 |
| PNG | 0x347940 | 0x265 | PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.0179445350734095 |
| PNG | 0x347ba8 | 0x124 | PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.0308219178082192 |
| PNG | 0x347ccc | 0xaa | PNG image data, 2 x 19, 8-bit/color RGB, non-interlaced | English | United States | 1.011764705882353 |
| PNG | 0x347d78 | 0x12a | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | English | United States | 1.0268456375838926 |
| PNG | 0x347ea4 | 0x209 | PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced | English | United States | 1.021113243761996 |
| PNG | 0x3480b0 | 0xf5 | PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced | English | United States | 1.0244897959183674 |
| PNG | 0x3481a8 | 0x9f | PNG image data, 54 x 31, 8-bit/color RGB, non-interlaced | English | United States | 1.0125786163522013 |
| PNG | 0x348248 | 0x148 | PNG image data, 54 x 124, 8-bit/color RGB, non-interlaced | English | United States | 1.0335365853658536 |
| PNG | 0x348390 | 0xac | PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced | English | United States | 1.0174418604651163 |
| PNG | 0x34843c | 0x8b | PNG image data, 3 x 11, 8-bit/color RGBA, non-interlaced | English | United States | 1.014388489208633 |
| PNG | 0x3484c8 | 0xa4 | PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced | English | United States | 1.0 |
| PNG | 0x34856c | 0x94 | PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced | English | United States | 1.0067567567567568 |
| PNG | 0x348600 | 0x87 | PNG image data, 15 x 3, 8-bit/color RGB, non-interlaced | English | United States | 1.0 |
| PNG | 0x348688 | 0xa6 | PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced | English | United States | 1.0120481927710843 |
| PNG | 0x348730 | 0xc5 | PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced | English | United States | 1.0203045685279188 |
| PNG | 0x3487f8 | 0xa54 | PNG image data, 13 x 156, 8-bit/color RGBA, non-interlaced | English | United States | 1.004160363086233 |
| PNG | 0x34924c | 0x1eda | PNG image data, 52 x 336, 8-bit/color RGBA, non-interlaced | English | United States | 1.001392757660167 |
| PNG | 0x34b128 | 0x1cb | PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced | English | United States | 1.0239651416122004 |
| PNG | 0x34b2f4 | 0x53b | PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced | English | United States | 1.0082150858849888 |
| PNG | 0x34b830 | 0x4f3 | PNG image data, 22 x 66, 8-bit/color RGBA, non-interlaced | English | United States | 1.0086819258089976 |
| PNG | 0x34bd24 | 0x11a | PNG image data, 20 x 12, 8-bit/color RGBA, non-interlaced | English | United States | 1.024822695035461 |
| PNG | 0x34be40 | 0x5af | PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced | English | United States | 1.0075601374570446 |
| PNG | 0x34c3f0 | 0x3ff | PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.010752688172043 |
| PNG | 0x34c7f0 | 0x461 | PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced | English | United States | 1.0098126672613739 |
| PNG | 0x34cc54 | 0x4cc | PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.008957654723127 |
| PNG | 0x34d120 | 0x474 | PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced | English | United States | 1.0096491228070175 |
| PNG | 0x34d594 | 0x3ef | PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.0109235352532273 |
| PNG | 0x34d984 | 0x44a | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0100182149362478 |
| PNG | 0x34ddd0 | 0x41f | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0104265402843602 |
| PNG | 0x34e1f0 | 0x39b | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0119176598049837 |
| PNG | 0x34e58c | 0x4a1 | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.009282700421941 |
| PNG | 0x34ea30 | 0x1b3 | PNG image data, 15 x 56, 8-bit/color RGBA, non-interlaced | English | United States | 1.025287356321839 |
| PNG | 0x34ebe4 | 0xf9 | PNG image data, 32 x 8, 8-bit/color RGBA, non-interlaced | English | United States | 1.036144578313253 |
| PNG | 0x34ece0 | 0x1bfa | PNG image data, 38 x 114, 8-bit/color RGBA, non-interlaced | English | United States | 1.001535883831332 |
| PNG | 0x3508dc | 0xb43 | PNG image data, 22 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.0038154699965314 |
| PNG | 0x351420 | 0x609 | PNG image data, 11 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0071197411003237 |
| PNG | 0x351a2c | 0x18ae | PNG image data, 43 x 234, 8-bit/color RGBA, non-interlaced | English | United States | 1.0017410572966128 |
| PNG | 0x3532dc | 0x1177 | PNG image data, 43 x 135, 8-bit/color RGBA, non-interlaced | English | United States | 1.0024602997092373 |
| PNG | 0x354454 | 0x25ec | PNG image data, 43 x 330, 8-bit/color RGBA, non-interlaced | English | United States | 1.0011330861145447 |
| PNG | 0x356a40 | 0xac7 | PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced | English | United States | 1.0039869517941282 |
| PNG | 0x357508 | 0xa82 | PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced | English | United States | 1.004089219330855 |
| PNG | 0x357f8c | 0xac7 | PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced | English | United States | 1.0039869517941282 |
| PNG | 0x358a54 | 0x5d3 | PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.0073775989268947 |
| PNG | 0x359028 | 0x575 | PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced | English | United States | 1.0078740157480315 |
| PNG | 0x3595a0 | 0x5ea | PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced | English | United States | 1.0072655217965654 |
| PNG | 0x359b8c | 0x222 | PNG image data, 54 x 69, 8-bit/color RGBA, non-interlaced | English | United States | 1.02014652014652 |
| PNG | 0x359db0 | 0x588 | PNG image data, 22 x 44, 8-bit/color RGBA, non-interlaced | English | United States | 1.0077683615819208 |
| PNG | 0x35a338 | 0x552 | PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0080763582966226 |
| PNG | 0x35a88c | 0x532 | PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0082706766917293 |
| PNG | 0x35adc0 | 0x624 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.006997455470738 |
| PNG | 0x35b3e4 | 0xf6f | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0027841052898 |
| PNG | 0x35c354 | 0x98 | PNG image data, 1 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 1.013157894736842 |
| PNG | 0x35c3ec | 0x13c1 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021752026893416 |
| PNG | 0x35d7b0 | 0x37d | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0123180291153415 |
| PNG | 0x35db30 | 0x395 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0119956379498365 |
| PNG | 0x35dec8 | 0xbea | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036065573770492 |
| PNG | 0x35eab4 | 0x13b4 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021808088818398 |
| PNG | 0x35fe68 | 0x369 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0126002290950744 |
| PNG | 0x3601d4 | 0x3cc | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0113168724279835 |
| PNG | 0x3605a0 | 0xcb2 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033846153846153 |
| PNG | 0x361254 | 0x13ac | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021842732327244 |
| PNG | 0x362600 | 0x364 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.012672811059908 |
| PNG | 0x362964 | 0x3ba | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0115303983228512 |
| PNG | 0x362d20 | 0xbff | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035818951481603 |
| PNG | 0x363920 | 0x139f | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021899263388414 |
| PNG | 0x364cc0 | 0x380 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0122767857142858 |
| PNG | 0x365040 | 0x352 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0129411764705882 |
| PNG | 0x365394 | 0xbf8 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035900783289817 |
| PNG | 0x365f8c | 0x1e3 | PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced | English | United States | 1.0227743271221532 |
| PNG | 0x366170 | 0x3d2 | PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced | English | United States | 1.0112474437627812 |
| PNG | 0x366544 | 0x13ad | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021838395870557 |
| PNG | 0x3678f4 | 0x365 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0126582278481013 |
| PNG | 0x367c5c | 0x374 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.012443438914027 |
| PNG | 0x367fd0 | 0xb9a | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0037037037037038 |
| PNG | 0x368b6c | 0xd4 | PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.028301886792453 |
| PNG | 0x368c40 | 0x1394 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.00219473264166 |
| PNG | 0x369fd4 | 0x374 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.012443438914027 |
| PNG | 0x36a348 | 0x3f4 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0108695652173914 |
| PNG | 0x36a73c | 0xc62 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0034700315457412 |
| PNG | 0x36b3a0 | 0x1397 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021934197407776 |
| PNG | 0x36c738 | 0x373 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0124575311438277 |
| PNG | 0x36caac | 0x33d | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0132689987937273 |
| PNG | 0x36cdec | 0xb84 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0003392130257802 |
| PNG | 0x36d970 | 0xb1 | PNG image data, 15 x 15, 8-bit/color RGB, non-interlaced | English | United States | 1.0169491525423728 |
| PNG | 0x36da24 | 0x1da | PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced | English | United States | 1.0232067510548524 |
| PNG | 0x36dc00 | 0x375 | PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced | English | United States | 1.0124293785310734 |
| PNG | 0x36df78 | 0x1a5 | PNG image data, 9 x 38, 8-bit/color RGBA, non-interlaced | English | United States | 1.0261282660332542 |
| PNG | 0x36e120 | 0x71 | PNG image data, 5 x 5, 8-bit/color RGB, non-interlaced | English | United States | 0.9911504424778761 |
| PNG | 0x36e194 | 0x11a | PNG image data, 11 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.0283687943262412 |
| PNG | 0x36e2b0 | 0x67 | PNG image data, 2 x 55, 8-bit/color RGBA, non-interlaced | English | United States | 0.9902912621359223 |
| PNG | 0x36e318 | 0xe0 | PNG image data, 90 x 12, 8-bit/color RGBA, non-interlaced | English | United States | 1.03125 |
| PNG | 0x36e3f8 | 0xa40 | PNG image data, 86 x 240, 8-bit/color RGBA, non-interlaced | English | United States | 0.9733231707317073 |
| PNG | 0x36ee38 | 0x283 | PNG image data, 86 x 8, 8-bit/color RGBA, non-interlaced | English | United States | 1.0171073094867806 |
| PNG | 0x36f0bc | 0x93 | PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced | English | United States | 1.0136054421768708 |
| PNG | 0x36f150 | 0x985 | PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced | English | United States | 1.00451374640952 |
| PNG | 0x36fad8 | 0x9ca | PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced | English | United States | 1.00438946528332 |
| PNG | 0x3704a4 | 0x339 | PNG image data, 11 x 45, 8-bit/color RGBA, non-interlaced | English | United States | 1.0133333333333334 |
| PNG | 0x3707e0 | 0x214 | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 1.0206766917293233 |
| PNG | 0x3709f4 | 0x22e | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 1.0197132616487454 |
| PNG | 0x370c24 | 0xb3 | PNG image data, 2 x 20, 8-bit/color RGB, non-interlaced | English | United States | 1.011173184357542 |
| PNG | 0x370cd8 | 0x95 | PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced | English | United States | 0.9932885906040269 |
| PNG | 0x370d70 | 0x414 | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced | English | United States | 1.010536398467433 |
| PNG | 0x371184 | 0x414 | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced | English | United States | 1.010536398467433 |
| PNG | 0x371598 | 0x1fb | PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.0216962524654833 |
| PNG | 0x371794 | 0x179 | PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced | English | United States | 1.0159151193633953 |
| PNG | 0x371910 | 0x179 | PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.0053050397877985 |
| PNG | 0x371a8c | 0x114 | PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced | English | United States | 1.0289855072463767 |
| PNG | 0x371ba0 | 0x10e | PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.011111111111111 |
| PNG | 0x371cb0 | 0xb6 | PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced | English | United States | 1.0054945054945055 |
| PNG | 0x371d68 | 0x17e | PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.0287958115183247 |
| PNG | 0x371ee8 | 0x15c | PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced | English | United States | 1.0201149425287357 |
| PNG | 0x372044 | 0xf6f | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0027841052898 |
| PNG | 0x372fb4 | 0x143 | PNG image data, 72 x 15, 8-bit/color RGB, non-interlaced | English | United States | 1.0340557275541795 |
| PNG | 0x3730f8 | 0x110 | PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced | English | United States | 1.0294117647058822 |
| PNG | 0x373208 | 0x87 | PNG image data, 35 x 3, 8-bit/color RGB, non-interlaced | English | United States | 1.0074074074074073 |
