Windows
Analysis Report
SetupSuite_21.8_win64_86_sm.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SetupSuite_21.8_win64_86_sm.exe (PID: 4444 cmdline:
"C:\Users\ user\Deskt op\SetupSu ite_21.8_w in64_86_sm .exe" MD5: DDDA012671F0CA2CA213060073B063E2) - cmd.exe (PID: 3092 cmdline:
C:\Windows \SysWOW64\ cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 5892 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - explorer.exe (PID: 1360 cmdline:
C:\Windows \SysWOW64\ explorer.e xe MD5: DD6597597673F72E10C9DE7901FBA0A8) - WerFault.exe (PID: 3504 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 1 360 -s 460 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Vidar | Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser. | No Attribution |
{"C2 url": ["https://steamcommunity.com/profiles/76561199658817715", "https://tufure.xyz"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security |
Source: | Author: Furkan CALISKAN, @caliskanfurkan_, @oscd_initiative: |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: |
Source: | File source: |
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_005BFCEE |
Source: | Code function: | 5_2_0C0A5890 | |
Source: | Code function: | 5_2_0C0914E0 | |
Source: | Code function: | 5_2_0C0A7900 | |
Source: | Code function: | 5_2_0C0A39E0 | |
Source: | Code function: | 5_2_0C0A3DF0 | |
Source: | Code function: | 5_2_0C0BA671 | |
Source: | Code function: | 5_2_0C08E6D0 | |
Source: | Code function: | 5_2_0C0B1378 | |
Source: | Code function: | 5_2_0C08ABB0 | |
Source: | Code function: | 5_2_0C0A9700 |
Source: | Dropped File: |
Source: | Process created: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 5_2_0C0ACA2E |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Module Loaded: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_005C03BE | |
Source: | Code function: | 5_2_0C0873E0 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | NtSetInformationThread: | Jump to behavior | ||
Source: | NtQuerySystemInformation: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 11 DLL Side-Loading | 311 Process Injection | 1 Masquerading | OS Credential Dumping | 121 Security Software Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Abuse Elevation Control Mechanism | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 11 DLL Side-Loading | 311 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Abuse Elevation Control Mechanism | NTDS | 11 System Information Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 11 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
54% | ReversingLabs | Win32.Trojan.Rugmi | ||
40% | Virustotal | Browse | ||
100% | Avira | TR/AVI.Agent.aiqbv |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1434176 |
Start date and time: | 2024-04-30 16:44:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 36s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SetupSuite_21.8_win64_86_sm.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@7/8@0/0 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.182.143.212
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target explorer.exe, PID 1360 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
16:45:20 | API Interceptor | |
16:45:33 | API Interceptor |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_explorer.exe_a1268644ceb8eaff376c614320123715bd5a50e2_8e15b34f_277283f0-3521-4c94-95e7-18f9e405a0ea\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.759957133239478 |
Encrypted: | false |
SSDEEP: | 96:6GFw58uccgIKW3sAZQCoI7JfdQXIDcQvc6QcEVcw3cE/OUeU3+HbHgS8BRTf3o8E:lQcsz3S0BU/wjmjzuiFSZ24IO8c |
MD5: | 1598F63DF53AF9DB3D84BE6AA172F1FA |
SHA1: | 8A91A4A230CA57FAB7CFC701C5E98BCE500B94E7 |
SHA-256: | 91FA280152AD9B10A2D3EBBBC58E4EE8BF6941348A80622CBD4DBF12C06192F1 |
SHA-512: | F47C8C03DFD5502196A369F0B2750BFC24C036058C415A745B73EFA04B9E62B2FBCCF1A3ED8AF64E2124333C087131527AAA7F1F41CAB149B3AD996BF5434B43 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39912 |
Entropy (8bit): | 1.9647422571328395 |
Encrypted: | false |
SSDEEP: | 96:5p8SE3cZsIzTamvQOm1svqo2NDtrleawsi79f8WI0iFe6YZ6RwRDlXK7DfxQgkVq:U6As5weabONumZFRuyXdTfGj1H |
MD5: | 9CD3033C12BB22CA4BA578B7353C80BD |
SHA1: | A206F37A78786548F3E918AE293956C4EC7F53AB |
SHA-256: | C70A619AD278B74B5CEECAEF1AFF71946F5D9776C3C674164897BCC32CA3D2C1 |
SHA-512: | 9A3713B8A4F6853D6D7AE7726B6800641538EFE568A9582BFFBA8311D9BB65D5E3E933851DBC21CF52C50388586EF16DADF920A3CFEF0D39F91A56EBB02B5CBE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8340 |
Entropy (8bit): | 3.693417330926189 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJGp6z+5d+e6YjB6AxxgmfqbCprB89b25sf2ym:R6lXJ46z+dX6Yl6Angmfqb52Sfq |
MD5: | E666E7F6184EC8252D1E63A3F4221B84 |
SHA1: | 5F64924FB7B551571E652F5D802D90D7F1B6846D |
SHA-256: | DDA7422E552DBE70CF5EFF11C2B1E7DCF24389104389B56FD6F4271DAF0B3A34 |
SHA-512: | 34EE3569208FEA39F90708E549DE78AE50DB41646D33CEE50443F08306E119732FCACD570BD578FB1E9DE149A2CD47E0D8C4F6B8DA7A3FA260F9088A7EE46C27 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4693 |
Entropy (8bit): | 4.490234156187545 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zseJg77aI9HsWpW8VYbEYm8M4JygF5+q8EJfTld:uIjfUI7dF7VEJ3/fTld |
MD5: | B5438EB69DCAE50F159EACDB44F1C58B |
SHA1: | 954EEA26F7011FCFA367ACEFDB429D33EAD6DE0E |
SHA-256: | A73B2C75C0B22F8D37CBDD7E7ACFB6F5700970CBECE032E3E1350D87F62091E2 |
SHA-512: | D02ED6A45EAF34D7E4876574F78DDD02B9F003D60C678CB85A20DE773E388747AC4D59E91CA2D64B7371FE2E121219012339F30B302A7D3182E40F25FC8FDEE8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SetupSuite_21.8_win64_86_sm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1002425 |
