Edit tour
Windows
Analysis Report
Full_PC_Set-Up.exe
Overview
General Information
| Sample name: | Full_PC_Set-Up.exe |
| Analysis ID: | 1525664 |
| MD5: | 7400e305a002a18fbec6a6d189ef6879 |
| SHA1: | 04138fb49978d5005bd5e9be7c958227131d8437 |
| SHA256: | 32df795e1539a4c4adce359c6fcc9be616db4591937072197171c6c5c465297e |
| Tags: | exeuser-aachum |
| Infos: |  |
 | |
Detection
Stealc
| Score: | 76 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Yara detected Stealc
Contains functionality to behave differently if execute on a Russian/Kazak computer
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Program does not show much activity (idle)
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
Full_PC_Set-Up.exe (PID: 7444 cmdline: "C:\Users\ user\Deskt op\Full_PC _Set-Up.ex e" MD5: 7400E305A002A18FBEC6A6D189EF6879)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Stealc | Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests. | No Attribution |
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Stealc_1 | Yara detected Stealc | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Stealc | Yara detected Stealc | Joe Security | ||
| JoeSecurity_Stealc | Yara detected Stealc | Joe Security | ||
| JoeSecurity_PowershellDownloadAndExecute | Yara detected Powershell download and execute | Joe Security | ||
| JoeSecurity_Stealc | Yara detected Stealc | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-04T13:53:18.963298+0200 | 2044243 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49735 | 45.200.148.115 | 80 | TCP |
Click to jump to signature section
Show All Signature Results
| Source: | Code function: | 0_2_0030D910 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_00374078 | |
| Source: | Code function: | 0_2_002CCA90 | |
Networking |   |
|---|
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | ASN Name: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 0_2_004B6680 | |
| Source: | Code function: | 0_2_0038E41F | |
| Source: | Code function: | 0_2_0038D97B | |
| Source: | Code function: | 0_2_002BA050 | |
| Source: | Code function: | 0_2_002DA0C0 | |
| Source: | Code function: | 0_2_003960CB | |
| Source: | Code function: | 0_2_00484130 | |
| Source: | Code function: | 0_2_004AC1A9 | |
| Source: | Code function: | 0_2_003601D0 | |
| Source: | Code function: | 0_2_004042B0 | |
| Source: | Code function: | 0_2_00324370 | |
| Source: | Code function: | 0_2_0039E486 | |
| Source: | Code function: | 0_2_0039C75A | |
| Source: | Code function: | 0_2_00366A4A | |
| Source: | Code function: | 0_2_00404AB0 | |
| Source: | Code function: | 0_2_0048EBD0 | |
| Source: | Code function: | 0_2_00372CFB | |
| Source: | Code function: | 0_2_0038ED0D | |
| Source: | Code function: | 0_2_0040ED80 | |
| Source: | Code function: | 0_2_003D4E30 | |
| Source: | Code function: | 0_2_002F2E30 | |
| Source: | Code function: | 0_2_003F8F30 | |
| Source: | Code function: | 0_2_0039EF0E | |
| Source: | Code function: | 0_2_002C8FB0 | |
| Source: | Code function: | 0_2_002F7030 | |
| Source: | Code function: | 0_2_00305140 | |
| Source: | Code function: | 0_2_00321200 | |
| Source: | Code function: | 0_2_00323370 | |
| Source: | Code function: | 0_2_0040F3B0 | |
| Source: | Code function: | 0_2_003853CA | |
| Source: | Code function: | 0_2_0038D4D0 | |
| Source: | Code function: | 0_2_0038D5DD | |
| Source: | Code function: | 0_2_004016E0 | |
| Source: | Code function: | 0_2_002DB6E0 | |
| Source: | Code function: | 0_2_00403710 | |
| Source: | Code function: | 0_2_0038D7B5 | |
| Source: | Code function: | 0_2_002B3800 | |
| Source: | Code function: | 0_2_0030F870 | |
| Source: | Code function: | 0_2_0038D8B2 | |
| Source: | Code function: | 0_2_003399B0 | |
| Source: | Code function: | 0_2_00407A20 | |
| Source: | Code function: | 0_2_0048DB70 | |
| Source: | Code function: | 0_2_00391BAB | |
| Source: | Code function: | 0_2_003D5B80 | |
| Source: | Code function: | 0_2_00403D30 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_002CC8D0 | |
| Source: | Code function: | 0_2_002ECA70 | |
| Source: | Code function: | 0_2_0036A09D | |
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00298550 | |
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00388CDA | |
| Source: | Code function: | 0_2_00388D54 | |
Malware Analysis System Evasion | |
|---|
| Source: | Code function: | 0_2_0029A370 | |
| Source: | API coverage: | ||
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_00374078 | |
| Source: | Code function: | 0_2_002CCA90 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_003812A6 | |
| Source: | Code function: | 0_2_00298550 | |
| Source: | Code function: | 0_2_0039FBF7 | |
| Source: | Thread injection, dropped files, key value created, disk infection and DNS query: | ||
| Source: | Code function: | 0_2_002961A0 | |
| Source: | Code function: | 0_2_003812A6 | |
| Source: | Code function: | 0_2_00381608 | |
| Source: | Code function: | 0_2_0038B6F3 | |
| Source: | Code function: | 0_2_00299E20 | |
| Source: | Memory protected: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 0_2_002C1CA0 | |
| Source: | Code function: | 0_2_0039D105 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_002DA760 | |
| Source: | Code function: | 0_2_0038F75F | |
| Source: | Code function: | 0_2_003D2A00 | |
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Masquerading | OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 121 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 2 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 2 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 24 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 3% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No contacted domains info
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true | unknown | ||
| true | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 45.200.148.115 | unknown | Seychelles | 328608 | Africa-on-Cloud-ASZA | true |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1525664 |
| Start date and time: | 2024-10-04 13:52:06 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 3m 48s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 4 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Full_PC_Set-Up.exe |
| Detection: | MAL |
| Classification: | mal76.troj.expl.evad.winEXE@1/0@0/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: Full_PC_Set-Up.exe
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 45.200.148.115 | Get hash | malicious | Stealc, Vidar | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| Africa-on-Cloud-ASZA | Get hash | malicious | Stealc, Vidar | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai, Moobot | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Stealc | Browse |
| ||
| Get hash | malicious | Stealc, Vidar | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
⊘No context
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.248566548248124 |
| TrID: |
|
| File name: | Full_PC_Set-Up.exe |
| File size: | 7'230'768 bytes |
| MD5: | 7400e305a002a18fbec6a6d189ef6879 |
| SHA1: | 04138fb49978d5005bd5e9be7c958227131d8437 |
| SHA256: | 32df795e1539a4c4adce359c6fcc9be616db4591937072197171c6c5c465297e |
| SHA512: | a19b4dc10170cdfaabb3c3c2da3313fde5911f406f96dc107b952b982570ca881f89a6f90e8ddb21b165e2649a86f28b7f030c305d7377e70f060be78d5704a3 |
| SSDEEP: | 98304:Ao8TNdeBpOqRXG+dc8bkh89N02EbeeVoDVXmBaGm:YTNdIpj2+dv63cNxXmEj |
| TLSH: | 98768B00B7A69D31D647D1B686BEF629412BEE01533C05E79344B9EA09726D33D3E3CA |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............p...p...p..*?F..p.......p.......p...p...s....E..p....S.zp..."T..p....T.Eq....Z.'p..."D..p...pG..p....A..p..Rich.p......... |
 | |
| Icon Hash: | 067161f9e9e9c806 |
| Entrypoint: | 0x4f129c |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x5C0C97D2 [Sun Dec 9 04:19:30 2018 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 0 |
| File Version Major: | 5 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 29d8e66b72389943ec14550444b02ce0 |
| Signature Valid: | false |
| Signature Issuer: | CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN |
| Signature Validation Error: | The digital signature of the object did not verify |
| Error Number: | -2146869232 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | 7B25A82566306059F65C341E4E401DDE |
| Thumbprint SHA-1: | 9E3AD16AB8FAFB2EC21F83E3E91ABA173BA54DE4 |
| Thumbprint SHA-256: | C515B4823CDF8F18F17145527BE18DB349B22B82A8CAB0098752FD2F752787B5 |
| Serial: | 3DA2C4902F6BF0397A8A6387DC275988 |
| Instruction |
|---|
| call 00007FC0346A4A4Bh |
| jmp 00007FC03469A6EEh |
| cmp ecx, dword ptr [006F0040h] |
| jne 00007FC03469A874h |
| rep ret |
| jmp 00007FC0346A4ACDh |
| mov edi, edi |
| push ecx |
| mov dword ptr [ecx], 0067308Ch |
| call 00007FC0346A4BC5h |
| pop ecx |
| ret |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| push esi |
| mov esi, ecx |
| call 00007FC03469A858h |
| test byte ptr [ebp+08h], 00000001h |
| je 00007FC03469A879h |
| push esi |
| call 00007FC03467B23Eh |
| pop ecx |
| mov eax, esi |
| pop esi |
| pop ebp |
| retn 0004h |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| mov eax, dword ptr [ebp+08h] |
| add ecx, 09h |
| push ecx |
| add eax, 09h |
| push eax |
| call 00007FC03469FFCAh |
| neg eax |
| pop ecx |
| sbb eax, eax |
| pop ecx |
| inc eax |
| pop ebp |
| retn 0004h |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| push esi |
| mov esi, dword ptr [ebp+14h] |
| push edi |
| xor edi, edi |
| cmp esi, edi |
| jne 00007FC03469A876h |
| xor eax, eax |
| jmp 00007FC03469A8D7h |
| cmp dword ptr [ebp+08h], edi |
| jne 00007FC03469A88Dh |
| call 00007FC0346A247Fh |
| push 00000016h |
| pop esi |
| mov dword ptr [eax], esi |
| push edi |
| push edi |
| push edi |
| push edi |
| push edi |
| call 00007FC03469AC72h |
| add esp, 14h |
| mov eax, esi |
| jmp 00007FC03469A8B7h |
| cmp dword ptr [ebp+10h], edi |
| je 00007FC03469A888h |
| cmp dword ptr [ebp+0Ch], esi |
| jc 00007FC03469A883h |
| push esi |
| push dword ptr [ebp+10h] |
| push dword ptr [ebp+08h] |
| call 00007FC03469E375h |
| add esp, 0Ch |
| jmp 00007FC03469A833h |
| push dword ptr [ebp+0Ch] |
| push edi |
| push dword ptr [ebp+08h] |
| call 00007FC03469E864h |
| add esp, 0Ch |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2ea114 | 0x154 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x382000 | 0x14f9ac | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x6e1600 | 0x3f30 | .reloc |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x4d2000 | 0x255d0 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x24aec0 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2b99f0 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x24a000 | 0xacc | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x2ea08c | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x248629 | 0x248800 | d97ae1f19794fb84a60cbdc66f57d88b | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x24a000 | 0xa3c48 | 0xa3e00 | d90c5ff14768334b305103d8af8fb266 | False | 0.40436689549961863 | data | 5.783275601880469 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x2ee000 | 0x93ff8 | 0xc800 | d2da3f1a5cad48d05905710168a80470 | False | 0.2956640625 | DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 4175953747280037675008.000000, slope 1088014617970866856656896.000000 | 5.408245732264006 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x382000 | 0x14f9ac | 0x14fa00 | 2b21fc5c0786c394ec3dc47df472b875 | False | 0.49635271182495344 | data | 7.141836080841158 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x4d2000 | 0x298a00 | 0x298a00 | 33258c823818bf4d4fb91958b0825331 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| PNG | 0x38d4ec | 0x304 | PNG image data, 30 x 10, 8-bit/color RGBA, non-interlaced | English | United States | 1.0142487046632125 |
| PNG | 0x38d7f0 | 0xcdc | PNG image data, 28 x 32, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033414337788578 |
| PNG | 0x38e4cc | 0xd78 | PNG image data, 127 x 410, 8-bit/color RGBA, non-interlaced | English | United States | 0.8561484918793504 |
| PNG | 0x38f244 | 0xb7a | PNG image data, 34 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.0037440435670524 |
| PNG | 0x38fdc0 | 0x55e | PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.0080058224163027 |
| PNG | 0x390320 | 0x1f43 | PNG image data, 192 x 48, 8-bit/color RGBA, non-interlaced | English | United States | 0.9887542171685618 |
| PNG | 0x392264 | 0x43e | PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.0101289134438305 |
| PNG | 0x3926a4 | 0x1554 | PNG image data, 240 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 1.002014652014652 |
| PNG | 0x393bf8 | 0x6cd | PNG image data, 48 x 16, 8-bit/color RGBA, non-interlaced | English | United States | 1.006318207926479 |
| PNG | 0x3942c8 | 0x878 | PNG image data, 96 x 16, 8-bit/color RGBA, non-interlaced | English | United States | 1.0050738007380073 |
| PNG | 0x394b40 | 0xca3 | PNG image data, 29 x 34, 8-bit/color RGBA, non-interlaced | English | United States | 1.003400309119011 |
| PNG | 0x3957e4 | 0xd04 | PNG image data, 34 x 31, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033013205282113 |
| PNG | 0x3964e8 | 0xd61b | PNG image data, 74 x 99, 8-bit/color RGBA, non-interlaced | English | United States | 0.9842184962872416 |
| PNG | 0x3a3b04 | 0x111d | PNG image data, 81 x 96, 8-bit/color RGB, non-interlaced | English | United States | 1.0025108422734534 |
| PNG | 0x3a4c24 | 0x1007 | PNG image data, 132 x 465, 8-bit/color RGB, non-interlaced | English | United States | 0.950280282719961 |
| PNG | 0x3a5c2c | 0x18c | PNG image data, 12 x 66, 8-bit/color RGBA, non-interlaced | English | United States | 1.0277777777777777 |
| PNG | 0x3a5db8 | 0x123 | PNG image data, 15 x 30, 8-bit/color RGBA, non-interlaced | English | United States | 1.0378006872852235 |
