Edit tour
Windows
Analysis Report
G7T8lHJWWM.exe
Overview
General Information
| Sample name: | G7T8lHJWWM.exerenamed because original name is a hash value |
| Original sample name: | 3e7395ddfc7e38e08e6be54e3ba7c9de2d7ea1a73c9926ab607c76f3031394f6.exe |
| Analysis ID: | 1590539 |
| MD5: | 9928e66ecbb91e45d7d48fafc8a3e21f |
| SHA1: | e5ef6accf90da7c944548ec9196c31a611da5628 |
| SHA256: | 3e7395ddfc7e38e08e6be54e3ba7c9de2d7ea1a73c9926ab607c76f3031394f6 |
| Tags: | exeTHSUPPORTSERVICESLTDuser-JAMESWT_MHT |
| Infos: |  |
 | |
Detection
LummaC
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Sample uses string decryption to hide its real strings
Contains functionality to call native functions
Contains functionality to read the PEB
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match
Classification
- System is w10x64
G7T8lHJWWM.exe (PID: 5052 cmdline: "C:\Users\ user\Deskt op\G7T8lHJ WWM.exe" MD5: 9928E66ECBB91E45D7D48FAFC8A3E21F)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["savorraiykj.lat", "washyceehsu.lat", "leggelatez.lat", "plodnittpw.lat", "bloodyswif.lat", "kickykiduz.lat", "finickypwk.lat", "miniatureyu.lat", "shoefeatthe.lat"], "Build id": "BbL7Kk--05S"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
| JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T08:55:23.640697+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.6 | 49755 | 104.102.49.254 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T08:55:22.853835+0100 | 2059189 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 51366 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T08:55:22.932749+0100 | 2059191 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 64570 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T08:55:22.900201+0100 | 2059199 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 59756 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T08:55:22.877564+0100 | 2059201 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 53096 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T08:55:22.888946+0100 | 2059203 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 59227 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T08:55:22.910951+0100 | 2059207 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 59592 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T08:55:22.922550+0100 | 2059209 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 59454 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T08:55:22.865132+0100 | 2059211 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 63875 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T08:55:24.123032+0100 | 2858666 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49755 | 104.102.49.254 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00B890B6 | |
| Source: | Code function: | 0_2_00BA108C | |
| Source: | Code function: | 0_2_00B870FA | |
| Source: | Code function: | 0_2_00BA00DF | |
| Source: | Code function: | 0_2_00BB40D4 | |
| Source: | Code function: | 0_2_00B7A034 | |
| Source: | Code function: | 0_2_00B9B014 | |
| Source: | Code function: | 0_2_00B91004 | |
| Source: | Code function: | 0_2_00B91004 | |
| Source: | Code function: | 0_2_00B9C104 | |
| Source: | Code function: | 0_2_00B9A160 | |
| Source: | Code function: | 0_2_00B9A2F8 | |
| Source: | Code function: | 0_2_00B982F4 | |
| Source: | Code function: | 0_2_00B74234 | |
| Source: | Code function: | 0_2_00B7C204 | |
| Source: | Code function: | 0_2_00BB03F4 | |
| Source: | Code function: | 0_2_00BAA3E4 | |
| Source: | Code function: | 0_2_00B7D31D | |
| Source: | Code function: | 0_2_00B99344 | |
| Source: | Code function: | 0_2_00B7E438 | |
| Source: | Code function: | 0_2_00B92404 | |
| Source: | Code function: | 0_2_00B7A5C4 | |
| Source: | Code function: | 0_2_00B8F534 | |
| Source: | Code function: | 0_2_00B87519 | |
| Source: | Code function: | 0_2_00B96696 | |
| Source: | Code function: | 0_2_00B9F624 | |
| Source: | Code function: | 0_2_00B98664 | |
| Source: | Code function: | 0_2_00B7A7A4 | |
| Source: | Code function: | 0_2_00B8F7A4 | |
| Source: | Code function: | 0_2_00BB0704 | |
| Source: | Code function: | 0_2_00B7F766 | |
| Source: | Code function: | 0_2_00B8C74A | |
| Source: | Code function: | 0_2_00B8C74A | |
| Source: | Code function: | 0_2_00B9F8A3 | |
| Source: | Code function: | 0_2_00B95892 | |
| Source: | Code function: | 0_2_00B9F8F6 | |
| Source: | Code function: | 0_2_00B9F8F6 | |
| Source: | Code function: | 0_2_00B7F8DE | |
| Source: | Code function: | 0_2_00B96AC0 | |
| Source: | Code function: | 0_2_00B79B94 | |
| Source: | Code function: | 0_2_00B78CF4 | |
| Source: | Code function: | 0_2_00B78CF4 | |
| Source: | Code function: | 0_2_00B98CA0 | |
| Source: | Code function: | 0_2_00BB1C04 | |
| Source: | Code function: | 0_2_00B9CD24 | |
| Source: | Code function: | 0_2_00B9ED14 | |
| Source: | Code function: | 0_2_00BADD04 | |
| Source: | Code function: | 0_2_00BADD04 | |
| Source: | Code function: | 0_2_00B9FEB6 | |
| Source: | Code function: | 0_2_00B99EAF | |
| Source: | Code function: | 0_2_00B7AE94 | |
| Source: | Code function: | 0_2_00B87EF1 | |
| Source: | Code function: | 0_2_00B98EF4 | |
| Source: | Code function: | 0_2_00B85D24 | |
| Source: | Code function: | 0_2_00B86F3D | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_00BC5D2C | |
| Source: | Code function: | 0_2_00B70477 | |
| Source: | Code function: | 0_2_00BC5D2C | |
| Source: | Code function: | 0_2_00BAD0A4 | |
| Source: | Code function: | 0_2_00BB40D4 | |
| Source: | Code function: | 0_2_00B8E0C4 | |
| Source: | Code function: | 0_2_00B7A034 | |
| Source: | Code function: | 0_2_00BAB03E | |
| Source: | Code function: | 0_2_00B70000 | |
| Source: | Code function: | 0_2_00B8B004 | |
| Source: | Code function: | 0_2_00B91004 | |
| Source: | Code function: | 0_2_00B861A4 | |
| Source: | Code function: | 0_2_00B9F187 | |
| Source: | Code function: | 0_2_00B771D4 | |
| Source: | Code function: | 0_2_00BA5104 | |
| Source: | Code function: | 0_2_00BC222C | |
| Source: | Code function: | 0_2_00B75214 | |
| Source: | Code function: | 0_2_00B7C204 | |
| Source: | Code function: | 0_2_00B8E394 | |
| Source: | Code function: | 0_2_00BB4384 | |
| Source: | Code function: | 0_2_00B8D3C4 | |
| Source: | Code function: | 0_2_00BA53C4 | |
| Source: | Code function: | 0_2_00BC1338 | |
| Source: | Code function: | 0_2_00BB2301 | |
| Source: | Code function: | 0_2_00BA337C | |
| Source: | Code function: | 0_2_00B99344 | |
| Source: | Code function: | 0_2_00B764F4 | |
| Source: | Code function: | 0_2_00BC34D4 | |
| Source: | Code function: | 0_2_00B74414 | |
| Source: | Code function: | 0_2_00B83414 | |
| Source: | Code function: | 0_2_00B92404 | |
| Source: | Code function: | 0_2_00B9E594 | |
| Source: | Code function: | 0_2_00BC25FC | |
| Source: | Code function: | 0_2_00BAB5CC | |
| Source: | Code function: | 0_2_00BB25CC | |
| Source: | Code function: | 0_2_00BA05C4 | |
| Source: | Code function: | 0_2_00BAC534 | |
| Source: | Code function: | 0_2_00B776B4 | |
| Source: | Code function: | 0_2_00BB46D4 | |
| Source: | Code function: | 0_2_00B9460B | |
| Source: | Code function: | 0_2_00BB3674 | |
| Source: | Code function: | 0_2_00B98664 | |
| Source: | Code function: | 0_2_00BAC794 | |
| Source: | Code function: | 0_2_00B9F7D9 | |
| Source: | Code function: | 0_2_00BB0774 | |
| Source: | Code function: | 0_2_00B8C74A | |
| Source: | Code function: | 0_2_00B8296C | |
| Source: | Code function: | 0_2_00BA1944 | |
| Source: | Code function: | 0_2_00B7AAB4 | |
| Source: | Code function: | 0_2_00BB3AA4 | |
| Source: | Code function: | 0_2_00B77A84 | |
| Source: | Code function: | 0_2_00BA0A89 | |
| Source: | Code function: | 0_2_00B8CAF4 | |
| Source: | Code function: | 0_2_00BA2ADA | |
| Source: | Code function: | 0_2_00B87AD3 | |
| Source: | Code function: | 0_2_00BC2A34 | |
| Source: | Code function: | 0_2_00BA7A34 | |
| Source: | Code function: | 0_2_00BAAA20 | |
| Source: | Code function: | 0_2_00BA3A7C | |
| Source: | Code function: | 0_2_00BB2BA5 | |
| Source: | Code function: | 0_2_00B79B94 | |
| Source: | Code function: | 0_2_00B75BC4 | |
| Source: | Code function: | 0_2_00B8FB44 | |
| Source: | Code function: | 0_2_00B78CF4 | |
| Source: | Code function: | 0_2_00B8DC64 | |
| Source: | Code function: | 0_2_00B7FDA4 | |
| Source: | Code function: | 0_2_00B81D3A | |
| Source: | Code function: | 0_2_00B91D34 | |
| Source: | Code function: | 0_2_00BADD04 | |
| Source: | Code function: | 0_2_00B8AD64 | |
| Source: | Code function: | 0_2_00BB3D54 | |
| Source: | Code function: | 0_2_00B7AE94 | |
| Source: | Code function: | 0_2_00B87EF1 | |
| Source: | Code function: | 0_2_00B8BE68 | |
| Source: | Code function: | 0_2_00B7EF84 | |