| PNG | 0x373290 | 0x13b | PNG image data, 9 x 9, 8-bit/color RGB, non-interlaced | English | United States | 1.0253968253968253 |
| PNG | 0x3733cc | 0x4a1 | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.009282700421941 |
| PNG | 0x373870 | 0x25e | PNG image data, 72 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.018151815181518 |
| PNG | 0x373ad0 | 0x79 | PNG image data, 4 x 4, 8-bit/color RGB, non-interlaced | English | United States | 0.9752066115702479 |
| PNG | 0x373b4c | 0x167 | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 0.9972144846796658 |
| PNG | 0x373cb4 | 0x278 | PNG image data, 70 x 31, 8-bit/color RGBA, non-interlaced | English | United States | 1.0174050632911393 |
| PNG | 0x373f2c | 0x11a | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 0.9680851063829787 |
| PNG | 0x374048 | 0xd4 | PNG image data, 22 x 38, 8-bit/color RGB, non-interlaced | English | United States | 1.0235849056603774 |
| PNG | 0x37411c | 0x38d | PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.012101210121012 |
| PNG | 0x3744ac | 0x265 | PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.0179445350734095 |
| PNG | 0x374714 | 0x11a | PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.0319148936170213 |
| PNG | 0x374830 | 0xaa | PNG image data, 2 x 19, 8-bit/color RGB, non-interlaced | English | United States | 1.011764705882353 |
| PNG | 0x3748dc | 0x12a | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | English | United States | 1.0268456375838926 |
| PNG | 0x374a08 | 0x209 | PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced | English | United States | 1.021113243761996 |
| PNG | 0x374c14 | 0xf5 | PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced | English | United States | 1.0244897959183674 |
| PNG | 0x374d0c | 0xa6 | PNG image data, 54 x 31, 8-bit/color RGB, non-interlaced | English | United States | 1.0180722891566265 |
| PNG | 0x374db4 | 0x150 | PNG image data, 54 x 124, 8-bit/color RGB, non-interlaced | English | United States | 1.0327380952380953 |
| PNG | 0x374f04 | 0xac | PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced | English | United States | 1.0174418604651163 |
| PNG | 0x374fb0 | 0x8b | PNG image data, 3 x 11, 8-bit/color RGBA, non-interlaced | English | United States | 1.0 |
| PNG | 0x37503c | 0x98 | PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced | English | United States | 1.006578947368421 |
| PNG | 0x3750d4 | 0x91 | PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced | English | United States | 1.006896551724138 |
| PNG | 0x375168 | 0x7d | PNG image data, 15 x 3, 8-bit/color RGB, non-interlaced | English | United States | 1.008 |
| PNG | 0x3751e8 | 0xa6 | PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced | English | United States | 1.0120481927710843 |
| PNG | 0x375290 | 0xbd | PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced | English | United States | 1.0105820105820107 |
| PNG | 0x375350 | 0xa07 | PNG image data, 13 x 156, 8-bit/color RGBA, non-interlaced | English | United States | 1.004285157771718 |
| PNG | 0x375d58 | 0x1de1 | PNG image data, 52 x 336, 8-bit/color RGBA, non-interlaced | English | United States | 1.0014380964832004 |
| PNG | 0x377b3c | 0x1be | PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced | English | United States | 1.0246636771300448 |
| PNG | 0x377cfc | 0x53b | PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced | English | United States | 1.0082150858849888 |
| PNG | 0x378238 | 0x46c | PNG image data, 22 x 66, 8-bit/color RGBA, non-interlaced | English | United States | 1.0097173144876326 |
| PNG | 0x3786a4 | 0xaf | PNG image data, 20 x 12, 8-bit/color RGBA, non-interlaced | English | United States | 1.0171428571428571 |
| PNG | 0x378754 | 0x701 | PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced | English | United States | 1.0061349693251533 |
| PNG | 0x378e58 | 0x498 | PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.0093537414965987 |
| PNG | 0x3792f0 | 0x5c1 | PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced | English | United States | 1.0074677528852682 |
| PNG | 0x3798b4 | 0x539 | PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.0082273747195214 |
| PNG | 0x379df0 | 0x5c7 | PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced | English | United States | 1.0074374577417173 |
| PNG | 0x37a3b8 | 0x47f | PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.009556907037359 |
| PNG | 0x37a838 | 0x585 | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0077848549186128 |
| PNG | 0x37adc0 | 0x546 | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0081481481481482 |
| PNG | 0x37b308 | 0x4e1 | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0088070456365092 |
| PNG | 0x37b7ec | 0x5b0 | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.007554945054945 |
| PNG | 0x37bd9c | 0x1b3 | PNG image data, 15 x 56, 8-bit/color RGBA, non-interlaced | English | United States | 1.025287356321839 |
| PNG | 0x37bf50 | 0xea | PNG image data, 32 x 8, 8-bit/color RGBA, non-interlaced | English | United States | 1.0299145299145298 |
| PNG | 0x37c03c | 0x1ad9 | PNG image data, 38 x 114, 8-bit/color RGBA, non-interlaced | English | United States | 1.0016004655899897 |
| PNG | 0x37db18 | 0xb43 | PNG image data, 22 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.0038154699965314 |
| PNG | 0x37e65c | 0x609 | PNG image data, 11 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0071197411003237 |
| PNG | 0x37ec68 | 0x18ae | PNG image data, 43 x 234, 8-bit/color RGBA, non-interlaced | English | United States | 1.0017410572966128 |
| PNG | 0x380518 | 0x1177 | PNG image data, 43 x 135, 8-bit/color RGBA, non-interlaced | English | United States | 1.0024602997092373 |
| PNG | 0x381690 | 0x25ec | PNG image data, 43 x 330, 8-bit/color RGBA, non-interlaced | English | United States | 1.0011330861145447 |
| PNG | 0x383c7c | 0xad3 | PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced | English | United States | 1.0039696860339227 |
| PNG | 0x384750 | 0xbc8 | PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036472148541113 |
| PNG | 0x385318 | 0xc2e | PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035279025016035 |
| PNG | 0x385f48 | 0x5dd | PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.0073284477015323 |
| PNG | 0x386528 | 0x597 | PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced | English | United States | 1.0076869322152342 |
| PNG | 0x386ac0 | 0x5f8 | PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced | English | United States | 1.007198952879581 |
| PNG | 0x3870b8 | 0x228 | PNG image data, 54 x 69, 8-bit/color RGBA, non-interlaced | English | United States | 1.019927536231884 |
| PNG | 0x3872e0 | 0x588 | PNG image data, 22 x 44, 8-bit/color RGBA, non-interlaced | English | United States | 1.0077683615819208 |
| PNG | 0x387868 | 0x38a | PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0121412803532008 |
| PNG | 0x387bf4 | 0x532 | PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0082706766917293 |
| PNG | 0x388128 | 0x32f | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0134969325153373 |
| PNG | 0x388458 | 0xef8 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 0.9950417536534447 |
| PNG | 0x389350 | 0x7c | PNG image data, 1 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 0.9919354838709677 |
| PNG | 0x3893cc | 0x13c1 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021752026893416 |
| PNG | 0x38a790 | 0x37d | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0123180291153415 |
| PNG | 0x38ab10 | 0x395 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0119956379498365 |
| PNG | 0x38aea8 | 0x125e | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0023394300297745 |
| PNG | 0x38c108 | 0x13b4 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021808088818398 |
| PNG | 0x38d4bc | 0x369 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0126002290950744 |
| PNG | 0x38d828 | 0x3cc | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0113168724279835 |
| PNG | 0x38dbf4 | 0x1320 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.002246732026144 |
| PNG | 0x38ef14 | 0x13ac | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021842732327244 |
| PNG | 0x3902c0 | 0x364 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.012672811059908 |
| PNG | 0x390624 | 0x3ba | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0115303983228512 |
| PNG | 0x3909e0 | 0x1274 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0023285351397122 |
| PNG | 0x391c54 | 0x139f | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021899263388414 |
| PNG | 0x392ff4 | 0x380 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0122767857142858 |
| PNG | 0x393374 | 0x352 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0129411764705882 |
| PNG | 0x3936c8 | 0x1288 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.002318718381113 |
| PNG | 0x394950 | 0x99d | PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced | English | United States | 1.004469727752946 |
| PNG | 0x3952f0 | 0x2e6 | PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced | English | United States | 1.0148247978436657 |
| PNG | 0x3955d8 | 0x13ad | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021838395870557 |
| PNG | 0x396988 | 0x365 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0126582278481013 |
| PNG | 0x396cf0 | 0x374 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.012443438914027 |
| PNG | 0x397064 | 0x126b | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0023329798515377 |
| PNG | 0x3982d0 | 0xd4 | PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.028301886792453 |
| PNG | 0x3983a4 | 0x1394 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.00219473264166 |
| PNG | 0x399738 | 0x374 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.012443438914027 |
| PNG | 0x399aac | 0x3f4 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0108695652173914 |
| PNG | 0x399ea0 | 0x1304 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0022596548890714 |
| PNG | 0x39b1a4 | 0x1397 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021934197407776 |
| PNG | 0x39c53c | 0x373 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0124575311438277 |
| PNG | 0x39c8b0 | 0x33d | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0132689987937273 |
| PNG | 0x39cbf0 | 0x119e | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.002439024390244 |
| PNG | 0x39dd90 | 0xa6 | PNG image data, 15 x 15, 8-bit/color RGB, non-interlaced | English | United States | 1.0120481927710843 |
| PNG | 0x39de38 | 0x99d | PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced | English | United States | 1.004469727752946 |
| PNG | 0x39e7d8 | 0x2f7 | PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced | English | United States | 1.0144927536231885 |
| PNG | 0x39ead0 | 0x17e | PNG image data, 9 x 38, 8-bit/color RGBA, non-interlaced | English | United States | 1.0287958115183247 |
| PNG | 0x39ec50 | 0x71 | PNG image data, 5 x 5, 8-bit/color RGB, non-interlaced | English | United States | 0.9911504424778761 |
| PNG | 0x39ecc4 | 0x117 | PNG image data, 11 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.021505376344086 |
| PNG | 0x39eddc | 0x67 | PNG image data, 2 x 55, 8-bit/color RGBA, non-interlaced | English | United States | 0.9902912621359223 |
| PNG | 0x39ee44 | 0xd7 | PNG image data, 90 x 12, 8-bit/color RGBA, non-interlaced | English | United States | 1.0232558139534884 |
| PNG | 0x39ef1c | 0xa40 | PNG image data, 86 x 240, 8-bit/color RGBA, non-interlaced | English | United States | 0.9733231707317073 |
| PNG | 0x39f95c | 0x283 | PNG image data, 86 x 8, 8-bit/color RGBA, non-interlaced | English | United States | 1.0171073094867806 |
| PNG | 0x39fbe0 | 0x93 | PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced | English | United States | 1.0136054421768708 |
| PNG | 0x39fc74 | 0x96a | PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced | English | United States | 1.004564315352697 |
| PNG | 0x3a05e0 | 0x99b | PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced | English | United States | 1.0044733631557543 |
| PNG | 0x3a0f7c | 0x2f7 | PNG image data, 11 x 45, 8-bit/color RGBA, non-interlaced | English | United States | 1.0144927536231885 |
| PNG | 0x3a1274 | 0x1d3 | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 1.019271948608137 |
| PNG | 0x3a1448 | 0x1f8 | PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 1.0138888888888888 |
| PNG | 0x3a1640 | 0x67 | PNG image data, 2 x 20, 8-bit/color RGB, non-interlaced | English | United States | 0.9514563106796117 |
| PNG | 0x3a16a8 | 0x95 | PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced | English | United States | 1.0 |
| PNG | 0x3a1740 | 0x39d | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced | English | United States | 1.011891891891892 |
| PNG | 0x3a1ae0 | 0x39d | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced | English | United States | 1.011891891891892 |
| PNG | 0x3a1e80 | 0x1c1 | PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.024498886414254 |
| PNG | 0x3a2044 | 0x153 | PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced | English | United States | 1.0324483775811208 |
| PNG | 0x3a2198 | 0x15f | PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.0113960113960114 |