| PNG | 0x3a5edc | 0x11c0 | PNG image data, 95 x 172, 8-bit/color RGBA, non-interlaced | English | United States | 0.9590669014084507 |
| PNG | 0x3a709c | 0xc20 | PNG image data, 507 x 2, 8-bit/color RGB, non-interlaced | English | United States | 1.0035438144329898 |
| PNG | 0x3a7cbc | 0x3da | PNG image data, 18 x 108, 8-bit/color RGB, non-interlaced | English | United States | 1.011156186612576 |
| PNG | 0x3a8098 | 0x84c | PNG image data, 20 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.0051789077212807 |
| PNG | 0x3a88e4 | 0x817 | PNG image data, 20 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.0053114437469821 |
| PNG | 0x3a90fc | 0x26b | PNG image data, 8 x 156, 8-bit/color RGB, non-interlaced | English | United States | 1.0177705977382876 |
| PNG | 0x3a9368 | 0x35c | PNG image data, 19 x 114, 8-bit/color RGB, non-interlaced | English | United States | 0.9709302325581395 |
| PNG | 0x3a96c4 | 0x390 | PNG image data, 19 x 114, 8-bit/color RGB, non-interlaced | English | United States | 0.9385964912280702 |
| PNG | 0x3a9a54 | 0x2c7 | PNG image data, 17 x 114, 8-bit/color RGB, non-interlaced | English | United States | 1.0154711673699015 |
| PNG | 0x3a9d1c | 0x37a | PNG image data, 19 x 114, 8-bit/color RGB, non-interlaced | English | United States | 0.9820224719101124 |
| PNG | 0x3aa098 | 0x2da | PNG image data, 19 x 114, 8-bit/color RGB, non-interlaced | English | United States | 0.9958904109589041 |
| PNG | 0x3aa374 | 0xd1 | PNG image data, 8 x 36, 8-bit/color RGB, non-interlaced | English | United States | 1.0382775119617225 |
| PNG | 0x3aa448 | 0xa0e | PNG image data, 23 x 160, 8-bit/color RGBA, non-interlaced | English | United States | 1.0042735042735043 |
| PNG | 0x3aae58 | 0x3ab | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0117145899893503 |
| PNG | 0x3ab204 | 0x1513 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0020389249304913 |
| PNG | 0x3ac718 | 0x381 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0122630992196209 |
| PNG | 0x3aca9c | 0xbc0 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.003656914893617 |
| PNG | 0x3ad65c | 0x3cd | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0113052415210688 |
| PNG | 0x3ada2c | 0x1506 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0007432181345224 |
| PNG | 0x3aef34 | 0x30a | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0141388174807198 |
| PNG | 0x3af240 | 0xbc7 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.003648424543947 |
| PNG | 0x3afe08 | 0x3c7 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0113753877973113 |
| PNG | 0x3b01d0 | 0x151a | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0020362828582006 |
| PNG | 0x3b16ec | 0x393 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0120218579234972 |
| PNG | 0x3b1a80 | 0xbe6 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036112934996717 |
| PNG | 0x3b2668 | 0x551 | PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced | English | United States | 0.9933872152828802 |
| PNG | 0x3b2bbc | 0x40e | PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced | English | United States | 0.9845857418111753 |
| PNG | 0x3b2fcc | 0x3d3 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0081716036772217 |
| PNG | 0x3b33a0 | 0x1514 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.002038547071905 |
| PNG | 0x3b48b4 | 0x325 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.013664596273292 |
| PNG | 0x3b4bdc | 0xbf0 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035994764397906 |
| PNG | 0x3b57cc | 0x3c1 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0114464099895941 |
| PNG | 0x3b5b90 | 0x1505 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0020442296970824 |
| PNG | 0x3b7098 | 0x3b3 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0116156282998945 |
| PNG | 0x3b744c | 0xc21 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035426731078905 |
| PNG | 0x3b8070 | 0x3b7 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0115667718191377 |
| PNG | 0x3b8428 | 0x14ff | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0 |
| PNG | 0x3b9928 | 0x314 | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.013959390862944 |
| PNG | 0x3b9c3c | 0xb64 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0037722908093278 |
| PNG | 0x3ba7a0 | 0xde | PNG image data, 1 x 23, 8-bit/color RGB, non-interlaced | English | United States | 0.6396396396396397 |
| PNG | 0x3ba880 | 0x3c4 | PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced | English | United States | 1.0114107883817427 |
| PNG | 0x3bac44 | 0x14e8 | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 1.0014947683109119 |
| PNG | 0x3bc12c | 0x2fb | PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0144167758846658 |
| PNG | 0x3bc428 | 0xbc1 | PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036556995679629 |
| PNG | 0x3bcfec | 0x57d | PNG image data, 15 x 95, 8-bit/color RGB, non-interlaced | English | United States | 0.9523131672597864 |
| PNG | 0x3bd56c | 0x686 | PNG image data, 15 x 100, 8-bit/color RGB, non-interlaced | English | United States | 0.9670658682634731 |
| PNG | 0x3bdbf4 | 0x20a | PNG image data, 9 x 144, 8-bit/color RGB, non-interlaced | English | United States | 1.0210727969348659 |
| PNG | 0x3bde00 | 0xcb9 | PNG image data, 15 x 60, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033773411114522 |
| PNG | 0x3beabc | 0x209 | PNG image data, 15 x 60, 8-bit/color RGBA, non-interlaced | English | United States | 1.021113243761996 |
| PNG | 0x3becc8 | 0x2fd | PNG image data, 17 x 68, 8-bit/color RGBA, non-interlaced | English | United States | 0.8980392156862745 |
| PNG | 0x3befc8 | 0x324 | PNG image data, 17 x 68, 8-bit/color RGBA, non-interlaced | English | United States | 0.9054726368159204 |
| PNG | 0x3bf2ec | 0xb6e | PNG image data, 1 x 34, 8-bit/color RGB, non-interlaced | English | United States | 1.0037593984962405 |
| PNG | 0x3bfe5c | 0xb4f | PNG image data, 1 x 34, 8-bit/color RGB, non-interlaced | English | United States | 1.0037996545768566 |
| PNG | 0x3c09ac | 0xb2f | PNG image data, 8 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.0038421236465247 |
| PNG | 0x3c14dc | 0x112 | PNG image data, 7 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 0.8832116788321168 |
| PNG | 0x3c15f0 | 0xb8e | PNG image data, 21 x 45, 8-bit/color RGB, non-interlaced | English | United States | 1.0037187288708587 |
| PNG | 0x3c2180 | 0x231 | PNG image data, 15 x 63, 8-bit/color RGB, non-interlaced | English | United States | 0.8288770053475936 |
| PNG | 0x3c23b4 | 0xbc | PNG image data, 17 x 2, 8-bit/color RGB, non-interlaced | English | United States | 1.0159574468085106 |
| PNG | 0x3c2470 | 0xb6 | PNG image data, 17 x 2, 8-bit/color RGB, non-interlaced | English | United States | 1.010989010989011 |
| PNG | 0x3c2528 | 0x5ce | PNG image data, 15 x 105, 8-bit/color RGB, non-interlaced | English | United States | 0.9562584118438762 |
| PNG | 0x3c2af8 | 0x1a30 | PNG image data, 56 x 72, 8-bit/color RGBA, non-interlaced | English | United States | 1.0016408114558473 |
| PNG | 0x3c4528 | 0xf7 | PNG image data, 5 x 10, 8-bit/color RGB, non-interlaced | English | United States | 1.008097165991903 |
| PNG | 0x3c4620 | 0x103 | PNG image data, 5 x 10, 8-bit/color RGB, non-interlaced | English | United States | 1.0193050193050193 |
| PNG | 0x3c4724 | 0x220 | PNG image data, 21 x 42, 8-bit/color RGBA, non-interlaced | English | United States | 1.0202205882352942 |
| PNG | 0x3c4944 | 0x1ce | PNG image data, 16 x 70, 8-bit/color RGBA, non-interlaced | English | United States | 1.0238095238095237 |
| PNG | 0x3c4b14 | 0x2a8 | PNG image data, 21 x 105, 8-bit/color RGBA, non-interlaced | English | United States | 1.0161764705882352 |
| PNG | 0x3c4dbc | 0x2a8 | PNG image data, 21 x 105, 8-bit/color RGBA, non-interlaced | English | United States | 1.0161764705882352 |
| PNG | 0x3c5064 | 0x159 | PNG image data, 16 x 70, 8-bit/color RGBA, non-interlaced | English | United States | 1.0318840579710145 |
| PNG | 0x3c51c0 | 0x177 | PNG image data, 21 x 105, 8-bit/color RGBA, non-interlaced | English | United States | 1.0293333333333334 |
| PNG | 0x3c5338 | 0x177 | PNG image data, 21 x 105, 8-bit/color RGBA, non-interlaced | English | United States | 1.0293333333333334 |
| PNG | 0x3c54b0 | 0xc3 | PNG image data, 16 x 70, 8-bit/color RGBA, non-interlaced | English | United States | 1.041025641025641 |
| PNG | 0x3c5574 | 0xed | PNG image data, 21 x 105, 8-bit/color RGBA, non-interlaced | English | United States | 1.0464135021097047 |
| PNG | 0x3c5664 | 0xed | PNG image data, 21 x 105, 8-bit/color RGBA, non-interlaced | English | United States | 1.0464135021097047 |
| PNG | 0x3c5754 | 0x1f8 | PNG image data, 16 x 70, 8-bit/color RGBA, non-interlaced | English | United States | 1.0218253968253967 |
| PNG | 0x3c594c | 0x20c | PNG image data, 21 x 105, 8-bit/color RGBA, non-interlaced | English | United States | 1.0209923664122138 |
| PNG | 0x3c5b58 | 0x20c | PNG image data, 21 x 105, 8-bit/color RGBA, non-interlaced | English | United States | 1.0209923664122138 |
| PNG | 0x3c5d64 | 0x1e95 | PNG image data, 46 x 135, 8-bit/color RGBA, non-interlaced | English | United States | 1.0014050325712096 |
| PNG | 0x3c7bfc | 0x1018 | PNG image data, 100 x 52, 8-bit/color RGB, non-interlaced | English | United States | 1.0026699029126214 |
| PNG | 0x3c8c14 | 0x2a8 | PNG image data, 26 x 52, 8-bit/color RGB, non-interlaced | English | United States | 0.9691176470588235 |
| PNG | 0x3c8ebc | 0x2d4 | PNG image data, 26 x 52, 8-bit/color RGB, non-interlaced | English | United States | 0.9696132596685083 |
| PNG | 0x3c9190 | 0xe0e | PNG image data, 50 x 264, 8-bit/color RGB, non-interlaced | English | United States | 1.0030572540300167 |
| PNG | 0x3c9fa0 | 0x2f6 | PNG image data, 16 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 1.0145118733509235 |
| PNG | 0x3ca298 | 0x118 | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | English | United States | 1.0392857142857144 |
| PNG | 0x3ca3b0 | 0xac | PNG image data, 4 x 14, 8-bit/color RGB, non-interlaced | English | United States | 1.0 |
| PNG | 0x3ca45c | 0x144 | PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.0339506172839505 |
| PNG | 0x3ca5a0 | 0x1a5 | PNG image data, 55 x 54, 8-bit/color RGB, non-interlaced | English | United States | 1.0261282660332542 |
| PNG | 0x3ca748 | 0x527 | PNG image data, 55 x 22, 8-bit colormap, non-interlaced | English | United States | 0.33965125094768767 |
| PNG | 0x3cac70 | 0x58a | PNG image data, 55 x 54, 8-bit colormap, non-interlaced | English | United States | 0.41114245416078987 |
| PNG | 0x3cb1fc | 0xec9 | PNG image data, 26 x 132, 8-bit/color RGB, non-interlaced | English | United States | 1.0029062087186262 |
| PNG | 0x3cc0c8 | 0xce | PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced | English | United States | 1.0339805825242718 |
| PNG | 0x3cc198 | 0xca | PNG image data, 43 x 11, 8-bit colormap, non-interlaced | English | United States | 1.0297029702970297 |
| PNG | 0x3cc264 | 0xc2 | PNG image data, 18 x 5, 8-bit colormap, non-interlaced | English | United States | 1.0051546391752577 |
| PNG | 0x3cc328 | 0xb7 | PNG image data, 10 x 9, 8-bit colormap, non-interlaced | English | United States | 0.994535519125683 |
| PNG | 0x3cc3e0 | 0xd0c | PNG image data, 90 x 8, 8-bit/color RGB, non-interlaced | English | United States | 1.0032934131736526 |
| PNG | 0x3cd0ec | 0xb47 | PNG image data, 20 x 12, 8-bit/color RGB, non-interlaced | English | United States | 1.0038101835815725 |
| PNG | 0x3cdc34 | 0x1020 | PNG image data, 22 x 110, 8-bit/color RGB, non-interlaced | English | United States | 1.0026647286821706 |
| PNG | 0x3cec54 | 0x1c6 | PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced | English | United States | 1.024229074889868 |
| PNG | 0x3cee1c | 0x103e | PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced | English | United States | 0.9177489177489178 |
| PNG | 0x3cfe5c | 0x551 | PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced | English | United States | 0.9933872152828802 |
| PNG | 0x3d03b0 | 0x301 | PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced | English | United States | 0.9791937581274383 |
| PNG | 0x3d06b4 | 0x779 | PNG image data, 22 x 66, 8-bit/color RGBA, non-interlaced | English | United States | 1.0057501306847882 |
| PNG | 0x3d0e30 | 0x9b | PNG image data, 3 x 18, 8-bit/color RGB, non-interlaced | English | United States | 1.0064516129032257 |
| PNG | 0x3d0ecc | 0xdc7 | PNG image data, 14 x 276, 8-bit/color RGB, non-interlaced | English | United States | 0.9098383895662036 |
| PNG | 0x3d1c94 | 0x9e | PNG image data, 3 x 18, 8-bit/color RGB, non-interlaced | English | United States | 1.0253164556962024 |
| PNG | 0x3d1d34 | 0xddf | PNG image data, 14 x 276, 8-bit/color RGB, non-interlaced | English | United States | 0.8997465502675303 |
| PNG | 0x3d2b14 | 0x376 | PNG image data, 80 x 92, 8-bit/color RGB, non-interlaced | English | United States | 0.5575620767494357 |
| PNG | 0x3d2e8c | 0x332 | PNG image data, 15 x 56, 8-bit/color RGB, non-interlaced | English | United States | 0.9963325183374083 |
| PNG | 0x3d31c0 | 0x544 | PNG image data, 49 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.008160237388724 |
| PNG | 0x3d3704 | 0x33d | PNG image data, 49 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0132689987937273 |
| PNG | 0x3d3a44 | 0xd6a | PNG image data, 13 x 110, 8-bit/color RGB, non-interlaced | English | United States | 1.003203261502621 |
| PNG | 0x3d47b0 | 0x114 | PNG image data, 11 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.039855072463768 |
| PNG | 0x3d48c4 | 0x513 | PNG image data, 13 x 88, 8-bit/color RGB, non-interlaced | English | United States | 1.0084680523479599 |