| Source: | Code function: | 0_2_00B89F84 | |
| Source: | Code function: | 0_2_00B77F14 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00B70B87 | |
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00BB3158 | |
| Source: | Code function: | 0_2_00B7DE51 | |
| Source: | Code function: | 0_2_00BABFF2 | |
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00B70477 | |
| Source: | Code function: | 0_2_00B70A37 | |
| Source: | Code function: | 0_2_00B71087 | |
| Source: | Code function: | 0_2_00B71086 | |
| Source: | Code function: | 0_2_00B70DE7 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 PowerShell | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 11 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 3 Obfuscated Files or Information | Security Account Manager | 2 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 2 System Information Discovery | Distributed Component Object Model | Input Capture | 113 Application Layer Protocol | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 10% | Virustotal | Browse | ||
| 33% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
| steamcommunity.com | 104.102.49.254 | true | false | high | |
| finickypwk.lat | unknown | unknown | true | unknown | |
| washyceehsu.lat | unknown | unknown | true | unknown | |
| kickykiduz.lat | unknown | unknown | true | unknown | |
| bloodyswif.lat | unknown | unknown | true | unknown | |
| shoefeatthe.lat | unknown | unknown | true | unknown | |
| savorraiykj.lat | unknown | unknown | true | unknown | |
| miniatureyu.lat | unknown | unknown | true | unknown | |
| plodnittpw.lat | unknown | unknown | true | unknown | |
| leggelatez.lat | unknown | unknown | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown | |
| false | high | ||
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.102.49.254 | steamcommunity.com | United States | 16625 | AKAMAI-ASUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1590539 |
| Start date and time: | 2025-01-14 08:54:12 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 2m 51s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 3 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | G7T8lHJWWM.exerenamed because original name is a hash value |
| Original Sample Name: | 3e7395ddfc7e38e08e6be54e3ba7c9de2d7ea1a73c9926ab607c76f3031394f6.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@1/0@10/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
- Excluded IPs from analysis (whitelisted): 20.109.210.53, 2.23.77.188, 13.95.31.18, 13.107.246.45
- Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, e3913.cd.akamaiedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, cac-ocsp.digicert.com.edgekey.net, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 02:55:21 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.102.49.254 | Get hash | malicious | Socks5Systemz | Browse |
| |
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| bg.microsoft.map.fastly.net | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | Strela Downloader | Browse |
| ||
| Get hash | malicious | Quasar, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | CyberGate | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| steamcommunity.com | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, Babadeda, DanaBot, KeyLogger, LummaC Stealer, Poverty Stealer | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| AKAMAI-ASUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | DanaBot, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | DBatLoader | Browse |
| ||
| Get hash | malicious | DBatLoader | Browse |
| ||
| Get hash | malicious | DBatLoader | Browse |
| ||
| Get hash | malicious | DBatLoader | Browse |
| ||
| Get hash | malicious | DBatLoader | Browse |
| ||
| Get hash | malicious | DBatLoader | Browse |
| ||
| Get hash | malicious | DBatLoader, PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.601032134939483 |
| TrID: |
|
| File name: | G7T8lHJWWM.exe |
| File size: | 2'667'856 bytes |
| MD5: | 9928e66ecbb91e45d7d48fafc8a3e21f |
| SHA1: | e5ef6accf90da7c944548ec9196c31a611da5628 |
| SHA256: | 3e7395ddfc7e38e08e6be54e3ba7c9de2d7ea1a73c9926ab607c76f3031394f6 |
| SHA512: | e81ca5273485b2e5ae9c799a702467801624927e712a17829e9f5a73d5f58b3962b0d4b0c7a7ffd581fce3919b048c17b46775fc20c4798a382c5ce479531428 |
| SSDEEP: | 49152:Sw/xoGWh/IMhFzFQfVYkIU1JNmNHp1GR9+p/cqT+Bcx:Sw/CFodhIbP1GRAUq9 |
| TLSH: | 00C58C11B30AC836D07227F4995BAB66A1B1BF643610DD8367E23E1C5EB46C43E3D297 |
| File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
 | |
| Icon Hash: | 0f33dc96c662138e |
| Entrypoint: | 0x4016c8 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED |
| DLL Characteristics: | |
| Time Stamp: | 0x57D1BD3C [Thu Sep 8 19:34:20 2016 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 782537a5fa467186d66af5eac7a5dc70 |
| Signature Valid: | true |
| Signature Issuer: | CN=Certum Extended Validation Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL |
| Signature Validation Error: | The operation completed successfully |
| Error Number: | 0 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | 99CC43DD50C8C235E6703FBFE86B0302 |
| Thumbprint SHA-1: | 21297766029D043DFBA740CD5203E45171FC8EAA |
| Thumbprint SHA-256: | 0A2CAAF3A1E6490DE521CCCA8452705AF0BD9A4A91D7F02CD8D3588404BCF77C |
| Serial: | 502F183B00B497DFC821D09DEB30526B |
| Instruction |
|---|
| jmp 00007F50C4D97402h |
| bound di, dword ptr [edx] |
| inc ebx |
| sub ebp, dword ptr [ebx] |
| dec eax |
| dec edi |
| dec edi |
| dec ebx |
| nop |
| jmp 00007F50C52FF48Dh |
| mov eax, dword ptr [0056808Bh] |
| shl eax, 02h |
| mov dword ptr [0056808Fh], eax |
| push edx |
| push 00000000h |
| call 00007F50C4EFC308h |
| mov edx, eax |
| call 00007F50C4EE922Bh |
| pop edx |
| call 00007F50C4EE9189h |
| call 00007F50C4EE9260h |
| push 00000000h |
| call 00007F50C4EEB8D9h |
| pop ecx |
| push 00568034h |
| push 00000000h |
| call 00007F50C4EFC2E2h |
| mov dword ptr [00568093h], eax |
| push 00000000h |
| jmp 00007F50C4EF58C0h |
| jmp 00007F50C4EEB907h |
| xor eax, eax |
| mov al, byte ptr [0056807Dh] |
| ret |
| mov eax, dword ptr [00568093h] |
| ret |
| pushad |
| mov ebx, BCB05000h |
| push ebx |
| push 00000BADh |
| ret |
| mov ecx, 000000CCh |
| or ecx, ecx |
| je 00007F50C4D9743Fh |
| cmp dword ptr [0056808Bh], 00000000h |
| jnc 00007F50C4D973FCh |
| mov eax, 000000FEh |
| call 00007F50C4D973CCh |
| mov ecx, 000000CCh |
| push ecx |
| push 00000008h |
| call 00007F50C4EFC29Fh |
| push eax |
| call 00007F50C4EFC3A1h |
| or eax, eax |
| jne 00007F50C4D973FCh |
| mov eax, 000000FDh |
| call 00007F50C4D973ABh |
| push eax |
| push eax |
| push dword ptr [0056808Bh] |
| call 00007F50C4EF5A8Ah |
| push dword ptr [0056808Bh] |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x1b3000 | 0x21754 | .edata |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1af000 | 0x3ebb | .idata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1d5000 | 0x68400 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x288c00 | 0x2950 | .reloc |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x1ae000 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x167000 | 0x166400 | 114461da172a78854a3047f93a577af5 | False | 0.48329757828855546 | data | 6.5422380481820674 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .data | 0x168000 | 0x45000 | 0x3d000 | 1ba3b0fbc421256da49335c0cd5e4580 | False | 0.3366178919057377 | data | 5.055084597758105 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .tls | 0x1ad000 | 0x1000 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rdata | 0x1ae000 | 0x1000 | 0x200 | 04893e65da93b44426dd8c0b15bd02d1 | False | 0.05078125 | data | 0.2044881574398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
| .idata | 0x1af000 | 0x4000 | 0x4000 | e7b5fa464c7584ec15a6d24157210fbf | False | 0.304931640625 | data | 5.240601010287695 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .edata | 0x1b3000 | 0x22000 | 0x21800 | d230081f8c46f8527715decf71e70a0b | False | 0.20841592817164178 | data | 5.648414786049198 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0x1d5000 | 0x69000 | 0x68400 | 1c963a1db28f7b1e42ba9545736ab3a3 | False | 0.19399636540767387 | data | 4.206417940488535 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x23e000 | 0x750b2 | 0x57200 | da655f7be3e170b61315e9dd39a88a7a | False | 0.680472112625538 | data | 7.491683269793998 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_CURSOR | 0x1d635c | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | 0.38636363636363635 | ||
| RT_CURSOR | 0x1d6490 | 0x134 | data | 0.4642857142857143 | ||
| RT_CURSOR | 0x1d65c4 | 0x134 | data | 0.4805194805194805 | ||
| RT_CURSOR | 0x1d66f8 | 0x134 | data | 0.38311688311688313 | ||
