Edit tour

Windows Analysis Report
55876.exe

Overview

General Information

Sample name:	55876.exe
Analysis ID:	1562141
MD5:	083f9411071a4ffa0450c05c210010b0
SHA1:	0f9a3831bff9a4d604fc8b5bf915a90f72100de6
SHA256:	9bc2ae4f341c51266d9fea5911e71132adfb360cc30b05bc379ed701a82a4fa2
Tags:	exemalwaretrojanuser-Joker
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Machine Learning detection for sample

AV process strings found (often used to terminate AV products)

Checks if the current process is being debugged

Contains functionality to dynamically determine API calls

Contains long sleeps (>= 3 min)

Detected TCP or UDP traffic on non-standard ports

Extensive use of GetProcAddress (often used to hide API calls)

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

55876.exe (PID: 3560 cmdline: "C:\Users\user\Desktop\55876.exe" MD5: 083F9411071A4FFA0450C05C210010B0)

WerFault.exe (PID: 3008 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 776 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 3276 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 780 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 55876.exe

ReversingLabs: Detection: 15%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: 55876.exe

Joe Sandbox ML: detected

Source: 55876.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\55876.exe

Code function: 0_2_004017C0 SendMessageW,#540,sprintf,#537,#940,#800,FindFirstFileW,FindClose,#800,

0_2_004017C0

Source: global traffic

TCP traffic: 192.168.2.5:49704 -> 18.167.130.152:14992

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\55876.exe

Code function: 0_2_00402540 recv,

0_2_00402540

Source: global traffic

DNS traffic detected: DNS query: www.shduih.com

Source: Amcache.hve.4.dr

String found in binary or memory: http://upx.sf.net

Source: C:\Users\user\Desktop\55876.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 776

Source: 55876.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal56.winEXE@3/9@1/1

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3560

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\572970f9-6e71-4f0d-a124-a59bd0f47c13

Jump to behavior

Source: 55876.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\55876.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 55876.exe

ReversingLabs: Detection: 15%

Source: unknown	Process created: C:\Users\user\Desktop\55876.exe "C:\Users\user\Desktop\55876.exe"
Source: C:\Users\user\Desktop\55876.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 776
Source: C:\Users\user\Desktop\55876.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 780

Source: C:\Users\user\Desktop\55876.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\55876.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Users\user\Desktop\55876.exe	Section loaded: msvcp60.dll	Jump to behavior
Source: C:\Users\user\Desktop\55876.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\55876.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\55876.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\55876.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\55876.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\55876.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\55876.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\55876.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\55876.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\55876.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: 55876.exe

Static file information: File size 1540096 > 1048576

Source: 55876.exe	Static PE information: section name: RT_CURSOR
Source: 55876.exe	Static PE information: section name: RT_BITMAP
Source: 55876.exe	Static PE information: section name: RT_ICON
Source: 55876.exe	Static PE information: section name: RT_MENU
Source: 55876.exe	Static PE information: section name: RT_DIALOG
Source: 55876.exe	Static PE information: section name: RT_STRING
Source: 55876.exe	Static PE information: section name: RT_ACCELERATOR
Source: 55876.exe	Static PE information: section name: RT_GROUP_ICON

Source: 55876.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x171000

Source: C:\Users\user\Desktop\55876.exe

Code function: 0_2_00402270 LoadLibraryA,time,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,

0_2_00402270

Source: C:\Users\user\Desktop\55876.exe

Code function: 0_2_00402BD0 push eax; ret

0_2_00402BFE

Source: C:\Users\user\Desktop\55876.exe

0_2_00402270

Source: C:\Users\user\Desktop\55876.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\55876.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\55876.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\55876.exe TID: 2792

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\55876.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\55876.exe

Code function: 0_2_004017C0 SendMessageW,#540,sprintf,#537,#940,#800,FindFirstFileW,FindClose,#800,

0_2_004017C0

Source: C:\Users\user\Desktop\55876.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: Amcache.hve.4.dr	Binary or memory string: VMware
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.4.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.4.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.4.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.4.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.4.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.4.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.4.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.dr	Binary or memory string: VMware Virtual RAM
Source: 55876.exe, 00000000.00000002.2765337314.00000000005BC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllL
Source: Amcache.hve.4.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.4.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\55876.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\55876.exe

0_2_00402270

Source: Amcache.hve.4.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.dr	Binary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Process Injection	31 Virtualization/Sandbox Evasion	OS Credential Dumping	21 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	31 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	1 System Information Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
55876.exe	16%	ReversingLabs
55876.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.shduih.com	18.167.130.152	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	Amcache.hve.4.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
18.167.130.152	www.shduih.com	United States		16509	AMAZON-02US	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562141
Start date and time:	2024-11-25 08:59:21 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	55876.exe
Detection:	MAL
Classification:	mal56.winEXE@3/9@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 7 Number of non-executed functions: 10
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.42.73.29
Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
VT rate limit hit for: 55876.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-02US	pXdN91.armv5l.elf	Get hash	malicious	Mirai, Gafgyt	Browse	54.171.230.55
	pXdN91.mips.elf	Get hash	malicious	Mirai, Gafgyt	Browse	54.171.230.55
	file (1).txt.bat	Get hash	malicious	Unknown	Browse	18.181.154.24
	startup.txt.bat	Get hash	malicious	Unknown	Browse	18.181.154.24
	run.txt.bat	Get hash	malicious	Unknown	Browse	18.181.154.24
	9758xBqgE1azKnB.exe	Get hash	malicious	XWorm	Browse	18.181.154.24
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	18.239.168.24
	file.exe	Get hash	malicious	Credential Flusher	Browse	108.158.75.108
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	3.167.152.14

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_55876.exe_1d28606ee4dd33d687b1238c2fc915949b77486c_431570d7_0b3287b9-b17d-494b-8f9c-1ac368821c63\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8441676463974497
Encrypted:	false
SSDEEP:	96:QoFd6TrqgWsMXpoI7JfdQXIDcQvc6QcEVcw3cE/X+HbHg/5VG4rmMH39WAU1VOyi:lfoqgWc0BU/wjy2y1zuiFTZ24IO8N
MD5:	764E5D0288A566F8B43D4085BE833506
SHA1:	07418C3D9FE36703DA25756A1C18D66B4F0AD026
SHA-256:	6E1BE2506082E31054E53AE31AF810630C2F49993D504B0050B5DA1094AF8286
SHA-512:	8C5308ED8F1204071C5747B45E1057CC2BE8BFBD3E686BA478C41269EBACDB017F3EB4F33DCA23946CCB19757B9A3BA19FF03AA91BE3F9D10FA308EC84C4CBED
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.6.9.9.5.2.1.5.3.9.6.9.0.6.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.6.9.9.5.2.1.5.6.7.8.1.3.8.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.b.3.2.8.7.b.9.-.b.1.7.d.-.4.9.4.b.-.8.f.9.c.-.1.a.c.3.6.8.8.2.1.c.6.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.c.e.1.7.d.8.4.-.6.2.3.1.-.4.1.e.e.-.b.b.0.5.-.f.1.9.5.a.2.c.3.4.9.5.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.5.5.8.7.6...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.e.8.-.0.0.0.1.-.0.0.1.4.-.3.3.e.a.-.3.5.0.d.1.0.3.f.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.a.b.b.d.0.b.8.5.9.6.4.d.0.7.c.3.3.6.c.5.3.c.e.9.5.3.b.0.0.7.5.0.0.0.0.0.4.0.8.!.0.0.0.0.0.f.9.a.3.8.3.1.b.f.f.9.a.4.d.6.0.4.f.c.8.b.5.b.f.9.1.5.a.9.0.f.7.2.1.0.0.d.e.6.!.5.5.8.7.6...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_55876.exe_458c60b62e70e9612b38d86cdbe9bf45285e9550_431570d7_9297d733-114a-47e8-9564-bea5205a9a9d\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8406375336711037
Encrypted:	false
SSDEEP:	96:6c+qgesMXpoU7RhSZQXIDcQzc645cocE1cw345cB+HbHg/5VG4rmMH39WAU1VOy+:R+qgeX0tM/yjy2y1zuiF4Z24IO84
MD5:	D2C73EFCF76809D21489671154783189
SHA1:	5B738DC7A021DD81A990D0DCDA38226B9055C32A
SHA-256:	8D2721F7FE2BD165E378BC1D5A8CE03E9193F001D18B457218339CB91274431F
SHA-512:	3B54FC4F0862944E44DABC1311490047C7152210B8C40C5FD32C6573948C900F45322DD849437541871EA8CACEB7FBBBBA10497E08405C2FDF7729D3F5B21487
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.6.9.9.5.2.1.4.6.5.2.1.0.6.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.2.9.7.d.7.3.3.-.1.1.4.a.-.4.7.e.8.-.9.5.6.4.-.b.e.a.5.2.0.5.a.9.a.9.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.9.a.4.8.c.f.d.-.7.c.2.e.-.4.8.e.a.-.b.4.3.c.-.3.8.3.f.d.d.6.6.d.6.4.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.5.5.8.7.6...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.e.8.-.0.0.0.1.-.0.0.1.4.-.3.3.e.a.-.3.5.0.d.1.0.3.f.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.a.b.b.d.0.b.8.5.9.6.4.d.0.7.c.3.3.6.c.5.3.c.e.9.5.3.b.0.0.7.5.0.0.0.0.0.4.0.8.!.0.0.0.0.0.f.9.a.3.8.3.1.b.f.f.9.a.4.d.6.0.4.f.c.8.b.5.b.f.9.1.5.a.9.0.f.7.2.1.0.0.d.e.6.!.5.5.8.7.6...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.1././.2.1.:.0.9.:.0.3.:.4.8.!.1.7.d.d.f.d.!.5.5.8.7.6...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1049.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8334
Entropy (8bit):	3.7017446165972294
Encrypted:	false
SSDEEP:	192:R6l7wVeJ456uV6YEI+SU9nVvWk0gmfU1Ypra89btSsf8BPm:R6lXJW6uV6YExSU9nVek0gmfUctRfP
MD5:	656B9529E95D6A54339B9D056999CA28
SHA1:	A9E1A8CB0799AEA253DC8067E3F23A0E7FCC8A12
SHA-256:	B95C32141575A65DB4A87258C198DAFDA5A2FE32C7B4FE75E14B293B12249F40
SHA-512:	8445B62A24E9E989300CD7F0BF70DB1357BB65FFB7DCABE80A36940B9748C525C6DF896D64E80C8BB25783079C5CF3FD3B9703F621227CD4D231C83F6BDA66C4
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.5.6.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1069.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4603
Entropy (8bit):	4.481994411538604
Encrypted:	false
SSDEEP:	48:cvIwWl8zsGNNJg77aI9hWWpW8VYp0Ym8M4J6xGcgF5+q89QqQ87DVAzMNGLAzsd:uIjfWnI7f37VABJ6EEXAMNGSsd
MD5:	B48A8B3EE80323F3FD176E6FEA5A4D43
SHA1:	D9ED781FD3F445502A5F681A115552DD28312944
SHA-256:	CA55E0C2604638E51E127551DC289343A0F2C5EFFEF10DC622A9A97292CD4F1E
SHA-512:	5AE8D1F9C510FF887EF507FA71549F618AAA0D3F514EC0B82C1AAEC08036584C0CBF7933011B7280C36E88165FAA51B1499DC956B974DDFDA682E306C328DED1
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="603302" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCFC.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Nov 25 08:00:14 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	46466
Entropy (8bit):	1.9196063006429898
Encrypted:	false
SSDEEP:	192:HUUM6tjIbnLOU8wHx2LFKvEhEfFAjEeAI1lmEAqdKf:0stjIbnSXwARm9gyIfmEf
MD5:	FE31475EFB1CDD6F0B8089A049461F72
SHA1:	7673F9D52EBA137C22CAE2D7F758320E004649D4
SHA-256:	7B846F3403FF6F11CFA3BEFD15FEAC67E5A100205B04795D227FD7ED5E9028B6
SHA-512:	C99F1EA6FF8BD11A8AB004BBDCB09730F6FCD0B7D70925268C1C3735E55C7576F42752A93AC0C81ACEA6546486B943DFDF4FE918C33D1B70599B811534398D87
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... .........Dg........................4...........D...r+..........T.......8...........T.......................................................................................................................eJ..............GenuineIntel............T.............Dg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD8.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8398
Entropy (8bit):	3.6974852786550585
Encrypted:	false
SSDEEP:	192:R6l7wVeJ4E6U/6YEIsSU9nVvWk0gmfL3YpNt89bkC1fYfMm:R6lXJr606YEDSU9nVek0gmfLxk4fYR
MD5:	A33F55696B6371178888FE84F44D80E8
SHA1:	4188F6B07714326316554BC4B652C2106E286D82
SHA-256:	5EECD56A5D176E76D999310612FB5E22495DFDC8D68DC0096B1BAD308D8FD6A6
SHA-512:	514ADA5D8C46C28F9A6A4A40536FA2A55A3EF8C8183C6EE9FCF1C948C005729D1B3AD87B8F4BB138F67296288783F515A88C20B4E9A48B97FB9BFA9CFC0581CE
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.5.6.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE17.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4704
Entropy (8bit):	4.470258667028567
Encrypted:	false
SSDEEP:	48:cvIwWl8zsGNNJg77aI9hWWpW8VYHYm8M4J6xGcFF87s+q8vBcjQ87DVAzMNGLAzj:uIjfWnI7f37V3J6fKgXAMNGSNd
MD5:	528139F8C2F5B296D039CF6A24556BD5
SHA1:	3952592F28A40972608A1DE72F83E04FB7DEBE18
SHA-256:	D72A064F6D7DEF7C64944FE5EC5823EFF3062C67EEE1906B91DA595A4F03F5A0
SHA-512:	D7080DA23E392436CBF6C95E92179F74D1CAC67368A1E35E6DD4C6C9DB65E5B0AE9B3AE0A32435FC69703C94D4B757128390733B6E2A704A460576ECB1BAF62F
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="603302" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERFDB.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Nov 25 08:00:15 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	47190
Entropy (8bit):	1.9537621028443868
Encrypted:	false
SSDEEP:	192:OU3MM6tjIdOU8wHbm/XeHD5zHBDH+FKvEhPfFAjEeJIseqwwbvLaS:bEtjIQXwQXYDRBbox9g7IsbaS
MD5:	3EE1F25E85CDA285C808995B77E54533
SHA1:	B45B900395AC04F6DB6E05EE74351B4F13EF5A1E
SHA-256:	101738AB01F827030DD9C87FDB41F3B64DD424D020565ED1C81A823E6DAC6D0E
SHA-512:	A482EF21373C1E4C705597E0EA0DCE8BFD9373735D20AF3259EDEC160DB8C20D1D49691F75C46E43A174514A2E2906DCC8216E41494B63A244788ACA42C920F1
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... .........Dg........................4...........D...r+..........T.......8...........T.......................................................................................................................eJ..............GenuineIntel............T.............Dg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.421675696746311
Encrypted:	false
SSDEEP:	6144:KSvfpi6ceLP/9skLmb0OTRWSPHaJG8nAgeMZMMhA2fX4WABlEnNv0uhiTw:5vloTRW+EZMM6DFyp03w
MD5:	0FAA7731EBEC77666BF53A09BF058A5C
SHA1:	3140C951C464BDD2397AA569A5BB30261D1BFC1D
SHA-256:	A058C866FE1331067B8B277852B18701C11A681FCEB0E5235751FEBF9C149C60
SHA-512:	01FD5E916F2D7DEA31755803E709020D545FD9922EA0742B127D4754B6A5CF9F2DA2E5CF0D176DF01B12353056F8BBED439E2B9A4EB2F56C51324A9E00917C2E
Malicious:	false
Preview:	regf?...?....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..?..?................................................................................................................................................................................................................................................................................................................................................(;........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.296640237557826
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	55876.exe
File size:	1'540'096 bytes
MD5:	083f9411071a4ffa0450c05c210010b0
SHA1:	0f9a3831bff9a4d604fc8b5bf915a90f72100de6
SHA256:	9bc2ae4f341c51266d9fea5911e71132adfb360cc30b05bc379ed701a82a4fa2
SHA512:	d6e59a091ac4027f8a23adf97899dfabc249e0533cf017b544682b3124f39dd20936971ea89313977c2d635c3ca9724b2c6f0257337c2d8abece3295b4c16aa2
SSDEEP:	24576:xmFyOiZkqq1thfP+rsNGpT0ErTjpTb16B7pTQEErn+dQKDDBP:M4OiZrq1DfP+rsNADtV6v+LgQKDDBP
TLSH:	D065CFD26D9C585DF8E862304FDA85B99A273DDCB963192F2094768EFB33B001D49837
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m.`m)..>)..>)..>R..>(..>..S>!..>...>+..>F..>"..>F..>-..>...>+..>)..>#..>...>*..>...>(..>...>/..>Rich)..>................PE..L..