| PNG | 0x3d4dd8 | 0xc2d | PNG image data, 22 x 44, 8-bit/color RGB, non-interlaced | English | United States | 1.0035290343278793 |
| PNG | 0x3d5a08 | 0xee9 | PNG image data, 50 x 75, 8-bit/color RGB, non-interlaced | English | United States | 1.0028818443804035 |
| PNG | 0x3d68f4 | 0x102 | PNG image data, 1 x 23, 8-bit/color RGB, non-interlaced | English | United States | 0.9534883720930233 |
| PNG | 0x3d69f8 | 0x1d8b | PNG image data, 72 x 150, 8-bit/color RGBA, non-interlaced | English | United States | 1.0014544492926087 |
| PNG | 0x3d8784 | 0x1eb | PNG image data, 16 x 80, 8-bit/color RGBA, non-interlaced | English | United States | 1.0224032586558045 |
| PNG | 0x3d8970 | 0x6a | PNG image data, 19 x 3, 8-bit/color RGBA, non-interlaced | English | United States | 1.028301886792453 |
| PNG | 0x3d89dc | 0xfc | PNG image data, 10 x 124, 8-bit/color RGB, non-interlaced | English | United States | 1.0436507936507937 |
| PNG | 0x3d8ad8 | 0xb51 | PNG image data, 31 x 44, 8-bit/color RGB, non-interlaced | English | United States | 1.0037970314118052 |
| PNG | 0x3d962c | 0x85e | PNG image data, 16 x 48, 8-bit/color RGBA, non-interlaced | English | United States | 1.0051353874883286 |
| PNG | 0x3d9e8c | 0x273 | PNG image data, 7 x 39, 8-bit/color RGBA, non-interlaced | English | United States | 1.0175438596491229 |
| PNG | 0x3da100 | 0xb0a | PNG image data, 2 x 8, 8-bit/color RGB, non-interlaced | English | United States | 1.0038924274593064 |
| PNG | 0x3dac0c | 0xaf9 | PNG image data, 16 x 2, 8-bit/color RGB, non-interlaced | English | United States | 1.0039159843360626 |
| PNG | 0x3db708 | 0x7da | PNG image data, 16 x 48, 8-bit/color RGBA, non-interlaced | English | United States | 1.0054726368159204 |
| PNG | 0x3dbee4 | 0x118 | PNG image data, 8 x 22, 8-bit/color RGB, non-interlaced | English | United States | 0.95 |
| PNG | 0x3dbffc | 0xc9 | PNG image data, 4 x 22, 8-bit/color RGB, non-interlaced | English | United States | 1.0348258706467661 |
| PNG | 0x3dc0c8 | 0xa6 | PNG image data, 11 x 11, 8-bit/color RGB, non-interlaced | English | United States | 1.0240963855421688 |
| PNG | 0x3dc170 | 0x118 | PNG image data, 8 x 22, 8-bit/color RGB, non-interlaced | English | United States | 0.95 |
| PNG | 0x3dc288 | 0xb1a | PNG image data, 2 x 22, 8-bit/color RGB, non-interlaced | English | United States | 1.0038705137227304 |
| PNG | 0x3dcda4 | 0x1c21 | PNG image data, 88 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 0.9934731287321206 |
| PNG | 0x3de9c8 | 0x811 | PNG image data, 13 x 156, 8-bit/color RGBA, non-interlaced | English | United States | 1.0053268765133172 |
| PNG | 0x3df1dc | 0xd0 | PNG image data, 5 x 16, 8-bit/color RGB, non-interlaced | English | United States | 1.0384615384615385 |
| PNG | 0x3df2ac | 0x9c1 | PNG image data, 13 x 104, 8-bit/color RGBA, non-interlaced | English | United States | 1.0044052863436124 |
| PNG | 0x3dfc70 | 0x346 | PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced | English | United States | 1.0131264916467781 |
| PNG | 0x3dffb8 | 0xe0e | PNG image data, 50 x 264, 8-bit/color RGB, non-interlaced | English | United States | 1.0030572540300167 |
| PNG | 0x3e0dc8 | 0x642 | PNG image data, 15 x 130, 8-bit colormap, non-interlaced | English | United States | 1.0068664169787764 |
| PNG | 0x3e140c | 0x118 | PNG image data, 5 x 80, 8-bit/color RGB, non-interlaced | English | United States | 1.0392857142857144 |
| PNG | 0x3e1524 | 0xcb0 | PNG image data, 10 x 170, 8-bit/color RGB, non-interlaced | English | United States | 1.0033866995073892 |
| PNG | 0x3e21d4 | 0xcc7 | PNG image data, 17 x 100, 8-bit/color RGB, non-interlaced | English | United States | 1.003362885967594 |
| PNG | 0x3e2e9c | 0x971 | PNG image data, 22 x 110, 8-bit/color RGB, non-interlaced | English | United States | 1.0045510964004964 |
| PNG | 0x3e3810 | 0x95c | PNG image data, 22 x 110, 8-bit/color RGB, non-interlaced | English | United States | 1.0045909849749584 |
| PNG | 0x3e416c | 0x9d6 | PNG image data, 22 x 110, 8-bit/color RGB, non-interlaced | English | United States | 1.0043685464654488 |
| PNG | 0x3e4b44 | 0x9be | PNG image data, 22 x 110, 8-bit/color RGB, non-interlaced | English | United States | 1.0044105854049719 |
| PNG | 0x3e5504 | 0xdd5 | PNG image data, 24 x 154, 8-bit/color RGB, non-interlaced | English | United States | 0.9195142615080486 |
| PNG | 0x3e62dc | 0x63b | PNG image data, 8 x 132, 8-bit/color RGB, non-interlaced | English | United States | 0.8332288401253919 |
| PNG | 0x3e6918 | 0x63b | PNG image data, 8 x 132, 8-bit/color RGB, non-interlaced | English | United States | 0.8332288401253919 |
| PNG | 0x3e6f54 | 0x722 | PNG image data, 9 x 132, 8-bit/color RGB, non-interlaced | English | United States | 0.8674698795180723 |
| PNG | 0x3e7678 | 0xe0e | PNG image data, 24 x 154, 8-bit/color RGB, non-interlaced | English | United States | 0.9238465814341301 |
| PNG | 0x3e8488 | 0xdd5 | PNG image data, 24 x 154, 8-bit/color RGB, non-interlaced | English | United States | 0.9195142615080486 |
| PNG | 0x3e9260 | 0x7bd | PNG image data, 23 x 132, 8-bit/color RGBA, non-interlaced | English | United States | 0.8995456839979808 |
| PNG | 0x3e9a20 | 0xf19 | PNG image data, 50 x 234, 8-bit/color RGB, non-interlaced | English | United States | 0.9169469598965071 |
| PNG | 0x3ea93c | 0x3e6 | PNG image data, 11 x 110, 8-bit/color RGB, non-interlaced | English | United States | 0.8256513026052105 |
| PNG | 0x3ead24 | 0x5a0 | PNG image data, 50 x 135, 8-bit/color RGBA, non-interlaced | English | United States | 0.8625 |
| PNG | 0x3eb2c4 | 0x224 | PNG image data, 11 x 78, 8-bit/color RGB, non-interlaced | English | United States | 1.02007299270073 |
| PNG | 0x3eb4e8 | 0x1c6 | PNG image data, 26 x 33, 8-bit/color RGB, non-interlaced | English | United States | 1.024229074889868 |
| PNG | 0x3eb6b0 | 0xec | PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced | English | United States | 1.0381355932203389 |
| PNG | 0x3eb79c | 0xed | PNG image data, 26 x 26, 8-bit/color RGB, non-interlaced | English | United States | 1.029535864978903 |
| PNG | 0x3eb88c | 0xcd | PNG image data, 13 x 13, 8-bit/color RGB, non-interlaced | English | United States | 1.0341463414634147 |
| PNG | 0x3eb95c | 0x84 | PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced | English | United States | 0.9924242424242424 |
| PNG | 0x3eb9e0 | 0x70 | PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced | English | United States | 1.0267857142857142 |
| PNG | 0x3eba50 | 0xb21 | PNG image data, 86 x 2, 8-bit/color RGB, non-interlaced | English | United States | 1.0038610038610039 |
| PNG | 0x3ec574 | 0x24b0 | PNG image data, 80 x 330, 8-bit/color RGBA, non-interlaced | English | United States | 0.995954003407155 |
| PNG | 0x3eea24 | 0x9b | PNG image data, 1 x 216, 8-bit/color RGBA, non-interlaced | English | United States | 1.0258064516129033 |
| PNG | 0x3eeac0 | 0x149 | PNG image data, 9 x 18, 8-bit/color RGB, non-interlaced | 1.033434650455927 | ||
| PNG | 0x3eec0c | 0x18c | PNG image data, 10 x 50, 8-bit/color RGB, non-interlaced | 1.0277777777777777 | ||
| PNG | 0x3eed98 | 0x2bd | PNG image data, 13 x 36, 8-bit/color RGBA, non-interlaced | 1.0156918687589158 | ||
| PNG | 0x3ef058 | 0x505 | PNG image data, 19 x 114, 8-bit/color RGBA, non-interlaced | 1.0085603112840467 | ||
| PNG | 0x3ef560 | 0x41a | PNG image data, 19 x 114, 8-bit/color RGBA, non-interlaced | 1.0104761904761905 | ||
| PNG | 0x3ef97c | 0xb5 | PNG image data, 19 x 114, 8-bit/color RGBA, non-interlaced | 1.0165745856353592 | ||
| PNG | 0x3efa34 | 0x3bb | PNG image data, 19 x 114, 8-bit/color RGBA, non-interlaced | 1.0115183246073298 | ||
| PNG | 0x3efdf0 | 0x2d0 | PNG image data, 19 x 114, 8-bit/color RGBA, non-interlaced | 1.0152777777777777 | ||
| PNG | 0x3f00c0 | 0x707 | PNG image data, 49 x 114, 8-bit/color RGBA, non-interlaced | 1.0061145080600333 | ||
| PNG | 0x3f07c8 | 0x62f | PNG image data, 48 x 114, 8-bit/color RGB, non-interlaced | 1.0069488313329122 | ||
| PNG | 0x3f0df8 | 0xb13 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced | English | United States | 0.9876543209876543 |
| PNG | 0x3f190c | 0x320 | PNG image data, 34 x 32, 8-bit/color RGBA, non-interlaced | English | United States | 1.01375 |
| PNG | 0x3f1c2c | 0xb24 | PNG image data, 5 x 3, 8-bit/color RGBA, non-interlaced | 1.0038569424964936 | ||
| PNG | 0x3f2750 | 0x1b2 | PNG image data, 16 x 15, 8-bit/color RGB, non-interlaced | 1.0253456221198156 | ||
| PNG | 0x3f2904 | 0xca7 | PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033961099104662 |
| PNG | 0x3f35ac | 0xf863 | PNG image data, 290 x 207, 8-bit/color RGBA, non-interlaced | English | United States | 1.000408888609307 |
| PNG | 0x402e10 | 0x655 | PNG image data, 166 x 82, 8-bit/color RGBA, non-interlaced | English | United States | 1.0067859346082666 |
| PNG | 0x403468 | 0x57f | PNG image data, 142 x 93, 8-bit/color RGBA, non-interlaced | English | United States | 1.007818052594172 |
| PNG | 0x4039e8 | 0x66cd | PNG image data, 200 x 348, 8-bit/color RGBA, non-interlaced | English | United States | 1.000189991260402 |
| PNG | 0x40a0b8 | 0xd77 | PNG image data, 127 x 410, 8-bit/color RGBA, non-interlaced | English | United States | 0.8584276182187409 |
| PNG | 0x40ae30 | 0x6a2 | PNG image data, 73 x 69, 8-bit/color RGBA, non-interlaced | English | United States | 1.0064782096584217 |
| PNG | 0x40b4d4 | 0xc18 | PNG image data, 74 x 50, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035529715762275 |
| PNG | 0x40c0ec | 0x3e4 | PNG image data, 59 x 68, 8-bit/color RGBA, non-interlaced | English | United States | 1.0110441767068272 |
| PNG | 0x40c4d0 | 0x377 | PNG image data, 70 x 65, 8-bit/color RGBA, non-interlaced | English | United States | 1.012401352874859 |
| PNG | 0x40c848 | 0x4d7 | PNG image data, 65 x 75, 8-bit/color RGBA, non-interlaced | English | United States | 1.0088781275221954 |
| PNG | 0x40cd20 | 0x1617 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced | English | United States | 1.001945181255526 |
| PNG | 0x40e338 | 0x1848 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced | English | United States | 1.0017696267696268 |
| PNG | 0x40fb80 | 0x12d2 | PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced | English | United States | 1.0022831050228311 |
| PNG | 0x410e54 | 0x361 | PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced | English | United States | 1.0127167630057803 |
| PNG | 0x4111b8 | 0x11e0 | PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.0024038461538463 |
| PNG | 0x412398 | 0x255 | PNG image data, 22 x 21, 8-bit/color RGBA, non-interlaced | English | United States | 1.018425460636516 |
| PNG | 0x4125f0 | 0x23e | PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.019163763066202 |
| PNG | 0x412830 | 0x10c | PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.0149253731343284 |
| PNG | 0x41293c | 0x230 | PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.019642857142857 |
| PNG | 0x412b6c | 0x222 | PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced | English | United States | 1.02014652014652 |
| PNG | 0x412d90 | 0x129 | PNG image data, 22 x 21, 8-bit/color RGBA, non-interlaced | English | United States | 1.0235690235690236 |
| PNG | 0x412ebc | 0x1ba | PNG image data, 22 x 21, 8-bit/color RGBA, non-interlaced | English | United States | 1.0248868778280542 |
| PNG | 0x413078 | 0x149 | PNG image data, 20 x 19, 8-bit/color RGBA, non-interlaced | English | United States | 1.0243161094224924 |
| PNG | 0x4131c4 | 0xb78 | PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced | English | United States | 1.0037465940054495 |
| PNG | 0x413d3c | 0x1313 | PNG image data, 160 x 16, 8-bit/color RGBA, non-interlaced | 1.0022527134958017 | ||
| PNG | 0x415050 | 0x54d | PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced | 1.0081061164333087 | ||
| PNG | 0x4155a0 | 0xdb | PNG image data, 43 x 43, 4-bit colormap, non-interlaced | 0.9452054794520548 | ||
| PNG | 0x41567c | 0x17e2 | PNG image data, 120 x 109, 8-bit colormap, non-interlaced | 1.001799149492967 | ||
| PNG | 0x416e60 | 0x188b | PNG image data, 120 x 109, 8-bit colormap, non-interlaced | 1.0017507560082763 | ||
| PNG | 0x4186ec | 0x1928 | PNG image data, 120 x 109, 8-bit colormap, non-interlaced | 1.0017080745341616 | ||
| PNG | 0x41a014 | 0xea3 | PNG image data, 161 x 122, 8-bit colormap, non-interlaced | 0.911929543634908 | ||
| PNG | 0x41aeb8 | 0x33d | PNG image data, 32 x 16, 8-bit/color RGBA, non-interlaced | 1.0132689987937273 | ||
| PNG | 0x41b1f8 | 0x142 | PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced | 1.0341614906832297 | ||
| TEXT | 0x41b33c | 0x789d | XML 1.0 document, ISO-8859 text, with very long lines (574), with CRLF line terminators | English | United States | 0.2457168766395699 |
| TEXT | 0x422bdc | 0x833b | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (763), with CRLF line terminators | English | United States | 0.2187825569281143 |
| TEXT | 0x42af18 | 0x8051 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (779), with CRLF line terminators | English | United States | 0.2205851015251606 |
| TEXT | 0x432f6c | 0x8424 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (790), with CRLF line terminators | English | United States | 0.2231583303772023 |
| TEXT | 0x43b390 | 0x80a5 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (516), with CRLF line terminators | English | United States | 0.24458749582485653 |
| TEXT | 0x443438 | 0x7cb0 | XML 1.0 document, Non-ISO extended-ASCII text, with very long lines (669), with CRLF line terminators | English | United States | 0.22666040100250626 |
| TEXT | 0x44b0e8 | 0x8a97 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (645), with CRLF line terminators | English | United States | 0.2148594943487697 |