Entropy (8bit): | 7.99082126674057 |
Encrypted: | true |
SSDEEP: | 24576:Qh4aMFvjPAkyr8zVtrQzoRKk7GSuWKtXDqw0KUlMcHK4r:Q2ai9yAzooIgXpKtzqw0JMqr |
MD5: | 6BA5D9155494F82BC56726C2E73CD37D |
SHA1: | CFB016F19E57641284938FF4A98A08E2BF4E7A3F |
SHA-256: | 5AA5A88D04C7156F93ADE10893185887FEB5472D2DBCAE39D2EC229CF070B781 |
SHA-512: | 48D5AB6977919BD23F492D7D5AA86B5E07B6B0BBACB444880BAB869D8BC433C3BAAF5A9DEC443D0149B7E1A263E3950A8F8292372CD9F2E4474113D710125C5C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SetupSuite_21.8_win64_86_sm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 938549 |
Entropy (8bit): | 7.471604962065227 |
Encrypted: | false |
SSDEEP: | 12288:FrII/Qc66PzcQkvD2+VYk7HFODf9QQc0v9BoGq5vOjXlKedzB6mXMiKL:JHoc64zc8t8Fk2Qc0v9+rOjXkeFwniKL |
MD5: | 771A143F82A7AF391192AC1930EC34C7 |
SHA1: | 6B86D3CED78013C12529435668DA86AB98CCE089 |
SHA-256: | 7A9CE1BC4EDBF31894BF13AE963656A4280A5B083A4EFF090CFA9301070C98BE |
SHA-512: | 41A5B2A4BAC2EDDB2DC910AD3D9D68FEFE940D572CAE1FAB9AD90245174FF3B1AF8C9CA8DAC221A49C5B7789B052176EE35DDFFA93E815AEABAE2B07D4F67E86 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 215040 |
Entropy (8bit): | 6.31138663388361 |
Encrypted: | false |
SSDEEP: | 3072:Rv/o4s3raz5clrcWA7JwbxOi6m+T6T0zmujWYQRwUdFUNwt/mGrtItNVLhL:NUG54rmmdv6mjgWY3xKBmGxKNVLhL |
MD5: | 4F912C11F30282BFFFD973DACA2BAE93 |
SHA1: | EFC78575C3EE0D7B629ED4B2AEF206D9A346225B |
SHA-256: | 53E1DB0A09087822E1A40B253C83ACD921F0CDCDF47F12C822ABD649FA17F990 |
SHA-512: | F03E06E97A98B2BCEAA723F9EE8C75957CEE9F91063049F96197795120903465F728409D40CE8B0B5CC751C873FAA30413B9FD5C85F4E05460BDECE0D192774C |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Joe Sandbox View: | |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.422222645300101 |
Encrypted: | false |
SSDEEP: | 6144:sSvfpi6ceLP/9skLmb0OTyWSPHaJG8nAgeMZMMhA2fX4WABlEnNf0uhiTw:XvloTyW+EZMM6DFy503w |
MD5: | 4C87E57C1D6939DCE74BAEEEBF67D8CD |
SHA1: | 4F2928D572E59C9C5DBA261EAC9F1C59603173E9 |
SHA-256: | DF8646F17EB296FD6ABE443B2110CBA1E9CA5B599C6EDF56AB2EF21FA54A4450 |
SHA-512: | 5BE142B30C71E8B9D2D8050CD65AB4306C599AB693E2680CEA88408709F6FCAE1F1BCD1D75AEE5575095FF80D04654233760DEE5166966FCC122A8727EE90F0C |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.538850993530861 |
TrID: |
|
File name: | SetupSuite_21.8_win64_86_sm.exe |
File size: | 18'984'288 bytes |
MD5: | ddda012671f0ca2ca213060073b063e2 |
SHA1: | 462783a60146a405f20bba176c4d5f95bf5f785c |
SHA256: | 61b02846fae730a5b900745cf6fb113993254268609542a5a00404fe9ca985f2 |
SHA512: | 8d511c809089792ec3d788e04258fe1d3ea91bf128ab4b3688876e62b626b7d11ee305035b480612933c09944b27a842b12cffeb109121c6583794024ab3c867 |
SSDEEP: | 393216:mzJGidgsS3yMvyB4JfQO/DEkf8xzw734BtnSCmlmD:8Ay6xQOgmwnMmD |
TLSH: | A317D003B2B1AC3BC467C6354877965458FBBA20F61D8D9B67F4085C1E37A802D2A79F |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 7b637b752b5ef409 |
Entrypoint: | 0xada1f4 |
Entrypoint Section: | .itext |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x65F14DE3 [Wed Mar 13 06:55:31 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | c16f0c9ac850a0a49a4206f6236aff99 |
Signature Valid: | false |
Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | B741657ECF1E500B057E194DA25032DE |
Thumbprint SHA-1: | 39B818FD58E5287EAB2F9371F7E6A6B8B1A0E8D8 |
Thumbprint SHA-256: | 6765B33CA1432A0213D0F4C034F90727164027D66ADE158FF9CE54CF2D204D72 |
Serial: | 0E3DC5B96BDFEEEFE8699E06161DE3BC |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
push ebx |
mov eax, 00ABE19Ch |
call 00007F8754EB1FD0h |
mov ebx, dword ptr [00B2AE68h] |
mov eax, dword ptr [ebx] |
call 00007F875511FE27h |
mov cl, 01h |
mov edx, 00ADA2D0h |
mov eax, dword ptr [006250B8h] |
call 00007F87550DE8A2h |
mov eax, dword ptr [ebx] |
mov edx, 00ADA30Ch |
call 00007F875511F842h |
mov eax, dword ptr [ebx] |
add eax, 64h |
mov edx, 00ADA330h |
call 00007F8754EAA3C3h |
mov eax, dword ptr [ebx] |
mov byte ptr [eax+6Fh], 00000000h |
mov ecx, dword ptr [00B2AA0Ch] |
mov eax, dword ptr [ebx] |
mov edx, dword ptr [00A57F14h] |
call 00007F875511FDFAh |
mov ecx, dword ptr [00B2ADD8h] |
mov eax, dword ptr [ebx] |
mov edx, dword ptr [007CC59Ch] |
call 00007F875511FDE7h |
mov ecx, dword ptr [00B2AA00h] |
mov eax, dword ptr [ebx] |
mov edx, dword ptr [007CBAE8h] |
call 00007F875511FDD4h |
mov ecx, dword ptr [00B2A3CCh] |
mov eax, dword ptr [ebx] |
mov edx, dword ptr [00A4A3C4h] |
call 00007F875511FDC1h |
mov ecx, dword ptr [00B2A1F4h] |
mov eax, dword ptr [ebx] |
mov edx, dword ptr [007CB430h] |
call 00007F875511FDAEh |
mov ecx, dword ptr [00B2A3BCh] |
mov eax, dword ptr [ebx] |
mov edx, dword ptr [007C631Ch] |
call 00007F875511FD9Bh |
mov eax, dword ptr [ebx] |
call 00007F875611FEF4h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x750000 | 0x74 | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x748000 | 0x5b18 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x7da000 | 0xa5e601 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x12185b0 | 0x27b0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x753000 | 0x86544 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x752000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x748ee4 | 0xd54 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x74e000 | 0x13b4 | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6d2a64 | 0x6d2c00 | 3244d6e653375ca90fab9aab7d285e05 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0x6d4000 | 0x635c | 0x6400 | ae481781764350753d51686ec24e8412 | False | 0.4136328125 | data | 5.957853337623397 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x6db000 | 0x5069c | 