| PNG | 0x3a22f8 | 0x100 | PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced | English | United States | 1.03515625 |
| PNG | 0x3a23f8 | 0x108 | PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.018939393939394 |
| PNG | 0x3a2500 | 0xb6 | PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced | English | United States | 1.010989010989011 |
| PNG | 0x3a25b8 | 0x151 | PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.032640949554896 |
| PNG | 0x3a270c | 0x135 | PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced | English | United States | 1.029126213592233 |
| PNG | 0x3a2844 | 0xdd3 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 0.9960440802486578 |
| PNG | 0x3a3618 | 0x129 | PNG image data, 72 x 15, 8-bit/color RGB, non-interlaced | English | United States | 1.0303030303030303 |
| PNG | 0x3a3744 | 0x10b | PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced | English | United States | 1.0337078651685394 |
| PNG | 0x3a3850 | 0x87 | PNG image data, 35 x 3, 8-bit/color RGB, non-interlaced | English | United States | 1.0074074074074073 |
| PNG | 0x3a38d8 | 0x12f | PNG image data, 9 x 9, 8-bit/color RGB, non-interlaced | English | United States | 1.0264026402640265 |
| PNG | 0x3a3a08 | 0x48d | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.009442060085837 |
| PNG | 0x3a3e98 | 0xdd1 | PNG image data, 72 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.003109980209217 |
| PNG | 0x3a4c6c | 0xd61 | PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.0032116788321168 |
| PNG | 0x3a59d0 | 0x265 | PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.0179445350734095 |
| PNG | 0x3a5c38 | 0xbb9 | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036654448517162 |
| PNG | 0x3a67f4 | 0xc66 | PNG image data, 10 x 28, 8-bit/color RGBA, non-interlaced | English | United States | 1.0034656584751103 |
| PNG | 0x3a745c | 0xb90 | PNG image data, 10 x 28, 8-bit/color RGBA, non-interlaced | English | United States | 1.0037162162162163 |
| PNG | 0x3a7fec | 0xb07 | PNG image data, 5 x 5, 8-bit/color RGBA, non-interlaced | English | United States | 1.003896563939072 |
| PNG | 0x3a8af4 | 0xb50 | PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced | English | United States | 1.0037983425414365 |
| PNG | 0x3a9644 | 0x2885 | PNG image data, 42 x 348, 8-bit/color RGBA, non-interlaced | English | United States | 1.0010604453870626 |
| PNG | 0x3abecc | 0xd8e | PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031700288184437 |
| PNG | 0x3acc5c | 0x53b | PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced | English | United States | 1.0082150858849888 |
| PNG | 0x3ad198 | 0x4f3 | PNG image data, 22 x 66, 8-bit/color RGBA, non-interlaced | English | United States | 1.0086819258089976 |
| PNG | 0x3ad68c | 0x130f | PNG image data, 22 x 154, 8-bit/color RGBA, non-interlaced | English | United States | 1.0022545603607296 |
| PNG | 0x3ae99c | 0xe74 | PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.002972972972973 |
| PNG | 0x3af810 | 0x11ba | PNG image data, 22 x 154, 8-bit/color RGBA, non-interlaced | English | United States | 1.002423975319524 |
| PNG | 0x3b09cc | 0xece | PNG image data, 11 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.0029023746701846 |
| PNG | 0x3b189c | 0x11ba | PNG image data, 22 x 154, 8-bit/color RGBA, non-interlaced | English | United States | 1.002423975319524 |
| PNG | 0x3b2a58 | 0xe74 | PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.002972972972973 |
| PNG | 0x3b38cc | 0x1206 | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0023840485478976 |
| PNG | 0x3b4ad4 | 0x11bc | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0024229074889868 |
| PNG | 0x3b5c90 | 0x112a | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0025034137460174 |
| PNG | 0x3b6dbc | 0x127a | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0023255813953489 |
| PNG | 0x3b8038 | 0xd3e | PNG image data, 15 x 56, 8-bit/color RGBA, non-interlaced | English | United States | 1.003244837758112 |
| PNG | 0x3b8d78 | 0xbac | PNG image data, 32 x 8, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036813922356091 |
| PNG | 0x3b9924 | 0x146a | PNG image data, 56 x 69, 8-bit/color RGBA, non-interlaced | English | United States | 1.0021048603138156 |
| PNG | 0x3bad90 | 0x122f | PNG image data, 22 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 1.0023630504833512 |
| PNG | 0x3bbfc0 | 0xdec | PNG image data, 11 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0030864197530864 |
| PNG | 0x3bcdac | 0x1100 | PNG image data, 42 x 228, 8-bit/color RGBA, non-interlaced | English | United States | 1.0025275735294117 |
| PNG | 0x3bdeac | 0x11ed | PNG image data, 42 x 140, 8-bit/color RGBA, non-interlaced | English | United States | 1.0023970363913706 |
| PNG | 0x3bf09c | 0x1864 | PNG image data, 42 x 330, 8-bit/color RGBA, non-interlaced | English | United States | 1.0003203074951954 |
| PNG | 0x3c0900 | 0x10b5 | PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced | English | United States | 1.0025718961889174 |
| PNG | 0x3c19b8 | 0x124b | PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced | English | United States | 1.0023489216314327 |
| PNG | 0x3c2c04 | 0x1256 | PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced | English | United States | 1.0023434171282488 |
| PNG | 0x3c3e5c | 0xf2c | PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.002832131822863 |
| PNG | 0x3c4d88 | 0xede | PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced | English | United States | 1.0028901734104045 |
| PNG | 0x3c5c68 | 0xf69 | PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced | English | United States | 1.0027883396704689 |
| PNG | 0x3c6bd4 | 0xe20 | PNG image data, 22 x 44, 8-bit/color RGBA, non-interlaced | English | United States | 1.0030420353982301 |
| PNG | 0x3c79f4 | 0xdc7 | PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031187978451943 |
| PNG | 0x3c87bc | 0xbae | PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036789297658864 |
| PNG | 0x3c936c | 0xd91 | PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced | English | United States | 1.003167290526922 |
| PNG | 0x3ca100 | 0xb12 | PNG image data, 1 x 23, 8-bit/color RGBA, non-interlaced | English | United States | 1.003881439661256 |
| PNG | 0x3cac14 | 0xbc3 | PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036532713384259 |
| PNG | 0x3cb7d8 | 0xc9f | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.003404518724853 |
| PNG | 0x3cc478 | 0xd7d | PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031856356791196 |
| PNG | 0x3cd1f8 | 0xbf7 | PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035912504080966 |
| PNG | 0x3cddf0 | 0xc96 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0034140285536934 |
| PNG | 0x3cea88 | 0xd8c | PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031718569780854 |
| PNG | 0x3cf814 | 0xbda | PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036255767963085 |
| PNG | 0x3d03f0 | 0xca0 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0034034653465347 |
| PNG | 0x3d1090 | 0xd80 | PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031828703703705 |
| PNG | 0x3d1e10 | 0xbe2 | PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036160420775806 |
| PNG | 0x3d29f4 | 0xc8c | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0034246575342465 |
| PNG | 0x3d3680 | 0xd7b | PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031874818893074 |
| PNG | 0x3d43fc | 0xbe7 | PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036101083032491 |
| PNG | 0x3d4fe4 | 0xc94 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0034161490683229 |
| PNG | 0x3d5c78 | 0xd80 | PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031828703703705 |
| PNG | 0x3d69f8 | 0xd4 | PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.028301886792453 |
| PNG | 0x3d6acc | 0xbd0 | PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.003637566137566 |
| PNG | 0x3d769c | 0xc97 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0034129692832765 |
| PNG | 0x3d8334 | 0xd7a | PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031884057971014 |
| PNG | 0x3d90b0 | 0xbda | PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036255767963085 |
| PNG | 0x3d9c8c | 0xc8f | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.003421461897356 |
| PNG | 0x3da91c | 0xd86 | PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031773541305604 |
| PNG | 0x3db6a4 | 0x1908 | PNG image data, 50 x 178, 8-bit/color RGBA, non-interlaced | English | United States | 0.9887640449438202 |
| PNG | 0x3dcfac | 0xb75 | PNG image data, 3 x 61, 8-bit/color RGBA, non-interlaced | English | United States | 1.0037504261847938 |
| PNG | 0x3ddb24 | 0xbd0 | PNG image data, 9 x 51, 8-bit/color RGBA, non-interlaced | English | United States | 1.003637566137566 |
| PNG | 0x3de6f4 | 0x1570 | PNG image data, 18 x 72, 8-bit/color RGBA, non-interlaced | English | United States | 1.0020043731778425 |
| PNG | 0x3dfc64 | 0x1623 | PNG image data, 18 x 72, 8-bit/color RGBA, non-interlaced | English | United States | 1.0019410622904534 |
| STYLE_XML | 0x3e1288 | 0x4e01 | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.1839851770243878 |
| STYLE_XML | 0x3e608c | 0x4b09 | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.20396689052006872 |
| STYLE_XML | 0x3eab98 | 0x4aa6 | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.20460491889063318 |
| STYLE_XML | 0x3ef640 | 0x4a18 | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.20397511598481655 |
| STYLE_XML | 0x3f4058 | 0x1955 | HTML document, ASCII text, with CRLF line terminators | English | United States | 0.1918272937548188 |
| RT_CURSOR | 0x3f59b0 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4805194805194805 |
| RT_CURSOR | 0x3f5ae4 | 0xb4 | Targa image data - Map 32 x 65536 x 1 +16 "\001" | English | United States | 0.7 |
| RT_CURSOR | 0x3f5b98 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.36363636363636365 |
| RT_CURSOR | 0x3f5ccc | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.35714285714285715 |
| RT_CURSOR | 0x3f5e00 | 0x134 | data | English | United States | 0.37337662337662336 |
| RT_CURSOR | 0x3f5f34 | 0x134 | data | English | United States | 0.37662337662337664 |
| RT_CURSOR | 0x3f6068 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | English | United States | 0.36688311688311687 |
| RT_CURSOR | 0x3f619c | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | English | United States | 0.37662337662337664 |
| RT_CURSOR | 0x3f62d0 | 0x134 | Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.36688311688311687 |
| RT_CURSOR | 0x3f6404 | 0x134 | Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
| RT_CURSOR | 0x3f6538 | 0x134 | data | English | United States | 0.44155844155844154 |
| RT_CURSOR | 0x3f666c | 0x134 | data | English | United States | 0.4155844155844156 |
| RT_CURSOR | 0x3f67a0 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.5422077922077922 |
| RT_CURSOR | 0x3f68d4 | 0x134 | data | English | United States | 0.2662337662337662 |
| RT_CURSOR | 0x3f6a08 | 0x134 | data | English | United States | 0.2824675324675325 |
| RT_CURSOR | 0x3f6b3c | 0x134 | data | English | United States | 0.3246753246753247 |
| RT_CURSOR | 0x3f6c70 | 0x134 | data | English | United States | 0.20454545454545456 |
| RT_CURSOR | 0x3f6da4 | 0x134 | data | English | United States | 0.2857142857142857 |
| RT_CURSOR | 0x3f6ed8 | 0x134 | data | English | United States | 0.4675324675324675 |
| RT_CURSOR | 0x3f700c | 0x134 | data | English | United States | 0.2532467532467532 |
| RT_CURSOR | 0x3f7140 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.40584415584415584 |
| RT_CURSOR | 0x3f7274 | 0x134 | data | English | United States | 0.4383116883116883 |
| RT_CURSOR | 0x3f73a8 | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
| RT_CURSOR | 0x3f74dc | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | English | United States | 0.39285714285714285 |
| RT_CURSOR | 0x3f7610 | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | English | United States | 0.4512987012987013 |
| RT_CURSOR | 0x3f7744 | 0x134 | data | English | United States | 0.37337662337662336 |
| RT_CURSOR | 0x3f7878 | 0x134 | data | English | United States | 0.4448051948051948 |
| RT_CURSOR | 0x3f79ac | 0x134 | data | English | United States | 0.525974025974026 |
| RT_BITMAP | 0x3f7ae0 | 0xc3e8 | Device independent bitmap graphic, 348 x 36 x 32, image size 0 | 0.37799090764077203 | ||
| RT_BITMAP | 0x403ec8 | 0x27a18 | Device independent bitmap graphic, 966 x 42 x 32, image size 162288, resolution 3582 x 3582 px/m | 0.32244591198068107 | ||
| RT_BITMAP | 0x42b8e0 | 0x62c | Device independent bitmap graphic, 324 x 9 x 4, image size 1476 | English | United States | 0.2430379746835443 |
| RT_BITMAP | 0x42bf0c | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | English | United States | 0.5818965517241379 |
| RT_BITMAP | 0x42bff4 | 0x4a0 | Device independent bitmap graphic, 144 x 15 x 4, image size 1080 | English | United States | 0.3783783783783784 |
| RT_BITMAP | 0x42c494 | 0x197a | Device independent bitmap graphic, 144 x 15 x 24, image size 6482, resolution 2834 x 2834 px/m | English | United States | 0.380098129408157 |
| RT_BITMAP | 0x42de10 | 0xc8 | Device independent bitmap graphic, 13 x 12 x 4, image size 96 | English | United States | 0.51 |