File Icon


Icon Hash:	060606133b330608

Static PE Info

General

Entrypoint:	0x402bff
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x673EF774 [Thu Nov 21 09:03:48 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	378cc6fad36fcf8baca209691b5a797b

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push FFFFFFFFh
push 00403B80h
push 00402DACh
mov eax, dword ptr fs:[00000000h]
push eax
mov dword ptr fs:[00000000h], esp
sub esp, 68h
push ebx
push esi
push edi
mov dword ptr [ebp-18h], esp
xor ebx, ebx
mov dword ptr [ebp-04h], ebx
push 00000002h
pop edi
push edi
call dword ptr [004033B4h]
pop ecx
or dword ptr [004065DCh], FFFFFFFFh
or dword ptr [004065E0h], FFFFFFFFh
call dword ptr [004033B0h]
mov ecx, dword ptr [004065D4h]
mov dword ptr [eax], ecx
call dword ptr [004033ACh]
mov ecx, dword ptr [004065D0h]
mov dword ptr [eax], ecx
mov eax, dword ptr [004033A8h]
mov eax, dword ptr [eax]
mov dword ptr [004065D8h], eax
call 00007F344D62A270h
cmp dword ptr [004064B0h], ebx
jne 00007F344D62A13Eh
push 00402DA8h
call dword ptr [004033CCh]
pop ecx
call 00007F344D62A242h
push 00405018h
push 00405014h
call 00007F344D62A22Dh
mov eax, dword ptr [004065CCh]
mov dword ptr [ebp-6Ch], eax
lea eax, dword ptr [ebp-6Ch]
push eax
push dword ptr [004065C8h]
lea eax, dword ptr [ebp-64h]
push eax
lea eax, dword ptr [ebp-70h]
push eax
lea eax, dword ptr [ebp-60h]
push eax
call dword ptr [004033F4h]
push 00405010h
push 00405000h

Rich Headers

Programming Language:

[C++] VS98 (6.0) SP6 build 8804
[EXP] VC++ 6.0 SP5 build 8804
[C++] VS98 (6.0) build 8168