| RT_CURSOR | 0x1d682c | 0x134 | data | 0.36038961038961037 | ||
| RT_CURSOR | 0x1d6960 | 0x134 | data | 0.4090909090909091 | ||
| RT_CURSOR | 0x1d6a94 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | 0.4967532467532468 | ||
| RT_BITMAP | 0x1d6bc8 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.43103448275862066 | ||
| RT_BITMAP | 0x1d6d98 | 0x1e4 | Device independent bitmap graphic, 36 x 19 x 4, image size 380 | 0.46487603305785125 | ||
| RT_BITMAP | 0x1d6f7c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.43103448275862066 | ||
| RT_BITMAP | 0x1d714c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39870689655172414 | ||
| RT_BITMAP | 0x1d731c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.4245689655172414 | ||
| RT_BITMAP | 0x1d74ec | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5021551724137931 | ||
| RT_BITMAP | 0x1d76bc | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5064655172413793 | ||
| RT_BITMAP | 0x1d788c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39655172413793105 | ||
| RT_BITMAP | 0x1d7a5c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.5344827586206896 | ||
| RT_BITMAP | 0x1d7c2c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | 0.39655172413793105 | ||
| RT_BITMAP | 0x1d7dfc | 0xd8 | Device independent bitmap graphic, 14 x 14 x 4, image size 112 | 0.4074074074074074 | ||
| RT_BITMAP | 0x1d7ed4 | 0xd8 | Device independent bitmap graphic, 14 x 14 x 4, image size 112 | 0.38425925925925924 | ||
| RT_BITMAP | 0x1d7fac | 0xd8 | Device independent bitmap graphic, 14 x 14 x 4, image size 112 | 0.35185185185185186 | ||
| RT_BITMAP | 0x1d8084 | 0xd8 | Device independent bitmap graphic, 14 x 14 x 4, image size 112 | 0.5509259259259259 | ||
| RT_BITMAP | 0x1d815c | 0xd8 | Device independent bitmap graphic, 14 x 14 x 4, image size 112 | 0.4074074074074074 | ||
| RT_BITMAP | 0x1d8234 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | 0.4870689655172414 | ||
| RT_BITMAP | 0x1d831c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | English | United States | 0.32908163265306123 |
| RT_BITMAP | 0x1d84a4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | English | United States | 0.32908163265306123 |
| RT_BITMAP | 0x1d862c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | English | United States | 0.3137755102040816 |
| RT_BITMAP | 0x1d87b4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | English | United States | 0.33418367346938777 |
| RT_ICON | 0x1d893c | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | German | Germany | 0.5405405405405406 |
| RT_ICON | 0x1d8a64 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | German | Germany | 0.31647398843930635 |
| RT_ICON | 0x1d8fcc | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | German | Germany | 0.48936170212765956 |
| RT_ICON | 0x1d9434 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | German | Germany | 0.5094086021505376 |
| RT_ICON | 0x1d971c | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | German | Germany | 0.44945848375451264 |
| RT_ICON | 0x1d9fc4 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | German | Germany | 0.33419324577861165 |
| RT_ICON | 0x1db06c | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 0 | German | Germany | 0.42317073170731706 |
| RT_ICON | 0x1db6d4 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | German | Germany | 0.43150319829424305 |
| RT_ICON | 0x1dc57c | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | German | Germany | 0.2654564315352697 |
| RT_ICON | 0x1deb24 | 0x42028 | Device independent bitmap graphic, 256 x 512 x 32, image size 0 | German | Germany | 0.06756146995295441 |
| RT_DIALOG | 0x220b4c | 0x52 | data | 0.7682926829268293 | ||
| RT_STRING | 0x220ba0 | 0xe8 | data | 0.5172413793103449 | ||
| RT_STRING | 0x220c88 | 0xec | data | 0.5508474576271186 | ||
| RT_STRING | 0x220d74 | 0x210 | data | 0.4715909090909091 | ||
| RT_STRING | 0x220f84 | 0x3c0 | data | 0.3614583333333333 | ||
| RT_STRING | 0x221344 | 0x35c | data | 0.4104651162790698 | ||
| RT_STRING | 0x2216a0 | 0x310 | data | 0.36607142857142855 | ||
| RT_STRING | 0x2219b0 | 0x3ec | data | 0.33565737051792827 | ||
| RT_STRING | 0x221d9c | 0x398 | data | 0.38369565217391305 | ||
| RT_STRING | 0x222134 | 0x3f0 | data | 0.3412698412698413 | ||
| RT_STRING | 0x222524 | 0x454 | data | 0.41245487364620936 | ||
| RT_STRING | 0x222978 | 0x40c | data | 0.42084942084942084 | ||
| RT_STRING | 0x222d84 | 0x1bc | data | 0.5225225225225225 | ||
| RT_STRING | 0x222f40 | 0xec | data | 0.597457627118644 | ||
| RT_STRING | 0x22302c | 0x24c | data | 0.4523809523809524 | ||
| RT_STRING | 0x223278 | 0x140 | data | 0.55625 | ||
| RT_STRING | 0x2233b8 | 0x428 | data | 0.37781954887218044 | ||
| RT_STRING | 0x2237e0 | 0x40c | data | 0.37934362934362936 | ||
| RT_STRING | 0x223bec | 0x4ec | data | 0.3531746031746032 | ||
| RT_STRING | 0x2240d8 | 0x444 | data | 0.33791208791208793 | ||
| RT_RCDATA | 0x22451c | 0x10 | data | 1.5 | ||
| RT_RCDATA | 0x22452c | 0x5b2f | Delphi compiled form 'TAboutForm' | 0.9458510045838153 | ||
| RT_RCDATA | 0x22a05c | 0x265 | Delphi compiled form 'TCallbackForm' | 0.6508972267536705 | ||
| RT_RCDATA | 0x22a2c4 | 0xe6e | Delphi compiled form 'TConfigurationDlg' | 0.3952355170546833 | ||
| RT_RCDATA | 0x22b134 | 0x695 | Delphi compiled form 'TCreateRandDataFileDlg' | 0.4362017804154303 | ||
| RT_RCDATA | 0x22b7cc | 0x5ba | Delphi compiled form 'TCreateTrigramFileDlg' | 0.43997271487039563 | ||
| RT_RCDATA | 0x22bd88 | 0xbfdf | Delphi compiled form 'TMainForm' | 0.38683605122254117 | ||
| RT_RCDATA | 0x237d68 | 0x2360 | Delphi compiled form 'TMPPasswGenDlg' | 0.3099602473498233 | ||
| RT_RCDATA | 0x23a0c8 | 0x613 | Delphi compiled form 'TPasswEnterDlg' | 0.40514469453376206 | ||
| RT_RCDATA | 0x23a6dc | 0x618 | Delphi compiled form 'TPasswListForm' | 0.42948717948717946 | ||
| RT_RCDATA | 0x23acf4 | 0xe1d | Delphi compiled form 'TPasswOptionsDlg' | 0.40381954054802105 | ||
| RT_RCDATA | 0x23bb14 | 0x685 | Delphi compiled form 'TProfileEditDlg' | 0.4415817855002996 | ||
| RT_RCDATA | 0x23c19c | 0x456 | Delphi compiled form 'TProvideEntropyDlg' | 0.5900900900900901 | ||
| RT_RCDATA | 0x23c5f4 | 0x4c1 | Delphi compiled form 'TQuickHelpForm' | 0.485620377978636 | ||
| RT_GROUP_CURSOR | 0x23cab8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
| RT_GROUP_CURSOR | 0x23cacc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
| RT_GROUP_CURSOR | 0x23cae0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x23caf4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x23cb08 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x23cb1c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x23cb30 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_ICON | 0x23cb44 | 0x92 | data | German | Germany | 0.6164383561643836 |
| RT_VERSION | 0x23cbd8 | 0x324 | data | English | United States | 0.4689054726368159 |
| RT_MANIFEST | 0x23cefc | 0x38e | XML 1.0 document, ASCII text, with CRLF line terminators | German | Germany | 0.45604395604395603 |
| DLL | Import |
|---|---|
| ADVAPI32.DLL | CryptAcquireContextA, CryptGenRandom, GetUserNameA, GetUserNameW, RegCloseKey, RegFlushKey, RegOpenKeyExA, RegQueryValueExA |
| KERNEL32.DLL | CloseHandle, CompareStringA, CompareStringW, CopyFileA, CopyFileW, CreateDirectoryA, CreateDirectoryW, CreateEventA, CreateFileA, CreateFileW, CreateMutexA, CreateProcessA, CreateProcessW, CreateThread, DeleteCriticalSection, DeleteFileA, DeleteFileW, EnterCriticalSection, EnumCalendarInfoA, ExitProcess, ExitThread, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FindResourceW, FormatMessageA, FormatMessageW, FreeLibrary, FreeResource, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetComputerNameA, GetComputerNameW, GetCurrencyFormatA, GetCurrencyFormatW, GetCurrentDirectoryA, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatA, GetDiskFreeSpaceA, GetDiskFreeSpaceW, GetDriveTypeA, GetEnvironmentStrings, GetEnvironmentVariableA, GetExitCodeThread, GetFileAttributesA, GetFileAttributesW, GetFileSize, GetFileType, GetFullPathNameA, GetFullPathNameW, GetLastError, GetLocalTime, GetLocaleInfoA, GetLocaleInfoW, GetLogicalDrives, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetOEMCP, GetProcAddress, GetProcessHeap, GetProcessTimes, GetProcessWorkingSetSize, GetProfileStringA, GetShortPathNameA, GetShortPathNameW, GetStartupInfoA, GetStdHandle, GetStringTypeA, GetStringTypeExA, GetStringTypeExW, GetStringTypeW, GetSystemDefaultLCID, GetSystemDefaultLangID, GetSystemDirectoryA, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetTempFileNameA, GetTempFileNameW, GetTempPathA, GetTempPathW, GetThreadLocale, GetThreadTimes, GetTickCount, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultLangID, GetVersion, GetVersionExA, GetVolumeInformationW, GetWindowsDirectoryA, GetWindowsDirectoryW, GlobalAddAtomA, GlobalAlloc, GlobalDeleteAtom, GlobalFindAtomA, GlobalFree, GlobalHandle, GlobalLock, GlobalMemoryStatus, GlobalReAlloc, GlobalSize, GlobalUnlock, HeapAlloc, HeapFree, InitializeCriticalSection, InterlockedDecrement, InterlockedExchange, InterlockedIncrement, IsProcessorFeaturePresent, IsValidLocale, LCMapStringA, LCMapStringW, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadResource, LocalAlloc, LocalFree, LockResource, MoveFileA, MoveFileW, MulDiv, MultiByteToWideChar, OutputDebugStringA, QueryPerformanceCounter, QueryPerformanceFrequency, RaiseException, ReadFile, RemoveDirectoryA, RemoveDirectoryW, ResetEvent, ResumeThread, RtlUnwind, SetConsoleCtrlHandler, SetCurrentDirectoryA, SetCurrentDirectoryW, SetEndOfFile, SetEnvironmentVariableA, SetErrorMode, SetEvent, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetHandleCount, SetLastError, SetThreadLocale, SetThreadPriority, SizeofResource, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualLock, VirtualProtect, VirtualQuery, VirtualUnlock, WaitForSingleObject, WideCharToMultiByte, WriteFile, WriteProfileStringA, lstrcmpA, lstrcmpW, lstrcpyA, lstrcpynA, lstrlenA, GetVolumeInformationA |