| TEXT | 0x453b80 | 0x7f65 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (770), with CRLF line terminators | English | United States | 0.22555422684205684 |
| TEXT | 0x45bae8 | 0x8052 | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (761), with CRLF line terminators | English | United States | 0.2265144596651446 |
| TEXT | 0x463b3c | 0x7bca | XML 1.0 document, Unicode text, UTF-8 text, with very long lines (728), with CRLF line terminators | English | United States | 0.2263490059955822 |
| TEXTFILE | 0x46b708 | 0x4da8 | Generic INItialization configuration [Window] | English | United States | 0.19386317907444667 |
| RT_CURSOR | 0x4704b0 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967288, 3840 elements, 2nd "\377\360\037\377\377\370?\377\377\374\177\377\377\376\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.3344155844155844 |
| RT_CURSOR | 0x4705e4 | 0xb4 | Targa image data - RLE 32 x 65536 x 1 +16 "\001" | English | United States | 0.5 |
| RT_CURSOR | 0x470698 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967288, 3840 elements, 2nd "\377\370\037\377\377\370\037\377\377\370\037\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.3344155844155844 |
| RT_CURSOR | 0x4707cc | 0xb4 | Targa image data - RLE 32 x 65536 x 1 +16 "\001" | English | United States | 0.49444444444444446 |
| RT_CURSOR | 0x470880 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | 0.4642857142857143 | ||
| RT_CURSOR | 0x4709b4 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | 0.538961038961039 | ||
| RT_CURSOR | 0x470ae8 | 0x134 | data | 0.39935064935064934 | ||
| RT_CURSOR | 0x470c1c | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | 0.4512987012987013 | ||
| RT_CURSOR | 0x470d50 | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | 0.39285714285714285 | ||
| RT_CURSOR | 0x470e84 | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | 0.4967532467532468 | ||
| RT_CURSOR | 0x470fb8 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | 0.22077922077922077 | ||
| RT_CURSOR | 0x4710ec | 0x134 | data | 0.4383116883116883 | ||
| RT_CURSOR | 0x471220 | 0x134 | data | 0.4675324675324675 | ||
| RT_CURSOR | 0x471354 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | 0.40584415584415584 | ||
| RT_CURSOR | 0x471488 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294966784, 3072 elements, 2nd "\376", 3rd | 0.4318181818181818 | ||
| RT_CURSOR | 0x4715bc | 0x134 | data | 0.5909090909090909 | ||
| RT_CURSOR | 0x4716f0 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967288, 3840 elements, 2nd "\377\370\037\377\377\370\037\377\377\370\037\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | 0.32142857142857145 | ||
| RT_CURSOR | 0x471824 | 0xb4 | Targa image data - RLE 32 x 65536 x 1 +16 "\001" | 0.49444444444444446 | ||
| RT_CURSOR | 0x4718d8 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967288, 3840 elements, 2nd "\377\360\037\377\377\370?\377\377\374\177\377\377\376\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | 0.33766233766233766 | ||
| RT_CURSOR | 0x471a0c | 0xb4 | Targa image data - RLE 32 x 65536 x 1 +16 "\001" | 0.5 | ||
| RT_CURSOR | 0x471ac0 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | 0.3181818181818182 | ||
| RT_CURSOR | 0x471bf4 | 0x134 | data | 0.37012987012987014 | ||
| RT_CURSOR | 0x471d28 | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | 0.39285714285714285 | ||
| RT_CURSOR | 0x471e5c | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | 0.4967532467532468 | ||
| RT_CURSOR | 0x471f90 | 0x134 | Targa image data - Mono 64 x 65536 x 1 +32 "\001" | 0.4512987012987013 | ||
| RT_CURSOR | 0x4720c4 | 0xcac | data | 0.08631319358816276 | ||
| RT_CURSOR | 0x472d70 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967171, 3840 elements, 2nd "\377\007\340\377\376\017\360\177\374\037\370?\370?\374\037\370\177\376\037\370\377\377\037\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | 0.4837662337662338 | ||
| RT_CURSOR | 0x472ea4 | 0x134 | data | 0.39935064935064934 | ||
| RT_CURSOR | 0x472fd8 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | 0.5487012987012987 | ||
| RT_CURSOR | 0x47310c | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | 0.474025974025974 | ||
| RT_CURSOR | 0x473240 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | English | United States | 0.18983957219251338 |
| RT_CURSOR | 0x47352c | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | English | United States | 0.16310160427807488 |
| RT_CURSOR | 0x473818 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4805194805194805 |
| RT_CURSOR | 0x47394c | 0xb4 | Targa image data - Map 32 x 65536 x 1 +16 "\001" | English | United States | 0.7 |
| RT_CURSOR | 0x473a00 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.36363636363636365 |
| RT_CURSOR | 0x473b34 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.35714285714285715 |
| RT_CURSOR | 0x473c68 | 0x134 | data | English | United States | 0.37337662337662336 |
| RT_CURSOR | 0x473d9c | 0x134 | data | English | United States | 0.37662337662337664 |
| RT_CURSOR | 0x473ed0 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | English | United States | 0.36688311688311687 |
| RT_CURSOR | 0x474004 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | English | United States | 0.37662337662337664 |
| RT_CURSOR | 0x474138 | 0x134 | Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.36688311688311687 |
| RT_CURSOR | 0x47426c | 0x134 | Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
| RT_CURSOR | 0x4743a0 | 0x134 | data | English | United States | 0.44155844155844154 |
| RT_CURSOR | 0x4744d4 | 0x134 | data | English | United States | 0.4155844155844156 |
| RT_CURSOR | 0x474608 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.5422077922077922 |
| RT_CURSOR | 0x47473c | 0x134 | data | English | United States | 0.2662337662337662 |
| RT_CURSOR | 0x474870 | 0x134 | data | English | United States | 0.2824675324675325 |
| RT_CURSOR | 0x4749a4 | 0x134 | data | English | United States | 0.3246753246753247 |
| RT_BITMAP | 0x474ad8 | 0x92a | Device independent bitmap graphic, 48 x 16 x 24, image size 0, resolution 3779 x 3779 px/m | English | United States | 0.3887468030690537 |
| RT_BITMAP | 0x475404 | 0x728 | Device independent bitmap graphic, 48 x 16 x 8, image size 768 | English | United States | 0.3558951965065502 |
| RT_BITMAP | 0x475b2c | 0x1138 | Device independent bitmap graphic, 112 x 13 x 24, image size 4368, resolution 2834 x 2834 px/m | English | United States | 0.3704627949183303 |
| RT_BITMAP | 0x476c64 | 0x928 | Device independent bitmap graphic, 48 x 16 x 24, image size 2304 | English | United States | 0.4372866894197952 |
| RT_BITMAP | 0x47758c | 0xc2a | Device independent bitmap graphic, 64 x 16 x 24, image size 3074, resolution 3778 x 3778 px/m | English | United States | 0.20648683365446371 |
| RT_BITMAP | 0x4781b8 | 0xc8 | Device independent bitmap graphic, 20 x 8 x 4, image size 96 | 0.455 | ||
| RT_BITMAP | 0x478280 | 0xc8 | Device independent bitmap graphic, 20 x 8 x 4, image size 96 | 0.455 | ||
| RT_BITMAP | 0x478348 | 0x220 | Device independent bitmap graphic, 80 x 11 x 4, image size 440 | 0.35294117647058826 | ||
| RT_BITMAP | 0x478568 | 0xe8 | Device independent bitmap graphic, 8 x 8 x 24, image size 192 | 0.1724137931034483 | ||
| RT_BITMAP | 0x478650 | 0x50 | Device independent bitmap graphic, 8 x 8 x 1, image size 32 | 0.5875 | ||
| RT_BITMAP | 0x4786a0 | 0x86a | Device independent bitmap graphic, 256 x 16 x 4, image size 2050, resolution 2834 x 2834 px/m | 0.2924791086350975 | ||
| RT_BITMAP | 0x478f0c | 0x4028 | Device independent bitmap graphic, 256 x 16 x 32, image size 16384 | 0.4798465660009742 | ||
| RT_BITMAP | 0x47cf34 | 0xb0 | Device independent bitmap graphic, 64 x 16 x 1, image size 128, 2 important colors | 0.5284090909090909 | ||
| RT_BITMAP | 0x47cfe4 | 0x1568 | Device independent bitmap graphic, 672 x 16 x 4, image size 0 | 0.30620437956204377 | ||
| RT_BITMAP | 0x47e54c | 0x168 | Device independent bitmap graphic, 32 x 16 x 4, image size 256 | 0.25833333333333336 | ||
| RT_BITMAP | 0x47e6b4 | 0x24c | Device independent bitmap graphic, 88 x 11 x 4, image size 484 | 0.25510204081632654 | ||
| RT_BITMAP | 0x47e900 | 0x158 | Device independent bitmap graphic, 32 x 15 x 4, image size 240 | 0.436046511627907 | ||
| RT_BITMAP | 0x47ea58 | 0x24a | Device independent bitmap graphic, 64 x 15 x 4, image size 482, resolution 2834 x 2834 px/m | 0.30716723549488056 | ||
| RT_BITMAP | 0x47eca4 | 0x1b8 | Device independent bitmap graphic, 56 x 12 x 4, image size 336 | 0.43863636363636366 | ||
| RT_BITMAP | 0x47ee5c | 0x158 | Device independent bitmap graphic, 36 x 12 x 4, image size 240 | 0.33430232558139533 | ||
| RT_BITMAP | 0x47efb4 | 0x158 | Device independent bitmap graphic, 36 x 12 x 4, image size 240 | 0.36046511627906974 | ||
| RT_BITMAP | 0x47f10c | 0x2c0 | Device independent bitmap graphic, 80 x 15 x 4, image size 600 | 0.2741477272727273 | ||
| RT_BITMAP | 0x47f3cc | 0x158 | Device independent bitmap graphic, 32 x 15 x 4, image size 240 | 0.3488372093023256 | ||
| RT_BITMAP | 0x47f524 | 0x2c0 | Device independent bitmap graphic, 80 x 15 x 4, image size 600 | 0.4005681818181818 | ||
| RT_BITMAP | 0x47f7e4 | 0x668 | Device independent bitmap graphic, 20 x 20 x 32, image size 0 | 0.3603658536585366 | ||
| RT_BITMAP | 0x47fe4c | 0x668 | Device independent bitmap graphic, 20 x 20 x 32, image size 0 | 0.3567073170731707 | ||
| RT_BITMAP | 0x4804b4 | 0xc8 | Device independent bitmap graphic, 10 x 12 x 4, image size 96, resolution 3780 x 3780 px/m | 0.51 | ||
| RT_BITMAP | 0x48057c | 0x168 | Device independent bitmap graphic, 32 x 16 x 4, image size 256, 16 important colors | 0.4722222222222222 | ||
| RT_BITMAP | 0x4806e4 | 0x12b8 | Device independent bitmap graphic, 132 x 12 x 24, image size 4752, resolution 2834 x 2834 px/m | 0.24895659432387313 | ||
| RT_BITMAP | 0x48199c | 0x94e | Device independent bitmap graphic, 60 x 13 x 24, image size 2342, resolution 2834 x 2834 px/m | 0.45759865659109994 | ||
| RT_BITMAP | 0x4822ec | 0x39c | Device independent bitmap graphic, 17 x 17 x 24, image size 884 | 0.11904761904761904 | ||
| RT_BITMAP | 0x482688 | 0x5a6 | Device independent bitmap graphic, 19 x 19 x 8, image size 0, resolution 3779 x 3779 px/m | 0.8015214384508991 | ||
| RT_BITMAP | 0x482c30 | 0x5a6 | Device independent bitmap graphic, 19 x 19 x 8, image size 0, resolution 3779 x 3779 px/m | 0.826417704011065 | ||
| RT_BITMAP | 0x4831d8 | 0xb8 | Device independent bitmap graphic, 12 x 10 x 4, image size 80 | English | United States | 0.44565217391304346 |
| RT_BITMAP | 0x483290 | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | English | United States | 0.37962962962962965 |
| RT_ICON | 0x4833d4 | 0x4bba | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | Chinese | China | 1.0008253378726917 |
| RT_ICON | 0x487f90 | 0x2b35 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | Chinese | China | 0.9290299249615767 |
| RT_ICON | 0x48aac8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Chinese | China | 0.24813432835820895 |
| RT_ICON | 0x48b970 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Chinese | China | 0.2694043321299639 |
| RT_ICON | 0x48c218 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Chinese | China | 0.30357142857142855 |
| RT_ICON | 0x48c8e0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Chinese | China | 0.23121387283236994 |
| RT_ICON | 0x48ce48 | 0x2b32 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | Chinese | China | 0.9440224272020257 |
| RT_ICON | 0x48f97c | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | Chinese | China | 0.05935762451200757 |
| RT_ICON | 0x4a01a4 | 0x67e8 | Device independent bitmap graphic, 80 x 160 x 32, image size 26560 | Chinese | China | 0.11244360902255639 |
| RT_ICON | 0x4a698c | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Chinese | China | 0.16784232365145227 |
| RT_ICON | 0x4a8f34 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Chinese | China | 0.19723264540337712 |
| RT_ICON | 0x4a9fdc | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Chinese | China | 0.3168032786885246 |
| RT_ICON | 0x4aa964 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Chinese | China | 0.35815602836879434 |
| RT_ICON | 0x4aadcc | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.552797833935018 |
| RT_ICON | 0x4ab674 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.45736994219653176 |
| RT_ICON | 0x4abbdc | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.4588150289017341 |
| RT_ICON | 0x4ac144 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | 0.581989247311828 | ||
| RT_ICON | 0x4ac42c | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | 0.581081081081081 | ||
| RT_ICON | 0x4ac554 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | 0.7847472924187726 | ||
| RT_ICON | 0x4acdfc | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | 0.4963872832369942 | ||
| RT_ICON | 0x4ad364 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.5393996247654784 | ||
| RT_ICON | 0x4ae40c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.5647163120567376 | ||
| RT_ICON | 0x4ae874 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | 0.6048387096774194 | ||
| RT_ICON | 0x4aeb5c | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | 0.6114864864864865 | ||
| RT_ICON | 0x4aec84 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | 0.7915162454873647 | ||
| RT_ICON | 0x4af52c | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | 0.4718208092485549 | ||
| RT_ICON | 0x4afa94 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.5555816135084428 | ||
| RT_ICON | 0x4b0b3c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.5638297872340425 | ||
| RT_ICON | 0x4b0fa4 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | 0.5577956989247311 | ||