0x50800 | a1bf6900798039207d8a75b2484963fb | False | 0.23554262907608695 | data | 5.700442632020433 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x72c000 | 0x1ba50 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x748000 | 0x5b18 | 0x5c00 | c10409bc564195e9935eded21055c4ae | False | 0.30549422554347827 | data | 5.199083497017295 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.didata | 0x74e000 | 0x13b4 | 0x1400 | ef288092880d92365fdad1c13a8486dc | False | 0.3396484375 | data | 4.406790372437478 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x750000 | 0x74 | 0x200 | fd327e5564070a3cea17903fc48066ba | False | 0.185546875 | data | 1.2990439372390314 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0x751000 | 0x54 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x752000 | 0x5d | 0x200 | 03932be85d674c28179956cd28c6d35e | False | 0.189453125 | data | 1.3795024805431133 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x753000 | 0x8652c | 0x86600 | a3c30792cb57bc9238c6223a79826968 | False | 0.5416551598837209 | data | 6.708978847755439 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0x7da000 | 0xa5e601 | 0xa5e800 | 239702a52dd1311a17f2d3abd883f341 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
UFR | 0x7dffd8 | 0xf4bb9 | PNG image data, 2128 x 867, 8-bit/color RGB, non-interlaced | English | United States | 0.9937890615257999 |
VCLSTYLE | 0x8d4b94 | 0x1ec5d | data | English | United States | 0.8907771034154469 |
RT_CURSOR | 0x8f37f4 | 0x134 | data | English | United States | 0.43506493506493504 |
RT_CURSOR | 0x8f3928 | 0x134 | data | English | United States | 0.4642857142857143 |
RT_CURSOR | 0x8f3a5c | 0x134 | data | English | United States | 0.4805194805194805 |
RT_CURSOR | 0x8f3b90 | 0x134 | data | English | United States | 0.38311688311688313 |
RT_CURSOR | 0x8f3cc4 | 0x134 | data | English | United States | 0.36038961038961037 |
RT_CURSOR | 0x8f3df8 | 0x134 | data | English | United States | 0.4090909090909091 |
RT_CURSOR | 0x8f3f2c | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
RT_CURSOR | 0x8f4060 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19385026737967914 |
RT_CURSOR | 0x8f434c | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.18716577540106952 |
RT_CURSOR | 0x8f4638 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.2179144385026738 |
RT_CURSOR | 0x8f4924 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.21122994652406418 |
RT_CURSOR | 0x8f4c10 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967064, 3584 elements, 2nd "\377\270w\377\377\370\177\377\377\370\177\377\377\370\177\377\377\370\177\377\377\370\177\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | German | Germany | 0.32792207792207795 |
RT_CURSOR | 0x8f4d44 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | 0.3538961038961039 | ||
RT_CURSOR | 0x8f4e78 | 0x134 | Targa image data - Map - RLE 64 x 65536 x 1 +32 "\001" | 0.3344155844155844 | ||
RT_CURSOR | 0x8f4fac | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | German | Germany | 0.5292207792207793 |
RT_CURSOR | 0x8f50e0 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.18983957219251338 |
RT_CURSOR | 0x8f53cc | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19117647058823528 |
RT_CURSOR | 0x8f56b8 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19786096256684493 |
RT_CURSOR | 0x8f59a4 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.18983957219251338 |
RT_CURSOR | 0x8f5c90 | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19518716577540107 |
RT_CURSOR | 0x8f5f7c | 0x2ec | Targa image data 64 x 65536 x 1 +32 "\004" | German | Germany | 0.19518716577540107 |
RT_CURSOR | 0x8f6268 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_BITMAP | 0x8f639c | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.5208333333333334 |
RT_BITMAP | 0x8f645c | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.42857142857142855 |
RT_BITMAP | 0x8f653c | 0x54 | Device independent bitmap graphic, 9 x 9 x 1, image size 36, 2 important colors | 0.42857142857142855 | ||
RT_BITMAP | 0x8f6590 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.3877551020408163 | ||
RT_BITMAP | 0x8f6718 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.4955357142857143 |
RT_BITMAP | 0x8f67f8 | 0x50 | Device independent bitmap graphic, 8 x 8 x 1, image size 32, 2 important colors | 0.475 | ||
RT_BITMAP | 0x8f6848 | 0x50 | Device independent bitmap graphic, 8 x 8 x 1, image size 32, 2 important colors | 0.5625 | ||
RT_BITMAP | 0x8f6898 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.2729591836734694 | ||
RT_BITMAP | 0x8f6a20 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.38392857142857145 |
RT_BITMAP | 0x8f6b00 | 0x54 | Device independent bitmap graphic, 9 x 9 x 1, image size 36 | 0.4523809523809524 | ||
RT_BITMAP | 0x8f6b54 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.4947916666666667 |
RT_BITMAP | 0x8f6c14 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.484375 |
RT_BITMAP | 0x8f6cd4 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.42410714285714285 |
RT_BITMAP | 0x8f6db4 | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.5104166666666666 |
RT_BITMAP | 0x8f6e74 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.5 |
RT_BITMAP | 0x8f6f54 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | English | United States | 0.4870689655172414 |
RT_BITMAP | 0x8f703c | 0xc0 | Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors | English | United States | 0.4895833333333333 |
RT_BITMAP | 0x8f70fc | 0x528 | Device independent bitmap graphic, 16 x 16 x 8, image size 256 | Dutch | Belgium | 0.4090909090909091 |