| VERSION.DLL | GetFileVersionInfoA, GetFileVersionInfoSizeA, GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueA, VerQueryValueW |
| WINSPOOL.DRV | ClosePrinter, DocumentPropertiesA, EnumPrintersA, OpenPrinterA |
| COMCTL32.DLL | ImageList_Add, ImageList_BeginDrag, ImageList_Create, ImageList_Destroy, ImageList_DragEnter, ImageList_DragLeave, ImageList_DragMove, ImageList_DragShowNolock, ImageList_Draw, ImageList_DrawEx, ImageList_EndDrag, ImageList_GetBkColor, ImageList_GetDragImage, ImageList_GetIconSize, ImageList_GetImageCount, ImageList_Read, ImageList_Remove, ImageList_Replace, ImageList_ReplaceIcon, ImageList_SetBkColor, ImageList_SetDragCursorImage, ImageList_SetIconSize, ImageList_Write |
| COMDLG32.DLL | ChooseColorA, ChooseFontA, FindTextA, GetOpenFileNameA, GetOpenFileNameW, GetSaveFileNameA, PrintDlgA, ReplaceTextA, GetSaveFileNameW |
| GDI32.DLL | BitBlt, CombineRgn, CopyEnhMetaFileA, CreateBitmap, CreateBrushIndirect, CreateCompatibleBitmap, CreateCompatibleDC, CreateDCA, CreateDIBSection, CreateDIBitmap, CreateFontIndirectA, CreateHalftonePalette, CreateICA, CreatePalette, CreatePenIndirect, CreateRectRgn, CreateSolidBrush, DeleteDC, DeleteEnhMetaFile, DeleteObject, Ellipse, EndDoc, EndPage, EnumFontFamiliesExA, ExcludeClipRect, ExtCreatePen, ExtTextOutA, ExtTextOutW, GdiFlush, GetBitmapBits, GetBrushOrgEx, GetClipBox, GetClipRgn, GetCurrentPositionEx, GetDCOrgEx, GetDIBColorTable, GetDIBits, GetDeviceCaps, GetEnhMetaFileBits, GetEnhMetaFileHeader, GetEnhMetaFilePaletteEntries, GetObjectA, GetPaletteEntries, GetPixel, GetRgnBox, GetStockObject, GetSystemPaletteEntries, GetTextExtentPoint32A, GetTextExtentPoint32W, GetTextExtentPointA, GetTextExtentPointW, GetTextMetricsA, GetWinMetaFileBits, GetWindowOrgEx, IntersectClipRect, LineTo, MaskBlt, MoveToEx, PatBlt, Pie, PlayEnhMetaFile, PolyPolyline, Polyline, RealizePalette, RectVisible, Rectangle, RestoreDC, RoundRect, SaveDC, SelectClipRgn, SelectObject, SelectPalette, SetAbortProc, SetBkColor, SetBkMode, SetBrushOrgEx, SetDIBColorTable, SetEnhMetaFileBits, SetMapMode, SetPixel, SetROP2, SetStretchBltMode, SetTextColor, SetViewportExtEx, SetViewportOrgEx, SetWinMetaFileBits, SetWindowExtEx, SetWindowOrgEx, StartDocA, StartPage, StretchBlt, TranslateCharsetInfo, UnrealizeObject |
| SHELL32.DLL | ExtractAssociatedIconA, ExtractAssociatedIconW, ExtractIconExA, ExtractIconExW, SHBrowseForFolderA, SHFileOperationA, SHFreeNameMappings, SHGetFileInfoA, ShellExecuteA, ShellExecuteW, Shell_NotifyIconA, Shell_NotifyIconW, SHGetPathFromIDListA |
| SHFOLDER.DLL | SHGetFolderPathA, SHGetFolderPathW |
| USER32.DLL | ActivateKeyboardLayout, AdjustWindowRectEx, BeginDeferWindowPos, BeginPaint, BringWindowToTop, CallNextHookEx, CallWindowProcA, CallWindowProcW, CharLowerA, CharLowerBuffA, CharLowerBuffW, CharLowerW, CharNextA, CharUpperA, CharUpperBuffA, CharUpperBuffW, CharUpperW, CheckMenuItem, ChildWindowFromPoint, ClientToScreen, CloseClipboard, CreateIcon, CreateMDIWindowW, CreateMenu, CreatePopupMenu, CreateWindowExA, CreateWindowExW, DefFrameProcA, DefFrameProcW, DefMDIChildProcA, DefMDIChildProcW, DefWindowProcA, DefWindowProcW, DeferWindowPos, DeleteMenu, DestroyCursor, DestroyIcon, DestroyMenu, DestroyWindow, DispatchMessageA, DispatchMessageW, DrawEdge, DrawFocusRect, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawTextA, DrawTextW, EmptyClipboard, EnableMenuItem, EnableScrollBar, EnableWindow, EndDeferWindowPos, EndPaint, EnumClipboardFormats, EnumThreadWindows, EnumWindows, EqualRect, FillRect, FindWindowA, FrameRect, GetActiveWindow, GetCapture, GetCaretBlinkTime, GetCaretPos, GetClassInfoA, GetClassInfoW, GetClassNameA, GetClassNameW, GetClientRect, GetClipboardData, GetClipboardOwner, GetClipboardViewer, GetCursor, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetDialogBaseUnits, GetDlgItem, GetDoubleClickTime, GetFocus, GetForegroundWindow, GetIconInfo, GetInputState, GetKeyNameTextA, GetKeyNameTextW, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetMenu, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuItemInfoW, GetMenuState, GetMenuStringA, GetMenuStringW, GetMessagePos, GetMessageTime, GetOpenClipboardWindow, GetParent, GetProcessWindowStation, GetPropA, GetQueueStatus, GetScrollInfo, GetScrollPos, GetScrollRange, GetSubMenu, GetSystemMenu, GetSystemMetrics, GetTopWindow, GetUpdateRect, GetWindow, GetWindowDC, GetWindowLongA, GetWindowLongW, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowTextLengthW, GetWindowTextW, GetWindowThreadProcessId, InflateRect, InsertMenuA, InsertMenuItemA, InsertMenuItemW, IntersectRect, InvalidateRect, IsCharAlphaA, IsCharAlphaNumericA, IsChild, IsClipboardFormatAvailable, IsDialogMessageA, IsDialogMessageW, IsIconic, IsRectEmpty, IsWindow, IsWindowEnabled, IsWindowUnicode, IsWindowVisible, IsZoomed, KillTimer, LoadBitmapA, LoadCursorA, LoadIconA, LoadImageA, LoadKeyboardLayoutA, LoadStringA, LoadStringW, MapVirtualKeyA, MapVirtualKeyW, MapWindowPoints, MessageBeep, MessageBoxA, MessageBoxW, MsgWaitForMultipleObjects, OemToCharA, OffsetRect, OpenClipboard, PeekMessageA, PostMessageA, PostMessageW, PostQuitMessage, PtInRect, RedrawWindow, RegisterClassA, RegisterClassW, RegisterClipboardFormatA, RegisterHotKey, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemoveMenu, RemovePropA, ScreenToClient, ScrollWindow, ScrollWindowEx, SendDlgItemMessageA, SendMessageA, SendMessageTimeoutA, SendMessageW, SetActiveWindow, SetCapture, SetClassLongA, SetClipboardData, SetCursor, SetFocus, SetForegroundWindow, SetKeyboardState, SetMenu, SetMenuItemInfoA, SetMenuItemInfoW, SetPropA, SetRect, SetScrollInfo, SetScrollPos, SetScrollRange, SetTimer, SetWindowLongA, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowTextA, SetWindowTextW, SetWindowsHookExA, SetWindowsHookExW, ShowCursor, ShowOwnedPopups, ShowScrollBar, ShowWindow, SystemParametersInfoA, TrackPopupMenu, TranslateMDISysAccel, TranslateMessage, UnhookWindowsHookEx, UnionRect, UnregisterClassA, UnregisterClassW, UnregisterHotKey, UpdateWindow, ValidateRect, VkKeyScanW, WaitMessage, WinHelpA, WindowFromPoint, wsprintfA, GetSysColor |
| OLE32.DLL | CoCreateInstance, CoInitialize, CoLockObjectExternal, CoTaskMemAlloc, CoTaskMemFree, CoUninitialize, DoDragDrop, IsEqualGUID, OleInitialize, OleUninitialize, ProgIDFromCLSID, RegisterDragDrop, ReleaseStgMedium, RevokeDragDrop, StringFromCLSID |
| OLEAUT32.DLL | GetActiveObject, GetErrorInfo, SafeArrayCreate, SafeArrayGetElement, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayRedim, SysAllocStringLen, SysFreeString, SysReAllocStringLen, VarCyFromStr, VarDateFromStr, VariantChangeType, VariantClear, VariantCopy, VariantCopyInd, VariantInit |
| WININET.DLL | DeleteUrlCacheEntryA, DeleteUrlCacheEntryW |
| URLMON.DLL | URLDownloadToCacheFileA, URLDownloadToCacheFileW |
| Name | Ordinal | Address |
|---|---|---|
| @$xp$10TCCalendar | 2066 | 0x51a028 |
| @$xp$17TPerformanceGraph | 2139 | 0x51fd70 |
| @$xp$17Tntforms@TTntForm | 742 | 0x4e0458 |
| @$xp$18Tntforms@TFormProc | 735 | 0x4df7b4 |
| @$xp$18Tntforms@TTntFrame | 740 | 0x4dfbec |
| @$xp$20Tntstdctrls@TTntEdit | 862 | 0x4e4a1c |
| @$xp$20Tntstdctrls@TTntMemo | 868 | 0x4e5648 |
| @$xp$21Tntbuttons@TTntBitBtn | 1661 | 0x4f905c |
| @$xp$21Tntextctrls@TTntBevel | 1182 | 0x4ef4c0 |
| @$xp$21Tntextctrls@TTntImage | 1180 | 0x4ef35c |
| @$xp$21Tntextctrls@TTntPanel | 1186 | 0x4ef7a8 |
| @$xp$21Tntextctrls@TTntShape | 1176 | 0x4ef0cc |