| RT_ICON | 0x4b128c | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | 0.6351351351351351 | ||
| RT_ICON | 0x4b13b4 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | 0.7324007220216606 | ||
| RT_ICON | 0x4b1c5c | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | 0.48988439306358383 | ||
| RT_ICON | 0x4b21c4 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.5377579737335835 | ||
| RT_ICON | 0x4b326c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.5948581560283688 | ||
| RT_ICON | 0x4b36d4 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | 0.4852150537634409 | ||
| RT_ICON | 0x4b39bc | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | 0.5777027027027027 | ||
| RT_ICON | 0x4b3ae4 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | 0.6746389891696751 | ||
| RT_ICON | 0x4b438c | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | 0.29985549132947975 | ||
| RT_ICON | 0x4b48f4 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.42847091932457787 | ||
| RT_ICON | 0x4b599c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.4175531914893617 | ||
| RT_ICON | 0x4b5e04 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 128 | 0.7302631578947368 | ||
| RT_ICON | 0x4b5f34 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | 0.6088709677419355 | ||
| RT_ICON | 0x4b621c | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | 0.7969314079422383 | ||
| RT_ICON | 0x4b6ac4 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | 0.5592485549132948 | ||
| RT_ICON | 0x4b702c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.5710600375234521 | ||
| RT_ICON | 0x4b80d4 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.6046099290780141 | ||
| RT_ICON | 0x4b853c | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | 0.4118663594470046 | ||
| RT_MENU | 0x4b8c04 | 0x4a | Matlab v4 mat-file (little endian) e, numeric, rows 6357136, columns 6357089 | English | United States | 0.7972972972972973 |
| RT_MENU | 0x4b8c50 | 0x1cc | data | English | United States | 0.45869565217391306 |
| RT_MENU | 0x4b8e1c | 0x1d0 | data | English | United States | 0.49353448275862066 |
| RT_MENU | 0x4b8fec | 0x144 | data | English | United States | 0.49074074074074076 |
| RT_MENU | 0x4b9130 | 0x1e2 | data | English | United States | 0.34854771784232363 |
| RT_MENU | 0x4b9314 | 0x222 | data | English | United States | 0.4175824175824176 |
| RT_DIALOG | 0x4b9538 | 0x1b6 | data | English | United States | 0.5570776255707762 |
| RT_DIALOG | 0x4b96f0 | 0x72e | data | English | United States | 0.3797606093579978 |
| RT_DIALOG | 0x4b9e20 | 0x1f4 | data | English | United States | 0.574 |
| RT_DIALOG | 0x4ba014 | 0x86 | data | Chinese | China | 0.7388059701492538 |
| RT_DIALOG | 0x4ba09c | 0x592 | data | English | United States | 0.3534361851332398 |
| RT_DIALOG | 0x4ba630 | 0xe2 | data | English | United States | 0.672566371681416 |
| RT_DIALOG | 0x4ba714 | 0x19a | data | English | United States | 0.5365853658536586 |
| RT_DIALOG | 0x4ba8b0 | 0x2dc | data | English | United States | 0.453551912568306 |
| RT_DIALOG | 0x4bab8c | 0x210 | data | English | United States | 0.5284090909090909 |
| RT_DIALOG | 0x4bad9c | 0x180 | data | English | United States | 0.5546875 |
| RT_DIALOG | 0x4baf1c | 0x4c | data | English | United States | 0.8289473684210527 |
| RT_DIALOG | 0x4baf68 | 0x254 | data | English | United States | 0.5218120805369127 |
| RT_DIALOG | 0x4bb1bc | 0x272 | data | English | United States | 0.4424920127795527 |
| RT_DIALOG | 0x4bb430 | 0xf0 | data | English | United States | 0.6708333333333333 |
| RT_DIALOG | 0x4bb520 | 0x1c4 | data | English | United States | 0.5376106194690266 |
| RT_DIALOG | 0x4bb6e4 | 0x180 | data | English | United States | 0.5651041666666666 |
| RT_DIALOG | 0x4bb864 | 0x4c | data | English | United States | 0.8289473684210527 |
| RT_DIALOG | 0x4bb8b0 | 0x76 | data | English | United States | 0.7627118644067796 |
| RT_DIALOG | 0x4bb928 | 0x322 | data | English | United States | 0.3765586034912718 |
| RT_DIALOG | 0x4bbc4c | 0xe0 | data | English | United States | 0.6741071428571429 |
| RT_DIALOG | 0x4bbd2c | 0xca | data | English | United States | 0.6831683168316832 |
| RT_DIALOG | 0x4bbdf8 | 0x1d2 | data | English | United States | 0.5128755364806867 |
| RT_DIALOG | 0x4bbfcc | 0x68 | data | English | United States | 0.7692307692307693 |
| RT_DIALOG | 0x4bc034 | 0x68 | data | English | United States | 0.7596153846153846 |
| RT_DIALOG | 0x4bc09c | 0x68 | data | English | United States | 0.7596153846153846 |
| RT_DIALOG | 0x4bc104 | 0x82 | data | English | United States | 0.7461538461538462 |
| RT_DIALOG | 0x4bc188 | 0x90 | data | English | United States | 0.6527777777777778 |
| RT_DIALOG | 0x4bc218 | 0x11c | data | English | United States | 0.5950704225352113 |
| RT_DIALOG | 0x4bc334 | 0x1fc | data | English | United States | 0.531496062992126 |
| RT_DIALOG | 0x4bc530 | 0x104 | data | English | United States | 0.6730769230769231 |
| RT_DIALOG | 0x4bc634 | 0x10c | data | English | United States | 0.6417910447761194 |
| RT_DIALOG | 0x4bc740 | 0x110 | data | English | United States | 0.5330882352941176 |
| RT_DIALOG | 0x4bc850 | 0x8ac | data | English | United States | 0.37972972972972974 |
| RT_DIALOG | 0x4bd0fc | 0x670 | data | English | United States | 0.36468446601941745 |
| RT_DIALOG | 0x4bd76c | 0xa88 | data | English | United States | 0.35793768545994065 |
| RT_DIALOG | 0x4be1f4 | 0x3c4 | data | English | United States | 0.3848547717842324 |
| RT_DIALOG | 0x4be5b8 | 0x21a | data | English | United States | 0.516728624535316 |
| RT_DIALOG | 0x4be7d4 | 0x276 | data | English | United States | 0.4365079365079365 |
| RT_DIALOG | 0x4bea4c | 0x2c4 | data | English | United States | 0.4505649717514124 |
| RT_DIALOG | 0x4bed10 | 0x2bc | data | English | United States | 0.48142857142857143 |
| RT_DIALOG | 0x4befcc | 0x16e | data | English | United States | 0.5109289617486339 |
| RT_DIALOG | 0x4bf13c | 0x350 | data | English | United States | 0.44221698113207547 |
| RT_DIALOG | 0x4bf48c | 0x1f4 | data | English | United States | 0.486 |
| RT_DIALOG | 0x4bf680 | 0x104 | data | English | United States | 0.6 |
| RT_DIALOG | 0x4bf784 | 0x52 | data | 0.8048780487804879 | ||
| RT_DIALOG | 0x4bf7d8 | 0x128 | data | English | United States | 0.5844594594594594 |
| RT_DIALOG | 0x4bf900 | 0x436 | data | English | United States | 0.32189239332096475 |
| RT_DIALOG | 0x4bfd38 | 0xa0 | data | English | United States | 0.7 |
| RT_DIALOG | 0x4bfdd8 | 0x26a | data | English | United States | 0.4563106796116505 |
| RT_DIALOG | 0x4c0044 | 0x598 | data | English | United States | 0.4057262569832402 |
| RT_DIALOG | 0x4c05dc | 0x20a | data | English | United States | 0.524904214559387 |
| RT_DIALOG | 0x4c07e8 | 0x1a0 | data | English | United States | 0.5576923076923077 |
| RT_DIALOG | 0x4c0988 | 0x4e4 | data | English | United States | 0.43450479233226835 |
| RT_DIALOG | 0x4c0e6c | 0x474 | data | English | United States | 0.3684210526315789 |
| RT_DIALOG | 0x4c12e0 | 0x474 | data | English | United States | 0.38596491228070173 |
| RT_DIALOG | 0x4c1754 | 0x31e | data | English | United States | 0.41228070175438597 |
| RT_DIALOG | 0x4c1a74 | 0x24a | data | English | United States | 0.46757679180887374 |
| RT_DIALOG | 0x4c1cc0 | 0x108 | data | English | United States | 0.5833333333333334 |
| RT_DIALOG | 0x4c1dc8 | 0x15a | data | English | United States | 0.5115606936416185 |
| RT_DIALOG | 0x4c1f24 | 0xe8 | data | English | United States | 0.6336206896551724 |
| RT_DIALOG | 0x4c200c | 0x34 | data | English | United States | 0.9038461538461539 |
| RT_STRING | 0x4c2040 | 0x20a | data | English | United States | 0.5 |
| RT_STRING | 0x4c224c | 0x35c | data | English | United States | 0.3872093023255814 |
| RT_STRING | 0x4c25a8 | 0x342 | data | English | United States | 0.4184652278177458 |
| RT_STRING | 0x4c28ec | 0x39a | data | English | United States | 0.37093275488069416 |
| RT_STRING | 0x4c2c88 | 0x2b4 | data | English | United States | 0.3945086705202312 |
| RT_STRING | 0x4c2f3c | 0x22e | data | English | United States | 0.517921146953405 |
| RT_STRING | 0x4c316c | 0x1fe | data | English | United States | 0.49411764705882355 |
| RT_STRING | 0x4c336c | 0x36c | data | English | United States | 0.4509132420091324 |
| RT_STRING | 0x4c36d8 | 0x302 | data | English | United States | 0.4 |
| RT_STRING | 0x4c39dc | 0x380 | data | English | United States | 0.4029017857142857 |
| RT_STRING | 0x4c3d5c | 0x756 | data | English | United States | 0.365814696485623 |
| RT_STRING | 0x4c44b4 | 0x3bc | DOS executable (COM, 0x8C-variant) | English | United States | 0.4236401673640167 |
| RT_STRING | 0x4c4870 | 0x3ea | data | English | United States | 0.3772455089820359 |
| RT_STRING | 0x4c4c5c | 0x376 | data | English | United States | 0.4401805869074492 |
| RT_STRING | 0x4c4fd4 | 0x424 | data | English | United States | 0.4028301886792453 |
| RT_STRING | 0x4c53f8 | 0x2f2 | data | English | United States | 0.4376657824933687 |
| RT_STRING | 0x4c56ec | 0xf3e | data | English | United States | 0.21834956432598668 |
| RT_STRING | 0x4c662c | 0x72a | data | English | United States | 0.33533260632497275 |
| RT_STRING | 0x4c6d58 | 0xadc | data | English | United States | 0.24136690647482015 |
| RT_STRING | 0x4c7834 | 0x70 | data | English | United States | 0.625 |
| RT_STRING | 0x4c78a4 | 0x1ce | data | English | United States | 0.4264069264069264 |
| RT_STRING | 0x4c7a74 | 0xc6 | data | English | United States | 0.5707070707070707 |
| RT_STRING | 0x4c7b3c | 0x32 | Matlab v4 mat-file (little endian) o, numeric, rows 0, columns 0 | English | United States | 0.66 |
| RT_STRING | 0x4c7b70 | 0x2e6 | data | English | United States | 0.40431266846361186 |
| RT_STRING | 0x4c7e58 | 0x11c | data | English | United States | 0.3274647887323944 |
| RT_STRING | 0x4c7f74 | 0xd2 | data | English | United States | 0.5428571428571428 |
| RT_STRING | 0x4c8048 | 0x2b0 | data | English | United States | 0.49127906976744184 |
| RT_STRING | 0x4c82f8 | 0x13a | data | English | United States | 0.5636942675159236 |
| RT_STRING | 0x4c8434 | 0xf0 | data | English | United States | 0.5375 |
| RT_STRING | 0x4c8524 | 0x7a | data | English | United States | 0.7131147540983607 |
| RT_STRING | 0x4c85a0 | 0x126 | data | English | United States | 0.5816326530612245 |
| RT_STRING | 0x4c86c8 | 0x2a2 | AmigaOS bitmap font "R", fc_YSize 8192, 2560 elements, 2nd "a", 3rd "m" | English | United States | 0.4421364985163205 |
| RT_STRING | 0x4c896c | 0x82e | data | English | United States | 0.3237822349570201 |
| RT_STRING | 0x4c919c | 0x24a | data | English | United States | 0.4334470989761092 |
| RT_STRING | 0x4c93e8 | 0xae | data | English | United States | 0.4885057471264368 |
| RT_STRING | 0x4c9498 | 0x12e | Matlab v4 mat-file (little endian) e, numeric, rows 0, columns 0 | English | United States | 0.47019867549668876 |
| RT_STRING | 0x4c95c8 | 0x24e | data | English | United States | 0.4576271186440678 |
| RT_STRING | 0x4c9818 | 0x260 | data | English | United States | 0.4555921052631579 |
| RT_STRING | 0x4c9a78 | 0x4dc | data | English | United States | 0.3520900321543408 |
| RT_STRING | 0x4c9f54 | 0xb8 | AmigaOS bitmap font "t", 21248 elements, 2nd, 3rd | English | United States | 0.6684782608695652 |
| RT_STRING | 0x4ca00c | 0x34 | data | English | United States | 0.5961538461538461 |
| RT_STRING | 0x4ca040 | 0xa0 | data | English | United States | 0.6875 |
| RT_STRING | 0x4ca0e0 | 0x62 | data | English | United States | 0.7142857142857143 |
| RT_STRING | 0x4ca144 | 0x1b2 | data | English | United States | 0.5138248847926268 |
| RT_STRING | 0x4ca2f8 | 0x11e | data | English | United States | 0.48951048951048953 |
| RT_STRING | 0x4ca418 | 0xaa | data | English | United States | 0.5705882352941176 |
| RT_STRING | 0x4ca4c4 | 0x38 | data | English | United States | 0.6428571428571429 |
| RT_STRING | 0x4ca4fc | 0x120 | data | English | United States | 0.5868055555555556 |
| RT_STRING | 0x4ca61c | 0xd0 | data | English | United States | 0.6346153846153846 |
| RT_STRING | 0x4ca6ec | 0x21c | data | English | United States | 0.5148148148148148 |
| RT_STRING | 0x4ca908 | 0x80 | Matlab v4 mat-file (little endian) c, numeric, rows 0, columns 0 | English | United States | 0.5625 |
| RT_STRING | 0x4ca988 | 0x5e | data | English | United States | 0.6595744680851063 |
| RT_STRING | 0x4ca9e8 | 0x106 | data | English | United States | 0.5458015267175572 |
| RT_STRING | 0x4caaf0 | 0x102 | StarOffice Gallery theme q, 1795190272 objects, 1st o | English | United States | 0.5852713178294574 |
| RT_STRING | 0x4cabf4 | 0x12e | AmigaOS bitmap font "i", fc_YSize 28416, 19456 elements, 2nd "o", 3rd | English | United States | 0.5761589403973509 |
| RT_STRING | 0x4cad24 | 0x66 | data | English | United States | 0.5588235294117647 |
| RT_STRING | 0x4cad8c | 0xa6 | Matlab v4 mat-file (little endian) C, numeric, rows 0, columns 0 | English | United States | 0.5602409638554217 |
| RT_STRING | 0x4cae34 | 0x82 | StarOffice Gallery theme p, 536899072 objects, 1st n | English | United States | 0.7153846153846154 |
| RT_STRING | 0x4caeb8 | 0x2a | data | English | United States | 0.5476190476190477 |
| RT_STRING | 0x4caee4 | 0x184 | data | English | United States | 0.48711340206185566 |
| RT_STRING | 0x4cb068 | 0x4e6 | data | English | United States | 0.37719298245614036 |
| RT_STRING | 0x4cb550 | 0x264 | data | English | United States | 0.3333333333333333 |
| RT_STRING | 0x4cb7b4 | 0x2da | data | English | United States | 0.3698630136986301 |
| RT_STRING | 0x4cba90 | 0x8a | data | English | United States | 0.6594202898550725 |
| RT_STRING | 0x4cbb1c | 0xac | data | English | United States | 0.45348837209302323 |
| RT_STRING | 0x4cbbc8 | 0xde | data | English | United States | 0.536036036036036 |
| RT_STRING | 0x4cbca8 | 0x4a8 | data | English | United States | 0.3221476510067114 |