RT_BITMAP | 0x8f7624 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768 | Dutch | Belgium | 0.6918316831683168 |
RT_BITMAP | 0x8f794c | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768 | Dutch | Belgium | 0.6089108910891089 |
RT_BITMAP | 0x8f7c74 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | Dutch | Belgium | 0.4051724137931034 |
RT_BITMAP | 0x8f7d5c | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | Dutch | Belgium | 0.46120689655172414 |
RT_BITMAP | 0x8f7e44 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | Dutch | Belgium | 0.5775862068965517 |
RT_BITMAP | 0x8f7f2c | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | Dutch | Belgium | 0.5043103448275862 |
RT_BITMAP | 0x8f8014 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768 | Dutch | Belgium | 0.8254950495049505 |
RT_BITMAP | 0x8f833c | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | Dutch | Belgium | 0.5775862068965517 |
RT_BITMAP | 0x8f8424 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | Dutch | Belgium | 0.49137931034482757 |
RT_BITMAP | 0x8f850c | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768 | Dutch | Belgium | 0.6695544554455446 |
RT_BITMAP | 0x8f8834 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 768 | Dutch | Belgium | 0.676980198019802 |
RT_BITMAP | 0x8f8b5c | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | Dutch | Belgium | 0.5689655172413793 |
RT_BITMAP | 0x8f8c44 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.4413265306122449 | ||
RT_BITMAP | 0x8f8dcc | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.45918367346938777 | ||
RT_BITMAP | 0x8f8f54 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.45153061224489793 | ||
RT_BITMAP | 0x8f90dc | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.40561224489795916 | ||
RT_BITMAP | 0x8f9264 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.46683673469387754 | ||
RT_BITMAP | 0x8f93ec | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.4387755102040816 | ||
RT_BITMAP | 0x8f9574 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.45153061224489793 | ||
RT_BITMAP | 0x8f96fc | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.27040816326530615 | ||
RT_BITMAP | 0x8f9884 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.32142857142857145 | ||
RT_BITMAP | 0x8f9a0c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.28061224489795916 | ||
RT_BITMAP | 0x8f9b94 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.2857142857142857 | ||
RT_BITMAP | 0x8f9d1c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.35714285714285715 | ||
RT_BITMAP | 0x8f9ea4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.3469387755102041 | ||
RT_BITMAP | 0x8fa02c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, resolution 3780 x 3780 px/m | 0.37755102040816324 | ||
RT_BITMAP | 0x8fa1b4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.3673469387755102 | ||
RT_BITMAP | 0x8fa33c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.45918367346938777 | ||
RT_BITMAP | 0x8fa4c4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.31887755102040816 | ||
RT_BITMAP | 0x8fa64c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, resolution 3780 x 3780 px/m | 0.5306122448979592 | ||
RT_BITMAP | 0x8fa7d4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.3877551020408163 | ||
RT_BITMAP | 0x8fa95c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.3392857142857143 | ||
RT_BITMAP | 0x8faae4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.33418367346938777 | ||
RT_BITMAP | 0x8fac6c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.4005102040816326 | ||
RT_BITMAP | 0x8fadf4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.34438775510204084 | ||
RT_BITMAP | 0x8faf7c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.3903061224489796 | ||
RT_BITMAP | 0x8fb104 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.35459183673469385 | ||
RT_BITMAP | 0x8fb28c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.39540816326530615 | ||
RT_BITMAP | 0x8fb414 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.3647959183673469 | ||
RT_BITMAP | 0x8fb59c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.4107142857142857 | ||
RT_BITMAP | 0x8fb724 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.33163265306122447 | ||
RT_BITMAP | 0x8fb8ac | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.46683673469387754 | ||
RT_BITMAP | 0x8fba34 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.43112244897959184 | ||
RT_BITMAP | 0x8fbbbc | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.25510204081632654 | ||
RT_BITMAP | 0x8fbd44 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.2653061224489796 | ||
RT_BITMAP | 0x8fbecc | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.33418367346938777 | ||
RT_BITMAP | 0x8fc054 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.37244897959183676 | ||
RT_BITMAP | 0x8fc1dc | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.44387755102040816 | ||
RT_BITMAP | 0x8fc364 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.3239795918367347 | ||
RT_BITMAP | 0x8fc4ec | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.29336734693877553 | ||
RT_BITMAP | 0x8fc674 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.3877551020408163 | ||
RT_BITMAP | 0x8fc7fc | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.35714285714285715 | ||
RT_BITMAP | 0x8fc984 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.37755102040816324 | ||
RT_BITMAP | 0x8fcb0c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.31887755102040816 | ||