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3e48	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x7000	0x1701f2	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x3000	0x434	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1fc5	0x2000	7f856cb207e515a37ac13f66202df17c	False	0.5072021484375	data	5.816394474237689	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x3000	0x1634	0x2000	12c8bda37b874c4e4480ec4ac4bc9a03	False	0.256591796875	data	3.82880315436671	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x5000	0x15e4	0x2000	942c32761bb123920a3cf6145290dd9b	False	0.0616455078125	data	0.5990342758146802	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x7000	0x1701f2	0x171000	58d01f223afc5beea5a614a3dfa14145	False	0.6103714113313008	data	7.33798278724562	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
PNG	0x1ac1c	0x77	PNG image data, 4 x 4, 8-bit/color RGB, non-interlaced	Chinese	China	0.9915966386554622
PNG	0x1ac94	0x2f5	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0145310435931307
PNG	0x1af8c	0x301	PNG image data, 70 x 31, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0143042912873863
PNG	0x1b290	0x287	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	1.017001545595054
PNG	0x1b518	0x36e	PNG image data, 22 x 40, 8-bit/color RGB, non-interlaced	Chinese	China	1.0125284738041003
PNG	0x1b888	0x15d	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0315186246418337
PNG	0x1b9e8	0x13e	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0345911949685536
PNG	0x1bb28	0x115	PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced	Chinese	China	1.03971119133574
PNG	0x1bc40	0x12a	PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0302013422818792
PNG	0x1bd6c	0x20c	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	Chinese	China	1.0209923664122138
PNG	0x1bf78	0xfd	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	Chinese	China	1.0276679841897234
PNG	0x1c078	0xa6	PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced	Chinese	China	1.0120481927710843
PNG	0x1c120	0x7c	PNG image data, 3 x 11, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9919354838709677
PNG	0x1c19c	0x96	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	Chinese	China	1.0133333333333334
PNG	0x1c234	0x91	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	Chinese	China	1.006896551724138
PNG	0x1c2c8	0x84	PNG image data, 15 x 3, 8-bit/color RGB, non-interlaced	Chinese	China	0.9848484848484849
PNG	0x1c34c	0xa3	PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced	Chinese	China	1.0122699386503067
PNG	0x1c3f0	0x771	PNG image data, 13 x 156, 8-bit/color RGB, non-interlaced	Chinese	China	1.005774278215223
PNG	0x1cb64	0x697	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	Chinese	China	1.006520450503853
PNG	0x1d1fc	0x342	PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced	Chinese	China	1.013189448441247
PNG	0x1d540	0x45f	PNG image data, 24 x 72, 8-bit/color RGB, non-interlaced	Chinese	China	1.0098302055406614
PNG	0x1d9a0	0x1a3	PNG image data, 20 x 12, 8-bit/color RGBA, non-interlaced	Chinese	China	1.026252983293556
PNG	0x1db44	0xac8	PNG image data, 24 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0039855072463768
PNG	0x1e60c	0x37c	PNG image data, 8 x 88, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0123318385650224
PNG	0x1e988	0xa50	PNG image data, 24 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0041666666666667
PNG	0x1f3d8	0x48e	PNG image data, 9 x 88, 8-bit/color RGBA, non-interlaced	Chinese	China	1.009433962264151
PNG	0x1f868	0xa50	PNG image data, 24 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0041666666666667
PNG	0x202b8	0x380	PNG image data, 8 x 88, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0122767857142858
PNG	0x20638	0xab0	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0040204678362572
PNG	0x210e8	0xb1f	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0038637161924833
PNG	0x21c08	0xa8e	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0040710584752035
PNG	0x22698	0xb30	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.003840782122905
PNG	0x231c8	0x3a6	PNG image data, 48 x 12, 8-bit/color RGBA, non-interlaced	Chinese	China	1.011777301927195
PNG	0x23570	0x111b	PNG image data, 38 x 114, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0025119890385932
PNG	0x2468c	0x3d1	PNG image data, 23 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0112589559877174
PNG	0x24a60	0x21b	PNG image data, 11 x 88, 8-bit/color RGB, non-interlaced	Chinese	China	1.0204081632653061
PNG	0x24c7c	0xb12	PNG image data, 50 x 273, 8-bit/color RGBA, non-interlaced	Chinese	China	1.003881439661256
PNG	0x25790	0x7ac	PNG image data, 50 x 162, 8-bit/color RGBA, non-interlaced	Chinese	China	1.005600814663951
PNG	0x25f3c	0xd43	PNG image data, 50 x 264, 8-bit/color RGB, non-interlaced	Chinese	China	1.003240058910162
PNG	0x26c80	0x3a4	PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced	Chinese	China	1.011802575107296
PNG	0x27024	0x320	PNG image data, 14 x 246, 8-bit/color RGBA, non-interlaced	Chinese	China	1.01375
PNG	0x27344	0x31f	PNG image data, 14 x 246, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0137672090112642
PNG	0x27664	0x2bd	PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0156918687589158
PNG	0x27924	0x273	PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0175438596491229
PNG	0x27b98	0x2c9	PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0154277699859748
PNG	0x27e64	0x163	PNG image data, 70 x 66, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0112676056338028
PNG	0x27fc8	0x152	PNG image data, 41 x 36, 8-bit/color RGBA, non-interlaced	Chinese	China	1.032544378698225
PNG	0x2811c	0x38a	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0121412803532008
PNG	0x284a8	0x532	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0082706766917293
PNG	0x289dc	0x19c	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	0.8810679611650486
PNG	0x28b78	0x2296	PNG image data, 72 x 125, 8-bit/color RGBA, non-interlaced	Chinese	China	1.001242376327084
PNG	0x2ae10	0x69e	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0064935064935066
PNG	0x2b4b0	0x1c4	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	0.8252212389380531
PNG	0x2b674	0x522	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.008371385083714
PNG	0x2bb98	0x2475	PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced	Chinese	China	1.000750026786671
PNG	0x2e010	0x69e	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0064935064935066
PNG	0x2e6b0	0x1c3	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	0.8314855875831486
PNG	0x2e874	0x505	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0085603112840467
PNG	0x2ed7c	0x24d3	PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0004243131430997
PNG	0x31250	0x69e	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0064935064935066
PNG	0x318f0	0x1c7	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	0.832967032967033
PNG	0x31ab8	0x536	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0082458770614693
PNG	0x31ff0	0x24f0	PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0011632825719121
PNG	0x344e0	0x69e	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0064935064935066
PNG	0x34b80	0x1c5	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	0.8388520971302428
PNG	0x34d48	0x4d9	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.008863819500403
PNG	0x35224	0x23d3	PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0
PNG	0x375f8	0x189	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0279898218829517
PNG	0x37784	0x1bc	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	Chinese	China	0.7027027027027027
PNG	0x37940	0x69e	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0064935064935066
PNG	0x37fe0	0x1c4	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	0.827433628318584
PNG	0x381a4	0x4ef	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0087094220110848
PNG	0x38694	0x23a2	PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0007673755755317
PNG	0x3aa38	0xc5	PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0253807106598984
PNG	0x3ab00	0x69e	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0064935064935066
PNG	0x3b1a0	0x1ba	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	0.8212669683257918
PNG	0x3b35c	0x4e4	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0087859424920127
PNG	0x3b840	0x250f	PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0005270369979973
PNG	0x3dd50	0x69e	PNG image data, 52 x 268, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0064935064935066
PNG	0x3e3f0	0x1c2	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	0.8288888888888889
PNG	0x3e5b4	0x4e9	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0087509944311854
PNG	0x3eaa0	0x23c6	PNG image data, 76 x 125, 8-bit/color RGBA, non-interlaced	Chinese	China	1.000436776588775
PNG	0x40e68	0xb5	PNG image data, 15 x 15, 8-bit/color RGB, non-interlaced	Chinese	China	1.0165745856353592
PNG	0x40f20	0x186	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	Chinese	China	1.028205128205128
PNG	0x410a8	0x1b5	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	Chinese	China	0.6864988558352403
PNG	0x41260	0x66	PNG image data, 1 x 46, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9803921568627451
PNG	0x412c8	0xf9	PNG image data, 90 x 12, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0321285140562249
PNG	0x413c4	0x17c3	PNG image data, 86 x 240, 8-bit/color RGBA, non-interlaced	Chinese	China	0.992931119513398
PNG	0x42b88	0x283	PNG image data, 86 x 8, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0171073094867806
PNG	0x42e0c	0x71	PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9823008849557522
PNG	0x42e80	0x71d	PNG image data, 16 x 48, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0060406370126305
PNG	0x435a0	0x794	PNG image data, 16 x 48, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0056701030927835
PNG	0x43d34	0x284	PNG image data, 7 x 39, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0170807453416149
PNG	0x43fb8	0x203	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	1.021359223300971
PNG	0x441bc	0x1b5	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0251716247139588
PNG	0x44374	0xb2	PNG image data, 2 x 20, 8-bit/color RGB, non-interlaced	Chinese	China	1.0168539325842696
PNG	0x44428	0xd1	PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9760765550239234
PNG	0x444fc	0x21c	PNG image data, 21 x 42, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0203703703703704
PNG	0x44718	0x21c	PNG image data, 21 x 42, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0203703703703704
PNG	0x44934	0x1ae	PNG image data, 21 x 84, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0186046511627906
PNG	0x44ae4	0x13a	PNG image data, 16 x 56, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0222929936305734
PNG	0x44c20	0x13f	PNG image data, 21 x 84, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0344827586206897
PNG	0x44d60	0x135	PNG image data, 16 x 56, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9967637540453075
PNG	0x44e98	0xdb	PNG image data, 21 x 84, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0228310502283104
PNG	0x44f74	0xc6	PNG image data, 16 x 56, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0252525252525253
PNG	0x4503c	0x1a9	PNG image data, 21 x 84, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0141176470588236
PNG	0x451e8	0x19b	PNG image data, 16 x 56, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0194647201946472
PNG	0x45384	0x2296	PNG image data, 72 x 125, 8-bit/color RGBA, non-interlaced	Chinese	China	1.001242376327084
PNG	0x4761c	0x13e	PNG image data, 72 x 15, 8-bit/color RGB, non-interlaced	Chinese	China	1.0345911949685536
PNG	0x4775c	0x115	PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced	Chinese	China	1.03971119133574
PNG	0x47874	0x83	PNG image data, 35 x 3, 8-bit/color RGB, non-interlaced	Chinese	China	1.0076335877862594
PNG	0x478f8	0xce	PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced	Chinese	China	1.0242718446601942
PNG	0x479c8	0xb30	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.003840782122905
PNG	0x484f8	0x25f	PNG image data, 72 x 22, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0181219110378912
PNG	0x48758	0x79	PNG image data, 4 x 4, 8-bit/color RGB, non-interlaced	Chinese	China	0.9752066115702479
PNG	0x487d4	0x170	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9755434782608695
PNG	0x48944	0x26b	PNG image data, 70 x 31, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0177705977382876
PNG	0x48bb0	0x105	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9731800766283525
PNG	0x48cb8	0xe6	PNG image data, 22 x 38, 8-bit/color RGB, non-interlaced	Chinese	China	1.0260869565217392
PNG	0x48da0	0x38d	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	Chinese	China	1.012101210121012
PNG	0x49130	0x265	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0179445350734095
PNG	0x49398	0x11a	PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0319148936170213
PNG	0x494b4	0xaa	PNG image data, 2 x 19, 8-bit/color RGB, non-interlaced	Chinese	China	1.011764705882353
PNG	0x49560	0x12a	PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0268456375838926
PNG	0x4968c	0x209	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	Chinese	China	1.021113243761996
PNG	0x49898	0xf5	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	Chinese	China	1.0244897959183674
PNG	0x49990	0xa6	PNG image data, 54 x 31, 8-bit/color RGB, non-interlaced	Chinese	China	1.0180722891566265
PNG	0x49a38	0x150	PNG image data, 54 x 124, 8-bit/color RGB, non-interlaced	Chinese	China	1.0327380952380953
PNG	0x49b88	0xac	PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0174418604651163
PNG	0x49c34	0x89	PNG image data, 3 x 11, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0
PNG	0x49cc0	0x98	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	Chinese	China	1.006578947368421
PNG	0x49d58	0x91	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	Chinese	China	1.006896551724138
PNG	0x49dec	0x7d	PNG image data, 15 x 3, 8-bit/color RGB, non-interlaced	Chinese	China	1.008
PNG	0x49e6c	0xa6	PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced	Chinese	China	1.0120481927710843
PNG	0x49f14	0xbc	PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0159574468085106
PNG	0x49fd0	0xa07	PNG image data, 13 x 156, 8-bit/color RGBA, non-interlaced	Chinese	China	1.004285157771718
PNG	0x4a9d8	0x1de1	PNG image data, 52 x 336, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0014380964832004
PNG	0x4c7bc	0x1be	PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0246636771300448
PNG	0x4c97c	0x53b	PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0082150858849888
PNG	0x4ceb8	0x440	PNG image data, 22 x 66, 8-bit/color RGBA, non-interlaced	Chinese	China	1.010110294117647
PNG	0x4d2f8	0x12e	PNG image data, 20 x 12, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0298013245033113
PNG	0x4d428	0x5b1	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0075497597803706
PNG	0x4d9dc	0x408	PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0106589147286822
PNG	0x4dde4	0x471	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	Chinese	China	1.009674582233949
PNG	0x4e258	0x4b7	PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0091135045567523
PNG	0x4e710	0x481	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0095403295750216
PNG	0x4eb94	0x3ec	PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0109561752988048
PNG	0x4ef80	0x452	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0099457504520795
PNG	0x4f3d4	0x414	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.010536398467433
PNG	0x4f7e8	0x39e	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.011879049676026
PNG	0x4fb88	0x48d	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.009442060085837
PNG	0x50018	0x1b3	PNG image data, 15 x 56, 8-bit/color RGBA, non-interlaced	Chinese	China	1.025287356321839
PNG	0x501cc	0xea	PNG image data, 32 x 8, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0299145299145298
PNG	0x502b8	0x1ae0	PNG image data, 38 x 114, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0015988372093023
PNG	0x51d98	0xb43	PNG image data, 22 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0038154699965314
PNG	0x528dc	0x609	PNG image data, 11 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0071197411003237
PNG	0x52ee8	0x18ae	PNG image data, 43 x 234, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0017410572966128
PNG	0x54798	0x1177	PNG image data, 43 x 135, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0024602997092373
PNG	0x55910	0x25ec	PNG image data, 43 x 330, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0011330861145447
PNG	0x57efc	0xacb	PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0039811798769454
PNG	0x589c8	0xbc8	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0036472148541113
PNG	0x59590	0xc2e	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0035279025016035
PNG	0x5a1c0	0x5dd	PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0073284477015323
PNG	0x5a7a0	0x597	PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0076869322152342
PNG	0x5ad38	0x5f8	PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced	Chinese	China	1.007198952879581
PNG	0x5b330	0x237	PNG image data, 54 x 69, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0194003527336861
PNG	0x5b568	0x588	PNG image data, 22 x 44, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0077683615819208
PNG	0x5baf0	0x4b6	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0091210613598673
PNG	0x5bfa8	0x532	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0082706766917293
PNG	0x5c4dc	0x5fe	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0071707953063884
PNG	0x5cadc	0xdd3	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9960440802486578
PNG	0x5d8b0	0x7c	PNG image data, 1 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9919354838709677
PNG	0x5d92c	0x13c1	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021752026893416
PNG	0x5ecf0	0x37d	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0123180291153415
PNG	0x5f070	0x395	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0119956379498365
PNG	0x5f408	0x125e	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0023394300297745
PNG	0x60668	0x13b4	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021808088818398
PNG	0x61a1c	0x369	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0126002290950744
PNG	0x61d88	0x3cc	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0113168724279835
PNG	0x62154	0x1320	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.002246732026144
PNG	0x63474	0x13ac	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021842732327244
PNG	0x64820	0x364	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.012672811059908
PNG	0x64b84	0x3ba	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0115303983228512
PNG	0x64f40	0x1274	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0023285351397122
PNG	0x661b4	0x139f	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021899263388414
PNG	0x67554	0x380	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0122767857142858
PNG	0x678d4	0x352	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0129411764705882
PNG	0x67c28	0x1288	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.002318718381113
PNG	0x68eb0	0x211	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0207939508506616
PNG	0x690c4	0x2e4	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0148648648648648
PNG	0x693a8	0x13ad	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021838395870557
PNG	0x6a758	0x365	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0126582278481013
PNG	0x6aac0	0x374	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.012443438914027
PNG	0x6ae34	0x126b	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0023329798515377
PNG	0x6c0a0	0xd4	PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	1.028301886792453
PNG	0x6c174	0x1394	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.00219473264166
PNG	0x6d508	0x374	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.012443438914027
PNG	0x6d87c	0x3f4	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0108695652173914
PNG	0x6dc70	0x1304	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0022596548890714
PNG	0x6ef74	0x1397	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021934197407776
PNG	0x7030c	0x373	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0124575311438277
PNG	0x70680	0x33d	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0132689987937273
PNG	0x709c0	0x119e	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.002439024390244
PNG	0x71b60	0xa6	PNG image data, 15 x 15, 8-bit/color RGB, non-interlaced	Chinese	China	1.0120481927710843
PNG	0x71c08	0x211	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0207939508506616
PNG	0x71e1c	0x2f7	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0144927536231885
PNG	0x72114	0x16e	PNG image data, 9 x 38, 8-bit/color RGBA, non-interlaced	Chinese	China	1.030054644808743
PNG	0x72284	0x73	PNG image data, 5 x 5, 8-bit/color RGB, non-interlaced	Chinese	China	0.9826086956521739
PNG	0x722f8	0x117	PNG image data, 11 x 24, 8-bit/color RGBA, non-interlaced	Chinese	China	1.021505376344086
PNG	0x72410	0x67	PNG image data, 2 x 55, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9902912621359223
PNG	0x72478	0xce	PNG image data, 90 x 12, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0242718446601942
PNG	0x72548	0xa40	PNG image data, 86 x 240, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9733231707317073
PNG	0x72f88	0x283	PNG image data, 86 x 8, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0171073094867806
PNG	0x7320c	0x93	PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0136054421768708
PNG	0x732a0	0x96a	PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced	Chinese	China	1.004564315352697
PNG	0x73c0c	0x99b	PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0044733631557543
PNG	0x745a8	0x2f7	PNG image data, 11 x 45, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0144927536231885
PNG	0x748a0	0x1ff	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0215264187866928
PNG	0x74aa0	0x1f7	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	1.021868787276342
PNG	0x74c98	0xb6	PNG image data, 2 x 20, 8-bit/color RGB, non-interlaced	Chinese	China	1.010989010989011
PNG	0x74d50	0x94	PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0135135135135136
PNG	0x74de4	0x3e6	PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0110220440881763
PNG	0x751cc	0x3e6	PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0110220440881763
PNG	0x755b4	0x315	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0139416983523448
PNG	0x758cc	0x259	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0183028286189684
PNG	0x75b28	0x205	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0212765957446808
PNG	0x75d30	0x176	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0294117647058822
PNG	0x75ea8	0x124	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0136986301369864
PNG	0x75fcc	0xd7	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0
PNG	0x760a4	0x28f	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.016793893129771