| RT_STRING | 0x4cc150 | 0x228 | data | English | United States | 0.4003623188405797 |
| RT_STRING | 0x4cc378 | 0x2c | data | English | United States | 0.5227272727272727 |
| RT_STRING | 0x4cc3a4 | 0x42 | data | English | United States | 0.6060606060606061 |
| RT_GROUP_CURSOR | 0x4cc3e8 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States | 1.0294117647058822 |
| RT_GROUP_CURSOR | 0x4cc40c | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States | 1.0294117647058822 |
| RT_GROUP_CURSOR | 0x4cc430 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc444 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc458 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc46c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc480 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc494 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc4a8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc4bc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.25 | ||
| RT_GROUP_CURSOR | 0x4cc4d0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc4e4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc4f8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc50c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc520 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc534 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc548 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc55c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc570 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc584 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc598 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc5ac | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc5c0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc5d4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc5e8 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | 1.0294117647058822 | ||
| RT_GROUP_CURSOR | 0x4cc60c | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | 1.0294117647058822 | ||
| RT_GROUP_CURSOR | 0x4cc630 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc644 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_CURSOR | 0x4cc658 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States | 1.0294117647058822 |
| RT_GROUP_CURSOR | 0x4cc67c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc690 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc6a4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc6b8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc6cc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc6e0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc6f4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc708 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc71c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc730 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc744 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc758 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc76c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0x4cc780 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_ICON | 0x4cc794 | 0xbc | data | Chinese | China | 0.6595744680851063 |
| RT_GROUP_ICON | 0x4cc850 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0x4cc864 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0x4cc878 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0x4cc88c | 0x14 | data | 1.25 | ||
| RT_GROUP_ICON | 0x4cc8a0 | 0x5a | data | 0.7555555555555555 | ||
| RT_GROUP_ICON | 0x4cc8fc | 0x5a | data | 0.7666666666666667 | ||
| RT_GROUP_ICON | 0x4cc958 | 0x5a | data | 0.7555555555555555 | ||
| RT_GROUP_ICON | 0x4cc9b4 | 0x5a | data | 0.7666666666666667 | ||
| RT_GROUP_ICON | 0x4cca10 | 0x5a | data | 0.7888888888888889 | ||
| RT_VERSION | 0x4cca6c | 0x300 | data | English | United States | 0.453125 |
| RT_HTML | 0x4ccd6c | 0x430 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.3498134328358209 |
| RT_HTML | 0x4cd19c | 0x440 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.375 |
| RT_HTML | 0x4cd5dc | 0x4b1 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.38218151540383016 |
| RT_HTML | 0x4cda90 | 0x1ce | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.47835497835497837 |
| RT_HTML | 0x4cdc60 | 0x284 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.39596273291925466 |
| RT_HTML | 0x4cdee4 | 0x1a8 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5094339622641509 |
| RT_HTML | 0x4ce08c | 0x1a6 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.504739336492891 |
| RT_HTML | 0x4ce234 | 0x1d2 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.47639484978540775 |
| RT_HTML | 0x4ce408 | 0x203 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.46601941747572817 |
| RT_HTML | 0x4ce60c | 0x19d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4745762711864407 |
| RT_HTML | 0x4ce7ac | 0x132 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5882352941176471 |
| RT_HTML | 0x4ce8e0 | 0x1e3 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.41821946169772256 |
| RT_HTML | 0x4ceac4 | 0x1ae | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5093023255813953 |
| RT_HTML | 0x4cec74 | 0x1dc | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4831932773109244 |
| RT_HTML | 0x4cee50 | 0x1f0 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.45564516129032256 |
| RT_HTML | 0x4cf040 | 0x2ed | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4098798397863818 |
| RT_HTML | 0x4cf330 | 0x2d0 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.40694444444444444 |
| RT_HTML | 0x4cf600 | 0x24a | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.44197952218430037 |
| RT_HTML | 0x4cf84c | 0x269 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.42301458670988656 |
| RT_HTML | 0x4cfab8 | 0x2e4 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.41216216216216217 |
| RT_HTML | 0x4cfd9c | 0x1a4 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5214285714285715 |
| RT_HTML | 0x4cff40 | 0x1d5 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4989339019189765 |
| RT_HTML | 0x4d0118 | 0x210 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.45265151515151514 |
| RT_HTML | 0x4d0328 | 0x19c | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5072815533980582 |
| RT_HTML | 0x4d04c4 | 0x1d3 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.49036402569593146 |
| RT_HTML | 0x4d0698 | 0x1d6 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.502127659574468 |
| RT_HTML | 0x4d0870 | 0x1c4 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4756637168141593 |
| RT_HTML | 0x4d0a34 | 0x1d6 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.451063829787234 |
| RT_HTML | 0x4d0c0c | 0x259 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.43594009983361065 |
| RT_HTML | 0x4d0e68 | 0x1d0 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4676724137931034 |
| RT_HTML | 0x4d1038 | 0x16c | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5659340659340659 |
| RT_HTML | 0x4d11a4 | 0x20c | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.45038167938931295 |
| RT_HTML | 0x4d13b0 | 0x16e | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5491803278688525 |
| RT_HTML | 0x4d1520 | 0x2a4 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.41863905325443784 |
| RT_MANIFEST | 0x4d17c4 | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
| None | 0x4d1944 | 0x22 | data | 1.1470588235294117 | ||
| None | 0x4d1968 | 0x14 | data | 1.4 | ||
| None | 0x4d197c | 0xc | data | 1.6666666666666667 | ||
| None | 0x4d1988 | 0x16 | data | 1.3181818181818181 | ||
| None | 0x4d19a0 | 0xc | data | 1.5 |
| DLL | Import |
|---|---|
| KERNEL32.dll | HeapSize, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetStartupInfoA, HeapCreate, VirtualFree, QueryPerformanceCounter, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetTimeFormatA, GetDateFormatA, GetTimeZoneInformation, LCMapStringW, LCMapStringA, GetConsoleCP, GetConsoleMode, InitializeCriticalSectionAndSpinCount, GetLocaleInfoA, SetStdHandle, EnumSystemLocalesA, IsValidLocale, GetStringTypeA, GetStringTypeW, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetProcessHeap, SetEnvironmentVariableA, ExitProcess, HeapReAlloc, RaiseException, RtlUnwind, HeapAlloc, HeapFree, ExitThread, IsDebuggerPresent, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, SetErrorMode, GetFileTime, GetFileAttributesW, lstrlenA, GlobalGetAtomNameW, GlobalFlags, VirtualProtect, GetFullPathNameW, SetEndOfFile, UnlockFile, LockFile, GetThreadLocale, GetStringTypeExW, FileTimeToLocalFileTime, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, VirtualQuery, GetSystemInfo, GetProfileIntW, InterlockedCompareExchange, ResetEvent, EnumResourceTypesW, EnumResourceNamesW, LocalAlloc, WritePrivateProfileStringW, ConvertDefaultLocale, EnumResourceLanguagesW, lstrcmpA, CompareStringA, InterlockedExchange, GetModuleHandleA, FormatMessageW, GlobalLock, GlobalUnlock, ResumeThread, SetThreadPriority, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, CompareStringW, lstrcmpW, GetVersionExA, DosDateTimeToFileTime, DebugBreak, CreateFileA, OpenFileMappingW, OutputDebugStringA, GetFileSizeEx, FlushFileBuffers, QueryDosDeviceW, VirtualAlloc, ReleaseMutex, SetFileTime, CreateDirectoryW, DeviceIoControl, GetTempFileNameW, GetTempPathW, lstrcmpiW, CompareFileTime, GetSystemTimeAsFileTime, GetSystemTime, ExpandEnvironmentStringsW, SystemTimeToFileTime, GetLocalTime, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, DuplicateHandle, FileTimeToDosDateTime, SetFilePointer, GetFileInformationByHandle, GetFileType, WinExec, WriteFile, WideCharToMultiByte, lstrlenW, LoadLibraryA, lstrcpynW, GetLocaleInfoW, FindResourceW, GetNumberFormatW, GetCurrentProcessId, GetCurrentThreadId, SetEvent, FreeLibrary, GetWindowsDirectoryW, ReadFile, GetFileSize, FindClose, FindFirstFileW, GetVolumeInformationW, GetDriveTypeW, GetLogicalDrives, lstrcpyW, CreateMutexW, GetVersion, GetCurrentProcess, GetCurrentThread, WaitForMultipleObjects, CreateProcessW, CreateFileW, CreateEventW, TerminateThread, InitializeCriticalSection, CloseHandle, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, Sleep, GetExitCodeThread, WaitForSingleObject, CreateThread, InterlockedDecrement, InterlockedIncrement, GlobalFree, GlobalAlloc, MultiByteToWideChar, FreeResource, SetCurrentDirectoryW, DeleteFileW, GetDiskFreeSpaceExW, GetCurrentDirectoryW, SetFileAttributesW, GetVersionExW, FileTimeToSystemTime, GetPrivateProfileIntW, GetModuleFileNameW, MulDiv, GetSystemDefaultLangID, SetThreadLocale, GetTickCount, GetProcAddress, GetModuleHandleW, LoadLibraryW, SetLastError, GetLastError, SetUnhandledExceptionFilter, GetCommandLineW, LocalFree, SizeofResource, LockResource, LoadResource, GetUserDefaultLCID |
| USER32.dll | GetTopWindow, UnhookWindowsHookEx, GetMessageTime, MapWindowPoints, ScrollWindow, GetKeyState, SetMenu, SetScrollPos, GetScrollPos, IsWindowVisible, GetMenuItemID, GetMenuItemCount, CreateWindowExW, GetClassInfoExW, GetClassInfoW, AdjustWindowRectEx, DeferWindowPos, GetScrollInfo, SetScrollInfo, GetDlgCtrlID, CallWindowProcW, GetMenu, GetWindowLongW, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindow, SetDlgItemTextW, GetMessageW, GetDlgItem, IsDialogMessageW, SetWindowTextW, MoveWindow, SetForegroundWindow, IsWindowEnabled, MessageBeep, SetWindowLongW, KillTimer, FillRect, GetSystemMetrics, SetActiveWindow, GetAsyncKeyState, CopyIcon, GetMessagePos, DestroyCursor, LockWindowUpdate, LoadImageW, DrawFocusRect, GetActiveWindow, SetLayeredWindowAttributes, SetParent, RedrawWindow, GetDCEx, ReleaseDC, GetDC, DrawIcon, DrawTextA, ShowWindow, GetCapture, SetFocus, EndDeferWindowPos, BeginDeferWindowPos, GetLastActivePopup, GetForegroundWindow, GetWindowTextW, GetWindowTextLengthW, RemovePropW, GetPropW, SetPropW, GetClassNameW, GetClassLongW, wsprintfW, GetSubMenu, LoadMenuW, CallNextHookEx, SetWindowsHookExW, IsChild, WinHelpW, SendDlgItemMessageA, SendDlgItemMessageW, IsCharAlphaW, CheckMenuItem, EnableMenuItem, EnableWindow, UpdateWindow, GetParent, LoadIconW, SendMessageW, DefWindowProcW, LoadCursorW, RegisterClassW, MessageBoxW, IsWindow, RegisterWindowMessageW, OffsetRect, GetClientRect, DrawTextW, LoadBitmapW, GetWindowRect, TabbedTextOutW, DrawTextExW, GetMenuState, ModifyMenuW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, GetWindowThreadProcessId, ValidateRect, EndDialog, GetNextDlgTabItem, CreateDialogIndirectParamW, GetDesktopWindow, InsertMenuW, GetMenuStringW, GetWindowDC, BeginPaint, EndPaint, PostQuitMessage, ShowOwnedPopups, MapVirtualKeyW, GetMenuItemInfoW, DestroyMenu, CharUpperW, WindowFromPoint, MapDialogRect, GetSysColorBrush, UnregisterClassW, DeleteMenu, WaitMessage, UnionRect, GetSystemMenu, SetRect, UnpackDDElParam, ReuseDDElParam, LoadAcceleratorsW, InsertMenuItemW, BringWindowToTop, DrawEdge, GrayStringW, SetTimer, PeekMessageW, TranslateMessage, DispatchMessageW, DestroyWindow, ReleaseCapture, SetCapture, TrackMouseEvent, IntersectRect, CreatePopupMenu, AppendMenuW, TrackPopupMenu, PtInRect, InvalidateRect, SetRectEmpty, SystemParametersInfoW, GetCursorPos, ScreenToClient, EqualRect, IsRectEmpty, InflateRect, ShowScrollBar, PostThreadMessageW, GetNextDlgGroupItem, InvalidateRgn, TranslateMDISysAccel, DrawMenuBar, DefFrameProcW, SetWindowContextHelpId, CharNextW, LoadStringW, TranslateAcceleratorW, GetKeyboardLayoutList, GetKeyboardState, ToUnicodeEx, CopyAcceleratorTableW, SetCursorPos, GetMenuDefaultItem, IsWindowUnicode, GetWindowLongA, SetWindowLongA, SendMessageTimeoutW, IsMenu, GetWindowRgn, GetTabbedTextExtentA, GetDoubleClickTime, ShowCaret, HideCaret, IsClipboardFormatAvailable, DrawFrameControl, SetWindowRgn, RegisterClipboardFormatW, CreateIconIndirect, DrawStateW, InvertRect, LoadMenuIndirectW, LookupIconIdFromDirectoryEx, CreateIconFromResourceEx, ClientToScreen, SetCursor, GetIconInfo, DrawIconEx, DestroyIcon, SendNotifyMessageW, GetSysColor, GetFocus, PostMessageW, CopyRect, GetCursor |