RT_BITMAP | 0x8fcc94 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.3137755102040816 | ||
RT_BITMAP | 0x8fce1c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.6377551020408163 | ||
RT_BITMAP | 0x8fcfa4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.22704081632653061 | ||
RT_BITMAP | 0x8fd12c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.2755102040816326 | ||
RT_BITMAP | 0x8fd2b4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.3852040816326531 | ||
RT_BITMAP | 0x8fd43c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.28316326530612246 | ||
RT_BITMAP | 0x8fd5c4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.4005102040816326 | ||
RT_BITMAP | 0x8fd74c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.44387755102040816 | ||
RT_BITMAP | 0x8fd8d4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.25255102040816324 | ||
RT_BITMAP | 0x8fda5c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.3112244897959184 | ||
RT_BITMAP | 0x8fdbe4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.38010204081632654 | ||
RT_BITMAP | 0x8fdd6c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.4744897959183674 | ||
RT_BITMAP | 0x8fdef4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.22193877551020408 | ||
RT_BITMAP | 0x8fe07c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.3520408163265306 | ||
RT_BITMAP | 0x8fe204 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.45663265306122447 | ||
RT_BITMAP | 0x8fe38c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.44642857142857145 | ||
RT_BITMAP | 0x8fe514 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.23469387755102042 | ||
RT_BITMAP | 0x8fe69c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.3137755102040816 | ||
RT_BITMAP | 0x8fe824 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.29591836734693877 | ||
RT_BITMAP | 0x8fe9ac | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.4489795918367347 | ||
RT_BITMAP | 0x8feb34 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.29336734693877553 | ||
RT_BITMAP | 0x8fecbc | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.4387755102040816 | ||
RT_BITMAP | 0x8fee44 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.44387755102040816 | ||
RT_BITMAP | 0x8fefcc | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.2780612244897959 | ||
RT_BITMAP | 0x8ff154 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.34183673469387754 | ||
RT_BITMAP | 0x8ff2dc | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.35714285714285715 | ||
RT_BITMAP | 0x8ff464 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.375 | ||
RT_BITMAP | 0x8ff5ec | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.42857142857142855 | ||
RT_BITMAP | 0x8ff774 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.44642857142857145 | ||
RT_BITMAP | 0x8ff8fc | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.40561224489795916 | ||
RT_BITMAP | 0x8ffa84 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.39285714285714285 | ||
RT_BITMAP | 0x8ffc0c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.25255102040816324 | ||
RT_BITMAP | 0x8ffd94 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | 0.3926829268292683 | ||
RT_BITMAP | 0x9003fc | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.3520408163265306 | ||
RT_BITMAP | 0x900584 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.3163265306122449 | ||
RT_BITMAP | 0x90070c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.32653061224489793 | ||
RT_BITMAP | 0x900894 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.3112244897959184 | ||
RT_BITMAP | 0x900a1c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.34438775510204084 | ||
RT_BITMAP | 0x900ba4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.3903061224489796 | ||
RT_BITMAP | 0x900d2c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.28061224489795916 | ||
RT_BITMAP | 0x900eb4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colors | 0.3239795918367347 | ||
RT_BITMAP | 0x90103c | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | 0.38597560975609757 | ||
RT_BITMAP | 0x9016a4 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.2729591836734694 | ||
RT_BITMAP | 0x90182c | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288 | 0.3086734693877551 | ||
RT_BITMAP | 0x9019b4 | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | 0.39878048780487807 | ||
RT_BITMAP | 0x90201c | 0x668 | Device independent bitmap graphic, 24 x 24 x 8, image size 576 | 0.3524390243902439 | ||
RT_BITMAP | 0x902684 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors | English | United States | 0.3794642857142857 |
RT_BITMAP | 0x902764 | 0x50 | Device independent bitmap graphic, 8 x 8 x 1, image size 32, 2 important colors | 0.5375 | ||
RT_BITMAP | 0x9027b4 | 0x268 | Device independent bitmap graphic, 32 x 32 x 4, image size 512 | 0.22077922077922077 | ||
RT_BITMAP | 0x902a1c | 0x268 | Device independent bitmap graphic, 32 x 32 x 4, image size 512 | 0.17857142857142858 | ||
RT_BITMAP | 0x902c84 | 0x268 | Device independent bitmap graphic, 32 x 32 x 4, image size 512 | 0.1737012987012987 | ||
RT_BITMAP | 0x902eec | 0x124 | Device independent bitmap graphic, 9 x 9 x 24, image size 252, resolution 2834 x 2834 px/m | 0.5924657534246576 | ||
RT_BITMAP | 0x903010 | 0x124 | Device independent bitmap graphic, 9 x 9 x 24, image size 252, resolution 2834 x 2834 px/m | 0.5993150684931506 | ||
RT_ICON | 0x903134 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.7473404255319149 |
RT_ICON | 0x90359c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.6142120075046904 |
RT_ICON | 0x904644 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.4853734439834025 |