| @$xp$21Tntmenus@TTntMainMenu | 812 | 0x4e2348 |
| @$xp$21Tntmenus@TTntMenuItem | 810 | 0x4e2248 |
| @$xp$21Tntstdctrls@TTntLabel | 889 | 0x4e7df0 |
| @$xp$22Tntactnlist@ITntAction | 1278 | 0x4f2430 |
| @$xp$22Tntactnlist@TTntAction | 1282 | 0x4f26ac |
| @$xp$22Tntclasses@TTntStrings | 152 | 0x4cbe48 |
| @$xp$22Tntcomctrls@TTntUpDown | 326 | 0x4d36dc |
| @$xp$22Tntforms@TTntScrollBox | 736 | 0x4df8f4 |
| @$xp$22Tntmenus@TTntPopupList | 816 | 0x4e24a8 |
| @$xp$22Tntmenus@TTntPopupMenu | 814 | 0x4e2410 |
| @$xp$22Tntstdctrls@TTntButton | 891 | 0x4e84e0 |
| @$xp$23Tntclasses@TAnsiStrings | 164 | 0x4cc200 |
| @$xp$23Tntcomctrls@TTntToolBar | 306 | 0x4d1660 |
| @$xp$23Tntgraphics@TTntPicture | 798 | 0x4e1d20 |
| @$xp$23Tntstdactns@TTntEditCut | 1364 | 0x4f4840 |
| @$xp$23Tntstdctrls@TTntListBox | 885 | 0x4e72b4 |
| @$xp$23Tntsysutils@TSearchRecW | 1763 | 0x4fc9e0 |
| @$xp$24Activeimm_tlb@IActiveIME | 67 | 0x4c9eac |
| @$xp$24Tntclipbrd@TTntClipboard | 1651 | 0x4f8a20 |
| @$xp$24Tntcomctrls@TTntListItem | 288 | 0x4cfcb4 |
| @$xp$24Tntcomctrls@TTntListView | 302 | 0x4d051c |
| @$xp$24Tntcomctrls@TTntRichEdit | 310 | 0x4d1a1c |
| @$xp$24Tntcomctrls@TTntTabSheet | 316 | 0x4d2f3c |
| @$xp$24Tntcomctrls@TTntTrackBar | 320 | 0x4d3278 |
| @$xp$24Tntcomctrls@TTntTreeNode | 281 | 0x4cfa78 |
| @$xp$24Tntcomctrls@TTntTreeView | 353 | 0x4d5130 |
| @$xp$24Tntcontrols@TWideCaption | 691 | 0x4dd348 |
| @$xp$24Tntextctrls@TTntPaintBox | 1178 | 0x4ef214 |
| @$xp$24Tntextctrls@TTntSplitter | 1196 | 0x4f1380 |
| @$xp$24Tntforms@TTntApplication | 733 | 0x4df788 |
| @$xp$24Tntforms@TTntCustomFrame | 738 | 0x4dfa78 |
| @$xp$24Tntstdactns@TTntEditCopy | 1366 | 0x4f49bc |
| @$xp$24Tntstdactns@TTntEditUndo | 1372 | 0x4f4e34 |
| @$xp$24Tntstdactns@TTntFileExit | 1412 | 0x4f6c38 |
| @$xp$24Tntstdactns@TTntFileOpen | 1404 | 0x4f65d8 |
| @$xp$24Tntstdactns@TTntFontEdit | 1424 | 0x4f750c |
| @$xp$24Tntstdactns@TTntPrintDlg | 1428 | 0x4f7804 |
| @$xp$24Tntstdctrls@TTntCheckBox | 895 | 0x4e880c |
| @$xp$24Tntstdctrls@TTntComboBox | 876 | 0x4e63dc |
| @$xp$24Tntstdctrls@TTntGroupBox | 903 | 0x4e9408 |
| @$xp$25Activeimm_tlb@IActiveIME2 | 68 | 0x4c9ee4 |
| @$xp$25Activeimm_tlb@TCActiveIMM | 72 | 0x4ca054 |
| @$xp$25Tntclasses@TTntFileStream | 158 | 0x4cbf94 |
| @$xp$25Tntclasses@TTntStringList | 154 | 0x4cbe98 |
| @$xp$25Tntclasses@TntClasses__11 | 175 | 0x4cc6a8 |
| @$xp$25Tntcomctrls@TTntListItems | 292 | 0x4cfde4 |
| @$xp$25Tntcomctrls@TTntStatusBar | 340 | 0x4d445c |
| @$xp$25Tntcomctrls@TTntTreeNodes | 345 | 0x4d4bdc |
| @$xp$25Tntdialogs@TTntOpenDialog | 1863 | 0x4ff604 |
| @$xp$25Tntdialogs@TTntSaveDialog | 1865 | 0x4ff7a8 |
| @$xp$25Tntstdactns@TTntEditPaste | 1368 | 0x4f4b34 |
| @$xp$25Tntstdctrls@TTntScrollBar | 899 | 0x4e910c |
| @$xp$25Tntsysutils@ETntUserError | 1756 | 0x4fc834 |
| @$xp$25Tntsysutils@TWideFileName | 1762 | 0x4fc9cc |
| @$xp$26Activeimm_tlb@CoCActiveIMM | 70 | 0x4c9f78 |
| @$xp$26Tntactnlist@TTntActionList | 1277 | 0x4f2404 |
| @$xp$26Tntbuttons@ITntGlyphButton | 1657 | 0x4f8c38 |
| @$xp$26Tntbuttons@TTntSpeedButton | 1659 | 0x4f8e0c |
| @$xp$26Tntchecklst@TntCheckLst__2 | 1151 | 0x4ee8a8 |
| @$xp$26Tntchecklst@TntCheckLst__3 | 1152 | 0x4ee8cc |
| @$xp$26Tntchecklst@TntCheckLst__4 | 1153 | 0x4ee8f0 |
| @$xp$26Tntcomctrls@TTntListColumn | 284 | 0x4cfb34 |
| @$xp$26Tntcomctrls@TTntTabControl | 314 | 0x4d2684 |
| @$xp$26Tntcomctrls@TTntToolButton | 304 | 0x4d1464 |
| @$xp$26Tntcontrols@TTntHintWindow | 695 | 0x4dd610 |
| @$xp$26Tntextctrls@TTntControlBar | 1190 | 0x4f02a4 |
| @$xp$26Tntextctrls@TTntRadioGroup | 1194 | 0x4f0d70 |
| @$xp$26Tntstdactns@TTntEditAction | 1362 | 0x4f46c8 |
| @$xp$26Tntstdactns@TTntEditDelete | 1374 | 0x4f4fac |
| @$xp$26Tntstdactns@TTntFileAction | 1402 | 0x4f649c |
| @$xp$26Tntstdactns@TTntFileSaveAs | 1408 | 0x4f6918 |
| @$xp$26Tntstdactns@TTntHelpAction | 1390 | 0x4f5bd4 |
| @$xp$26Tntstdactns@TTntHelpOnHelp | 1396 | 0x4f604c |
| @$xp$26Tntstdactns@TTntHintAction | 1360 | 0x4f456c |
| @$xp$26Tntstdactns@TTntSearchFind | 1416 | 0x4f6efc |
| @$xp$26Tntstdctrls@TTntCustomEdit | 860 | 0x4e4880 |
| @$xp$26Tntstdctrls@TTntCustomMemo | 866 | 0x4e54a4 |
| @$xp$26Tntstdctrls@TTntStaticText | 907 | 0x4e9cb4 |
| @$xp$26Tntsystem@TTntSystemUpdate | 1910 | 0x501894 |
| @$xp$27Activeimm_tlb@IActiveIMMApp | 65 | 0x4c9e34 |
| @$xp$27Activeimm_tlb@IActiveIMMIME | 66 | 0x4c9e70 |
| @$xp$27Cdiroutl@TCDirectoryOutline | 2088 | 0x51be80 |
| @$xp$27Tntclasses@TSetAnsiStrEvent | 178 | 0x4cc790 |
| @$xp$27Tntclasses@TTntMemoryStream | 160 | 0x4cc040 |
| @$xp$27Tntcomctrls@TTntListColumns | 286 | 0x4cfc08 |
| @$xp$27Tntcomctrls@TTntPageControl | 318 | 0x4d3100 |
| @$xp$27Tntcomctrls@TTntProgressBar | 322 | 0x4d33f4 |
| @$xp$27Tntcomctrls@TTntStatusPanel | 334 | 0x4d4078 |
| @$xp$27Tntextctrls@TTntCustomPanel | 1184 | 0x4ef63c |
| @$xp$27Tntstdactns@TTntColorSelect | 1426 | 0x4f7684 |
| @$xp$27Tntstdactns@TTntWindowClose | 1378 | 0x4f52a8 |
| @$xp$27Tntstdctrls@TTntCustomLabel | 887 | 0x4e7cb4 |
| @$xp$27Tntstdctrls@TTntMemoStrings | 864 | 0x4e5308 |
| @$xp$27Tntstdctrls@TTntRadioButton | 897 | 0x4e8f70 |
| @$xp$27Tntwidestrings@TWideStrings | 1978 | 0x504a1c |
| @$xp$28Tntactnlist@TTntCustomAction | 1280 | 0x4f2574 |
| @$xp$28Tntchecklst@TTntCheckListBox | 1155 | 0x4eeb20 |
| @$xp$28Tntclasses@TTntStreamCharSet | 155 | 0x4cbec4 |
| @$xp$28Tntcomctrls@TTntCustomUpDown | 324 | 0x4d3570 |
| @$xp$28Tntcomctrls@TTntPageScroller | 332 | 0x4d3f98 |
| @$xp$28Tntcomctrls@TTntStatusPanels | 336 | 0x4d414c |
| @$xp$28Tntstdactns@TTntFileOpenWith | 1406 | 0x4f6778 |
| @$xp$28Tntstdactns@TTntHelpContents | 1392 | 0x4f5d50 |
| @$xp$28Tntstdactns@TTntSearchAction | 1414 | 0x4f6db8 |
| @$xp$28Tntstdactns@TTntWindowAction | 1376 | 0x4f512c |
| @$xp$28Tntsysutils@ETntGeneralError | 1758 | 0x4fc8c0 |
| @$xp$29Tntclasses@TListTargetCompare | 156 | 0x4cbec4 |
| @$xp$29Tntclasses@TTntResourceStream | 162 | 0x4cc0ec |
| @$xp$29Tntcomctrls@TTntLVEditedEvent | 293 | 0x4cfe10 |
| @$xp$29Tntcomctrls@TTntMonthCalendar | 330 | 0x4d3df8 |
| @$xp$29Tntcomctrls@TTntTVEditedEvent | 346 | 0x4d4c08 |
| @$xp$29Tntcomctrls@TTntTreeNodeClass | 283 | 0x4cfaa4 |
| @$xp$29Tntdialogs@TIncludeItemEventW | 1861 | 0x4ff4e4 |
| @$xp$29Tntstdactns@TTntEditSelectAll | 1370 | 0x4f4cb4 |
| @$xp$29Tntstdactns@TTntSearchReplace | 1418 | 0x4f7080 |
| @$xp$29Tntstdactns@TTntWindowArrange | 1388 | 0x4f5a58 |
| @$xp$29Tntstdactns@TTntWindowCascade | 1380 | 0x4f542c |
| @$xp$29Tntstdctrls@TTntCustomListBox | 883 | 0x4e710c |
| @$xp$29Tntstdctrls@TWMCharMsgHandler | 871 | 0x4e5f6c |
| @$xp$29Tntsystem@TTntSystemUpdateSet | 1911 | 0x501910 |
| @$xp$29Tntsysutils@ETntInternalError | 1760 | 0x4fc950 |
| @$xp$30Tntactnlist@TTntMenuActionLink | 1284 | 0x4f27f4 |
| @$xp$30Tntclasses@TBufferedAnsiString | 172 | 0x4cc5d4 |
| @$xp$30Tntclasses@TBufferedWideString | 174 | 0x4cc678 |
| @$xp$30Tntcomctrls@TTntCustomListView | 300 | 0x4d0334 |
| @$xp$30Tntcomctrls@TTntCustomRichEdit | 308 | 0x4d186c |
| @$xp$30Tntcomctrls@TTntCustomTreeView | 351 | 0x4d4f80 |
| @$xp$30Tntcomctrls@TTntDateTimePicker | 328 | 0x4d3c5c |
| @$xp$30Tntstdactns@TTntFilePrintSetup | 1410 | 0x4f6abc |
| @$xp$30Tntstdactns@TTntSearchFindNext | 1422 | 0x4f738c |
| @$xp$30Tntstdctrls@TTntCustomCheckBox | 893 | 0x4e8690 |
| @$xp$30Tntstdctrls@TTntCustomComboBox | 874 | 0x4e620c |
| @$xp$30Tntstdctrls@TTntCustomGroupBox | 901 | 0x4e9294 |
| @$xp$30Tntstdctrls@TTntListBoxStrings | 881 | 0x4e6ef4 |
| @$xp$30Tntwidestrings@TWideStringItem | 1972 | 0x504824 |
| @$xp$31Activeimm_tlb@IEnumInputContext | 62 | 0x4c9d6c |
| @$xp$31Tntclasses@TWideComponentHelper | 180 | 0x4cc84c |
| @$xp$31Tntcomctrls@TTntCustomStatusBar | 338 | 0x4d42dc |
| @$xp$31Tntstdactns@TTntHelpTopicSearch | 1394 | 0x4f5ecc |
| @$xp$31Tntstdactns@TTntSearchFindFirst | 1420 | 0x4f7208 |
| @$xp$31Tntstdctrls@ITntComboFindString | 872 | 0x4e5f98 |
| @$xp$31Tntstdctrls@TLBGetWideDataEvent | 877 | 0x4e6c24 |
| @$xp$31Tntstdctrls@TTntComboBoxStrings | 870 | 0x4e5f38 |
| @$xp$32Activeimm_tlb@IEnumRegisterWordA | 60 | 0x4c9cec |
| @$xp$32Activeimm_tlb@IEnumRegisterWordW | 61 | 0x4c9d2c |
| @$xp$32Tntactnlist@TTntButtonActionLink | 1294 | 0x4f2da4 |
| @$xp$32Tntclasses@TBufferedStreamReader | 177 | 0x4cc75c |
| @$xp$32Tntcomctrls@TTntCustomTabControl | 312 | 0x4d2504 |
| @$xp$32Tntcontrols@TTntCustomHintWindow | 693 | 0x4dd4a4 |
| @$xp$32Tntextctrls@TTntCustomControlBar | 1188 | 0x4f0114 |
| @$xp$32Tntextctrls@TTntCustomRadioGroup | 1192 | 0x4f0c14 |
| @$xp$32Tntstdctrls@TAccessCustomListBox | 879 | 0x4e6dd4 |
| @$xp$32Tntstdctrls@TTntCustomStaticText | 905 | 0x4e9b40 |
| @$xp$33Activeimm_tlb@IActiveIMMRegistrar | 63 | 0x4c9dac |
| @$xp$33Tntactnlist@TTntControlActionLink | 1274 | 0x4f233c |
| @$xp$33Tntstdactns@TTntHelpContextAction | 1398 | 0x4f61cc |