| RT_BITMAP | 0x42ded8 | 0xc8 | Device independent bitmap graphic, 13 x 12 x 4, image size 96 | English | United States | 0.515 |
| RT_BITMAP | 0x42dfa0 | 0xc8 | Device independent bitmap graphic, 13 x 12 x 4, image size 96 | English | United States | 0.43 |
| RT_BITMAP | 0x42e068 | 0xc8 | Device independent bitmap graphic, 13 x 12 x 4, image size 96 | English | United States | 0.44 |
| RT_BITMAP | 0x42e130 | 0x182a | Device independent bitmap graphic, 128 x 16 x 24, image size 6146, resolution 2834 x 2834 px/m | English | United States | 0.2924345295829292 |
| RT_BITMAP | 0x42f95c | 0x468 | Device independent bitmap graphic, 128 x 16 x 4, image size 1024 | English | United States | 0.3058510638297872 |
| RT_BITMAP | 0x42fdc4 | 0x528 | Device independent bitmap graphic, 16 x 16 x 8, image size 256 | English | United States | 0.4803030303030303 |
| RT_BITMAP | 0x4302ec | 0x528 | Device independent bitmap graphic, 16 x 16 x 8, image size 256 | English | United States | 0.4765151515151515 |
| RT_BITMAP | 0x430814 | 0x158 | Device independent bitmap graphic, 32 x 15 x 4, image size 240 | English | United States | 0.41569767441860467 |
| RT_BITMAP | 0x43096c | 0x188 | Device independent bitmap graphic, 48 x 12 x 4, image size 288 | English | United States | 0.39285714285714285 |
| RT_BITMAP | 0x430af4 | 0x1e8 | Device independent bitmap graphic, 48 x 16 x 4, image size 384 | English | United States | 0.5081967213114754 |
| RT_BITMAP | 0x430cdc | 0xad2 | Device independent bitmap graphic, 29 x 31 x 24, image size 2730, resolution 2834 x 2834 px/m | English | United States | 0.18736462093862816 |
| RT_BITMAP | 0x4317b0 | 0xad2 | Device independent bitmap graphic, 29 x 31 x 24, image size 2730, resolution 2834 x 2834 px/m | English | United States | 0.1844765342960289 |
| RT_BITMAP | 0x432284 | 0xb0a | Device independent bitmap graphic, 31 x 29 x 24, image size 2786, resolution 2834 x 2834 px/m | English | United States | 0.19497523000707714 |
| RT_BITMAP | 0x432d90 | 0x7e2 | Device independent bitmap graphic, 25 x 26 x 24, image size 1978, resolution 2834 x 2834 px/m | English | United States | 0.24033696729435083 |
| RT_BITMAP | 0x433574 | 0xb0a | Device independent bitmap graphic, 31 x 29 x 24, image size 2786, resolution 2834 x 2834 px/m | English | United States | 0.1935598018400566 |
| RT_BITMAP | 0x434080 | 0x134 | Device independent bitmap graphic, 17 x 17 x 4, image size 204 | English | United States | 0.37337662337662336 |
| RT_BITMAP | 0x4341b4 | 0x928 | Device independent bitmap graphic, 48 x 16 x 24, image size 0, resolution 2834 x 2834 px/m | English | United States | 0.533703071672355 |
| RT_BITMAP | 0x434adc | 0x32a | Device independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/m | English | United States | 0.7518518518518519 |
| RT_BITMAP | 0x434e08 | 0x32a | Device independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/m | English | United States | 0.3790123456790123 |
| RT_BITMAP | 0x435134 | 0xc2a | Device independent bitmap graphic, 64 x 16 x 24, image size 3074, resolution 2834 x 2834 px/m | English | United States | 0.42485549132947975 |
| RT_BITMAP | 0x435d60 | 0x20a | Device independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/m | English | United States | 0.9367816091954023 |
| RT_BITMAP | 0x435f6c | 0x20a | Device independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/m | English | United States | 0.4482758620689655 |
| RT_BITMAP | 0x436178 | 0x20a | Device independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/m | English | United States | 0.33524904214559387 |
| RT_BITMAP | 0x436384 | 0x20a | Device independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/m | English | United States | 0.3371647509578544 |
| RT_BITMAP | 0x436590 | 0x32a | Device independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/m | English | United States | 0.6320987654320988 |
| RT_BITMAP | 0x4368bc | 0x2256 | Device independent bitmap graphic, 324 x 9 x 24, image size 8750, resolution 2834 x 2834 px/m | English | United States | 0.0608646188850967 |
| RT_BITMAP | 0x438b14 | 0x602a | Device independent bitmap graphic, 192 x 32 x 32, image size 24578, resolution 2834 x 2834 px/m | English | United States | 0.2250385896498497 |
| RT_BITMAP | 0x43eb40 | 0x2028 | Device independent bitmap graphic, 128 x 16 x 32, image size 0 | English | United States | 0.24708454810495628 |
| RT_BITMAP | 0x440b68 | 0x13da | Device independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/m | English | United States | 0.11570247933884298 |
| RT_BITMAP | 0x441f44 | 0x13da | Device independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/m | English | United States | 0.10999606454151908 |
| RT_BITMAP | 0x443320 | 0x13da | Device independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/m | English | United States | 0.11511216056670602 |
| RT_BITMAP | 0x4446fc | 0xeb2 | Device independent bitmap graphic, 31 x 30 x 32, image size 3722, resolution 2834 x 2834 px/m | English | United States | 0.13157894736842105 |
| RT_BITMAP | 0x4455b0 | 0x13da | Device independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/m | English | United States | 0.11983471074380166 |
| RT_BITMAP | 0x44698c | 0x13da | Device independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/m | English | United States | 0.27371113734750097 |
| RT_BITMAP | 0x447d68 | 0x13da | Device independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/m | English | United States | 0.2699724517906336 |
| RT_BITMAP | 0x449144 | 0x13da | Device independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/m | English | United States | 0.2426210153482881 |
| RT_BITMAP | 0x44a520 | 0xeb2 | Device independent bitmap graphic, 31 x 30 x 32, image size 3722, resolution 2834 x 2834 px/m | English | United States | 0.3413078149920255 |
| RT_BITMAP | 0x44b3d4 | 0x13da | Device independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/m | English | United States | 0.23868555686737505 |
| RT_BITMAP | 0x44c7b0 | 0x5a66 | Device independent bitmap graphic, 77 x 75 x 32, image size 23102, resolution 2834 x 2834 px/m | English | United States | 0.046365914786967416 |
| RT_BITMAP | 0x452218 | 0xb8 | Device independent bitmap graphic, 12 x 10 x 4, image size 80 | English | United States | 0.44565217391304346 |
| RT_BITMAP | 0x4522d0 | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | English | United States | 0.37962962962962965 |
| RT_ICON | 0x452414 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | 0.37968768484561694 | ||
| RT_ICON | 0x462c3c | 0xcd63 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | 0.8166568401833432 | ||
| RT_ICON | 0x46f9a0 | 0x518c9 | PC bitmap, Windows 3.x format, 42286 x 2 x 47, image size 334966, cbSize 334025, bits offset 54 | 0.9976259262031285 | ||
| RT_ICON | 0x4c126c | 0x42028 | Device independent bitmap graphic, 256 x 512 x 32, image size 270336 | 0.3634124330561884 | ||
| RT_ICON | 0x503294 | 0x6841 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | Great Britain | 1.0003746862003073 |
| RT_ICON | 0x509ad8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | Great Britain | 0.3674273858921162 |
| RT_ICON | 0x50c080 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | Great Britain | 0.5044559099437148 |
| RT_ICON | 0x50d128 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | Great Britain | 0.6098360655737705 |
| RT_ICON | 0x50dab0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | Great Britain | 0.7881205673758865 |
| RT_ICON | 0x50df18 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | Great Britain | 0.6098360655737705 |
| RT_ICON | 0x50e8a0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | Great Britain | 0.7881205673758865 |
| RT_ICON | 0x50ed08 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.33198924731182794 |
| RT_ICON | 0x50eff0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | United States | 0.41216216216216217 |
| RT_ICON | 0x50f118 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | United States | 0.42905405405405406 |
| RT_ICON | 0x50f240 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.2661290322580645 |
| RT_ICON | 0x50f528 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States | 0.18010752688172044 |
| RT_ICON | 0x50f810 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States | 0.35135135135135137 |
| RT_ICON | 0x50f938 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.06092057761732852 |
| RT_ICON | 0x5101e0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.07658959537572255 |
| RT_ICON | 0x510748 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.042901234567901236 |
| RT_ICON | 0x5113f0 | 0x368 | Device independent bitmap graphic, 16 x 32 x 24, image size 768 | English | United States | 0.10550458715596331 |
| RT_ICON | 0x511758 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.6400709219858156 |
| RT_ICON | 0x511bc0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | United States | 0.5 |
| RT_MENU | 0x511ce8 | 0x11c | data | English | United States | 0.573943661971831 |
| RT_DIALOG | 0x511e04 | 0x140 | data | English | United States | 0.553125 |
| RT_DIALOG | 0x511f44 | 0x190 | data | English | United States | 0.475 |
| RT_DIALOG | 0x5120d4 | 0x134 | data | English | United States | 0.6038961038961039 |
| RT_DIALOG | 0x512208 | 0xf0 | data | English | United States | 0.6125 |
| RT_DIALOG | 0x5122f8 | 0x148 | data | English | United States | 0.5640243902439024 |
| RT_DIALOG | 0x512440 | 0x2fc | data | English | United States | 0.39397905759162305 |
| RT_DIALOG | 0x51273c | 0x1e2 | data | English | United States | 0.4979253112033195 |
| RT_DIALOG | 0x512920 | 0x198 | data | English | United States | 0.5416666666666666 |
| RT_DIALOG | 0x512ab8 | 0x1fe | data | English | United States | 0.4666666666666667 |
| RT_DIALOG | 0x512cb8 | 0x190 | data | English | United States | 0.485 |
| RT_DIALOG | 0x512e48 | 0x198 | data | English | United States | 0.5416666666666666 |
| RT_DIALOG | 0x512fe0 | 0x222 | data | English | United States | 0.46886446886446886 |
| RT_DIALOG | 0x513204 | 0x276 | data | English | United States | 0.42063492063492064 |
| RT_DIALOG | 0x51347c | 0x218 | data | English | United States | 0.42723880597014924 |
| RT_DIALOG | 0x513694 | 0x238 | data | English | United States | 0.3961267605633803 |
| RT_DIALOG | 0x5138cc | 0x4fc | data | English | United States | 0.26880877742946707 |
| RT_DIALOG | 0x513dc8 | 0x13c | data | English | United States | 0.5949367088607594 |
| RT_DIALOG | 0x513f04 | 0x1a4 | data | English | United States | 0.5380952380952381 |
| RT_DIALOG | 0x5140a8 | 0xe6 | data | English | United States | 0.6347826086956522 |
| RT_DIALOG | 0x514190 | 0x390 | data | English | United States | 0.4418859649122807 |
| RT_DIALOG | 0x514520 | 0x21c | data | English | United States | 0.5037037037037037 |
| RT_DIALOG | 0x51473c | 0x390 | data | English | United States | 0.4692982456140351 |
| RT_DIALOG | 0x514acc | 0x1dc | data | English | United States | 0.5441176470588235 |
| RT_DIALOG | 0x514ca8 | 0x346 | data | English | United States | 0.46897374701670647 |
| RT_DIALOG | 0x514ff0 | 0x334 | data | English | United States | 0.43658536585365854 |
| RT_DIALOG | 0x515324 | 0x58 | data | English | United States | 0.8068181818181818 |
| RT_DIALOG | 0x51537c | 0x23c | data | English | United States | 0.5122377622377622 |
| RT_DIALOG | 0x5155b8 | 0x1c2 | data | English | United States | 0.5066666666666667 |
| RT_DIALOG | 0x51577c | 0x160 | data | English | United States | 0.5994318181818182 |
| RT_DIALOG | 0x5158dc | 0xb2 | data | English | United States | 0.7191011235955056 |
| RT_DIALOG | 0x515990 | 0x3d4 | data | English | United States | 0.3408163265306122 |
| RT_DIALOG | 0x515d64 | 0x19e | data | English | United States | 0.6280193236714976 |
| RT_DIALOG | 0x515f04 | 0x1a2 | data | English | United States | 0.5741626794258373 |
| RT_DIALOG | 0x5160a8 | 0x34 | data | English | United States | 0.8076923076923077 |
| RT_DIALOG | 0x5160dc | 0x2a8 | data | English | United States | 0.5338235294117647 |
| RT_DIALOG | 0x516384 | 0x382 | data | English | United States | 0.48552338530066813 |
| RT_DIALOG | 0x516708 | 0xe8 | data | English | United States | 0.6336206896551724 |
| RT_DIALOG | 0x5167f0 | 0x34 | data | English | United States | 0.9038461538461539 |
| RT_STRING | 0x516824 | 0x44 | data | English | United States | 0.6323529411764706 |
| RT_STRING | 0x516868 | 0x32c | data | English | United States | 0.4125615763546798 |
| RT_STRING | 0x516b94 | 0x248 | data | English | United States | 0.5085616438356164 |
| RT_STRING | 0x516ddc | 0x84 | data | English | United States | 0.5833333333333334 |
| RT_STRING | 0x516e60 | 0x2a8 | data | English | United States | 0.36176470588235293 |
| RT_STRING | 0x517108 | 0x20e | data | English | United States | 0.3155893536121673 |
| RT_STRING | 0x517318 | 0x24c | data | English | United States | 0.4370748299319728 |
| RT_STRING | 0x517564 | 0x3c | data | English | United States | 0.65 |
| RT_STRING | 0x5175a0 | 0x16e | data | English | United States | 0.39344262295081966 |
| RT_STRING | 0x517710 | 0xa6 | Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0 | English | United States | 0.7228915662650602 |
| RT_STRING | 0x5177b8 | 0x184 | data | English | United States | 0.4742268041237113 |
| RT_STRING | 0x51793c | 0x66 | data | English | United States | 0.696078431372549 |
| RT_STRING | 0x5179a4 | 0x1d6 | Matlab v4 mat-file (little endian) S, numeric, rows 0, columns 0 | English | United States | 0.35319148936170214 |