PNG	0x76334	0x225	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0200364298724955
PNG	0x7655c	0xdd3	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9960440802486578
PNG	0x77330	0x123	PNG image data, 72 x 15, 8-bit/color RGB, non-interlaced	Chinese	China	1.0378006872852235
PNG	0x77454	0x10b	PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced	Chinese	China	1.0337078651685394
PNG	0x77560	0x83	PNG image data, 35 x 3, 8-bit/color RGB, non-interlaced	Chinese	China	1.0076335877862594
PNG	0x775e4	0x12f	PNG image data, 9 x 9, 8-bit/color RGB, non-interlaced	Chinese	China	1.0264026402640265
PNG	0x77714	0x48d	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.009442060085837
PNG	0x77ba4	0x261	PNG image data, 72 x 22, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0180623973727423
PNG	0x77e08	0x79	PNG image data, 4 x 4, 8-bit/color RGB, non-interlaced	Chinese	China	0.9752066115702479
PNG	0x77e84	0x1b5	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9931350114416476
PNG	0x7803c	0x293	PNG image data, 70 x 31, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0166919575113809
PNG	0x782d0	0x11a	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9716312056737588
PNG	0x783ec	0xde	PNG image data, 22 x 38, 8-bit/color RGB, non-interlaced	Chinese	China	1.027027027027027
PNG	0x784cc	0x38d	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	Chinese	China	1.012101210121012
PNG	0x7885c	0x265	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0179445350734095
PNG	0x78ac4	0x124	PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0308219178082192
PNG	0x78be8	0xaa	PNG image data, 2 x 19, 8-bit/color RGB, non-interlaced	Chinese	China	1.011764705882353
PNG	0x78c94	0x12a	PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0268456375838926
PNG	0x78dc0	0x209	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	Chinese	China	1.021113243761996
PNG	0x78fcc	0xf5	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	Chinese	China	1.0244897959183674
PNG	0x790c4	0x9f	PNG image data, 54 x 31, 8-bit/color RGB, non-interlaced	Chinese	China	1.0125786163522013
PNG	0x79164	0x148	PNG image data, 54 x 124, 8-bit/color RGB, non-interlaced	Chinese	China	1.0335365853658536
PNG	0x792ac	0xac	PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0174418604651163
PNG	0x79358	0x8b	PNG image data, 3 x 11, 8-bit/color RGBA, non-interlaced	Chinese	China	1.014388489208633
PNG	0x793e4	0xa4	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	Chinese	China	1.0
PNG	0x79488	0x94	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	Chinese	China	1.0067567567567568
PNG	0x7951c	0x87	PNG image data, 15 x 3, 8-bit/color RGB, non-interlaced	Chinese	China	1.0
PNG	0x795a4	0xa6	PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced	Chinese	China	1.0120481927710843
PNG	0x7964c	0xc5	PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0203045685279188
PNG	0x79714	0xa54	PNG image data, 13 x 156, 8-bit/color RGBA, non-interlaced	Chinese	China	1.004160363086233
PNG	0x7a168	0x1eda	PNG image data, 52 x 336, 8-bit/color RGBA, non-interlaced	Chinese	China	1.001392757660167
PNG	0x7c044	0x1cb	PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0239651416122004
PNG	0x7c210	0x53b	PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0082150858849888
PNG	0x7c74c	0x4f3	PNG image data, 22 x 66, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0086819258089976
PNG	0x7cc40	0x11a	PNG image data, 20 x 12, 8-bit/color RGBA, non-interlaced	Chinese	China	1.024822695035461
PNG	0x7cd5c	0x5af	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0075601374570446
PNG	0x7d30c	0x3ff	PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.010752688172043
PNG	0x7d70c	0x461	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0098126672613739
PNG	0x7db70	0x4cc	PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.008957654723127
PNG	0x7e03c	0x474	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0096491228070175
PNG	0x7e4b0	0x3ef	PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0109235352532273
PNG	0x7e8a0	0x44a	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0100182149362478
PNG	0x7ecec	0x41f	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0104265402843602
PNG	0x7f10c	0x39b	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0119176598049837
PNG	0x7f4a8	0x4a1	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.009282700421941
PNG	0x7f94c	0x1b3	PNG image data, 15 x 56, 8-bit/color RGBA, non-interlaced	Chinese	China	1.025287356321839
PNG	0x7fb00	0xf9	PNG image data, 32 x 8, 8-bit/color RGBA, non-interlaced	Chinese	China	1.036144578313253
PNG	0x7fbfc	0x1bfa	PNG image data, 38 x 114, 8-bit/color RGBA, non-interlaced	Chinese	China	1.001535883831332
PNG	0x817f8	0xb43	PNG image data, 22 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0038154699965314
PNG	0x8233c	0x609	PNG image data, 11 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0071197411003237
PNG	0x82948	0x18ae	PNG image data, 43 x 234, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0017410572966128
PNG	0x841f8	0x1177	PNG image data, 43 x 135, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0024602997092373
PNG	0x85370	0x25ec	PNG image data, 43 x 330, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0011330861145447
PNG	0x8795c	0xac7	PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0039869517941282
PNG	0x88424	0xa82	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	Chinese	China	1.004089219330855
PNG	0x88ea8	0xac7	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0039869517941282
PNG	0x89970	0x5d3	PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0073775989268947
PNG	0x89f44	0x575	PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0078740157480315
PNG	0x8a4bc	0x5ea	PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0072655217965654
PNG	0x8aaa8	0x222	PNG image data, 54 x 69, 8-bit/color RGBA, non-interlaced	Chinese	China	1.02014652014652
PNG	0x8accc	0x588	PNG image data, 22 x 44, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0077683615819208
PNG	0x8b254	0x552	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0080763582966226
PNG	0x8b7a8	0x532	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0082706766917293
PNG	0x8bcdc	0x624	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.006997455470738
PNG	0x8c300	0xf6f	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0027841052898
PNG	0x8d270	0x98	PNG image data, 1 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	1.013157894736842
PNG	0x8d308	0x13c1	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021752026893416
PNG	0x8e6cc	0x37d	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0123180291153415
PNG	0x8ea4c	0x395	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0119956379498365
PNG	0x8ede4	0xbea	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0036065573770492
PNG	0x8f9d0	0x13b4	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021808088818398
PNG	0x90d84	0x369	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0126002290950744
PNG	0x910f0	0x3cc	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0113168724279835
PNG	0x914bc	0xcb2	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0033846153846153
PNG	0x92170	0x13ac	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021842732327244
PNG	0x9351c	0x364	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.012672811059908
PNG	0x93880	0x3ba	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0115303983228512
PNG	0x93c3c	0xbff	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0035818951481603
PNG	0x9483c	0x139f	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021899263388414
PNG	0x95bdc	0x380	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0122767857142858
PNG	0x95f5c	0x352	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0129411764705882
PNG	0x962b0	0xbf8	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0035900783289817
PNG	0x96ea8	0x1e3	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0227743271221532
PNG	0x9708c	0x3d2	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0112474437627812
PNG	0x97460	0x13ad	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021838395870557
PNG	0x98810	0x365	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0126582278481013
PNG	0x98b78	0x374	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.012443438914027
PNG	0x98eec	0xb9a	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0037037037037038
PNG	0x99a88	0xd4	PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	1.028301886792453
PNG	0x99b5c	0x1394	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.00219473264166
PNG	0x9aef0	0x374	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.012443438914027
PNG	0x9b264	0x3f4	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0108695652173914
PNG	0x9b658	0xc62	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0034700315457412
PNG	0x9c2bc	0x1397	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021934197407776
PNG	0x9d654	0x373	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0124575311438277
PNG	0x9d9c8	0x33d	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0132689987937273
PNG	0x9dd08	0xb84	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0003392130257802
PNG	0x9e88c	0xb1	PNG image data, 15 x 15, 8-bit/color RGB, non-interlaced	Chinese	China	1.0169491525423728
PNG	0x9e940	0x1da	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0232067510548524
PNG	0x9eb1c	0x375	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0124293785310734
PNG	0x9ee94	0x1a5	PNG image data, 9 x 38, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0261282660332542
PNG	0x9f03c	0x71	PNG image data, 5 x 5, 8-bit/color RGB, non-interlaced	Chinese	China	0.9911504424778761
PNG	0x9f0b0	0x11a	PNG image data, 11 x 24, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0283687943262412
PNG	0x9f1cc	0x67	PNG image data, 2 x 55, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9902912621359223
PNG	0x9f234	0xe0	PNG image data, 90 x 12, 8-bit/color RGBA, non-interlaced	Chinese	China	1.03125
PNG	0x9f314	0xa40	PNG image data, 86 x 240, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9733231707317073
PNG	0x9fd54	0x283	PNG image data, 86 x 8, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0171073094867806
PNG	0x9ffd8	0x93	PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0136054421768708
PNG	0xa006c	0x985	PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced	Chinese	China	1.00451374640952
PNG	0xa09f4	0x9ca	PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced	Chinese	China	1.00438946528332
PNG	0xa13c0	0x339	PNG image data, 11 x 45, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0133333333333334
PNG	0xa16fc	0x214	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0206766917293233
PNG	0xa1910	0x22e	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0197132616487454
PNG	0xa1b40	0xb3	PNG image data, 2 x 20, 8-bit/color RGB, non-interlaced	Chinese	China	1.011173184357542
PNG	0xa1bf4	0x95	PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9932885906040269
PNG	0xa1c8c	0x414	PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced	Chinese	China	1.010536398467433
PNG	0xa20a0	0x414	PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced	Chinese	China	1.010536398467433
PNG	0xa24b4	0x1fb	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0216962524654833
PNG	0xa26b0	0x179	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0159151193633953
PNG	0xa282c	0x179	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0053050397877985
PNG	0xa29a8	0x114	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0289855072463767
PNG	0xa2abc	0x10e	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.011111111111111
PNG	0xa2bcc	0xb6	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0054945054945055
PNG	0xa2c84	0x17e	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0287958115183247
PNG	0xa2e04	0x15c	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0201149425287357
PNG	0xa2f60	0xf6f	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0027841052898
PNG	0xa3ed0	0x143	PNG image data, 72 x 15, 8-bit/color RGB, non-interlaced	Chinese	China	1.0340557275541795
PNG	0xa4014	0x110	PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced	Chinese	China	1.0294117647058822
PNG	0xa4124	0x87	PNG image data, 35 x 3, 8-bit/color RGB, non-interlaced	Chinese	China	1.0074074074074073
PNG	0xa41ac	0x13b	PNG image data, 9 x 9, 8-bit/color RGB, non-interlaced	Chinese	China	1.0253968253968253
PNG	0xa42e8	0x4a1	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.009282700421941
PNG	0xa478c	0x25e	PNG image data, 72 x 22, 8-bit/color RGBA, non-interlaced	Chinese	China	1.018151815181518
PNG	0xa49ec	0x79	PNG image data, 4 x 4, 8-bit/color RGB, non-interlaced	Chinese	China	0.9752066115702479
PNG	0xa4a68	0x167	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9972144846796658
PNG	0xa4bd0	0x278	PNG image data, 70 x 31, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0174050632911393
PNG	0xa4e48	0x11a	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9680851063829787
PNG	0xa4f64	0xd4	PNG image data, 22 x 38, 8-bit/color RGB, non-interlaced	Chinese	China	1.0235849056603774
PNG	0xa5038	0x38d	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	Chinese	China	1.012101210121012
PNG	0xa53c8	0x265	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0179445350734095
PNG	0xa5630	0x11a	PNG image data, 30 x 24, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0319148936170213
PNG	0xa574c	0xaa	PNG image data, 2 x 19, 8-bit/color RGB, non-interlaced	Chinese	China	1.011764705882353
PNG	0xa57f8	0x12a	PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0268456375838926
PNG	0xa5924	0x209	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	Chinese	China	1.021113243761996
PNG	0xa5b30	0xf5	PNG image data, 10 x 28, 8-bit/color RGB, non-interlaced	Chinese	China	1.0244897959183674
PNG	0xa5c28	0xa6	PNG image data, 54 x 31, 8-bit/color RGB, non-interlaced	Chinese	China	1.0180722891566265
PNG	0xa5cd0	0x150	PNG image data, 54 x 124, 8-bit/color RGB, non-interlaced	Chinese	China	1.0327380952380953
PNG	0xa5e20	0xac	PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0174418604651163
PNG	0xa5ecc	0x8b	PNG image data, 3 x 11, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0
PNG	0xa5f58	0x98	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	Chinese	China	1.006578947368421
PNG	0xa5ff0	0x91	PNG image data, 9 x 8, 8-bit/color RGB, non-interlaced	Chinese	China	1.006896551724138
PNG	0xa6084	0x7d	PNG image data, 15 x 3, 8-bit/color RGB, non-interlaced	Chinese	China	1.008
PNG	0xa6104	0xa6	PNG image data, 7 x 7, 8-bit/color RGB, non-interlaced	Chinese	China	1.0120481927710843
PNG	0xa61ac	0xbd	PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0105820105820107
PNG	0xa626c	0xa07	PNG image data, 13 x 156, 8-bit/color RGBA, non-interlaced	Chinese	China	1.004285157771718
PNG	0xa6c74	0x1de1	PNG image data, 52 x 336, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0014380964832004
PNG	0xa8a58	0x1be	PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0246636771300448
PNG	0xa8c18	0x53b	PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0082150858849888
PNG	0xa9154	0x46c	PNG image data, 22 x 66, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0097173144876326
PNG	0xa95c0	0xaf	PNG image data, 20 x 12, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0171428571428571
PNG	0xa9670	0x701	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0061349693251533
PNG	0xa9d74	0x498	PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0093537414965987
PNG	0xaa20c	0x5c1	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0074677528852682
PNG	0xaa7d0	0x539	PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0082273747195214
PNG	0xaad0c	0x5c7	PNG image data, 23 x 154, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0074374577417173
PNG	0xab2d4	0x47f	PNG image data, 9 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.009556907037359
PNG	0xab754	0x585	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0077848549186128
PNG	0xabcdc	0x546	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0081481481481482
PNG	0xac224	0x4e1	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0088070456365092
PNG	0xac708	0x5b0	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.007554945054945
PNG	0xaccb8	0x1b3	PNG image data, 15 x 56, 8-bit/color RGBA, non-interlaced	Chinese	China	1.025287356321839
PNG	0xace6c	0xea	PNG image data, 32 x 8, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0299145299145298
PNG	0xacf58	0x1ad9	PNG image data, 38 x 114, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0016004655899897
PNG	0xaea34	0xb43	PNG image data, 22 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0038154699965314
PNG	0xaf578	0x609	PNG image data, 11 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0071197411003237
PNG	0xafb84	0x18ae	PNG image data, 43 x 234, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0017410572966128
PNG	0xb1434	0x1177	PNG image data, 43 x 135, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0024602997092373
PNG	0xb25ac	0x25ec	PNG image data, 43 x 330, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0011330861145447
PNG	0xb4b98	0xad3	PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0039696860339227
PNG	0xb566c	0xbc8	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0036472148541113
PNG	0xb6234	0xc2e	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0035279025016035
PNG	0xb6e64	0x5dd	PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0073284477015323
PNG	0xb7444	0x597	PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0076869322152342
PNG	0xb79dc	0x5f8	PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced	Chinese	China	1.007198952879581
PNG	0xb7fd4	0x228	PNG image data, 54 x 69, 8-bit/color RGBA, non-interlaced	Chinese	China	1.019927536231884
PNG	0xb81fc	0x588	PNG image data, 22 x 44, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0077683615819208
PNG	0xb8784	0x38a	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0121412803532008
PNG	0xb8b10	0x532	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0082706766917293
PNG	0xb9044	0x32f	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0134969325153373
PNG	0xb9374	0xef8	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9950417536534447
PNG	0xba26c	0x7c	PNG image data, 1 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9919354838709677
PNG	0xba2e8	0x13c1	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021752026893416
PNG	0xbb6ac	0x37d	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0123180291153415
PNG	0xbba2c	0x395	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0119956379498365
PNG	0xbbdc4	0x125e	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0023394300297745
PNG	0xbd024	0x13b4	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021808088818398
PNG	0xbe3d8	0x369	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0126002290950744
PNG	0xbe744	0x3cc	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0113168724279835
PNG	0xbeb10	0x1320	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.002246732026144
PNG	0xbfe30	0x13ac	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021842732327244
PNG	0xc11dc	0x364	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.012672811059908
PNG	0xc1540	0x3ba	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0115303983228512
PNG	0xc18fc	0x1274	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0023285351397122
PNG	0xc2b70	0x139f	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021899263388414
PNG	0xc3f10	0x380	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0122767857142858
PNG	0xc4290	0x352	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0129411764705882
PNG	0xc45e4	0x1288	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.002318718381113
PNG	0xc586c	0x99d	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	Chinese	China	1.004469727752946
PNG	0xc620c	0x2e6	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0148247978436657
PNG	0xc64f4	0x13ad	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021838395870557
PNG	0xc78a4	0x365	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0126582278481013
PNG	0xc7c0c	0x374	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.012443438914027
PNG	0xc7f80	0x126b	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0023329798515377
PNG	0xc91ec	0xd4	PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	1.028301886792453
PNG	0xc92c0	0x1394	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.00219473264166
PNG	0xca654	0x374	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.012443438914027
PNG	0xca9c8	0x3f4	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0108695652173914
PNG	0xcadbc	0x1304	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0022596548890714
PNG	0xcc0c0	0x1397	PNG image data, 52 x 252, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021934197407776
PNG	0xcd458	0x373	PNG image data, 80 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0124575311438277
PNG	0xcd7cc	0x33d	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0132689987937273
PNG	0xcdb0c	0x119e	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	1.002439024390244
PNG	0xcecac	0xa6	PNG image data, 15 x 15, 8-bit/color RGB, non-interlaced	Chinese	China	1.0120481927710843
PNG	0xced54	0x99d	PNG image data, 100 x 34, 8-bit/color RGBA, non-interlaced	Chinese	China	1.004469727752946
PNG	0xcf6f4	0x2f7	PNG image data, 100 x 136, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0144927536231885
PNG	0xcf9ec	0x17e	PNG image data, 9 x 38, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0287958115183247
PNG	0xcfb6c	0x71	PNG image data, 5 x 5, 8-bit/color RGB, non-interlaced	Chinese	China	0.9911504424778761
PNG	0xcfbe0	0x117	PNG image data, 11 x 24, 8-bit/color RGBA, non-interlaced	Chinese	China	1.021505376344086
PNG	0xcfcf8	0x67	PNG image data, 2 x 55, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9902912621359223
PNG	0xcfd60	0xd7	PNG image data, 90 x 12, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0232558139534884
PNG	0xcfe38	0xa40	PNG image data, 86 x 240, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9733231707317073
PNG	0xd0878	0x283	PNG image data, 86 x 8, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0171073094867806
PNG	0xd0afc	0x93	PNG image data, 5 x 8, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0136054421768708
PNG	0xd0b90	0x96a	PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced	Chinese	China	1.004564315352697
PNG	0xd14fc	0x99b	PNG image data, 18 x 54, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0044733631557543
PNG	0xd1e98	0x2f7	PNG image data, 11 x 45, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0144927536231885
PNG	0xd2190	0x1d3	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	1.019271948608137
PNG	0xd2364	0x1f8	PNG image data, 70 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0138888888888888
PNG	0xd255c	0x67	PNG image data, 2 x 20, 8-bit/color RGB, non-interlaced	Chinese	China	0.9514563106796117
PNG	0xd25c4	0x95	PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0
PNG	0xd265c	0x39d	PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced	Chinese	China	1.011891891891892
PNG	0xd29fc	0x39d	PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced	Chinese	China	1.011891891891892