| @$xp$33Tntstdactns@TTntWindowMinimizeAll | 1386 | 0x4f58d0 |
| @$xp$34Tntactnlist@TTntListViewActionLink | 1286 | 0x4f2920 |
| @$xp$34Tntcontrols@IWideCustomListControl | 696 | 0x4dd63c |
| @$xp$34Tntformatstrutils@EFormatSpecError | 1933 | 0x503004 |
| @$xp$34Tntstdactns@TTntCommonDialogAction | 1400 | 0x4f6358 |
| @$xp$34Tntstdactns@TTntWindowTileVertical | 1384 | 0x4f5744 |
| @$xp$34Tntsysutils@TTntTextLineBreakStyle | 1761 | 0x4fc980 |
| @$xp$34Tntwidestrings@IWideStringsAdapter | 1973 | 0x50484c |
| @$xp$34Tntwidestrings@PWideStringItemList | 1974 | 0x50484c |
| @$xp$34Tntwidestrings@TWideStringItemList | 1984 | 0x504a74 |
| @$xp$35Tntcomctrls@TTntListItemsEnumerator | 290 | 0x4cfd44 |
| @$xp$35Tntcomctrls@TTntTreeNodesEnumerator | 343 | 0x4d4b3c |
| @$xp$36Tntactnlist@TTntComboBoxExActionLink | 1288 | 0x4f2a54 |
| @$xp$36Tntactnlist@TTntToolButtonActionLink | 1292 | 0x4f2c8c |
| @$xp$36Tntactnlist@TTntWinControlActionLink | 1296 | 0x4f2ebc |
| @$xp$36Tntcomctrls@TTntLVOwnerDataFindEvent | 294 | 0x4cfe5c |
| @$xp$36Tntstdactns@TTntWindowTileHorizontal | 1382 | 0x4f55b8 |
| @$xp$37Tntactnlist@TTntSpeedButtonActionLink | 1290 | 0x4f2b70 |
| @$xp$37Tntclasses@TWideStringListSortCompare | 153 | 0x4cbe96 |
| @$xp$37Tntwidestrings@TWideStringsEnumerator | 1976 | 0x5048f4 |
| @$xp$38Tntcomctrls@_TntInternalCustomListView | 296 | 0x4d00c0 |
| @$xp$38Tntcomctrls@_TntInternalCustomTreeView | 348 | 0x4d4dbc |
| @$xp$39Tntactnlist@TUpgradeActionListItemsProc | 1276 | 0x4f2370 |
| @$xp$40Activeimm_tlb@IActiveIMMMessagePumpOwner | 64 | 0x4c9dec |
| @$xp$44Tntclasses@TAnsiStringsForWideStringsAdapter | 168 | 0x4cc33c |
| @$xp$7TCGauge | 2109 | 0x51dd70 |
| @@About@Finalize | 27 | 0x433cc4 |
| @@About@Initialize | 26 | 0x433cb4 |
| @@Aesctrprng@Finalize | 49 | 0x4be778 |
| @@Aesctrprng@Initialize | 48 | 0x4be768 |
| @@Callback@Finalize | 25 | 0x4333f0 |
| @@Callback@Initialize | 24 | 0x4333e0 |
| @@Ccalendr@Finalize | 2069 | 0x51a8d4 |
| @@Ccalendr@Initialize | 2068 | 0x51a8c4 |
| @@Cdiroutl@Finalize | 2090 | 0x51c890 |
| @@Cdiroutl@Initialize | 2089 | 0x51c880 |
| @@Cgauges@Finalize | 2111 | 0x51e4bc |
| @@Cgauges@Initialize | 2110 | 0x51e4ac |
| @@Configuration@Finalize | 53 | 0x4c64f4 |
| @@Configuration@Initialize | 52 | 0x4c64dc |
| @@Createranddatafile@Finalize | 29 | 0x434db8 |
| @@Createranddatafile@Initialize | 28 | 0x434da0 |
| @@Createtrigramfile@Finalize | 45 | 0x4bb840 |
| @@Createtrigramfile@Initialize | 44 | 0x4bb828 |
| @@Crypttext@Finalize | 17 | 0x42d9ac |
| @@Crypttext@Initialize | 16 | 0x42d99c |
| @@Cryptutil@Finalize | 51 | 0x4be8f8 |
| @@Cryptutil@Initialize | 50 | 0x4be8e8 |
| @@Entropymanager@Finalize | 13 | 0x42a84c |
| @@Entropymanager@Initialize | 12 | 0x42a834 |
| @@Fastprng@Finalize | 35 | 0x4b83c8 |
| @@Fastprng@Initialize | 34 | 0x4b83b8 |
| @@Hrtimer@Finalize | 9 | 0x41c0c0 |
| @@Hrtimer@Initialize | 8 | 0x41c0b0 |
| @@Language@Finalize | 21 | 0x43196c |
| @@Language@Initialize | 20 | 0x43195c |
| @@Main@Finalize | 3 | 0x41acb0 |
| @@Main@Initialize | 2 | 0x41ac98 |
| @@Meminifilew@Finalize | 41 | 0x4ba478 |
| @@Meminifilew@Initialize | 40 | 0x4ba468 |
| @@Memutil@Finalize | 33 | 0x438300 |
| @@Memutil@Initialize | 32 | 0x4382f0 |
| @@Mppasswgen@Finalize | 47 | 0x4be4c8 |
| @@Mppasswgen@Initialize | 46 | 0x4be4b0 |
| @@Passwgen@Finalize | 11 | 0x42a2fc |
| @@Passwgen@Initialize | 10 | 0x42a2ec |
| @@Passwlist@Finalize | 15 | 0x42b510 |
| @@Passwlist@Initialize | 14 | 0x42b4f8 |
| @@Passwoptions@Finalize | 23 | 0x432e84 |
| @@Passwoptions@Initialize | 22 | 0x432e6c |
| @@Perfgrap@Finalize | 2141 | 0x520034 |
| @@Perfgrap@Initialize | 2140 | 0x520024 |
| @@Profileeditor@Finalize | 37 | 0x4b9028 |
| @@Profileeditor@Initialize | 36 | 0x4b9010 |
| @@Provideentropy@Finalize | 55 | 0x4c6c58 |
| @@Provideentropy@Initialize | 54 | 0x4c6c40 |
| @@Quickhelp@Finalize | 31 | 0x438234 |
| @@Quickhelp@Initialize | 30 | 0x43821c |
| @@Randomgenerator@Finalize | 7 | 0x41bf88 |
| @@Randomgenerator@Initialize | 6 | 0x41bf78 |
| @@Randompool@Finalize | 5 | 0x41bf38 |
| @@Randompool@Initialize | 4 | 0x41bf28 |
| @@Stringfilestreamw@Finalize | 43 | 0x4badd8 |
| @@Stringfilestreamw@Initialize | 42 | 0x4badc8 |
| @@Topmostmanager@Finalize | 59 | 0x4c9cd0 |
| @@Topmostmanager@Initialize | 58 | 0x4c9cc0 |
| @@Unicodeutil@Finalize | 39 | 0x4b9da4 |
| @@Unicodeutil@Initialize | 38 | 0x4b9d94 |
| @@Updatecheck@Finalize | 57 | 0x4c8870 |
| @@Updatecheck@Initialize | 56 | 0x4c8860 |
| @@Util@Finalize | 19 | 0x42ffa0 |
| @@Util@Initialize | 18 | 0x42ff88 |
| @Activeimm_tlb@CLASS_CActiveIMM | 2153 | 0x59bce4 |
| @Activeimm_tlb@CoCActiveIMM@ | 69 | 0x4c9f64 |
| @Activeimm_tlb@CoCActiveIMM@Create$qqrp17System@TMetaClass | 73 | 0x4ca07c |
| @Activeimm_tlb@CoCActiveIMM@CreateRemote$qqrp17System@TMetaClassx17System@AnsiString | 74 | 0x4ca0e0 |
| @Activeimm_tlb@Finalization$qqrv | 150 | 0x4cbe0c |
| @Activeimm_tlb@IID_IActiveIME | 2151 | 0x59bcc4 |
| @Activeimm_tlb@IID_IActiveIME2 | 2152 | 0x59bcd4 |
| @Activeimm_tlb@IID_IActiveIMMApp | 2149 | 0x59bca4 |
| @Activeimm_tlb@IID_IActiveIMMIME | 2150 | 0x59bcb4 |
| @Activeimm_tlb@IID_IActiveIMMMessagePumpOwner | 2148 | 0x59bc94 |
| @Activeimm_tlb@IID_IActiveIMMRegistrar | 2147 | 0x59bc84 |
| @Activeimm_tlb@IID_IEnumInputContext | 2146 | 0x59bc74 |
| @Activeimm_tlb@IID_IEnumRegisterWordA | 2144 | 0x59bc54 |
| @Activeimm_tlb@IID_IEnumRegisterWordW | 2145 | 0x59bc64 |
| @Activeimm_tlb@LIBID_ActiveIMM | 2143 | 0x59bc44 |
| @Activeimm_tlb@TCActiveIMM@ | 71 | 0x4c9fec |
| @Activeimm_tlb@TCActiveIMM@$bctr$qqrp18Classes@TComponent | 80 | 0x4ca354 |
| @Activeimm_tlb@TCActiveIMM@$bdtr$qqrv | 81 | 0x4ca38c |
| @Activeimm_tlb@TCActiveIMM@Activate$qqri | 139 | 0x4cb9c8 |
| @Activeimm_tlb@TCActiveIMM@AssociateContext$qqrr30Activeimm_tlb@_RemotableHandleuirui | 82 | 0x4ca3b4 |
| @Activeimm_tlb@TCActiveIMM@AssociateContextEx$qqrr30Activeimm_tlb@_RemotableHandleuiui | 145 | 0x4cbbf4 |
| @Activeimm_tlb@TCActiveIMM@ConfigureIMEA$qqrrpvr30Activeimm_tlb@_RemotableHandleuir46Activeimm_tlb@__MIDL___MIDL_itf_dimm_0000_0001 | 83 | 0x4ca414 |
| @Activeimm_tlb@TCActiveIMM@ConfigureIMEW$qqrrpvr30Activeimm_tlb@_RemotableHandleuir46Activeimm_tlb@__MIDL___MIDL_itf_dimm_0000_0002 | 84 | 0x4ca478 |
| @Activeimm_tlb@TCActiveIMM@Connect$qqrv | 76 | 0x4ca16c |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
| German | Germany |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-01-14T08:55:22.853835+0100 | 2059189 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bloodyswif .lat) | 1 | 192.168.2.6 | 51366 | 1.1.1.1 | 53 | UDP |
| 2025-01-14T08:55:22.865132+0100 | 2059211 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (washyceehsu .lat) | 1 | 192.168.2.6 | 63875 | 1.1.1.1 | 53 | UDP |
| 2025-01-14T08:55:22.877564+0100 | 2059201 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (leggelatez .lat) | 1 | 192.168.2.6 | 53096 | 1.1.1.1 | 53 | UDP |
| 2025-01-14T08:55:22.888946+0100 | 2059203 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (miniatureyu .lat) | 1 | 192.168.2.6 | 59227 | 1.1.1.1 | 53 | UDP |
| 2025-01-14T08:55:22.900201+0100 | 2059199 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (kickykiduz .lat) | 1 | 192.168.2.6 | 59756 | 1.1.1.1 | 53 | UDP |
| 2025-01-14T08:55:22.910951+0100 | 2059207 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (savorraiykj .lat) | 1 | 192.168.2.6 | 59592 | 1.1.1.1 | 53 | UDP |
| 2025-01-14T08:55:22.922550+0100 | 2059209 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (shoefeatthe .lat) | 1 | 192.168.2.6 | 59454 | 1.1.1.1 | 53 | UDP |
| 2025-01-14T08:55:22.932749+0100 | 2059191 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (finickypwk .lat) | 1 | 192.168.2.6 | 64570 | 1.1.1.1 | 53 | UDP |
| 2025-01-14T08:55:23.640697+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.6 | 49755 | 104.102.49.254 | 443 | TCP |