| GDI32.dll | SetMapMode, ExcludeClipRect, IntersectClipRect, LineTo, MoveToEx, SelectClipRgn, GetClipRgn, GetViewportExtEx, GetWindowExtEx, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, OffsetWindowOrgEx, ScaleWindowExtEx, GetCurrentPositionEx, PolyBezierTo, ExtSelectClipRgn, CreatePatternBrush, CreateRectRgnIndirect, SetRectRgn, CombineRgn, GetMapMode, DPtoLP, GetTextMetricsW, CreateFontW, StretchDIBits, EnumFontFamiliesExW, SetWindowExtEx, SetStretchBltMode, SetBkMode, RestoreDC, SaveDC, SetTextColor, GetClipBox, CreatePen, SetBkColor, GetPixel, CreateBitmap, CreateRectRgn, CreateSolidBrush, GetBkColor, GetCurrentObject, DeleteDC, GetDeviceCaps, SetPixel, PatBlt, RoundRect, GetCharWidthW, CreateFontIndirectW, Rectangle, BitBlt, CreateCompatibleBitmap, DeleteObject, GetObjectW, Escape, Polygon, StretchBlt, CreateDIBSection, GetDIBits, GetBitmapBits, ExtCreateRegion, GetTextColor, GetWindowOrgEx, CreatePolygonRgn, GetRgnBox, GetTextAlign, GetTextExtentPoint32A, Ellipse, Polyline, StrokePath, FillPath, StrokeAndFillPath, EndPath, CloseFigure, BeginPath, PtInRegion, GetViewportOrgEx, ExtTextOutW, TextOutW, RectVisible, PtVisible, GetTextExtentPoint32W, SelectObject, CreateCompatibleDC, SetWindowOrgEx, GetStockObject |
| COMDLG32.dll | GetFileTitleW |
| WINSPOOL.DRV | DocumentPropertiesW, OpenPrinterW, ClosePrinter |
| ADVAPI32.dll | CloseEncryptedFileRaw, OpenThreadToken, OpenProcessToken, FreeSid, GetTokenInformation, EqualSid, RegCreateKeyExW, RegSetValueExW, RegCloseKey, RegOpenKeyW, RegEnumKeyW, RegDeleteKeyW, OpenEncryptedFileRawW, WriteEncryptedFileRaw, AllocateAndInitializeSid, RegDeleteValueW, RegQueryValueW, RegEnumKeyExW, RegQueryValueExW, RegOpenKeyExW |
| SHELL32.dll | CommandLineToArgvW, SHGetFileInfoW, ExtractIconW, SHGetDesktopFolder, SHGetMalloc, SHGetSpecialFolderLocation, SHGetPathFromIDListW, DragFinish, DragQueryFileW, ShellExecuteW |
| COMCTL32.dll | InitCommonControlsEx, _TrackMouseEvent, ImageList_GetImageCount, ImageList_GetIconSize, ImageList_DrawEx, ImageList_Destroy |
| SHLWAPI.dll | PathFileExistsW, PathFindFileNameW, PathFindExtensionW, UrlUnescapeW, PathStripToRootW, PathIsUNCW, PathRemoveFileSpecW |
| ole32.dll | CoDisconnectObject, CoTaskMemAlloc, CoTaskMemFree, CoUninitialize, CLSIDFromString, CoInitialize, CoCreateInstance, CreateStreamOnHGlobal, OleRun, CLSIDFromProgID, RegisterDragDrop, CoLockObjectExternal, RevokeDragDrop, CoGetClassObject, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, OleUninitialize, CoFreeUnusedLibraries, OleInitialize, OleIsCurrentClipboard, OleFlushClipboard, CoRevokeClassObject, CoRegisterMessageFilter, CoInitializeEx |
| OLEAUT32.dll | LoadTypeLib, VarBstrFromDate, SafeArrayDestroy, VariantCopy, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayAccessData, SafeArrayUnaccessData, VarDateFromStr, SysStringByteLen, VariantInit, VariantChangeType, VariantClear, SysAllocStringLen, SysAllocString, SysStringLen, SysAllocStringByteLen, SysFreeString, SystemTimeToVariantTime, VariantTimeToSystemTime, OleLoadPicturePath, SafeArrayCreateVector, VarUdateFromDate, VariantChangeTypeEx, SafeArrayGetElemsize, OleCreateFontIndirect |
| gdiplus.dll | GdipBitmapLockBits, GdipDrawImageI, GdipDisposeImageAttributes, GdipCreateImageAttributes, GdipGetImageGraphicsContext, GdipCreateBitmapFromGraphics, GdipBitmapUnlockBits, GdipSetLineColors, GdipCreateLineBrushI, GdipDrawPath, GdipClosePathFigure, GdipAddPathArcI, GdipDrawImageRectRectI, GdipGetImageThumbnail, GdipGetImageWidth, GdipCreateBitmapFromFile, GdipCreateFromHWND, GdipMeasureString, GdipDrawImageRectI, GdipCreateBitmapFromHICON, GdipSetPathGradientFocusScales, GdipGetPathGradientPointCount, GdipSetPathGradientSurroundColorsWithCount, GdipSetPathGradientCenterColor, GdipCreatePathGradientFromPath, GdipAddPathRectangleI, GdipDrawRectangleI, GdipDrawPolygonI, GdipSetStringFormatTrimming, GdipReleaseDC, GdipGetDC, GdipDrawImageRectRect, GdipGetImageHeight, GdipGetClipBoundsI, GdipSetPenDashStyle, GdipDrawLineI, GdipFillRectangleI, GdipSetSmoothingMode, GdipDeleteFontFamily, GdipDeleteFont, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateFont, GdipCreateFontFamilyFromName, GdipDrawString, GdipCreateSolidFill, GdipSetStringFormatLineAlign, GdipSetStringFormatAlign, GdipDeleteStringFormat, GdipCreateStringFormat, GdipSetClipRectI, GdipGraphicsClear, GdipDeleteGraphics, GdipCreateFromHDC, GdipDeletePen, GdipCreatePen1, GdipFillPath, GdipCloneBrush, GdipAlloc, GdipFree, GdipDeleteBrush, GdipCreateLineBrushFromRectI, GdipDeletePath, GdipCreatePath, GdiplusShutdown, GdiplusStartup, GdipSetLinePresetBlend, GdipCreatePen2, GdipSetStringFormatFlags |
| VERSION.dll | VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW |
| WININET.dll | InternetOpenUrlW, InternetCrackUrlW, InternetCanonicalizeUrlW, InternetQueryOptionW, InternetQueryDataAvailable, HttpQueryInfoW, InternetCloseHandle, InternetGetLastResponseInfoW, InternetOpenW, InternetSetStatusCallbackW, InternetWriteFile, InternetReadFile, InternetSetFilePointer |
| WINMM.dll | PlaySoundW |
| oledlg.dll | OleUIBusyW, OleUIAddVerbMenuW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
| Chinese | China |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-04T13:53:18.963298+0200 | 2044243 | ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in | 1 | 192.168.2.4 | 49735 | 45.200.148.115 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 4, 2024 13:53:18.121649027 CEST | 49735 | 80 | 192.168.2.4 | 45.200.148.115 |
| Oct 4, 2024 13:53:18.126729965 CEST | 80 | 49735 | 45.200.148.115 | 192.168.2.4 |
| Oct 4, 2024 13:53:18.126832008 CEST | 49735 | 80 | 192.168.2.4 | 45.200.148.115 |
| Oct 4, 2024 13:53:18.126966953 CEST | 49735 | 80 | 192.168.2.4 | 45.200.148.115 |
| Oct 4, 2024 13:53:18.131869078 CEST | 80 | 49735 | 45.200.148.115 | 192.168.2.4 |
| Oct 4, 2024 13:53:18.752006054 CEST | 80 | 49735 | 45.200.148.115 | 192.168.2.4 |
| Oct 4, 2024 13:53:18.752130985 CEST | 49735 | 80 | 192.168.2.4 | 45.200.148.115 |
| Oct 4, 2024 13:53:18.754751921 CEST | 49735 | 80 | 192.168.2.4 | 45.200.148.115 |
| Oct 4, 2024 13:53:18.763242960 CEST | 80 | 49735 | 45.200.148.115 | 192.168.2.4 |
| Oct 4, 2024 13:53:18.963151932 CEST | 80 | 49735 | 45.200.148.115 | 192.168.2.4 |
| Oct 4, 2024 13:53:18.963298082 CEST | 49735 | 80 | 192.168.2.4 | 45.200.148.115 |
| Oct 4, 2024 13:53:20.479854107 CEST | 49735 | 80 | 192.168.2.4 | 45.200.148.115 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49735 | 45.200.148.115 | 80 | 7444 | C:\Users\user\Desktop\Full_PC_Set-Up.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Oct 4, 2024 13:53:18.126966953 CEST | 89 | OUT | |
| Oct 4, 2024 13:53:18.752006054 CEST | 170 | IN | |
| Oct 4, 2024 13:53:18.754751921 CEST | 409 | OUT | |
| Oct 4, 2024 13:53:18.963151932 CEST | 178 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
| Target ID: | 0 |
| Start time: | 07:53:10 |
| Start date: | 04/10/2024 |
| Path: | C:\Users\user\Desktop\Full_PC_Set-Up.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x290000 |
| File size: | 7'230'768 bytes |
| MD5 hash: | 7400E305A002A18FBEC6A6D189EF6879 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 0.6% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 9.5% |
| Total number of Nodes: | 283 |
| Total number of Limit Nodes: | 1 |
Graph
Function 0038D4D0 Relevance: 12.1, APIs: 2, Strings: 4, Instructions: 1563fileCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0038D8B2 Relevance: 6.5, APIs: 2, Strings: 1, Instructions: 1241fileCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0038D97B Relevance: 4.4, APIs: 1, Strings: 1, Instructions: 877COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0030D910 Relevance: 63.3, APIs: 28, Strings: 8, Instructions: 340fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002961A0 Relevance: 40.6, APIs: 14, Strings: 9, Instructions: 305windowregistrysynchronizationCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002DB6E0 Relevance: 28.9, APIs: 19, Instructions: 401COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002CCA90 Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 366fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0030F870 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 355memoryfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00372CFB Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 430libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003F8F30 Relevance: 16.8, Strings: 13, Instructions: 518COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0036A09D Relevance: 16.6, APIs: 11, Instructions: 139COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00298550 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002DA760 Relevance: 7.6, APIs: 5, Instructions: 91timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004042B0 Relevance: 5.0, APIs: 3, Instructions: 489COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002F7030 Relevance: 4.1, Strings: 3, Instructions: 314COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00321200 Relevance: 3.2, Strings: 2, Instructions: 683COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B6680 Relevance: 3.0, APIs: 2, Instructions: 35COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003D2A00 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004AC1A9 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00366A4A Relevance: 2.0, APIs: 1, Instructions: 452COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00407A20 Relevance: 1.9, Strings: 1, Instructions: 635COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003399B0 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00404AB0 Relevance: .8, Instructions: 833COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003D4E30 Relevance: .5, Instructions: 500COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00403710 Relevance: .4, Instructions: 359COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0048EBD0 Relevance: .4, Instructions: 355COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0040ED80 Relevance: .3, Instructions: 335COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0038D5DD Relevance: .3, Instructions: 292COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002C8FB0 Relevance: .3, Instructions: 259COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003601D0 Relevance: .3, Instructions: 254COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002F2E30 Relevance: .3, Instructions: 252COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00484130 Relevance: .2, Instructions: 246COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004016E0 Relevance: .2, Instructions: 160COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0038D7B5 Relevance: .2, Instructions: 153COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002DA0C0 Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D2DD0 Relevance: 77.4, APIs: 39, Strings: 5, Instructions: 400librarywindowloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0029A900 Relevance: 52.7, APIs: 19, Strings: 11, Instructions: 230windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002C18B0 Relevance: 37.1, APIs: 16, Strings: 5, Instructions: 303processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0030D480 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 388filetimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D0340 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 165windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002E23C0 Relevance: 27.5, APIs: 18, Instructions: 476COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002F5180 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 305windowcomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D6B60 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 230windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003641DA Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0029C970 Relevance: 21.5, APIs: 14, Instructions: 474COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D4D40 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 190windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D0B20 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 267windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D16C0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 209windowstringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0030D2B0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 117fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D5480 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 142registrylibrarywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003701A5 Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D5A10 Relevance: 16.6, APIs: 11, Instructions: 65COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003FF5D0 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 324windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0029CFF0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 167memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0030B160 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 83windowthreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002AD1A0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003830E6 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 74threadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002DA350 Relevance: 15.2, APIs: 10, Instructions: 178COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0029EA90 Relevance: 15.2, APIs: 10, Instructions: 174COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002ECD60 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 192windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002F6A00 