| RT_STRING | 0x517b7c | 0x186 | data | English | United States | 0.5384615384615384 |
| RT_STRING | 0x517d04 | 0xb2 | data | English | United States | 0.6179775280898876 |
| RT_STRING | 0x517db8 | 0x48 | Matlab v4 mat-file (little endian) a, numeric, rows 0, columns 0 | English | United States | 0.7083333333333334 |
| RT_STRING | 0x517e00 | 0x18c | data | English | United States | 0.398989898989899 |
| RT_STRING | 0x517f8c | 0x82 | StarOffice Gallery theme p, 536899072 objects, 1st n | English | United States | 0.7153846153846154 |
| RT_STRING | 0x518010 | 0x2a | data | English | United States | 0.5476190476190477 |
| RT_STRING | 0x51803c | 0x184 | data | English | United States | 0.48711340206185566 |
| RT_STRING | 0x5181c0 | 0x4ee | data | English | United States | 0.375594294770206 |
| RT_STRING | 0x5186b0 | 0x264 | data | English | United States | 0.3333333333333333 |
| RT_STRING | 0x518914 | 0x2da | data | English | United States | 0.3698630136986301 |
| RT_STRING | 0x518bf0 | 0x8a | data | English | United States | 0.6594202898550725 |
| RT_STRING | 0x518c7c | 0xac | data | English | United States | 0.45348837209302323 |
| RT_STRING | 0x518d28 | 0xde | data | English | United States | 0.536036036036036 |
| RT_STRING | 0x518e08 | 0x4a8 | data | English | United States | 0.3221476510067114 |
| RT_STRING | 0x5192b0 | 0x228 | data | English | United States | 0.4003623188405797 |
| RT_STRING | 0x5194d8 | 0x2c | data | English | United States | 0.5227272727272727 |
| RT_STRING | 0x519504 | 0x53e | data | English | United States | 0.2965722801788376 |
| RT_RCDATA | 0x519a44 | 0x11dab | Delphi compiled form 'TfFolderProperties' | 0.5081565956981308 | ||
| RT_RCDATA | 0x52b7f0 | 0xce6b | Delphi compiled form 'TFormMD' | 0.5119126468974131 | ||
| RT_RCDATA | 0x53865c | 0xa9cb | Delphi compiled form 'TfSHistory' | 0.4406331239791106 | ||
| RT_RCDATA | 0x543028 | 0x1b681 | Delphi compiled form 'TMsgBoxForm' | 0.5739686611970746 | ||
| RT_MESSAGETABLE | 0x55e6ac | 0x2840 | data | 0.5283385093167702 | ||
| RT_GROUP_CURSOR | 0x560eec | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
| RT_GROUP_CURSOR | 0x560f00 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x560f14 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x560f28 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x560f3c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x560f50 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x560f64 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x560f78 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x560f8c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x560fa0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x560fb4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x560fc8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x560fdc | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States | 1.0294117647058822 |
| RT_GROUP_CURSOR | 0x561000 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x561014 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x561028 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x56103c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x561050 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x561064 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x561078 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x56108c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x5610a0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x5610b4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x5610c8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x5610dc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x5610f0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x561104 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_ICON | 0x561118 | 0x68 | data | English | Great Britain | 0.6442307692307693 |
| RT_GROUP_ICON | 0x561180 | 0x22 | data | English | United States | 1.0588235294117647 |
| RT_GROUP_ICON | 0x5611a4 | 0x22 | data | English | United States | 1.0588235294117647 |
| RT_GROUP_ICON | 0x5611c8 | 0x5a | data | English | United States | 0.7555555555555555 |
| RT_GROUP_ICON | 0x561224 | 0x22 | data | English | United States | 1.1176470588235294 |
| RT_VERSION | 0x561248 | 0x254 | data | English | United States | 0.4748322147651007 |
| RT_ANIICON | 0x56149c | 0x36b6e | PC bitmap, Windows 3.x format, 28224 x 2 x 54, image size 224986, cbSize 224110, bits offset 54 | 0.9941144973450537 | ||
| None | 0x59800c | 0x1f1 | data | English | United States | 0.17706237424547283 |
| None | 0x598200 | 0x1c | data | English | United States | 1.2857142857142858 |
| None | 0x59821c | 0x18 | data | English | United States | 1.2916666666666667 |
| DLL | Import |
|---|---|
| KERNEL32.dll | GetDateFormatW, GetConsoleMode, GetConsoleOutputCP, SetFilePointerEx, GetTimeZoneInformation, ExitProcess, GetStdHandle, GetFileType, SetStdHandle, VirtualQuery, VirtualAlloc, GetSystemInfo, HeapQueryInformation, GetCommandLineW, GetCommandLineA, FreeLibraryAndExitThread, ExitThread, CreateThread, RtlUnwind, GetCPInfo, CompareStringEx, LCMapStringW, GetDriveTypeW, LCMapStringEx, GetStringTypeW, GetModuleHandleExW, CloseThreadpoolWork, SubmitThreadpoolWork, CreateThreadpoolWork, FreeLibraryWhenCallbackReturns, TryAcquireSRWLockExclusive, QueryPerformanceFrequency, InitOnceBeginInitialize, InitOnceComplete, AreFileApisANSI, FindFirstFileExW, FormatMessageA, RaiseException, GetTimeFormatW, IsValidLocale, EnumSystemLocalesW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, WriteConsoleW, GetStartupInfoW, IsDebuggerPresent, InitializeSListHead, GetSystemTimeAsFileTime, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsProcessorFeaturePresent, SleepConditionVariableSRW, WakeAllConditionVariable, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, GetUserDefaultLCID, SearchPathW, GetProfileIntW, GetTickCount64, GetWindowsDirectoryW, ReadConsoleW, FindResourceExW, SetErrorMode, GetFileTime, GetFileSizeEx, GetFileAttributesExW, GetCurrentDirectoryW, GetFileAttributesW, VirtualProtect, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetLocaleInfoW, GlobalFlags, LocalReAlloc, GlobalHandle, GlobalReAlloc, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSection, GlobalGetAtomNameW, InitializeCriticalSectionAndSpinCount, GetThreadLocale, lstrcmpiW, DuplicateHandle, WriteFile, UnlockFile, SetFilePointer, SetEndOfFile, ReadFile, LockFile, GetVolumeInformationW, GetFullPathNameW, GetFileSize, FlushFileBuffers, CreateFileW, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, FileTimeToLocalFileTime, lstrcpyW, WritePrivateProfileStringW, GetPrivateProfileStringW, GetPrivateProfileIntW, lstrcmpA, GetCurrentThread, ResumeThread, SetThreadPriority, CompareStringW, GlobalFindAtomW, GlobalAddAtomW, lstrcmpW, GlobalDeleteAtom, LoadLibraryW, LoadLibraryA, LoadLibraryExW, GetProcAddress, GetModuleHandleA, FreeLibrary, GetSystemDirectoryW, GetCurrentThreadId, EncodePointer, OutputDebugStringA, GetCurrentProcessId, CopyFileW, MulDiv, GlobalSize, SetLastError, GetExitCodeProcess, IsWow64Process, GetModuleHandleW, CreateProcessW, GlobalFree, GetVersionExW, LocalAlloc, WaitForSingleObject, FindClose, GetModuleFileNameW, GetCurrentProcess, FindNextFileW, FindFirstFileW, GlobalMemoryStatusEx, SizeofResource, Process32FirstW, GetDiskFreeSpaceExW, Process32NextW, CreateToolhelp32Snapshot, GetUserDefaultLocaleName, GetLocaleInfoEx, GetTickCount, VerifyVersionInfoW, VerSetConditionMask, LocalFree, FormatMessageW, GlobalUnlock, GlobalLock, GlobalAlloc, MoveFileExW, CloseHandle, OutputDebugStringW, CreateMutexW, RemoveDirectoryW, GetTempFileNameW, DeleteFileW, MultiByteToWideChar, GetTempPathW, GetEnvironmentVariableW, CreateDirectoryW, WideCharToMultiByte, GetProcessHeap, DeleteCriticalSection, DecodePointer, HeapAlloc, FindResourceW, LoadResource, HeapReAlloc, LockResource, GetLastError, Sleep, HeapSize, InitializeCriticalSectionEx, LeaveCriticalSection, EnterCriticalSection, HeapFree |
| USER32.dll | GetKeyNameTextW, EnumDisplayMonitors, SystemParametersInfoW, LoadCursorW, SetLayeredWindowAttributes, MapDialogRect, SetWindowContextHelpId, SetCursor, ShowOwnedPopups, PostQuitMessage, DrawIconEx, IsRectEmpty, InflateRect, DrawFocusRect, GetSysColorBrush, SetWindowRgn, DrawFrameControl, DrawEdge, GetCursorPos, TranslateMessage, GetMessageW, SetMenuItemInfoW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, EnableMenuItem, CheckMenuItem, OffsetRect, SetRectEmpty, SendDlgItemMessageA, LoadMenuW, GetDesktopWindow, GetActiveWindow, GetNextDlgTabItem, EndDialog, CreateDialogIndirectParamW, IsDialogMessageW, SetWindowTextW, CheckDlgButton, MoveWindow, LockWindowUpdate, MapVirtualKeyW, GetDoubleClickTime, GetIconInfo, CopyIcon, GetMenuDefaultItem, UnregisterClassW, EnableWindow, ShowWindow, GetMonitorInfoW, MonitorFromWindow, WinHelpW, GetScrollInfo, SetScrollInfo, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExW, GetWindow, GetTopWindow, GetClassLongW, SetWindowLongW, PtInRect, EqualRect, CopyRect, MapWindowPoints, AdjustWindowRectEx, GetWindowTextLengthW, GetWindowTextW, RemovePropW, GetPropW, SetPropW, ShowScrollBar, SetMenuDefaultItem, SetClipboardData, EmptyClipboard, SetParent, MonitorFromPoint, IsZoomed, SetCapture, ReleaseCapture, DeleteMenu, MessageBeep, WindowFromPoint, NotifyWinEvent, SetCursorPos, SetRect, UnionRect, BringWindowToTop, DestroyMenu, SetScrollRange, GetScrollPos, GetMenuItemInfoW, CharUpperW, IntersectRect, RealChildWindowFromPoint, CopyImage, GetAsyncKeyState, CreatePopupMenu, TrackMouseEvent, DestroyIcon, LoadImageW, OpenClipboard, EnableScrollBar, SendMessageW, IsIconic, AppendMenuW, GetClientRect, RemoveMenu, LoadIconW, DrawIcon, GetSystemMetrics, GetWindowRect, PostMessageW, GetSystemMenu, InvalidateRect, KillTimer, SetTimer, GetParent, GetMenuStringW, GetMenuState, GetSubMenu, GetMenuItemID, GetMenuItemCount, InsertMenuW, IsWindowEnabled, MessageBoxW, GetWindowLongW, GetWindowThreadProcessId, GetLastActivePopup, DrawTextW, DrawTextExW, GrayStringW, TabbedTextOutW, GetDC, GetWindowDC, ReleaseDC, BeginPaint, EndPaint, ClientToScreen, ScreenToClient, GetSysColor, FillRect, DrawStateW, UpdateWindow, GetClassNameW, LoadBitmapW, RegisterWindowMessageW, DispatchMessageW, PeekMessageW, GetMessagePos, GetMessageTime, DefWindowProcW, CallWindowProcW, RegisterClassW, GetClassInfoW, GetClassInfoExW, CreateWindowExW, IsWindow, IsMenu, IsChild, DestroyWindow, SetWindowPos, GetWindowPlacement, SetWindowPlacement, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, IsWindowVisible, GetDlgItem, GetDlgCtrlID, SetFocus, GetFocus, GetKeyState, GetCapture, GetMenu, SetMenu, TrackPopupMenu, SetActiveWindow, GetForegroundWindow, SetForegroundWindow, ValidateRect, RedrawWindow, ScrollWindow, SetScrollPos, ModifyMenuW, DestroyAcceleratorTable, SetClassLongW, GetUpdateRect, CloseClipboard, WaitMessage, CharNextW, CopyAcceleratorTableW, InvalidateRgn, GetNextDlgGroupItem, IsClipboardFormatAvailable, ToUnicodeEx, GetKeyboardLayout, GetKeyboardState, LoadAcceleratorsW, CreateAcceleratorTableW, UpdateLayeredWindow, HideCaret, InvertRect, FrameRect, SubtractRect, RegisterClipboardFormatW, CharUpperBuffW, TranslateAcceleratorW, InsertMenuItemW, UnpackDDElParam, ReuseDDElParam, PostThreadMessageW, IsCharLowerW, MapVirtualKeyExW, DrawMenuBar, DefFrameProcW, DefMDIChildProcW, TranslateMDISysAccel, GetComboBoxInfo, CreateMenu, DestroyCursor, GetWindowRgn, GetScrollRange |
| GDI32.dll | LineTo, PtVisible, RectVisible, RestoreDC, SaveDC, SelectClipRgn, ExtSelectClipRgn, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetMapMode, SetLayout, SetPolyFillMode, SetROP2, SetTextColor, SetTextAlign, MoveToEx, TextOutW, ExtTextOutW, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, OffsetViewportOrgEx, OffsetWindowOrgEx, ScaleViewportExtEx, ScaleWindowExtEx, CombineRgn, CreateEllipticRgn, CreateRectRgnIndirect, Ellipse, GetBkColor, GetTextColor, GetTextExtentPoint32W, IntersectClipRect, CreatePolygonRgn, Polygon, Polyline, GetTextMetricsW, CreateCompatibleBitmap, CreateDIBitmap, EnumFontFamiliesW, GetTextCharsetInfo, GetMapMode, SetRectRgn, DPtoLP, RealizePalette, SetPixel, StretchBlt, CreateDIBSection, SetDIBColorTable, CreateRoundRectRgn, Rectangle, GetRgnBox, OffsetRgn, RoundRect, CreatePalette, GetPaletteEntries, EnumFontFamiliesExW, GetNearestPaletteIndex, GetSystemPaletteEntries, LPtoDP, ExtFloodFill, SetPaletteEntries, FillRgn, FrameRgn, GetBoundsRect, PtInRegion, GetViewportOrgEx, GetWindowOrgEx, SetPixelV, GetTextFaceW, GetWindowExtEx, GetViewportExtEx, GetStockObject, GetPixel, GetObjectType, GetClipBox, ExcludeClipRect, Escape, DeleteObject, CreateRectRgn, CreatePatternBrush, CreatePen, CreateHatchBrush, DeleteDC, CreateFontIndirectW, CreateSolidBrush, GetObjectW, CopyMetaFileW, CreateDCW, GetDeviceCaps, BitBlt, CreateBitmap, CreateCompatibleDC, PatBlt, GetLayout |
| MSIMG32.dll | AlphaBlend, TransparentBlt |
| WINSPOOL.DRV | DocumentPropertiesW, OpenPrinterW, ClosePrinter |
| ADVAPI32.dll | CryptDestroyHash, RegQueryValueExA, RegEnumValueW, RegQueryValueW, RegEnumKeyW, RegDeleteValueW, RegDeleteKeyW, CryptAcquireContextW, CryptCreateHash, CryptHashData, RegOpenKeyExA, CryptGetHashParam, CryptReleaseContext, RegCreateKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, RegOpenKeyExW, RegGetValueW, RegQueryValueExW, RegCloseKey |