RT_ICON | 0x906bec | 0xb0 | Device independent bitmap graphic, 16 x 32 x 1, image size 128 | 0.4318181818181818 | ||
RT_ICON | 0x906c9c | 0xb0 | Device independent bitmap graphic, 16 x 32 x 1, image size 128 | 0.39204545454545453 | ||
RT_ICON | 0x906d4c | 0xb0 | Device independent bitmap graphic, 16 x 32 x 1, image size 128 | 0.3352272727272727 | ||
RT_ICON | 0x906dfc | 0xb0 | Device independent bitmap graphic, 16 x 32 x 1, image size 128 | 0.4318181818181818 | ||
RT_ICON | 0x906eac | 0xb0 | Device independent bitmap graphic, 16 x 32 x 1, image size 128 | 0.39204545454545453 | ||
RT_ICON | 0x906f5c | 0xb0 | Device independent bitmap graphic, 16 x 32 x 1, image size 128 | 0.3352272727272727 | ||
RT_DIALOG | 0x90700c | 0x52 | data | 0.7682926829268293 | ||
RT_DIALOG | 0x907060 | 0x52 | data | 0.7560975609756098 | ||
RT_STRING | 0x9070b4 | 0x38c | data | 0.42731277533039647 | ||
RT_STRING | 0x907440 | 0x32c | data | 0.43349753694581283 | ||
RT_STRING | 0x90776c | 0x3b8 | data | 0.38130252100840334 | ||
RT_STRING | 0x907b24 | 0x508 | data | 0.34860248447204967 | ||
RT_STRING | 0x90802c | 0xae4 | data | 0.2654232424677188 | ||
RT_STRING | 0x908b10 | 0x874 | data | 0.300369685767098 | ||
RT_STRING | 0x909384 | 0x3e0 | data | 0.42943548387096775 | ||
RT_STRING | 0x909764 | 0x2a4 | data | 0.4349112426035503 | ||
RT_STRING | 0x909a08 | 0x404 | data | 0.3638132295719844 | ||
RT_STRING | 0x909e0c | 0x564 | data | 0.26304347826086955 | ||
RT_STRING | 0x90a370 | 0x24c | AmigaOS bitmap font "P", fc_YSize 26112, 18944 elements, 2nd "e", 3rd "o" | 0.46258503401360546 | ||
RT_STRING | 0x90a5bc | 0x874 | data | 0.3183918669131238 | ||
RT_STRING | 0x90ae30 | 0x380 | data | 0.38950892857142855 | ||
RT_STRING | 0x90b1b0 | 0x480 | data | 0.4105902777777778 | ||
RT_STRING | 0x90b630 | 0x400 | data | 0.3955078125 | ||
RT_STRING | 0x90ba30 | 0x408 | data | 0.36627906976744184 | ||
RT_STRING | 0x90be38 | 0xf70 | data | 0.30035425101214575 | ||
RT_STRING | 0x90cda8 | 0x680 | data | 0.3425480769230769 | ||
RT_STRING | 0x90d428 | 0x530 | data | 0.37801204819277107 | ||
RT_STRING | 0x90d958 | 0x548 | data | 0.36020710059171596 | ||
RT_STRING | 0x90dea0 | 0x3ec | data | 0.3695219123505976 | ||
RT_STRING | 0x90e28c | 0x438 | data | 0.34074074074074073 | ||
RT_STRING | 0x90e6c4 | 0x358 | data | 0.3983644859813084 | ||
RT_STRING | 0x90ea1c | 0x220 | data | 0.5367647058823529 | ||
RT_STRING | 0x90ec3c | 0x448 | data | 0.4114963503649635 | ||
RT_STRING | 0x90f084 | 0x160 | data | 0.5823863636363636 | ||
RT_STRING | 0x90f1e4 | 0xcc | data | 0.6666666666666666 | ||
RT_STRING | 0x90f2b0 | 0x284 | data | 0.4409937888198758 | ||
RT_STRING | 0x90f534 | 0x144 | data | 0.595679012345679 | ||
RT_STRING | 0x90f678 | 0x45c | data | 0.39157706093189965 | ||
RT_STRING | 0x90fad4 | 0x3f0 | data | 0.3819444444444444 | ||
RT_STRING | 0x90fec4 | 0x3b4 | data | 0.3860759493670886 | ||
RT_STRING | 0x910278 | 0x588 | data | 0.3149717514124294 | ||
RT_STRING | 0x910800 | 0x218 | data | 0.2294776119402985 | ||
RT_STRING | 0x910a18 | 0x43c | data | 0.42066420664206644 | ||
RT_STRING | 0x910e54 | 0x430 | data | 0.36847014925373134 | ||
RT_STRING | 0x911284 | 0x694 | data | 0.33966745843230406 | ||
RT_STRING | 0x911918 | 0x48c | data | 0.3230240549828179 | ||
RT_STRING | 0x911da4 | 0x300 | data | 0.40625 | ||
RT_STRING | 0x9120a4 | 0x348 | data | 0.3607142857142857 | ||
RT_STRING | 0x9123ec | 0x3e8 | data | 0.388 | ||
RT_STRING | 0x9127d4 | 0x358 | data | 0.3808411214953271 | ||
RT_STRING | 0x912b2c | 0xd4 | data | 0.5283018867924528 | ||
RT_STRING | 0x912c00 | 0xa4 | data | 0.6524390243902439 | ||
RT_STRING | 0x912ca4 | 0x2dc | data | 0.46311475409836067 | ||
RT_STRING | 0x912f80 | 0x458 | data | 0.29856115107913667 | ||
RT_STRING | 0x9133d8 | 0x31c | data | 0.42462311557788945 | ||
RT_STRING | 0x9136f4 | 0x2e8 | data | 0.3736559139784946 | ||
RT_STRING | 0x9139dc | 0x334 | data | 0.3146341463414634 | ||
RT_RCDATA | 0x913d10 | 0xe4 | PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 0.9868421052631579 |
RT_RCDATA | 0x913df4 | 0x181 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 1.0207792207792208 |
RT_RCDATA | 0x913f78 | 0x3f3 | SVG Scalable Vector Graphics image | Dutch | Belgium | 0.4540059347181009 |
RT_RCDATA | 0x91436c | 0xc5 | PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 1.0050761421319796 |
RT_RCDATA | 0x914434 | 0x104 | PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 0.9846153846153847 |
RT_RCDATA | 0x914538 | 0x1b0 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 0.8796296296296297 |
RT_RCDATA | 0x9146e8 | 0x114 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 1.0 |
RT_RCDATA | 0x9147fc | 0x359 | SVG Scalable Vector Graphics image | Dutch | Belgium | 0.5005834305717619 |
RT_RCDATA | 0x914b58 | 0xa7 | PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 0.9820359281437125 |
RT_RCDATA | 0x914c00 | 0xba | PNG image data, 7 x 7, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 0.989247311827957 |
RT_RCDATA | 0x914cbc | 0xcb | PNG image data, 11 x 9, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 0.9901477832512315 |
RT_RCDATA | 0x914d88 | 0xb7 | PNG image data, 11 x 9, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 0.9890710382513661 |
RT_RCDATA | 0x914e40 | 0x359 | SVG Scalable Vector Graphics image | Dutch | Belgium | 0.5005834305717619 |
RT_RCDATA | 0x91519c | 0xa8 | PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 0.9821428571428571 |
RT_RCDATA | 0x915244 | 0x112 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 1.0 |