| 2025-01-14T08:55:24.123032+0100 | 2858666 | ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup | 1 | 192.168.2.6 | 49755 | 104.102.49.254 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 14, 2025 08:55:22.956357956 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:22.956425905 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:22.956497908 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:22.983589888 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:22.983627081 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:23.640611887 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:23.640697002 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:23.642146111 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:23.642152071 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:23.642658949 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:23.684398890 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:23.754621029 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:23.799333096 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:24.123054028 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:24.123079062 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:24.123120070 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:24.123121977 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:24.123138905 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:24.123173952 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:24.123195887 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:24.123223066 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:24.123223066 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:24.123223066 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:24.123260975 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:24.207751989 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:24.207829952 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:24.207910061 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:24.207973003 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:24.228765011 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:24.228806019 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Jan 14, 2025 08:55:24.228820086 CET | 49755 | 443 | 192.168.2.6 | 104.102.49.254 |
| Jan 14, 2025 08:55:24.228827000 CET | 443 | 49755 | 104.102.49.254 | 192.168.2.6 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jan 14, 2025 08:55:22.841058016 CET | 53439 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jan 14, 2025 08:55:22.850780964 CET | 53 | 53439 | 1.1.1.1 | 192.168.2.6 |
| Jan 14, 2025 08:55:22.853835106 CET | 51366 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jan 14, 2025 08:55:22.862679958 CET | 53 | 51366 | 1.1.1.1 | 192.168.2.6 |
| Jan 14, 2025 08:55:22.865132093 CET | 63875 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jan 14, 2025 08:55:22.873991013 CET | 53 | 63875 | 1.1.1.1 | 192.168.2.6 |
| Jan 14, 2025 08:55:22.877563953 CET | 53096 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jan 14, 2025 08:55:22.886214972 CET | 53 | 53096 | 1.1.1.1 | 192.168.2.6 |
| Jan 14, 2025 08:55:22.888946056 CET | 59227 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jan 14, 2025 08:55:22.897633076 CET | 53 | 59227 | 1.1.1.1 | 192.168.2.6 |
| Jan 14, 2025 08:55:22.900201082 CET | 59756 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jan 14, 2025 08:55:22.908620119 CET | 53 | 59756 | 1.1.1.1 | 192.168.2.6 |
| Jan 14, 2025 08:55:22.910950899 CET | 59592 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jan 14, 2025 08:55:22.920286894 CET | 53 | 59592 | 1.1.1.1 | 192.168.2.6 |
| Jan 14, 2025 08:55:22.922549963 CET | 59454 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jan 14, 2025 08:55:22.931195974 CET | 53 | 59454 | 1.1.1.1 | 192.168.2.6 |
| Jan 14, 2025 08:55:22.932749033 CET | 64570 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jan 14, 2025 08:55:22.941490889 CET | 53 | 64570 | 1.1.1.1 | 192.168.2.6 |
| Jan 14, 2025 08:55:22.943902969 CET | 57689 | 53 | 192.168.2.6 | 1.1.1.1 |
| Jan 14, 2025 08:55:22.950923920 CET | 53 | 57689 | 1.1.1.1 | 192.168.2.6 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Jan 14, 2025 08:55:22.841058016 CET | 192.168.2.6 | 1.1.1.1 | 0xd308 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.853835106 CET | 192.168.2.6 | 1.1.1.1 | 0xfe04 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.865132093 CET | 192.168.2.6 | 1.1.1.1 | 0xa3ff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.877563953 CET | 192.168.2.6 | 1.1.1.1 | 0x6511 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.888946056 CET | 192.168.2.6 | 1.1.1.1 | 0x6897 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.900201082 CET | 192.168.2.6 | 1.1.1.1 | 0xbbef | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.910950899 CET | 192.168.2.6 | 1.1.1.1 | 0xac2e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.922549963 CET | 192.168.2.6 | 1.1.1.1 | 0xd2c7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.932749033 CET | 192.168.2.6 | 1.1.1.1 | 0x3797 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.943902969 CET | 192.168.2.6 | 1.1.1.1 | 0x59a4 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Jan 14, 2025 08:55:22.850780964 CET | 1.1.1.1 | 192.168.2.6 | 0xd308 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.862679958 CET | 1.1.1.1 | 192.168.2.6 | 0xfe04 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.873991013 CET | 1.1.1.1 | 192.168.2.6 | 0xa3ff | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.886214972 CET | 1.1.1.1 | 192.168.2.6 | 0x6511 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.897633076 CET | 1.1.1.1 | 192.168.2.6 | 0x6897 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.908620119 CET | 1.1.1.1 | 192.168.2.6 | 0xbbef | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.920286894 CET | 1.1.1.1 | 192.168.2.6 | 0xac2e | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.931195974 CET | 1.1.1.1 | 192.168.2.6 | 0xd2c7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.941490889 CET | 1.1.1.1 | 192.168.2.6 | 0x3797 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Jan 14, 2025 08:55:22.950923920 CET | 1.1.1.1 | 192.168.2.6 | 0x59a4 | No error (0) | 104.102.49.254 | A (IP address) | IN (0x0001) | false | ||
| Jan 14, 2025 08:55:29.638876915 CET | 1.1.1.1 | 192.168.2.6 | 0xc387 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Jan 14, 2025 08:55:29.638876915 CET | 1.1.1.1 | 192.168.2.6 | 0xc387 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49755 | 104.102.49.254 | 443 | 5052 | C:\Users\user\Desktop\G7T8lHJWWM.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-01-14 07:55:23 UTC | 219 | OUT | |
| 2025-01-14 07:55:24 UTC | 1905 | IN | |
| 2025-01-14 07:55:24 UTC | 14479 | IN | |
| 2025-01-14 07:55:24 UTC | 11186 | IN |
| Target ID: | 0 |
| Start time: | 02:55:10 |
| Start date: | 14/01/2025 |
| Path: | C:\Users\user\Desktop\G7T8lHJWWM.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 2'667'856 bytes |
| MD5 hash: | 9928E66ECBB91E45D7D48FAFC8A3E21F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | Borland Delphi |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 1.3% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 36.7% |
| Total number of Nodes: | 128 |
| Total number of Limit Nodes: | 13 |
Graph
Function 00BC5D2C Relevance: 12.7, APIs: 8, Instructions: 730memorynativethreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B70A37 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B70477 Relevance: 1.9, APIs: 1, Instructions: 399threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BC478C Relevance: 6.1, APIs: 4, Instructions: 99memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BC55FC Relevance: 4.8, APIs: 3, Instructions: 325memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BC69AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BC4887 Relevance: 3.0, APIs: 2, Instructions: 48memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B8E394 Relevance: 83.7, Strings: 66, Instructions: 1193COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B9460B Relevance: 69.1, Strings: 55, Instructions: 394COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B96AC0 Relevance: 35.4, Strings: 28, Instructions: 433COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BAC794 Relevance: 22.9, Strings: 18, Instructions: 366COMMON
Download Yara Rule