| SHELL32.dll | DragFinish, DragQueryFileW, SHAppBarMessage, SHGetFileInfoW, SHGetDesktopFolder, SHBrowseForFolderW, SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetMalloc, ShellExecuteW, SHGetKnownFolderPath, SHGetFolderPathW |
| COMCTL32.dll | InitCommonControlsEx |
| SHLWAPI.dll | PathRemoveFileSpecW, StrFormatKBSizeW, PathStripToRootW, PathIsUNCW, PathFindFileNameW, PathFindExtensionW, PathAppendW, PathIsDirectoryEmptyW, PathFileExistsW, PathIsDirectoryW |
| UxTheme.dll | DrawThemeText, IsAppThemed, OpenThemeData, CloseThemeData, GetThemePartSize, GetThemeSysColor, DrawThemeBackground, GetThemeColor, GetCurrentThemeName, DrawThemeParentBackground, GetWindowTheme, IsThemeBackgroundPartiallyTransparent |
| ole32.dll | RegisterDragDrop, IsAccelerator, OleTranslateAccelerator, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, OleUninitialize, OleInitialize, CoFreeUnusedLibraries, CoInitializeEx, OleLockRunning, RevokeDragDrop, CoLockObjectExternal, OleGetClipboard, DoDragDrop, OleIsCurrentClipboard, CreateILockBytesOnHGlobal, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CoGetClassObject, CoDisconnectObject, CLSIDFromProgID, CLSIDFromString, CoCreateGuid, ReleaseStgMedium, OleDuplicateData, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitialize, CreateStreamOnHGlobal, CoTaskMemFree, CoRevokeClassObject, CoRegisterMessageFilter, OleFlushClipboard |
| OLEAUT32.dll | SafeArrayDestroy, VariantCopy, VariantTimeToSystemTime, SystemTimeToVariantTime, VariantChangeType, VariantClear, VariantInit, SysAllocStringLen, SysFreeString, SysAllocStringByteLen, SysAllocString, SysStringLen, OleCreateFontIndirect, LoadTypeLib, VarBstrFromDate |
| oledlg.dll | OleUIBusyW |
| gdiplus.dll | GdipSetInterpolationMode, GdipCreateBitmapFromHBITMAP, GdipDrawImageI, GdipBitmapUnlockBits, GdipBitmapLockBits, GdipCreateBitmapFromScan0, GdipGetImagePaletteSize, GdipGetImagePalette, GdipGetImagePixelFormat, GdipGetImageHeight, GdipGetImageWidth, GdipGetImageGraphicsContext, GdipCreateBitmapFromStream, GdiplusShutdown, GdiplusStartup, GdipLoadImageFromStream, GdipDeleteGraphics, GdipCreateFromHDC, GdipFree, GdipDisposeImage, GdipDrawImageRectI, GdipAlloc, GdipCloneImage |
| WINHTTP.dll | WinHttpQueryDataAvailable, WinHttpCloseHandle, WinHttpSetOption, WinHttpConnect, WinHttpCrackUrl, WinHttpSendRequest, WinHttpOpenRequest, WinHttpReadData, WinHttpQueryHeaders, WinHttpOpen, WinHttpReceiveResponse, WinHttpAddRequestHeaders |
| WININET.dll | InternetOpenW, HttpQueryInfoW, InternetCloseHandle, InternetReadFile, InternetOpenUrlW |
| VERSION.dll | VerQueryValueW |
| ntdll.dll | RtlGetVersion |
| OLEACC.dll | AccessibleObjectFromWindow, LresultFromObject, CreateStdAccessibleObject |
| IMM32.dll | ImmReleaseContext, ImmGetOpenStatus, ImmGetContext |
| WINMM.dll | PlaySoundW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
| English | Great Britain |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 11:34:36.477385044 CET | 49708 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:34:36.482224941 CET | 30203 | 49708 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:34:36.482372046 CET | 49708 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:34:36.533483982 CET | 49708 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:34:36.538310051 CET | 30203 | 49708 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:34:36.540683985 CET | 49708 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:34:36.546595097 CET | 30203 | 49708 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:34:57.878804922 CET | 30203 | 49708 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:34:57.878885984 CET | 49708 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:34:57.891272068 CET | 49708 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:34:57.896035910 CET | 30203 | 49708 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:34:58.003422022 CET | 49709 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:34:58.008307934 CET | 30203 | 49709 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:34:58.008398056 CET | 49709 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:34:58.009429932 CET | 49709 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:34:58.014194012 CET | 30203 | 49709 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:34:58.014282942 CET | 49709 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:34:58.019100904 CET | 30203 | 49709 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:35:19.357760906 CET | 30203 | 49709 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:35:19.361056089 CET | 49709 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:35:19.361207962 CET | 49709 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:35:19.365910053 CET | 30203 | 49709 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:35:19.472197056 CET | 49711 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:35:19.477089882 CET | 30203 | 49711 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:35:19.477637053 CET | 49711 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:35:19.478239059 CET | 49711 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:35:19.483026981 CET | 30203 | 49711 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:35:19.483705997 CET | 49711 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:35:19.488581896 CET | 30203 | 49711 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:35:40.875828028 CET | 30203 | 49711 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:35:40.875957966 CET | 49711 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:35:40.876197100 CET | 49711 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:35:40.880913973 CET | 30203 | 49711 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:35:40.988352060 CET | 49715 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:35:40.993264914 CET | 30203 | 49715 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:35:40.993382931 CET | 49715 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:35:40.994167089 CET | 49715 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:35:40.998997927 CET | 30203 | 49715 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:35:40.999149084 CET | 49715 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:35:41.004002094 CET | 30203 | 49715 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:02.374875069 CET | 30203 | 49715 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:02.374953032 CET | 49715 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:02.375133991 CET | 49715 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:02.379872084 CET | 30203 | 49715 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:02.489751101 CET | 49716 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:02.494585037 CET | 30203 | 49716 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:02.494683027 CET | 49716 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:02.496150970 CET | 49716 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:02.500884056 CET | 30203 | 49716 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:02.500936031 CET | 49716 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:02.505681038 CET | 30203 | 49716 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:09.082622051 CET | 49716 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:09.087585926 CET | 30203 | 49716 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:09.087657928 CET | 49716 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:09.092533112 CET | 30203 | 49716 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:18.128926992 CET | 49716 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:18.133755922 CET | 30203 | 49716 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:18.141215086 CET | 49716 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:18.145992994 CET | 30203 | 49716 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:23.862848997 CET | 30203 | 49716 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:23.863038063 CET | 49716 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:23.863209963 CET | 49716 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:23.868000031 CET | 30203 | 49716 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:23.972765923 CET | 49717 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:23.977649927 CET | 30203 | 49717 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:23.979827881 CET | 49717 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:23.979827881 CET | 49717 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:23.984627008 CET | 30203 | 49717 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:23.990833998 CET | 49717 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:23.995754957 CET | 30203 | 49717 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:29.961304903 CET | 49717 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:29.966114998 CET | 30203 | 49717 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:29.966223001 CET | 49717 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:29.971031904 CET | 30203 | 49717 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:31.769467115 CET | 49717 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:31.774336100 CET | 30203 | 49717 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:31.774391890 CET | 49717 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:31.779211044 CET | 30203 | 49717 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:32.862766981 CET | 49717 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:32.867623091 CET | 30203 | 49717 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:32.867714882 CET | 49717 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:32.872545004 CET | 30203 | 49717 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:45.363238096 CET | 30203 | 49717 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:45.363320112 CET | 49717 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:45.363523006 CET | 49717 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:45.368333101 CET | 30203 | 49717 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:45.472752094 CET | 49718 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:45.477622986 CET | 30203 | 49718 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:45.477735996 CET | 49718 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:45.478856087 CET | 49718 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:45.483658075 CET | 30203 | 49718 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:45.483715057 CET | 49718 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:45.488535881 CET | 30203 | 49718 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:46.175221920 CET | 49718 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:46.180191040 CET | 30203 | 49718 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:46.180363894 CET | 49718 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:46.185194969 CET | 30203 | 49718 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:57.644216061 CET | 49718 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:57.649178982 CET | 30203 | 49718 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:36:57.649234056 CET | 49718 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:36:57.654057026 CET | 30203 | 49718 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:07.497226954 CET | 30203 | 49718 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:07.497247934 CET | 30203 | 49718 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:07.497307062 CET | 49718 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:07.497334957 CET | 49718 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:07.497379065 CET | 30203 | 49718 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:07.497423887 CET | 49718 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:07.497451067 CET | 49718 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:07.502255917 CET | 30203 | 49718 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:07.613116980 CET | 49719 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:07.618294954 CET | 30203 | 49719 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:07.618391991 CET | 49719 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:07.619137049 CET | 49719 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:07.623982906 CET | 30203 | 49719 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:07.624047041 CET | 49719 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:07.628917933 CET | 30203 | 49719 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:11.144452095 CET | 49719 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:11.149386883 CET | 30203 | 49719 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:11.149446011 CET | 49719 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:11.154359102 CET | 30203 | 49719 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:28.989156008 CET | 30203 | 49719 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:28.989619017 CET | 49719 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:28.989908934 CET | 49719 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:28.994657993 CET | 30203 | 49719 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:29.114896059 CET | 49720 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:29.119868994 CET | 30203 | 49720 