PNG	0xd2d9c	0x1c1	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.024498886414254
PNG	0xd2f60	0x153	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0324483775811208
PNG	0xd30b4	0x15f	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0113960113960114
PNG	0xd3214	0x100	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	Chinese	China	1.03515625
PNG	0xd3314	0x108	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.018939393939394
PNG	0xd341c	0xb6	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	Chinese	China	1.010989010989011
PNG	0xd34d4	0x151	PNG image data, 17 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.032640949554896
PNG	0xd3628	0x135	PNG image data, 13 x 60, 8-bit/color RGBA, non-interlaced	Chinese	China	1.029126213592233
PNG	0xd3760	0xdd3	PNG image data, 57 x 120, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9960440802486578
PNG	0xd4534	0x129	PNG image data, 72 x 15, 8-bit/color RGB, non-interlaced	Chinese	China	1.0303030303030303
PNG	0xd4660	0x10b	PNG image data, 30 x 24, 8-bit/color RGB, non-interlaced	Chinese	China	1.0337078651685394
PNG	0xd476c	0x87	PNG image data, 35 x 3, 8-bit/color RGB, non-interlaced	Chinese	China	1.0074074074074073
PNG	0xd47f4	0x12f	PNG image data, 9 x 9, 8-bit/color RGB, non-interlaced	Chinese	China	1.0264026402640265
PNG	0xd4924	0x48d	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.009442060085837
PNG	0xd4db4	0xdd1	PNG image data, 72 x 22, 8-bit/color RGBA, non-interlaced	Chinese	China	1.003109980209217
PNG	0xd5b88	0xd61	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0032116788321168
PNG	0xd68ec	0x265	PNG image data, 55 x 22, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0179445350734095
PNG	0xd6b54	0xbb9	PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0036654448517162
PNG	0xd7710	0xc66	PNG image data, 10 x 28, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0034656584751103
PNG	0xd8378	0xb90	PNG image data, 10 x 28, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0037162162162163
PNG	0xd8f08	0xb07	PNG image data, 5 x 5, 8-bit/color RGBA, non-interlaced	Chinese	China	1.003896563939072
PNG	0xd9a10	0xb50	PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0037983425414365
PNG	0xda560	0x2885	PNG image data, 42 x 348, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0010604453870626
PNG	0xdcde8	0xd8e	PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0031700288184437
PNG	0xddb78	0x53b	PNG image data, 30 x 16, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0082150858849888
PNG	0xde0b4	0x4f3	PNG image data, 22 x 66, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0086819258089976
PNG	0xde5a8	0x130f	PNG image data, 22 x 154, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0022545603607296
PNG	0xdf8b8	0xe74	PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.002972972972973
PNG	0xe072c	0x11ba	PNG image data, 22 x 154, 8-bit/color RGBA, non-interlaced	Chinese	China	1.002423975319524
PNG	0xe18e8	0xece	PNG image data, 11 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0029023746701846
PNG	0xe27b8	0x11ba	PNG image data, 22 x 154, 8-bit/color RGBA, non-interlaced	Chinese	China	1.002423975319524
PNG	0xe3974	0xe74	PNG image data, 10 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.002972972972973
PNG	0xe47e8	0x1206	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0023840485478976
PNG	0xe59f0	0x11bc	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0024229074889868
PNG	0xe6bac	0x112a	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0025034137460174
PNG	0xe7cd8	0x127a	PNG image data, 22 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0023255813953489
PNG	0xe8f54	0xd3e	PNG image data, 15 x 56, 8-bit/color RGBA, non-interlaced	Chinese	China	1.003244837758112
PNG	0xe9c94	0xbac	PNG image data, 32 x 8, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0036813922356091
PNG	0xea840	0x146a	PNG image data, 56 x 69, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0021048603138156
PNG	0xebcac	0x122f	PNG image data, 22 x 132, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0023630504833512
PNG	0xecedc	0xdec	PNG image data, 11 x 110, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0030864197530864
PNG	0xedcc8	0x1100	PNG image data, 42 x 228, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0025275735294117
PNG	0xeedc8	0x11ed	PNG image data, 42 x 140, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0023970363913706
PNG	0xeffb8	0x1864	PNG image data, 42 x 330, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0003203074951954
PNG	0xf181c	0x10b5	PNG image data, 22 x 88, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0025718961889174
PNG	0xf28d4	0x124b	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0023489216314327
PNG	0xf3b20	0x1256	PNG image data, 14 x 276, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0023434171282488
PNG	0xf4d78	0xf2c	PNG image data, 15 x 80, 8-bit/color RGBA, non-interlaced	Chinese	China	1.002832131822863
PNG	0xf5ca4	0xede	PNG image data, 15 x 76, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0028901734104045
PNG	0xf6b84	0xf69	PNG image data, 15 x 84, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0027883396704689
PNG	0xf7af0	0xe20	PNG image data, 22 x 44, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0030420353982301
PNG	0xf8910	0xdc7	PNG image data, 64 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0031187978451943
PNG	0xf96d8	0xbae	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0036789297658864
PNG	0xfa288	0xd91	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	Chinese	China	1.003167290526922
PNG	0xfb01c	0xb12	PNG image data, 1 x 23, 8-bit/color RGBA, non-interlaced	Chinese	China	1.003881439661256
PNG	0xfbb30	0xbc3	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0036532713384259
PNG	0xfc6f4	0xc9f	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.003404518724853
PNG	0xfd394	0xd7d	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0031856356791196
PNG	0xfe114	0xbf7	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0035912504080966
PNG	0xfed0c	0xc96	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0034140285536934
PNG	0xff9a4	0xd8c	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0031718569780854
PNG	0x100730	0xbda	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0036255767963085
PNG	0x10130c	0xca0	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0034034653465347
PNG	0x101fac	0xd80	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0031828703703705
PNG	0x102d2c	0xbe2	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0036160420775806
PNG	0x103910	0xc8c	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0034246575342465
PNG	0x10459c	0xd7b	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0031874818893074
PNG	0x105318	0xbe7	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0036101083032491
PNG	0x105f00	0xc94	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0034161490683229
PNG	0x106b94	0xd80	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0031828703703705
PNG	0x107914	0xd4	PNG image data, 3 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	1.028301886792453
PNG	0x1079e8	0xbd0	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.003637566137566
PNG	0x1085b8	0xc97	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0034129692832765
PNG	0x109250	0xd7a	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0031884057971014
PNG	0x109fcc	0xbda	PNG image data, 3 x 92, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0036255767963085
PNG	0x10aba8	0xc8f	PNG image data, 80 x 19, 8-bit/color RGBA, non-interlaced	Chinese	China	1.003421461897356
PNG	0x10b838	0xd86	PNG image data, 13 x 72, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0031773541305604
PNG	0x10c5c0	0x1908	PNG image data, 50 x 178, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9887640449438202
PNG	0x10dec8	0xb75	PNG image data, 3 x 61, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0037504261847938
PNG	0x10ea40	0xbd0	PNG image data, 9 x 51, 8-bit/color RGBA, non-interlaced	Chinese	China	1.003637566137566
PNG	0x10f610	0x1570	PNG image data, 18 x 72, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0020043731778425
PNG	0x110b80	0x1623	PNG image data, 18 x 72, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0019410622904534
PNG	0x1121a4	0x4def	PNG image data, 680 x 460, 8-bit/color RGB, non-interlaced	Chinese	China	0.9379479725327051
PNG	0x116f94	0xbe0	PNG image data, 38 x 19, 8-bit/color RGBA, interlaced	Chinese	China	1.0036184210526315
PNG	0x117b74	0xb76	PNG image data, 38 x 19, 8-bit/color RGBA, interlaced	Chinese	China	1.003749147920927
PNG	0x1186ec	0x751	PNG image data, 129 x 24, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0058729311265349
PNG	0x118e40	0x10c	PNG image data, 120 x 26, 8-bit/color RGBA, non-interlaced	Chinese	China	0.9365671641791045
PNG	0x118f4c	0x5a	PNG image data, 10 x 17, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0222222222222221
PNG	0x118fa8	0xdd2	PNG image data, 65 x 65, 8-bit/color RGBA, interlaced	Chinese	China	1.0005652911249294
RT_CURSOR	0x119d7c	0x134	Targa image data - Mono 64 x 65536 x 1 +32 "\001"	Chinese	China	0.4512987012987013
RT_CURSOR	0x119eb0	0x134	Targa image data - Mono 64 x 65536 x 1 +32 "\001"	Chinese	China	0.4967532467532468
RT_CURSOR	0x119fe4	0x134	data	Chinese	China	0.20454545454545456
RT_CURSOR	0x11a118	0x134	data	Chinese	China	0.2857142857142857
RT_CURSOR	0x11a24c	0x134	data	Chinese	China	0.4675324675324675
RT_CURSOR	0x11a380	0x134	data	Chinese	China	0.2532467532467532
RT_CURSOR	0x11a4b4	0x134	Targa image data - RLE 64 x 65536 x 1 +32 "\001"	Chinese	China	0.40584415584415584
RT_CURSOR	0x11a5e8	0x134	data	Chinese	China	0.4383116883116883
RT_CURSOR	0x11a71c	0x134	Targa image data - Mono 64 x 65536 x 1 +32 "\001"	Chinese	China	0.39285714285714285
RT_CURSOR	0x11a850	0x134	data	Chinese	China	0.37337662337662336
RT_CURSOR	0x11a984	0x134	data	Chinese	China	0.4448051948051948
RT_CURSOR	0x11aab8	0x134	data	Chinese	China	0.525974025974026
RT_CURSOR	0x11abec	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	Chinese	China	0.4805194805194805
RT_CURSOR	0x11ad20	0xb4	Targa image data - Map 32 x 65536 x 1 +16 "\001"	Chinese	China	0.7
RT_CURSOR	0x11add4	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	Chinese	China	0.37662337662337664
RT_CURSOR	0x11af08	0x134	AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd	Chinese	China	0.36363636363636365
RT_CURSOR	0x11b03c	0x134	Targa image data 64 x 65536 x 1 +32 "\001"	Chinese	China	0.36688311688311687
RT_CURSOR	0x11b170	0x134	data	Chinese	China	0.37662337662337664
RT_CURSOR	0x11b2a4	0x134	AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd	Chinese	China	0.5422077922077922
RT_CURSOR	0x11b3d8	0x134	data	Chinese	China	0.37337662337662336
RT_CURSOR	0x11b50c	0x134	Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"	Chinese	China	0.38636363636363635
RT_CURSOR	0x11b640	0x134	Targa image data - RLE 64 x 65536 x 1 +32 "\001"	Chinese	China	0.35714285714285715
RT_CURSOR	0x11b774	0x134	Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"	Chinese	China	0.36688311688311687
RT_CURSOR	0x11b8a8	0x134	data	Chinese	China	0.44155844155844154
RT_CURSOR	0x11b9dc	0x134	data	Chinese	China	0.4155844155844156
RT_CURSOR	0x11bb10	0x134	data	Chinese	China	0.2662337662337662
RT_CURSOR	0x11bc44	0x134	data	Chinese	China	0.2824675324675325
RT_CURSOR	0x11bd78	0x134	data	Chinese	China	0.3246753246753247
RT_BITMAP	0x11beac	0x62c	Device independent bitmap graphic, 324 x 9 x 4, image size 1476	Chinese	China	0.2430379746835443
RT_BITMAP	0x11c4d8	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128	Chinese	China	0.5818965517241379
RT_BITMAP	0x11c5c0	0x4a0	Device independent bitmap graphic, 144 x 15 x 4, image size 1080	Chinese	China	0.3783783783783784
RT_BITMAP	0x11ca60	0x197a	Device independent bitmap graphic, 144 x 15 x 24, image size 6482, resolution 2834 x 2834 px/m	Chinese	China	0.380098129408157
RT_BITMAP	0x11e3dc	0xc8	Device independent bitmap graphic, 13 x 12 x 4, image size 96	Chinese	China	0.51
RT_BITMAP	0x11e4a4	0xc8	Device independent bitmap graphic, 13 x 12 x 4, image size 96	Chinese	China	0.515
RT_BITMAP	0x11e56c	0xc8	Device independent bitmap graphic, 13 x 12 x 4, image size 96	Chinese	China	0.43
RT_BITMAP	0x11e634	0xc8	Device independent bitmap graphic, 13 x 12 x 4, image size 96	Chinese	China	0.44
RT_BITMAP	0x11e6fc	0x182a	Device independent bitmap graphic, 128 x 16 x 24, image size 6146, resolution 2834 x 2834 px/m	Chinese	China	0.2924345295829292
RT_BITMAP	0x11ff28	0x468	Device independent bitmap graphic, 128 x 16 x 4, image size 1024	Chinese	China	0.3058510638297872
RT_BITMAP	0x120390	0x528	Device independent bitmap graphic, 16 x 16 x 8, image size 256	Chinese	China	0.4803030303030303
RT_BITMAP	0x1208b8	0x528	Device independent bitmap graphic, 16 x 16 x 8, image size 256	Chinese	China	0.4765151515151515
RT_BITMAP	0x120de0	0x158	Device independent bitmap graphic, 32 x 15 x 4, image size 240	Chinese	China	0.41569767441860467
RT_BITMAP	0x120f38	0x188	Device independent bitmap graphic, 48 x 12 x 4, image size 288	Chinese	China	0.39285714285714285
RT_BITMAP	0x1210c0	0x1e8	Device independent bitmap graphic, 48 x 16 x 4, image size 384	Chinese	China	0.5081967213114754
RT_BITMAP	0x1212a8	0xad2	Device independent bitmap graphic, 29 x 31 x 24, image size 2730, resolution 2834 x 2834 px/m	Chinese	China	0.18736462093862816
RT_BITMAP	0x121d7c	0xad2	Device independent bitmap graphic, 29 x 31 x 24, image size 2730, resolution 2834 x 2834 px/m	Chinese	China	0.1844765342960289
RT_BITMAP	0x122850	0xb0a	Device independent bitmap graphic, 31 x 29 x 24, image size 2786, resolution 2834 x 2834 px/m	Chinese	China	0.19497523000707714
RT_BITMAP	0x12335c	0x7e2	Device independent bitmap graphic, 25 x 26 x 24, image size 1978, resolution 2834 x 2834 px/m	Chinese	China	0.24033696729435083
RT_BITMAP	0x123b40	0xb0a	Device independent bitmap graphic, 31 x 29 x 24, image size 2786, resolution 2834 x 2834 px/m	Chinese	China	0.1935598018400566
RT_BITMAP	0x12464c	0x134	Device independent bitmap graphic, 17 x 17 x 4, image size 204	Chinese	China	0.37337662337662336
RT_BITMAP	0x124780	0x928	Device independent bitmap graphic, 48 x 16 x 24, image size 0, resolution 2834 x 2834 px/m	Chinese	China	0.533703071672355
RT_BITMAP	0x1250a8	0x32a	Device independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/m	Chinese	China	0.7518518518518519
RT_BITMAP	0x1253d4	0x32a	Device independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/m	Chinese	China	0.3790123456790123
RT_BITMAP	0x125700	0xc2a	Device independent bitmap graphic, 64 x 16 x 24, image size 3074, resolution 2834 x 2834 px/m	Chinese	China	0.42485549132947975
RT_BITMAP	0x12632c	0x20a	Device independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/m	Chinese	China	0.9367816091954023
RT_BITMAP	0x126538	0x20a	Device independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/m	Chinese	China	0.4482758620689655
RT_BITMAP	0x126744	0x20a	Device independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/m	Chinese	China	0.33524904214559387
RT_BITMAP	0x126950	0x20a	Device independent bitmap graphic, 13 x 12 x 24, image size 482, resolution 2834 x 2834 px/m	Chinese	China	0.3371647509578544
RT_BITMAP	0x126b5c	0x32a	Device independent bitmap graphic, 16 x 16 x 24, image size 770, resolution 2834 x 2834 px/m	Chinese	China	0.6320987654320988
RT_BITMAP	0x126e88	0x2256	Device independent bitmap graphic, 324 x 9 x 24, image size 8750, resolution 2834 x 2834 px/m	Chinese	China	0.0608646188850967
RT_BITMAP	0x1290e0	0x602a	Device independent bitmap graphic, 192 x 32 x 32, image size 24578, resolution 2834 x 2834 px/m	Chinese	China	0.2250385896498497
RT_BITMAP	0x12f10c	0x2028	Device independent bitmap graphic, 128 x 16 x 32, image size 0	Chinese	China	0.24708454810495628
RT_BITMAP	0x131134	0x13da	Device independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/m	Chinese	China	0.11570247933884298
RT_BITMAP	0x132510	0x13da	Device independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/m	Chinese	China	0.10999606454151908
RT_BITMAP	0x1338ec	0x13da	Device independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/m	Chinese	China	0.11511216056670602
RT_BITMAP	0x134cc8	0xeb2	Device independent bitmap graphic, 31 x 30 x 32, image size 3722, resolution 2834 x 2834 px/m	Chinese	China	0.13157894736842105
RT_BITMAP	0x135b7c	0x13da	Device independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/m	Chinese	China	0.11983471074380166
RT_BITMAP	0x136f58	0x13da	Device independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/m	Chinese	China	0.27371113734750097
RT_BITMAP	0x138334	0x13da	Device independent bitmap graphic, 35 x 36 x 32, image size 5042, resolution 2834 x 2834 px/m	Chinese	China	0.2699724517906336
RT_BITMAP	0x139710	0x13da	Device independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/m	Chinese	China	0.2426210153482881
RT_BITMAP	0x13aaec	0xeb2	Device independent bitmap graphic, 31 x 30 x 32, image size 3722, resolution 2834 x 2834 px/m	Chinese	China	0.3413078149920255
RT_BITMAP	0x13b9a0	0x13da	Device independent bitmap graphic, 36 x 35 x 32, image size 5042, resolution 2834 x 2834 px/m	Chinese	China	0.23868555686737505
RT_BITMAP	0x13cd7c	0x5a66	Device independent bitmap graphic, 77 x 75 x 32, image size 23102, resolution 2834 x 2834 px/m	Chinese	China	0.046365914786967416
RT_BITMAP	0x1427e4	0xb8	Device independent bitmap graphic, 12 x 10 x 4, image size 80	Chinese	China	0.44565217391304346
RT_BITMAP	0x14289c	0x144	Device independent bitmap graphic, 33 x 11 x 4, image size 220	Chinese	China	0.37962962962962965
RT_ICON	0x1429e0	0x66dd	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Chinese	China	1.0001898758212129
RT_ICON	0x1490c0	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	Chinese	China	0.14493375133088846
RT_ICON	0x1598e8	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	Chinese	China	0.18422850536052135
RT_ICON	0x162d90	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 21600	Chinese	China	0.22264325323475045
RT_ICON	0x168218	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	Chinese	China	0.2295701464336325
RT_ICON	0x16c440	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	Chinese	China	0.29823651452282157
RT_ICON	0x16e9e8	0x1a68	Device independent bitmap graphic, 40 x 80 x 32, image size 6720	Chinese	China	0.3341715976331361
RT_ICON	0x170450	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	Chinese	China	0.3578799249530957
RT_ICON	0x1714f8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	Chinese	China	0.4672131147540984
RT_ICON	0x171e80	0x6b8	Device independent bitmap graphic, 20 x 40 x 32, image size 1680	Chinese	China	0.4790697674418605
RT_ICON	0x172538	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	Chinese	China	0.5141843971631206
RT_ICON	0x1729a0	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	Chinese	China	0.33198924731182794
RT_ICON	0x172c88	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	Chinese	China	0.41216216216216217
RT_ICON	0x172db0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	Chinese	China	0.42905405405405406
RT_ICON	0x172ed8	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	Chinese	China	0.2661290322580645
RT_ICON	0x1731c0	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	Chinese	China	0.18010752688172044
RT_ICON	0x1734a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	Chinese	China	0.35135135135135137
RT_ICON	0x1735d0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Chinese	China	0.06092057761732852
RT_ICON	0x173e78	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Chinese	China	0.07658959537572255
RT_ICON	0x1743e0	0xca8	Device independent bitmap graphic, 32 x 64 x 24, image size 3072	Chinese	China	0.042901234567901236
RT_ICON	0x175088	0x368	Device independent bitmap graphic, 16 x 32 x 24, image size 768	Chinese	China	0.10550458715596331
RT_ICON	0x1753f0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Chinese	China	0.6400709219858156
RT_ICON	0x175858	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	Chinese	China	0.5
RT_MENU	0x175980	0x238	data	English	United States	0.4841549295774648
RT_DIALOG	0x175bb8	0x10a	data	English	United States	0.6466165413533834
RT_STRING	0x175cc4	0x84	data	English	United States	0.3939393939393939
RT_STRING	0x175d48	0x38	data	English	United States	0.5892857142857143
RT_STRING	0x175d80	0x296	data	English	United States	0.3323262839879154
RT_STRING	0x176018	0x260	data	English	United States	0.0805921052631579
RT_STRING	0x176278	0x328	data	English	United States	0.34405940594059403
RT_STRING	0x1765a0	0x70	data	English	United States	0.625
RT_STRING	0x176610	0x106	data	English	United States	0.5763358778625954
RT_STRING	0x176718	0xda	data	English	United States	0.43119266055045874
RT_STRING	0x1767f4	0x46	data	English	United States	0.7428571428571429
RT_STRING	0x17683c	0xc6	data	English	United States	0.41919191919191917
RT_STRING	0x176904	0x1f8	data	English	United States	0.36706349206349204
RT_STRING	0x176afc	0x86	data	English	United States	0.6567164179104478
RT_STRING	0x176b84	0x6e	data	English	United States	0.6181818181818182
RT_ACCELERATOR	0x176bf4	0x70	data	English	United States	0.6785714285714286
RT_GROUP_CURSOR	0x176c64	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.25
RT_GROUP_CURSOR	0x176c78	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.25
RT_GROUP_CURSOR	0x176c8c	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176ca0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176cb4	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176cc8	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176cdc	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176cf0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176d04	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176d18	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176d2c	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176d40	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176d54	0x22	Lotus unknown worksheet or configuration, revision 0x2	Chinese	China	1.0294117647058822
RT_GROUP_CURSOR	0x176d78	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176d8c	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176da0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176db4	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176dc8	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176ddc	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176df0	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176e04	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176e18	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176e2c	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176e40	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176e54	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176e68	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_CURSOR	0x176e7c	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.3
RT_GROUP_ICON	0x176e90	0xa0	data	Chinese	China	0.70625
RT_GROUP_ICON	0x176f30	0x22	data	Chinese	China	1.0588235294117647
RT_GROUP_ICON	0x176f54	0x22	data	Chinese	China	1.0588235294117647
RT_GROUP_ICON	0x176f78	0x5a	data	Chinese	China	0.7444444444444445
RT_GROUP_ICON	0x176fd4	0x22	data	Chinese	China	1.1176470588235294
RT_VERSION	0x176ff8	0x1dc	data	Chinese	China	0.5819327731092437
None	0x1771d4	0x1e	data	English	United States	1.2