RT_RCDATA | 0x915358 | 0x36c | SVG Scalable Vector Graphics image | Dutch | Belgium | 0.5136986301369864 |
RT_RCDATA | 0x9156c4 | 0x1ba | PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 1.0158371040723981 |
RT_RCDATA | 0x915880 | 0x18d | PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 1.0151133501259446 |
RT_RCDATA | 0x915a10 | 0x337 | PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 1.0133657351154313 |
RT_RCDATA | 0x915d48 | 0x384 | PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 1.0122222222222221 |
RT_RCDATA | 0x9160cc | 0xb1 | PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 0.9943502824858758 |
RT_RCDATA | 0x916180 | 0xd9 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 1.0 |
RT_RCDATA | 0x91625c | 0x385 | SVG Scalable Vector Graphics image | Dutch | Belgium | 0.5094339622641509 |
RT_RCDATA | 0x9165e4 | 0xa4 | PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 0.9878048780487805 |
RT_RCDATA | 0x916688 | 0x102 | PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 0.9961240310077519 |
RT_RCDATA | 0x91678c | 0x192 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 0.8980099502487562 |
RT_RCDATA | 0x916920 | 0x116 | PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced | Dutch | Belgium | 0.9892086330935251 |
RT_RCDATA | 0x916a38 | 0x380 | SVG Scalable Vector Graphics image | Dutch | Belgium | 0.5301339285714286 |
RT_RCDATA | 0x916db8 | 0xd5d | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0032154340836013 |
RT_RCDATA | 0x917b18 | 0xd57 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.003221083455344 |
RT_RCDATA | 0x918870 | 0xcfc | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.003309265944645 |
RT_RCDATA | 0x91956c | 0xcd9 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033444816053512 |
RT_RCDATA | 0x91a248 | 0xd5d | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0032154340836013 |
RT_RCDATA | 0x91afa8 | 0xd57 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.003221083455344 |
RT_RCDATA | 0x91bd00 | 0xc4e | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0034920634920634 |
RT_RCDATA | 0x91c950 | 0xc4e | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0034920634920634 |
RT_RCDATA | 0x91d5a0 | 0xcb5 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033814940055334 |
RT_RCDATA | 0x91e258 | 0xcb0 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033866995073892 |
RT_RCDATA | 0x91ef08 | 0xd56 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0032220269478618 |
RT_RCDATA | 0x91fc60 | 0xd47 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0032362459546926 |
RT_RCDATA | 0x9209a8 | 0xdc2 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031232254400908 |
RT_RCDATA | 0x92176c | 0xdc5 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031205673758865 |
RT_RCDATA | 0x922534 | 0xcf3 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.003318250377074 |
RT_RCDATA | 0x923228 | 0xced | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033242671501965 |
RT_RCDATA | 0x923f18 | 0xda9 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031455533314269 |
RT_RCDATA | 0x924cc4 | 0xda6 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031482541499714 |
RT_RCDATA | 0x925a6c | 0xcf3 | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.003318250377074 |
RT_RCDATA | 0x926760 | 0xced | PNG image data, 36 x 36, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033242671501965 |
RT_RCDATA | 0x927450 | 0xb23 | PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced | English | United States | 1.0038582953349702 |
RT_RCDATA | 0x927f74 | 0xb7b | PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0037427696495407 |
RT_RCDATA | 0x928af0 | 0xb3b | PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced | English | United States | 1.0038260869565216 |
RT_RCDATA | 0x92962c | 0xba1 | PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036949949613705 |
RT_RCDATA | 0x92a1d0 | 0xb75 | PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced | English | United States | 1.0037504261847938 |
RT_RCDATA | 0x92ad48 | 0xbdb | PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036243822075783 |
RT_RCDATA | 0x92b924 | 0xb8f | PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced | English | United States | 1.003717472118959 |
RT_RCDATA | 0x92c4b4 | 0xc3c | PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035121328224776 |
RT_RCDATA | 0x92d0f0 | 0xb38 | PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced | English | United States | 1.0038300835654597 |
RT_RCDATA | 0x92dc28 | 0xb7d | PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced | English | United States | 1.0037402244134648 |
RT_RCDATA | 0x92e7a8 | 0xbfe | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035830618892507 |
RT_RCDATA | 0x92f3a8 | 0xd04 | PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced | English | United States | 1.0033013205282113 |
RT_RCDATA | 0x9300ac | 0xc0e | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035644847699288 |
RT_RCDATA | 0x930cbc | 0xc1b | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035495321071313 |
RT_RCDATA | 0x9318d8 | 0xd36 | PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced | English | United States | 1.0032525133057362 |
RT_RCDATA | 0x932610 | 0xd0f | PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced | English | United States | 1.003290457672749 |
RT_RCDATA | 0x933320 | 0xb07 | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced | English | United States | 1.003896563939072 |
RT_RCDATA | 0x933e28 | 0xb29 | PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced | English | United States | 1.0038501925096255 |