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:29.119955063 CET | 49720 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:29.121458054 CET | 49720 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:29.126208067 CET | 30203 | 49720 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:29.126261950 CET | 49720 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:29.131066084 CET | 30203 | 49720 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:43.848562956 CET | 49720 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:43.853518009 CET | 30203 | 49720 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:43.853583097 CET | 49720 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:43.858769894 CET | 30203 | 49720 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:44.253432035 CET | 49720 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:44.258399010 CET | 30203 | 49720 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:44.258965015 CET | 49720 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:44.263708115 CET | 30203 | 49720 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:50.501497984 CET | 30203 | 49720 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:50.501730919 CET | 49720 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:50.501893044 CET | 49720 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:50.506740093 CET | 30203 | 49720 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:50.613679886 CET | 49721 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:50.618575096 CET | 30203 | 49721 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:50.618885994 CET | 49721 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:50.619565010 CET | 49721 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:50.624336958 CET | 30203 | 49721 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:50.624422073 CET | 49721 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:50.629163980 CET | 30203 | 49721 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:55.035042048 CET | 49721 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:55.039915085 CET | 30203 | 49721 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:37:55.040148020 CET | 49721 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:37:55.045003891 CET | 30203 | 49721 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:38:05.708224058 CET | 49721 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:38:05.713083982 CET | 30203 | 49721 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:38:05.713179111 CET | 49721 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:38:05.718498945 CET | 30203 | 49721 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:38:12.005848885 CET | 30203 | 49721 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:38:12.005908966 CET | 49721 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:38:12.006161928 CET | 49721 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:38:12.011136055 CET | 30203 | 49721 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:38:12.113303900 CET | 49722 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:38:12.118125916 CET | 30203 | 49722 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:38:12.118236065 CET | 49722 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:38:12.119105101 CET | 49722 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:38:12.123889923 CET | 30203 | 49722 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:38:12.123958111 CET | 49722 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:38:12.128726006 CET | 30203 | 49722 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:38:19.165263891 CET | 49722 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:38:19.170177937 CET | 30203 | 49722 | 181.71.216.203 | 192.168.2.8 |
| Jan 10, 2025 11:38:19.170298100 CET | 49722 | 30203 | 192.168.2.8 | 181.71.216.203 |
| Jan 10, 2025 11:38:19.175090075 CET | 30203 | 49722 | 181.71.216.203 | 192.168.2.8 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 10, 2025 11:34:36.457285881 CET | 61976 | 53 | 192.168.2.8 | 1.1.1.1 |
| Jan 10, 2025 11:34:36.473789930 CET | 53 | 61976 | 1.1.1.1 | 192.168.2.8 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 11:34:36.457285881 CET | 192.168.2.8 | 1.1.1.1 | 0x2aa3 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 10, 2025 11:34:36.473789930 CET | 1.1.1.1 | 192.168.2.8 | 0x2aa3 | No error (0) | 181.71.216.203 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 1 |
| Start time: | 05:34:10 |
| Start date: | 10/01/2025 |
| Path: | C:\Users\user\Desktop\AdobeReaderPDFonline.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 5'835'776 bytes |
| MD5 hash: | AF1D0F01B01DA4DA3A9A54B2BEE820E9 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 05:34:32 |
| Start date: | 10/01/2025 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x110000 |
| File size: | 2'141'552 bytes |
| MD5 hash: | EB80BB1CA9B9C7F516FF69AFCFD75B7D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | moderate |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 0.6% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 20.3% |
| Total number of Nodes: | 79 |
| Total number of Limit Nodes: | 5 |
Graph
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F0BB0 Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 376threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F0A21 Relevance: 33.6, APIs: 1, Strings: 18, Instructions: 341threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F176D Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 226threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F1BDF Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 215threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EAA05 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 401processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669A2F Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 253registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02668B7F Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 173registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026695FC Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 167registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02664AFD Relevance: 3.2, Strings: 2, Instructions: 677COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02664A58 Relevance: 1.9, Strings: 1, Instructions: 678COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026649EA Relevance: 1.9, Strings: 1, Instructions: 670COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266479B Relevance: 1.9, Strings: 1, Instructions: 664COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266481A Relevance: 1.9, Strings: 1, Instructions: 664COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026647BA Relevance: 1.9, Strings: 1, Instructions: 651COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02664B81 Relevance: 1.9, Strings: 1, Instructions: 645COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266788D Relevance: 1.7, APIs: 1, Instructions: 209COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02603955 Relevance: 1.7, APIs: 1, Instructions: 177threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02603A1D Relevance: 1.7, APIs: 1, Instructions: 157threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E65E7 Relevance: 1.6, APIs: 1, Instructions: 315memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E5992 Relevance: 1.5, APIs: 1, Instructions: 217COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E573A Relevance: 1.4, APIs: 1, Instructions: 199memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266464D Relevance: .6, Instructions: 592COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02664C48 Relevance: .6, Instructions: 589COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02664D11 Relevance: .6, Instructions: 584COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02664D22 Relevance: .6, Instructions: 582COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02664C5A Relevance: .6, Instructions: 580COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02664672 Relevance: .6, Instructions: 579COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02664DA7 Relevance: .6, Instructions: 579COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02665172 Relevance: .6, Instructions: 578COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02664DAC Relevance: .6, Instructions: 578COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02664C92 Relevance: .6, Instructions: 576COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02663E0B Relevance: .6, Instructions: 575COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F16F0 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 216threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F0864 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 215threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F183E Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 208threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F17B2 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 208threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F17BB Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 206threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F10FF Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 205threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F1703 Relevance: 33.5, APIs: 1, Strings: 18, Instructions: 204threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F1735 Relevance: 33.4, APIs: 1, Strings: 18, Instructions: 200threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266C145 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 79registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02668CED Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 134registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FCC3F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139injectionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EA82E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FCABD Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 188injectionCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669854 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 172registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669862 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EA838 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 155processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669720 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 123registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266991E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 121registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669773 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 113registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026699DA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 108registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669A85 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669769 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266977C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 99registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EA88A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02668BFA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 78registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EA911 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 78processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669AFE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266955A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EA956 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669C8C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EBDA5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266894D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026689E2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EB88F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026689EB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EAA3D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EBDBC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EBDB7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EB972 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266A07C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EAA51 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EB9FE Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266A093 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669CD2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669C4C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EB2D2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EB8E9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266A0A2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669CD9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669C63 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669BD2 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E9048 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 126memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FCBE3 Relevance: 1.7, APIs: 1, Instructions: 211COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026679E7 Relevance: 1.7, APIs: 1, Instructions: 161COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667746 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02666B1C Relevance: 1.6, APIs: 