Imports

DLL	Import
MFC42u.DLL
MSVCRT.dll	_adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _XcptFilter, _exit, _onexit, __setusermatherr, malloc, atoi, time, srand, localtime, rand, sprintf, __CxxFrameHandler, _initterm, __wgetmainargs, _wcmdln, __dllonexit, exit
KERNEL32.dll	FindClose, GetCurrentDirectoryW, Sleep, MultiByteToWideChar, GetProcAddress, LoadLibraryA, CloseHandle, OutputDebugStringW, WideCharToMultiByte, VirtualProtect, GetModuleHandleW, GetStartupInfoW, FindFirstFileW
USER32.dll	UpdateWindow, EnableWindow, SendMessageW
SHELL32.dll	SHGetFileInfoW
WS2_32.dll	htons, closesocket, WSACleanup, send
MSVCP60.dll	??0Init@ios_base@std@@QAE@XZ, ??0_Winit@std@@QAE@XZ, ??1_Winit@std@@QAE@XZ, ??1Init@ios_base@std@@QAE@XZ

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 09:00:12.527518988 CET	49704	14992	192.168.2.5	18.167.130.152
Nov 25, 2024 09:00:12.647339106 CET	14992	49704	18.167.130.152	192.168.2.5
Nov 25, 2024 09:00:12.647648096 CET	49704	14992	192.168.2.5	18.167.130.152
Nov 25, 2024 09:00:12.650119066 CET	49704	14992	192.168.2.5	18.167.130.152
Nov 25, 2024 09:00:12.769737005 CET	14992	49704	18.167.130.152	192.168.2.5
Nov 25, 2024 09:00:12.769815922 CET	49704	14992	192.168.2.5	18.167.130.152
Nov 25, 2024 09:00:12.889482021 CET	14992	49704	18.167.130.152	192.168.2.5
Nov 25, 2024 09:00:15.336591959 CET	14992	49704	18.167.130.152	192.168.2.5
Nov 25, 2024 09:00:15.340465069 CET	49704	14992	192.168.2.5	18.167.130.152
Nov 25, 2024 09:01:25.181309938 CET	49704	14992	192.168.2.5	18.167.130.152

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 09:00:12.307816029 CET	52794	53	192.168.2.5	1.1.1.1
Nov 25, 2024 09:00:12.522738934 CET	53	52794	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 25, 2024 09:00:12.307816029 CET	192.168.2.5	1.1.1.1	0x905b	Standard query (0)	www.shduih.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 25, 2024 09:00:12.522738934 CET	1.1.1.1	192.168.2.5	0x905b	No error (0)	www.shduih.com		18.167.130.152	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	03:00:11
Start date:	25/11/2024
Path:	C:\Users\user\Desktop\55876.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\55876.exe"
Imagebase:	0x400000
File size:	1'540'096 bytes
MD5 hash:	083F9411071A4FFA0450C05C210010B0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	03:00:14
Start date:	25/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 776
Imagebase:	0x30000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	03:00:15
Start date:	25/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 780
Imagebase:	0x30000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	29.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	12.5%
Total number of Nodes:	176
Total number of Limit Nodes:	4

Executed Functions

Function 00402540 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

recv.WS2_32(?,?,00001000,00000000), ref: 00402581

Strings

P&P, xrefs: 004025D6

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: recv
String ID: P&P
API String ID: 1507349165-994583922
Opcode ID: c27afb21aca219cc16c225041506a63a5e41b28a3096cee14d981c53c446784e
Instruction ID: 5fd2c77021cd2e6021e432320fdf10b9233deabb321caab2fba5b4fb7be872a9
Opcode Fuzzy Hash: c27afb21aca219cc16c225041506a63a5e41b28a3096cee14d981c53c446784e
Instruction Fuzzy Hash: 5B11E4316002046BD710DF58CD85B97B399EB54304F44467DBE05AB2C6EBF9E948C6A5

Function 00401F90 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 96
sleepnetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

time.MSVCRT(00000000,00000002,?,?,?,?,00000000,00402FBB,000000FF,00402D5A,00000000,?,0000000A), ref: 00401FB2
srand.MSVCRT ref: 00401FB5
#823.MFC42U(00138580,?,?,?,?,00000000,00402FBB,000000FF,00402D5A,00000000,?,0000000A), ref: 00401FC0
time.MSVCRT(00000000,?,?,?,?,?,?,?,?,00000000,00402FBB,000000FF,00402D5A,00000000,?,0000000A), ref: 00402009
_localtime32.MSVCRT(?,?,?,?,?,?,?,?,?,00000000,00402FBB,000000FF,00402D5A,00000000,?,0000000A), ref: 00402014
sprintf.MSVCRT ref: 0040202F
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000003), ref: 00402059
send.WS2_32(?,?,0000000A,00000000), ref: 0040207A
Sleep.KERNELBASE(00000064,?,?,?,?,?,?,?,?,00000000,00402FBB,000000FF,00402D5A,00000000,?,0000000A), ref: 00402092
Sleep.KERNELBASE(000000FF,?,?,?,?,?,?,?,?,00000000,00402FBB,000000FF,00402D5A,00000000,?,0000000A), ref: 004020A0
Sleep.KERNEL32(000186A0,?,?,?,?,?,?,?,?,00000000,00402FBB,000000FF,00402D5A,00000000,?,0000000A), ref: 004020A7