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B95892 Relevance: 10.2, Strings: 8, Instructions: 241COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BB0774 Relevance: 8.1, Strings: 6, Instructions: 616COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B91D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B7C204 Relevance: 6.7, Strings: 5, Instructions: 422COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B7AAB4 Relevance: 6.6, Strings: 5, Instructions: 382COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B92404 Relevance: 5.5, Strings: 4, Instructions: 470COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BA108C Relevance: 5.4, Strings: 4, Instructions: 394COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B7EF84 Relevance: 5.3, Strings: 4, Instructions: 329COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B7A7A4 Relevance: 5.3, Strings: 4, Instructions: 299COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B8C74A Relevance: 4.1, Strings: 3, Instructions: 312COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B87AD3 Relevance: 4.1, Strings: 3, Instructions: 310COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B8B004 Relevance: 4.0, Strings: 3, Instructions: 239COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B8AD64 Relevance: 4.0, Strings: 3, Instructions: 230COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B9FEB6 Relevance: 3.9, Strings: 3, Instructions: 189COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B99EAF Relevance: 3.9, Strings: 3, Instructions: 107COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B89F84 Relevance: 3.4, Strings: 2, Instructions: 893COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BAD0A4 Relevance: 3.4, Strings: 2, Instructions: 851COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B764F4 Relevance: 3.3, Strings: 2, Instructions: 792COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B91004 Relevance: 3.0, Strings: 2, Instructions: 527COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B9E594 Relevance: 3.0, Strings: 2, Instructions: 512COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B8CAF4 Relevance: 2.9, Strings: 2, Instructions: 440COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B9F7D9 Relevance: 2.9, Strings: 2, Instructions: 437COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B7AE94 Relevance: 2.9, Strings: 2, Instructions: 375COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BA05C4 Relevance: 2.9, Strings: 2, Instructions: 370COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BADD04 Relevance: 2.8, Strings: 2, Instructions: 349COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B75BC4 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B79B94 Relevance: 2.8, Strings: 2, Instructions: 288COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B8DC64 Relevance: 2.8, Strings: 2, Instructions: 273COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B87EF1 Relevance: 2.7, Strings: 2, Instructions: 244COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BA5104 Relevance: 2.7, Strings: 2, Instructions: 239COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BA7A34 Relevance: 2.7, Strings: 2, Instructions: 234COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B9F8A3 Relevance: 2.6, Strings: 2, Instructions: 124COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BA00DF Relevance: 2.6, Strings: 2, Instructions: 108COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BC2A34 Relevance: 2.3, Strings: 1, Instructions: 1066COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B99344 Relevance: 1.7, Strings: 1, Instructions: 403COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B8BE68 Relevance: 1.6, Strings: 1, Instructions: 324COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B9F187 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B776B4 Relevance: 1.5, Strings: 1, Instructions: 271COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B861A4 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B7A034 Relevance: 1.5, Strings: 1, Instructions: 234COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BA0A89 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B9F624 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B9F8F6 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B9C104 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B7D31D Relevance: 1.3, Strings: 1, Instructions: 84COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B81D3A Relevance: .9, Instructions: 941COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BA1944 Relevance: .9, Instructions: 875COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BA53C4 Relevance: .8, Instructions: 767COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B8FB44 Relevance: .7, Instructions: 677COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B77F14 Relevance: .7, Instructions: 665COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B78CF4 Relevance: .6, Instructions: 625COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B75214 Relevance: .6, Instructions: 600COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B8296C Relevance: .6, Instructions: 560COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B70000 Relevance: .5, Instructions: 497COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B7FDA4 Relevance: .4, Instructions: 450COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BC1338 Relevance: .4, Instructions: 429COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B771D4 Relevance: .4, Instructions: 413COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BC25FC Relevance: .4, Instructions: 409COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BAB03E Relevance: .4, Instructions: 401COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BC222C Relevance: .4, Instructions: 380COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BB3D54 Relevance: .3, Instructions: 317COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B77A84 Relevance: .3, Instructions: 303COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BAB5CC Relevance: .3, Instructions: 297COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BB46D4 Relevance: .3, Instructions: 296COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BAAA20 Relevance: .3, Instructions: 293COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B8D3C4 Relevance: .3, Instructions: 290COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BB4384 Relevance: .3, Instructions: 289COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BC34D4 Relevance: .3, Instructions: 283COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B98664 Relevance: .3, Instructions: 280COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BA3A7C Relevance: .3, Instructions: 280COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BA2ADA Relevance: .3, Instructions: 274COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BA337C Relevance: .3, Instructions: 273COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B9B014 Relevance: .3, Instructions: 252COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B8E0C4 Relevance: .2, Instructions: 245COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BB40D4 Relevance: .2, Instructions: 242COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BB2301 Relevance: .2, Instructions: 210COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B8F534 Relevance: .2, Instructions: 204COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BAC534 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BB3AA4 Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B74234 Relevance: .2, Instructions: 164COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BB2BA5 Relevance: .2, Instructions: 160COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BB3674 Relevance: .2, Instructions: 152COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B7A5C4 Relevance: .1, Instructions: 126COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B7F8DE Relevance: .1, Instructions: 126COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B9ED14 Relevance: .1, Instructions: 122COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B7F766 Relevance: .1, Instructions: 120COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B71087 Relevance: .1, Instructions: 107COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B86F3D Relevance: .1, Instructions: 103COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BB03F4 Relevance: .1, Instructions: 86COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B96696 Relevance: .1, Instructions: 82COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B87519 Relevance: .1, Instructions: 80COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B74414 Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BB25CC Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B71086 Relevance: .1, Instructions: 66COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BAA3E4 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B9CD24 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B890B6 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B85D24 Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B870FA Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BB0704 Relevance: .0, Instructions: 46COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B98EF4 Relevance: .0, Instructions: 43COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B98CA0 Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B70DE7 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B7E438 Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B8F7A4 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00BB1C04 Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B982F4 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B9A160 Relevance: .0, Instructions: 9COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
Function 00B9A2F8 Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|