1, Instructions: 121COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667B1F Relevance: 1.6, APIs: 1, Instructions: 111COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02603BC9 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02666C3A Relevance: 1.6, APIs: 1, Instructions: 107COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026031F7 Relevance: 1.6, APIs: 1, Instructions: 102threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FC7CC Relevance: 1.6, APIs: 1, Instructions: 102COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667D28 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02603C3A Relevance: 1.6, APIs: 1, Instructions: 83threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02666BCF Relevance: 1.6, APIs: 1, Instructions: 82COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02666C92 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667BF2 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667105 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02666D41 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02603CB6 Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026038B3 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026677EE Relevance: 1.6, APIs: 1, Instructions: 66COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F36E3 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266780C Relevance: 1.6, APIs: 1, Instructions: 57COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667807 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667BA1 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667BA8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667701 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266774D Relevance: 1.6, APIs: 1, Instructions: 51COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667753 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FE7E3 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266775D Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FEA7B Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FE76A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FE7FE Relevance: 1.5, APIs: 1, Instructions: 44COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02666919 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F37CC Relevance: 1.5, APIs: 1, Instructions: 34COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667793 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026678D6 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667CA7 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026677A4 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026678EA Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F37E3 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667863 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F36A3 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266694E Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F282D Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F30A2 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F36CF Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667E1F Relevance: 1.5, APIs: 1, Instructions: 22COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026029F9 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FB567 Relevance: 1.5, APIs: 1, Instructions: 212memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E5ED5 Relevance: 1.4, APIs: 1, Instructions: 196COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E5B13 Relevance: 1.4, APIs: 1, Instructions: 191COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E59E9 Relevance: 1.4, APIs: 1, Instructions: 187COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E5AB2 Relevance: 1.4, APIs: 1, Instructions: 181COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E59FA Relevance: 1.4, APIs: 1, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E5A26 Relevance: 1.4, APIs: 1, Instructions: 178COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E6683 Relevance: 1.4, APIs: 1, Instructions: 172memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E66AA Relevance: 1.4, APIs: 1, Instructions: 160memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E657B Relevance: 1.4, APIs: 1, Instructions: 152memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E664E Relevance: 1.4, APIs: 1, Instructions: 149memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E6AAF Relevance: 1.4, APIs: 1, Instructions: 139memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E65D5 Relevance: 1.4, APIs: 1, Instructions: 136memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FB3DD Relevance: 1.4, APIs: 1, Instructions: 125memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F050B Relevance: 1.4, APIs: 1, Instructions: 111COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FB39A Relevance: 1.3, APIs: 1, Instructions: 87COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EF7CA Relevance: 1.3, APIs: 1, Instructions: 87memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EF6F9 Relevance: 1.3, APIs: 1, Instructions: 70memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FB913 Relevance: 1.3, APIs: 1, Instructions: 59memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EF7D5 Relevance: 1.3, APIs: 1, Instructions: 49memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EF7DC Relevance: 1.3, APIs: 1, Instructions: 46memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EFC41 Relevance: 1.3, APIs: 1, Instructions: 46memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EF120 Relevance: 1.3, APIs: 1, Instructions: 43memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EE8D6 Relevance: 1.3, APIs: 1, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EF156 Relevance: 1.3, APIs: 1, Instructions: 31memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EF75B Relevance: 1.3, APIs: 1, Instructions: 31memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EF76A Relevance: 1.3, APIs: 1, Instructions: 28memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EFC6B Relevance: 1.3, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EF167 Relevance: 1.3, APIs: 1, Instructions: 27memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EE8F2 Relevance: 1.3, APIs: 1, Instructions: 25memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EFC7C Relevance: 1.3, APIs: 1, Instructions: 24memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E1F3C Relevance: 26.6, Strings: 21, Instructions: 338COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E212E Relevance: 25.3, Strings: 20, Instructions: 276COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E22D5 Relevance: 24.0, Strings: 19, Instructions: 220COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E2327 Relevance: 24.0, Strings: 19, Instructions: 217COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FBA3C Relevance: 22.9, Strings: 18, Instructions: 408COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FBDD6 Relevance: 22.9, Strings: 18, Instructions: 354COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EC785 Relevance: 18.0, Strings: 14, Instructions: 464COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025ED871 Relevance: 16.4, Strings: 13, Instructions: 181COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025ED7A7 Relevance: 15.2, Strings: 12, Instructions: 243COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025ED920 Relevance: 15.2, Strings: 12, Instructions: 233COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EDC30 Relevance: 15.2, Strings: 12, Instructions: 220COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EC852 Relevance: 15.2, Strings: 12, Instructions: 195COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EC90E Relevance: 15.2, Strings: 12, Instructions: 192COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025ED7D6 Relevance: 15.2, Strings: 12, Instructions: 190COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025ED7BE Relevance: 15.2, Strings: 12, Instructions: 185COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EDC8E Relevance: 15.2, Strings: 12, Instructions: 183COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EDC86 Relevance: 15.2, Strings: 12, Instructions: 183COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EDCF6 Relevance: 15.2, Strings: 12, Instructions: 168COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EC63D Relevance: 15.2, Strings: 12, Instructions: 164COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EC637 Relevance: 15.2, Strings: 12, Instructions: 164COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025ED809 Relevance: 15.2, Strings: 12, Instructions: 162COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025ED950 Relevance: 15.2, Strings: 12, Instructions: 160COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EDD24 Relevance: 15.2, Strings: 12, Instructions: 155COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025ED96E Relevance: 15.2, Strings: 12, Instructions: 152COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EC9A1 Relevance: 15.2, Strings: 12, Instructions: 152COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025ED82E Relevance: 15.1, Strings: 12, Instructions: 149COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EAEF4 Relevance: 4.0, Strings: 3, Instructions: 295COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E2C7B Relevance: 4.0, Strings: 3, Instructions: 210COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0260282C Relevance: 2.9, Strings: 2, Instructions: 353COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F27DA Relevance: 2.7, Strings: 2, Instructions: 234COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E723B Relevance: 2.0, Strings: 1, Instructions: 729COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 026021B0 Relevance: 1.6, Strings: 1, Instructions: 316COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E3473 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F2CB8 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E323F Relevance: 1.4, Strings: 1, Instructions: 197COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266B179 Relevance: .3, Instructions: 277COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266BA36 Relevance: .3, Instructions: 266COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266C6A5 Relevance: .3, Instructions: 260COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02669182 Relevance: .2, Instructions: 247COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02602E78 Relevance: .2, Instructions: 237COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266B7AB Relevance: .2, Instructions: 232COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266C412 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E5745 Relevance: .2, Instructions: 218COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266B7EC Relevance: .2, Instructions: 215COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266B54F Relevance: .2, Instructions: 212COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FC3EE Relevance: .2, Instructions: 211COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266C429 Relevance: .2, Instructions: 209COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266B94A Relevance: .2, Instructions: 205COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266C449 Relevance: .2, Instructions: 202COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266C5A7 Relevance: .2, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EF390 Relevance: .2, Instructions: 195COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266B82D Relevance: .2, Instructions: 193COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266C471 Relevance: .2, Instructions: 190COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EC35D Relevance: .2, Instructions: 181COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EE282 Relevance: .2, Instructions: 175COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F279E Relevance: .2, Instructions: 172COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266C24D Relevance: .2, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EC0BA Relevance: .2, Instructions: 168COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266A706 Relevance: .2, Instructions: 166COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266C4F5 Relevance: .2, Instructions: 157COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0266C282 Relevance: .2, Instructions: 152COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02606565 Relevance: .1, Instructions: 147COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 02667418 Relevance: .1, Instructions: 140COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EC0C1 Relevance: .1, Instructions: 133COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025F5E87 Relevance: .1, Instructions: 132COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025FF061 Relevance: .1, Instructions: 131COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025E3C95 Relevance: .1, Instructions: 125COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025ED30E Relevance: .1, Instructions: 123COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EC104 Relevance: .1, Instructions: 114COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EC111 Relevance: .1, Instructions: 113COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 025EE00A Relevance: .1, Instructions: 111COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|