Part of subcall function 00402370: WSAStartup.WS2_32(00000202,7637F130), ref: 0040238F
Part of subcall function 00402370: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040239C

Strings

%02d:%02d:%02d, xrefs: 00402029
3, xrefs: 00402040
2, xrefs: 0040204F

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: Sleep$time$#823ByteCharCreateEventMultiStartupWide_localtime32sendsprintfsrand
String ID: %02d:%02d:%02d$2$3
API String ID: 4141335169-4082206247
Opcode ID: 123b46550aaf84d800d676ddfd425559c8e8a597243024216eefbf112ac47b38
Instruction ID: 7a0100d498870575c8dae6f36a1833599aa34bdddb015d6debb17d94cfd20dee
Opcode Fuzzy Hash: 123b46550aaf84d800d676ddfd425559c8e8a597243024216eefbf112ac47b38
Instruction Fuzzy Hash: FF31E871644341AFD310DF65CD89F4BBBE8AB84714F004A2EF556A72E0DBB8E604CB66

Function 00402490 Relevance: 12.1, APIs: 8, Instructions: 63
networksynchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

socket.WS2_32(00000002,00000001,00000006), ref: 0040249C
gethostbyname.WS2_32(?), ref: 004024BF
atoi.MSVCRT ref: 004024CF
htons.WS2_32(00000000), ref: 004024D9
connect.WS2_32(?,?,00000010), ref: 004024FA
ResetEvent.KERNEL32(?,?,0040247F,?,?), ref: 00402509
WaitForSingleObject.KERNEL32(?,000000FF,?,0040247F,?,?), ref: 00402515
CreateThread.KERNELBASE(00000000,00000000,00402540,00000000,00000000,00000000), ref: 0040252B

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: CreateEventObjectResetSingleThreadWaitatoiconnectgethostbynamehtonssocket
String ID:
API String ID: 1421169525-0
Opcode ID: ed48e54a49cf57ebaa01a5c0d29bab56866bf80c8e712d0f745e3eca5ebcdd51
Instruction ID: d24acfbc6ad30852b8aa5fa9e870324ccf7c6356f43403eee8c407e1b6457cd2
Opcode Fuzzy Hash: ed48e54a49cf57ebaa01a5c0d29bab56866bf80c8e712d0f745e3eca5ebcdd51
Instruction Fuzzy Hash: 39119031240600BFD3109F68EE49F17B7A8FF88725F504A29F25AE72D1D7B5A5108B69

Function 00402420 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WideCharToMultiByte.KERNEL32(00000000,00000000,www.shduih.com,000000FF,?,000000FF,00000000,00000000,7637F130,00000000), ref: 00402449
OutputDebugStringW.KERNELBASE(www.shduih.com), ref: 00402450
WideCharToMultiByte.KERNEL32(00000000,00000000,14992,000000FF,?,0000001E,00000000,00000000), ref: 0040246C

Part of subcall function 00402490: socket.WS2_32(00000002,00000001,00000006), ref: 0040249C

Strings

14992, xrefs: 00402463
www.shduih.com, xrefs: 0040243E, 0040244B

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: ByteCharMultiWide$DebugOutputStringsocket
String ID: 14992$www.shduih.com
API String ID: 1349443611-1779414277
Opcode ID: a1dfea6fff1e4e78098aa9b177e89ba785913d0c6979e26638ad436b4524ac98
Instruction ID: 9552a9bc2ece5554e3d294a477e61cd510912d25d0bc576375d62488801a2803
Opcode Fuzzy Hash: a1dfea6fff1e4e78098aa9b177e89ba785913d0c6979e26638ad436b4524ac98
Instruction Fuzzy Hash: C9F082317843157AF220DA44DC47FAB7668EBC9F25F240339B7247D0D4D9F4A5048B6A

Function 00402610 Relevance: 4.5, APIs: 3, Instructions: 41
memorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.MSVCRT ref: 0040261B
VirtualProtect.KERNELBASE(00000000,0009C2AC,00000040,?,?,?,?,004025F5), ref: 00402653
CreateThread.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000), ref: 00402663

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: CreateProtectThreadVirtualmalloc
String ID:
API String ID: 2647532177-0
Opcode ID: a248fab24ce0efee1325cbdb2690fa683c96a100ae4728fc233a1b803900854f
Instruction ID: 7d1f5cc43bb09d73cfbe8f26cfa16b66c9e80b8f1fd8487f6e21a1c56e048892
Opcode Fuzzy Hash: a248fab24ce0efee1325cbdb2690fa683c96a100ae4728fc233a1b803900854f
Instruction Fuzzy Hash: 77F090726412107BE2245789FD09F976B5CDB80B61F110039FA06E62D0C6B4696487EC

Function 00402370 Relevance: 3.0, APIs: 2, Instructions: 29
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00402270: LoadLibraryA.KERNEL32(KERNEL32.dll,7637F130,00000000,00000000,00402385,7637F130), ref: 0040227E
Part of subcall function 00402270: GetProcAddress.KERNEL32(00000000,CreateEventA), ref: 00402292
Part of subcall function 00402270: GetProcAddress.KERNEL32(00000000,ResetEvent), ref: 0040229F
Part of subcall function 00402270: GetProcAddress.KERNEL32(00000000,WaitForSingleObject), ref: 004022AC
Part of subcall function 00402270: GetProcAddress.KERNEL32(00000000,CreateThread), ref: 004022B9
Part of subcall function 00402270: GetProcAddress.KERNEL32(00000000,VirtualAlloc), ref: 004022C6
Part of subcall function 00402270: LoadLibraryA.KERNEL32(Ws2_32.dll), ref: 004022D2
Part of subcall function 00402270: GetProcAddress.KERNEL32(00000000,WSAStartup), ref: 004022E0
Part of subcall function 00402270: GetProcAddress.KERNEL32(00000000,WSACleanup), ref: 004022ED
Part of subcall function 00402270: GetProcAddress.KERNEL32(00000000,socket), ref: 004022FA
Part of subcall function 00402270: GetProcAddress.KERNEL32(00000000,closesocket), ref: 00402307
Part of subcall function 00402270: GetProcAddress.KERNEL32(00000000,connect), ref: 00402314
Part of subcall function 00402270: GetProcAddress.KERNEL32(00000000,recv), ref: 00402321
Part of subcall function 00402270: GetProcAddress.KERNEL32(00000000,gethostbyname), ref: 0040232E
Part of subcall function 00402270: LoadLibraryA.KERNEL32(msvcrt.dll), ref: 0040233A
Part of subcall function 00402270: GetProcAddress.KERNEL32(00000000,memcpy), ref: 00402346
Part of subcall function 00402270: LoadLibraryA.KERNEL32(USER32.dll), ref: 00402352
Part of subcall function 00402270: GetProcAddress.KERNEL32(00000000,send), ref: 0040235E

WSAStartup.WS2_32(00000202,7637F130), ref: 0040238F
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0040239C

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: AddressProc$LibraryLoad$CreateEventStartup
String ID:
API String ID: 2722756515-0
Opcode ID: c8d8fdaebaddfcead9851b8f6191b6f97b54638b181e7f12e2a0fc8bc05a7880
Instruction ID: b13b6f4dd69bd18c40a48a75d31625ec05e035c85435a56aedb3c36a2fede558
Opcode Fuzzy Hash: c8d8fdaebaddfcead9851b8f6191b6f97b54638b181e7f12e2a0fc8bc05a7880
Instruction Fuzzy Hash: 80F08231500700AFD3209F1ADC49993FAFCEFC9710F40462EA1A6D22E0E7B461098A51

Function 00402680 Relevance: 1.5, APIs: 1, Instructions: 13
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

send.WS2_32(?,?,00000033,00000000), ref: 00402690

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 790d644e6cb8e8d16665ca92de47c3fe4a42891b45fd060eb7b210b628c1773c
Instruction ID: e232bede4027f995a9571d6d7d0e0e59356003000a6dfa312210e5c1de9d7bd3
Opcode Fuzzy Hash: 790d644e6cb8e8d16665ca92de47c3fe4a42891b45fd060eb7b210b628c1773c
Instruction Fuzzy Hash: CED0127A305201ABD304CB68CC88F1BB7ECAB8C701F20C42CB18AEB290C630EC11CB20

Non-executed Functions

Function 00402270 Relevance: 63.1, APIs: 18, Strings: 18, Instructions: 83
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(KERNEL32.dll,7637F130,00000000,00000000,00402385,7637F130), ref: 0040227E
GetProcAddress.KERNEL32(00000000,CreateEventA), ref: 00402292
GetProcAddress.KERNEL32(00000000,ResetEvent), ref: 0040229F
GetProcAddress.KERNEL32(00000000,WaitForSingleObject), ref: 004022AC
GetProcAddress.KERNEL32(00000000,CreateThread), ref: 004022B9
GetProcAddress.KERNEL32(00000000,VirtualAlloc), ref: 004022C6
LoadLibraryA.KERNEL32(Ws2_32.dll), ref: 004022D2
GetProcAddress.KERNEL32(00000000,WSAStartup), ref: 004022E0
GetProcAddress.KERNEL32(00000000,WSACleanup), ref: 004022ED
GetProcAddress.KERNEL32(00000000,socket), ref: 004022FA
GetProcAddress.KERNEL32(00000000,closesocket), ref: 00402307
GetProcAddress.KERNEL32(00000000,connect), ref: 00402314
GetProcAddress.KERNEL32(00000000,recv), ref: 00402321
GetProcAddress.KERNEL32(00000000,gethostbyname), ref: 0040232E
LoadLibraryA.KERNEL32(msvcrt.dll), ref: 0040233A
GetProcAddress.KERNEL32(00000000,memcpy), ref: 00402346
LoadLibraryA.KERNEL32(USER32.dll), ref: 00402352
GetProcAddress.KERNEL32(00000000,send), ref: 0040235E

Strings

USER32.dll, xrefs: 0040234D
CreateThread, xrefs: 004022AE
closesocket, xrefs: 004022FC
VirtualAlloc, xrefs: 004022BB
memcpy, xrefs: 00402340
WaitForSingleObject, xrefs: 004022A1
send, xrefs: 00402358
msvcrt.dll, xrefs: 00402335
ResetEvent, xrefs: 00402294
socket, xrefs: 004022EF
KERNEL32.dll, xrefs: 00402279
CreateEventA, xrefs: 0040228C
Ws2_32.dll, xrefs: 004022CD
recv, xrefs: 00402316
WSAStartup, xrefs: 004022DA
connect, xrefs: 00402309
WSACleanup, xrefs: 004022E2
gethostbyname, xrefs: 00402323

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: CreateEventA$CreateThread$KERNEL32.dll$ResetEvent$USER32.dll$VirtualAlloc$WSACleanup$WSAStartup$WaitForSingleObject$Ws2_32.dll$closesocket$connect$gethostbyname$memcpy$msvcrt.dll$recv$send$socket
API String ID: 2238633743-3023441641
Opcode ID: 8b08b65bdc984c7642136232c0e709921d74bab3620a184f88f2a54d2b9d1f74
Instruction ID: 5f1be9461cd40064d88bc83e90e9790d01214a9ddd65421ebb6f9bcde042391c
Opcode Fuzzy Hash: 8b08b65bdc984c7642136232c0e709921d74bab3620a184f88f2a54d2b9d1f74
Instruction Fuzzy Hash: 3F21C170D41315B9C6106F7A6D4AE1BADEC9995B50322443BA40AF31E5DAFD94208E7C

Function 004017C0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 132
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#540.MFC42U(?,75A85540,?), ref: 004017EE
sprintf.MSVCRT ref: 00401837
#537.MFC42U(*.*,?,?), ref: 00401930
#940.MFC42U(?,*.*,?,?), ref: 00401946
#800.MFC42U(?,*.*,?,?), ref: 00401957
FindFirstFileW.KERNEL32(?,?,?,*.*,?,?), ref: 00401966
FindClose.KERNEL32(00000000), ref: 0040197B
#800.MFC42U ref: 0040198F

Strings

*.*, xrefs: 00401927
%s\, xrefs: 00401829

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: #800Find$#537#540#940CloseFileFirstsprintf
String ID: %s\$*.*
API String ID: 1650736285-3129651013
Opcode ID: 49c2998a22e2ee082340886ad40ed326f872d1cfc78b85406ab7a6c324fc9a62
Instruction ID: b1a4f5cb14d49ae8f093562936465c20874f322b57638e2644d429ded19258ae
Opcode Fuzzy Hash: 49c2998a22e2ee082340886ad40ed326f872d1cfc78b85406ab7a6c324fc9a62
Instruction Fuzzy Hash: 9D41B5722083409BD734EF24C955B9B77E9BBC4710F004A2DB95A632C1DF785909CB56

Function 004010B0 Relevance: 29.8, APIs: 14, Strings: 3, Instructions: 76
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#1131.MFC42U(00000000), ref: 004010CD
#2613.MFC42U ref: 004010D7
#6113.MFC42U(Local AppWizard-Generated Applications), ref: 004010E3
#4154.MFC42U(00000004,Local AppWizard-Generated Applications), ref: 004010EC
#823.MFC42U(0000006C,00000004,Local AppWizard-Generated Applications), ref: 004010F3
#520.MFC42U(00000080,pP@,00403A30,|P@), ref: 00401121
#986.MFC42U(00000000), ref: 00401135
#296.MFC42U(00000000), ref: 0040113E
#5208.MFC42U(?,00000000), ref: 00401152
#5297.MFC42U(?,?,00000000), ref: 0040115E
#617.MFC42U(?,?,00000000), ref: 00401173
#6211.MFC42U(00000005,?,?,00000000), ref: 0040118F
UpdateWindow.USER32(?), ref: 0040119B
#617.MFC42U ref: 004011AD

Strings

pP@, xrefs: 00401115
|P@, xrefs: 0040110B
Local AppWizard-Generated Applications, xrefs: 004010DC