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 168filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D6DC0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 157windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003149C0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 68fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0030CBC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 64synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D5220 Relevance: 13.7, APIs: 9, Instructions: 206COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002E6090 Relevance: 13.7, APIs: 9, Instructions: 170COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00370364 Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002EF4E0 Relevance: 13.6, APIs: 9, Instructions: 79COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002F11D0 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 303windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002E6C50 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 156comtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002E8F30 Relevance: 12.4, APIs: 8, Instructions: 383COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00368F7E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117threadwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D2C50 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 60stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002BEB90 Relevance: 12.3, APIs: 8, Instructions: 252memoryfilewindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0032F730 Relevance: 12.2, APIs: 8, Instructions: 163COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002A7770 Relevance: 12.2, APIs: 8, Instructions: 152COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002A1500 Relevance: 12.1, APIs: 8, Instructions: 96windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002C0FE0 Relevance: 12.1, APIs: 8, Instructions: 63windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002B2790 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 312windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00372A84 Relevance: 10.7, APIs: 7, Instructions: 176comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00313180 Relevance: 10.7, APIs: 7, Instructions: 157COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B74F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 157fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002EC4D0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 153windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002BE820 Relevance: 10.6, APIs: 7, Instructions: 146fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002EAE60 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 144windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002F20C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 138windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002C0E40 Relevance: 10.6, APIs: 7, Instructions: 116COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003B74F0 Relevance: 10.6, APIs: 7, Instructions: 114COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0030D1E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D2280 Relevance: 10.6, APIs: 7, Instructions: 73windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0036D554 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00382FE5 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 23threadCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A5270 Relevance: 9.4, APIs: 6, Instructions: 401COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002C52E0 Relevance: 9.4, APIs: 6, Instructions: 358COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002AF550 Relevance: 9.3, APIs: 6, Instructions: 331COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002F4EA0 Relevance: 9.2, APIs: 6, Instructions: 227COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A93A0 Relevance: 9.2, APIs: 6, Instructions: 215windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0029D3E0 Relevance: 9.2, APIs: 6, Instructions: 207COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002C0970 Relevance: 9.2, APIs: 6, Instructions: 196windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003D7840 Relevance: 9.2, APIs: 6, Instructions: 185COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002EF740 Relevance: 9.2, APIs: 6, Instructions: 173windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002C5840 Relevance: 9.2, APIs: 6, Instructions: 168COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002E5790 Relevance: 9.2, APIs: 6, Instructions: 151COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00373414 Relevance: 9.1, APIs: 6, Instructions: 140windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00368ECC Relevance: 9.1, APIs: 6, Instructions: 69COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003764FE Relevance: 9.0, APIs: 6, Instructions: 46COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003D4350 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003718C2 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 184networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002A8860 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0037733B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111stringCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00314890 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55synchronizationCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003123A0 Relevance: 7.9, APIs: 5, Instructions: 378COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002B3090 Relevance: 7.8, APIs: 5, Instructions: 265COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00309660 Relevance: 7.8, APIs: 5, Instructions: 262COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00300720 Relevance: 7.7, APIs: 5, Instructions: 202windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00300F60 Relevance: 7.7, APIs: 5, Instructions: 198windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002C6600 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002B4530 Relevance: 7.7, APIs: 5, Instructions: 193COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002A9650 Relevance: 7.7, APIs: 5, Instructions: 192fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002BCFC0 Relevance: 7.7, APIs: 5, Instructions: 184COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002A0990 Relevance: 7.7, APIs: 5, Instructions: 169windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0029E890 Relevance: 7.7, APIs: 5, Instructions: 164windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002B4BE0 Relevance: 7.6, APIs: 5, Instructions: 148memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D0950 Relevance: 7.6, APIs: 5, Instructions: 112fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002B1240 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A6960 Relevance: 7.6, APIs: 5, Instructions: 103COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A5700 Relevance: 7.6, APIs: 5, Instructions: 93windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0029F800 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002F5790 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002B1160 Relevance: 7.6, APIs: 5, Instructions: 81COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002EE770 Relevance: 7.6, APIs: 5, Instructions: 76windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003012A0 Relevance: 7.6, APIs: 5, Instructions: 72COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00363695 Relevance: 7.6, APIs: 5, Instructions: 71windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0038999F Relevance: 7.6, APIs: 5, Instructions: 71COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002A1330 Relevance: 7.6, APIs: 5, Instructions: 70COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0036F92F Relevance: 7.6, APIs: 5, Instructions: 68windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0030CCA0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0037630D Relevance: 7.6, APIs: 5, Instructions: 55stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D2A20 Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0029F400 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002F4050 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 210windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002B7300 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65threadsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002F48A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003D0730 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0029E440 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40memorywindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00314940 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39synchronizationCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D4620 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A4AB0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A8E20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002CEF50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D47C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D4910 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A40E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A4090 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003ACFE0 Relevance: 6.3, APIs: 4, Instructions: 279COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003CF990 Relevance: 6.3, APIs: 4, Instructions: 266COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002AA600 Relevance: 6.2, APIs: 4, Instructions: 209COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A9770 Relevance: 6.2, APIs: 4, Instructions: 203COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002E8D30 Relevance: 6.2, APIs: 4, Instructions: 202COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00300350 Relevance: 6.2, APIs: 4, Instructions: 183COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002ED370 Relevance: 6.2, APIs: 4, Instructions: 166COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D3560 Relevance: 6.2, APIs: 4, Instructions: 156windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002FFA10 Relevance: 6.2, APIs: 4, Instructions: 151COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0030C1E0 Relevance: 6.1, APIs: 4, Instructions: 134COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0030EE40 Relevance: 6.1, APIs: 4, Instructions: 134COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002FB010 Relevance: 6.1, APIs: 4, Instructions: 134COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002BC5B0 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D76C0 Relevance: 6.1, APIs: 4, Instructions: 133windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003C0050 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002A1850 Relevance: 6.1, APIs: 4, Instructions: 121COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002B0EE0 Relevance: 6.1, APIs: 4, Instructions: 119windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A6740 Relevance: 6.1, APIs: 4, Instructions: 116COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002CEB50 Relevance: 6.1, APIs: 4, Instructions: 115windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0029EE00 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003BF5E0 Relevance: 6.1, APIs: 4, Instructions: 105COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00356290 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003550F0 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003C6650 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002AD300 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004B4070 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00317490 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00308040 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0031EC00 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002F0ED0 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002BC740 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002E7870 Relevance: 6.1, APIs: 4, Instructions: 65windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0030A820 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A8030 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002F47E0 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0036A791 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A8460 Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003023B0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D72B0 Relevance: 6.1, APIs: 4, Instructions: 52windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003659E3 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0029F290 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0038E7B5 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0038319F Relevance: 6.0, APIs: 4, Instructions: 44memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A4250 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A42E0 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003A7590 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003F4DA0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002BE4B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120sleepwindowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003D0AE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00374E7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00303010 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D73C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00366893 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32threadCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 002D7360 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 003647CE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20windowtimeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|