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: #617$#1131#2613#296#4154#520#5208#5297#6113#6211#823#986UpdateWindow
String ID: Local AppWizard-Generated Applications$pP@$|P@
API String ID: 473129239-2881500660
Opcode ID: d9003ca57928250f1847fa1202e60c3b0b74075be8832c13149495d44bb05f9c
Instruction ID: b6e626a3890f74be5e47a8c589d0ea8810f038aa7991df0790492a93709d79cc
Opcode Fuzzy Hash: d9003ca57928250f1847fa1202e60c3b0b74075be8832c13149495d44bb05f9c
Instruction Fuzzy Hash: AD21E571244740ABD604EB34C95AB1F7BD4AB88B24F404A3FF496637D1DBBC99408B4A

Function 00401A30 Relevance: 27.1, APIs: 18, Instructions: 106
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageW.USER32(?,0000110A,00000003,?), ref: 00401A5B
#3298.MFC42U(75A85540,?,?,?,?,00402EF8,000000FF,00401927,?,?), ref: 00401A6B
#537.MFC42U(004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?,?), ref: 00401A81
#940.MFC42U(?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?,?), ref: 00401A94
#800.MFC42U(?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?,?), ref: 00401AA2
#940.MFC42U(?,?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?,?), ref: 00401AB0
#858.MFC42U(75A85540,?,?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?,?), ref: 00401ABC
#535.MFC42U(?,75A85540,?,?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?,?), ref: 00401AD8
#2756.MFC42U(004050B8,?,75A85540,?,?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?,?), ref: 00401AF0
#4124.MFC42U(?,-00000001,004050B8,?,75A85540,?,?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927), ref: 00401B04
#858.MFC42U(00000000,?,-00000001,004050B8,?,75A85540,?,?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF), ref: 00401B11
#800.MFC42U(00000000,?,-00000001,004050B8,?,75A85540,?,?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF), ref: 00401B1F
#2756.MFC42U(004050B4,004050B8,?,75A85540,?,?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?), ref: 00401B2D
#5706.MFC42U(?,?,004050B4,004050B8,?,75A85540,?,?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF), ref: 00401B43
#940.MFC42U(00000000,?,?,004050B4,004050B8,?,75A85540,?,?,004050B0,75A85540,?,?,?,?,00402EF8), ref: 00401B50
#800.MFC42U(00000000,?,?,004050B4,004050B8,?,75A85540,?,?,004050B0,75A85540,?,?,?,?,00402EF8), ref: 00401B5E
#800.MFC42U(004050B4,004050B8,?,75A85540,?,?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?), ref: 00401B6C
#800.MFC42U(004050B4,004050B8,?,75A85540,?,?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?), ref: 00401B7D

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: #800$#940$#2756#858$#3298#4124#535#537#5706MessageSend
String ID:
API String ID: 2410919838-0
Opcode ID: 9c2454b7a539c4fe66943d3ddfbac3e51456f344e20d68fc8b1ac4bae19bd9cd
Instruction ID: f966566bbc79ca11655516cb9a0db835f87b35332b10f143d545fc82abfc0c0c
Opcode Fuzzy Hash: 9c2454b7a539c4fe66943d3ddfbac3e51456f344e20d68fc8b1ac4bae19bd9cd
Instruction Fuzzy Hash: D94172312083419FC314EB65C959B5FB7D8AF98318F04492EB495631D2DFB89709CFA6

Function 00401C90 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 32
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#540.MFC42U(00401613,00000001,00000000), ref: 00401CAB
#2606.MFC42U(?,00401613,00000001,00000000), ref: 00401CC3
GetCurrentDirectoryW.KERNEL32(00000000,00000000,?,00401613,00000001,00000000), ref: 00401CCC
#823.MFC42U(00000001,?,00401613,00000001,00000000), ref: 00401CD4
#860.MFC42U(00000000), ref: 00401CE4
#825.MFC42U(00000000,00000000), ref: 00401CEA

Strings

|e@, xrefs: 00401CBE
|e@, xrefs: 00401C9E
|e@, xrefs: 00401CF2
|e@, xrefs: 00401CDE

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: #2606#540#823#825#860CurrentDirectory
String ID: |e@$|e@$|e@$|e@
API String ID: 2584274122-1829342140
Opcode ID: 00bac4256d891101c7e016a82e8d398b0589a83bebd0df05428fb404376b409f
Instruction ID: 71f915ede19d1216acf738d8f0ed6f07d85502a1f4c5f1d7a622e414751c1eb4
Opcode Fuzzy Hash: 00bac4256d891101c7e016a82e8d398b0589a83bebd0df05428fb404376b409f
Instruction Fuzzy Hash: 6BE0E581E442103AD50177213E56B961A154B6530DF01003BF907B73D7EEBE5A188A9E

Function 00402BFF Relevance: 16.6, APIs: 11, Instructions: 123
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__set_app_type.MSVCRT ref: 00402C2E
__p__fmode.MSVCRT ref: 00402C43
__p__commode.MSVCRT ref: 00402C51
__setusermatherr.MSVCRT ref: 00402C7D
_initterm.MSVCRT ref: 00402C93
__wgetmainargs.MSVCRT ref: 00402CB6
_initterm.MSVCRT ref: 00402CC6
GetStartupInfoW.KERNEL32(?), ref: 00402D28
GetModuleHandleW.KERNEL32(00000000,00000000,?,0000000A), ref: 00402D4E
exit.MSVCRT ref: 00402D5E
_XcptFilter.MSVCRT ref: 00402D70

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: _initterm$FilterHandleInfoModuleStartupXcpt__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargsexit
String ID:
API String ID: 3327129161-0
Opcode ID: 91fe26c8d51691c395d5240ccb3b54a9e845d4aa9decdcee604d7f06a788ffcf
Instruction ID: 5716744b2248b7b8de3230e7e078b7044521fbd15a848ea41660ad54657ca901
Opcode Fuzzy Hash: 91fe26c8d51691c395d5240ccb3b54a9e845d4aa9decdcee604d7f06a788ffcf
Instruction Fuzzy Hash: CC416F71900215AFDB249F95EE49A5ABBB8FF44715B20013BF811B72E1D7B84D40CB58

Function 004020D0 Relevance: 12.1, APIs: 8, Instructions: 71
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#4451.MFC42U(?), ref: 004020DB
#6617.MFC42U(?,00000800,50402834), ref: 0040211A
#4158.MFC42U(00000080,?,00000800,50402834), ref: 0040212A
#2109.MFC42U(?,50008200,0000E801,00000080,?,00000800,50402834), ref: 00402146
#5996.MFC42U(004050BC,00000004,?,50008200,0000E801,00000080,?,00000800,50402834), ref: 00402158
#2618.MFC42U(0000F000,004050BC,00000004,?,50008200,0000E801,00000080,?,00000800,50402834), ref: 00402168
#2619.MFC42U(0000F000,0000F000,004050BC,00000004,?,50008200,0000E801,00000080,?,00000800,50402834), ref: 00402174
#2486.MFC42U(?,00000000,00000000,0000F000,0000F000,004050BC,00000004,?,50008200,0000E801,00000080,?,00000800,50402834), ref: 00402180

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: #2109#2486#2618#2619#4158#4451#5996#6617
String ID:
API String ID: 1447769833-0
Opcode ID: f282a3eef98f741ff26d52f6f3b2542a660fcbb7410dc99addced637906f1b5d
Instruction ID: 923a43f78eba85695f5db94e316edd54d33700bea39736cf84f17d3c67233df0
Opcode Fuzzy Hash: f282a3eef98f741ff26d52f6f3b2542a660fcbb7410dc99addced637906f1b5d
Instruction Fuzzy Hash: D311823134020933EB146D364E9AB6F73999F80764F14863FBB15FA2C1DEF8A9054699

Function 004016F0 Relevance: 10.5, APIs: 7, Instructions: 43
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#1165.MFC42U(?,?,?,?,00402EA0,000000FF), ref: 0040170A
#1662.MFC42U(?,?,?,?,00402EA0,000000FF), ref: 00401712
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0040172C
#540.MFC42U(?,?,?,?,00402EA0,000000FF), ref: 00401738

Part of subcall function 00401A30: SendMessageW.USER32(?,0000110A,00000003,?), ref: 00401A5B
Part of subcall function 00401A30: #3298.MFC42U(75A85540,?,?,?,?,00402EF8,000000FF,00401927,?,?), ref: 00401A6B
Part of subcall function 00401A30: #537.MFC42U(004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?,?), ref: 00401A81
Part of subcall function 00401A30: #940.MFC42U(?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?,?), ref: 00401A94
Part of subcall function 00401A30: #800.MFC42U(?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?,?), ref: 00401AA2
Part of subcall function 00401A30: #940.MFC42U(?,?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?,?), ref: 00401AB0
Part of subcall function 00401A30: #858.MFC42U(75A85540,?,?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?,?), ref: 00401ABC
Part of subcall function 00401A30: #800.MFC42U(004050B4,004050B8,?,75A85540,?,?,004050B0,75A85540,?,?,?,?,00402EF8,000000FF,00401927,?), ref: 00401B7D

#800.MFC42U(?,00000000,?,?,?,?,00402EA0,000000FF), ref: 00401762
#1165.MFC42U(?,00000000,?,?,?,?,00402EA0,000000FF), ref: 0040176F
#2644.MFC42U(?,00000000,?,?,?,?,00402EA0,000000FF), ref: 00401777

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: #800$#1165#940MessageSend$#1662#2644#3298#537#540#858
String ID:
API String ID: 429101320-0
Opcode ID: 2f9ac408f4e22574f8602adf387b500923c45e305625aacf2971cdaf1724883f
Instruction ID: 22e70fffc861c0debac97db6d48ed3d37fb3423cf1fcf58addc7b7cd9eb18a14
Opcode Fuzzy Hash: 2f9ac408f4e22574f8602adf387b500923c45e305625aacf2971cdaf1724883f
Instruction Fuzzy Hash: DB018431204741AFC314EF15CA49F5BBBD4FBD5724F00462EB099672D1DBB89405CBA6

Function 004014B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

#303.MFC42U(SysTreeView32,50800000,?,00000000,00000000,00402E53,000000FF,00401447,?,?,?,?,000000FF), ref: 004014D7
#384.MFC42U(SysTreeView32,50800000,?,00000000,00000000,00402E53,000000FF,00401447,?,?,?,?,000000FF), ref: 004014ED
#540.MFC42U(SysTreeView32,50800000,?,00000000,00000000,00402E53,000000FF,00401447,?,?,?,?,000000FF), ref: 004014FA

Strings

SysTreeView32, xrefs: 004014CE

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: #303#384#540
String ID: SysTreeView32
API String ID: 2241018201-1698111956
Opcode ID: 8e03cd1359bae2bbf7d6bc121869e4d98d8afbe3b85821097f54e35ab7c60fe2
Instruction ID: c1afedeebbc29b26f9cb73374ec92461fa6f8aa2269995d24ff7e911f5376f37
Opcode Fuzzy Hash: 8e03cd1359bae2bbf7d6bc121869e4d98d8afbe3b85821097f54e35ab7c60fe2
Instruction Fuzzy Hash: 70F067B0254B909FD320DF08C905B1ABBE4EB40B24F508E2EB491237C0DBFC55088B9A

Function 00401540 Relevance: 6.0, APIs: 4, Instructions: 27COMMON

Download Yara Rule

APIs

#800.MFC42U(?,?,?,00402E7B,000000FF,00401528), ref: 0040156E
#686.MFC42U(?,?,?,00402E7B,000000FF,00401528), ref: 0040157B
#800.MFC42U(?,?,?,00402E7B,000000FF,00401528), ref: 0040158B
#813.MFC42U(?,?,?,00402E7B,000000FF,00401528), ref: 0040159A

Memory Dump Source

Source File: 00000000.00000002.2765141234.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2765127255.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765154750.0000000000403000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765167824.0000000000405000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765180471.0000000000406000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2765193337.0000000000529000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_55876.jbxd

Similarity

API ID: #800$#686#813
String ID:
API String ID: 387044527-0
Opcode ID: 044ba1146277bad4903fed684c5474036339b4bcfb4baf3b916c87417c8a496b
Instruction ID: 324f9b24235091aa95e9c041a9105ae9b5e83e2cab752e44bed7184677b7d976
Opcode Fuzzy Hash: 044ba1146277bad4903fed684c5474036339b4bcfb4baf3b916c87417c8a496b
Instruction Fuzzy Hash: AFF06D71114B918BC324DF08C505756BBE8FB48B24F404F1EB0A6536C1CBF85508CB92

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 55876.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_55876.exe_1d28606ee4dd33d687b1238c2fc915949b77486c_431570d7_0b3287b9-b17d-494b-8f9c-1ac368821c63\Report.wer

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_55876.exe_458c60b62e70e9612b38d86cdbe9bf45285e9550_431570d7_9297d733-114a-47e8-9564-bea5205a9a9d\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1049.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1069.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCFC.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD8.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE17.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERFDB.tmp.dmp

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
55876.exe

Function 00402540 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64
networkCOMMON

Function 00401F90 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 96
sleepnetworkCOMMON

Function 00402490 Relevance: 12.1, APIs: 8, Instructions: 63
networksynchronizationthreadCOMMON

Function 00402420 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37
COMMON

Function 00402610 Relevance: 4.5, APIs: 3, Instructions: 41
memorythreadCOMMON

Function 00402370 Relevance: 3.0, APIs: 2, Instructions: 29
networkCOMMON

Function 00402680 Relevance: 1.5, APIs: 1, Instructions: 13
networkCOMMON

Function 00402270 Relevance: 63.1, APIs: 18, Strings: 18, Instructions: 83
libraryloaderCOMMON

Function 004017C0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 132
fileCOMMON

Function 004010B0 Relevance: 29.8, APIs: 14, Strings: 3, Instructions: 76
COMMON

Function 00401A30 Relevance: 27.1, APIs: 18, Instructions: 106
windowCOMMON

Function 00401C90 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 32
COMMON

Function 00402BFF Relevance: 16.6, APIs: 11, Instructions: 123
COMMON

Function 004020D0 Relevance: 12.1, APIs: 8, Instructions: 71
COMMON

Function 004016F0 Relevance: 10.5, APIs: 7, Instructions: 43
windowCOMMON