RT_RCDATA | 0x934954 | 0xb7b | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced | English | United States | 1.0037427696495407 |
RT_RCDATA | 0x9354d0 | 0xbd4 | PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036327608982827 |
RT_RCDATA | 0x9360a4 | 0xb8d | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced | English | United States | 1.0037199864727764 |
RT_RCDATA | 0x936c34 | 0xc13 | PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced | English | United States | 1.00355871886121 |
RT_RCDATA | 0x937848 | 0xb1d | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced | English | United States | 1.003866432337434 |
RT_RCDATA | 0x938368 | 0xb45 | PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced | English | United States | 1.0038128249566725 |
RT_RCDATA | 0x938eb0 | 0xb86 | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced | English | United States | 1.003728813559322 |
RT_RCDATA | 0x939a38 | 0xc00 | PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035807291666667 |
RT_RCDATA | 0x93a638 | 0xb7a | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced | English | United States | 1.0037440435670524 |
RT_RCDATA | 0x93b1b4 | 0xbf6 | PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced | English | United States | 1.003592423252776 |
RT_RCDATA | 0x93bdac | 0xbeb | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced | English | United States | 1.0036053752867913 |
RT_RCDATA | 0x93c998 | 0xc85 | PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced | English | United States | 1.0034321372854915 |
RT_RCDATA | 0x93d620 | 0xb83 | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced | English | United States | 1.003732609433322 |
RT_RCDATA | 0x93e1a4 | 0xc03 | PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035772357723578 |
RT_RCDATA | 0x93eda8 | 0xc2c | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced | English | United States | 1.0035301668806162 |
RT_RCDATA | 0x93f9d4 | 0xd45 | PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced | English | United States | 1.0032381513099793 |
RT_RCDATA | 0x94071c | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x94072c | 0x148b | PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 1.0020916524054002 |
RT_RCDATA | 0x941bb8 | 0x111e | PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 1.0025102692834322 |
RT_RCDATA | 0x942cd8 | 0xd8c | PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced | English | United States | 1.0031718569780854 |
RT_RCDATA | 0x943a64 | 0x895f08 | PE32 executable (console) Intel 80386, for MS Windows | 0.5360336303710938 | ||
RT_RCDATA | 0x11d996c | 0x1418 | data | 0.4801710730948678 | ||
RT_RCDATA | 0x11dad84 | 0x3a61 | Delphi compiled form 'TfFileKindProperties' | 0.9066577450652392 | ||
RT_RCDATA | 0x11de7e8 | 0x7693 | Delphi compiled form 'TfFileKinds' | 0.9033437654422665 | ||
RT_RCDATA | 0x11e5e7c | 0x9e6 | Delphi compiled form 'TfmDatasetFieldsEditor' | 0.388318863456985 | ||
RT_RCDATA | 0x11e6864 | 0x374 | Delphi compiled form 'TfmDFEAddFields' | 0.579185520361991 | ||
RT_RCDATA | 0x11e6bd8 | 0x8f2 | Delphi compiled form 'TfmDFENewField' | 0.4017467248908297 | ||
RT_RCDATA | 0x11e74cc | 0xd39 | Delphi compiled form 'TfmImageListEditor' | 0.3867060561299852 | ||
RT_RCDATA | 0x11e8208 | 0x311 | Delphi compiled form 'TfmSelectLanguage' | 0.6089171974522293 | ||
RT_RCDATA | 0x11e851c | 0x2c0 | Delphi compiled form 'TfmSelectUnit' | 0.5994318181818182 | ||
RT_RCDATA | 0x11e87dc | 0x386 | Delphi compiled form 'TfmWatchProperties' | 0.5687361419068736 | ||
RT_RCDATA | 0x11e8b64 | 0x11064 | Delphi compiled form 'TfrmAbout' | 0.8759679917398038 | ||
RT_RCDATA | 0x11f9bc8 | 0x377 | Delphi compiled form 'TfrmAlign' | 0.5682074408117249 | ||
RT_RCDATA | 0x11f9f40 | 0x2ebf | Delphi compiled form 'TfrmAlignmentPalette' | 0.1338681373777889 | ||
RT_RCDATA | 0x11fce00 | 0xa3d | Delphi compiled form 'TfrmCollectionEditor' | 0.3925982449446776 | ||
RT_RCDATA | 0x11fd840 | 0x38c4 | Delphi compiled form 'TfrmColumns' | 0.924373795761079 | ||
RT_RCDATA | 0x1201104 | 0x305 | Delphi compiled form 'TfrmDesignerAddControls' | 0.5847347994825356 | ||
RT_RCDATA | 0x120140c | 0x53d | Delphi compiled form 'TfrmDesignerControlsEditor' | 0.4325130499627144 | ||
RT_RCDATA | 0x120194c | 0xe01 | Delphi compiled form 'TfrmDesignerOptions' | 0.304323570432357 | ||
RT_RCDATA | 0x1202750 | 0x182b8 | Delphi compiled form 'TfrmDrive' | 0.5576868686868687 | ||
RT_RCDATA | 0x121aa08 | 0x387c | Delphi compiled form 'TfrmHotKey' | 0.9262793914246197 | ||
RT_RCDATA | 0x121e284 | 0xab0 | Delphi compiled form 'TfrmListViewEditor' | 0.39144736842105265 | ||
RT_RCDATA | 0x121ed34 | 0x1017c | Delphi compiled form 'TfrmMain' | 0.6957187936161174 | ||
RT_RCDATA | 0x122eeb0 | 0xb53 | Delphi compiled form 'TfrmMenuEditor' | 0.39185926181441877 | ||
RT_RCDATA | 0x122fa04 | 0x5b3 | Delphi compiled form 'TfrmMenuIDEEditor' | 0.47978067169294036 | ||
RT_RCDATA | 0x122ffb8 | 0x6c6 | Delphi compiled form 'TfrmPicture' | 0.44521337946943484 | ||
RT_RCDATA | 0x1230680 | 0x6eb | Delphi compiled form 'TfrmSize' | 0.3512140033879164 | ||
RT_RCDATA | 0x1230d6c | 0x325 | Delphi compiled form 'TfrmStrings' | 0.5863354037267081 | ||
RT_RCDATA | 0x1231094 | 0x61c | Delphi compiled form 'TfrmTabOrder' | 0.44884910485933505 | ||
RT_RCDATA | 0x12316b0 | 0xa83 | Delphi compiled form 'TfrmTreeEditor' | 0.3927907840951319 | ||
RT_RCDATA | 0x1232134 | 0x3c8d | Delphi compiled form 'TfSavedSearchSettings' | 0.8898780723824269 | ||
RT_RCDATA | 0x1235dc4 | 0x488 | Delphi compiled form 'TLoginDialog' | 0.4879310344827586 | ||
RT_RCDATA | 0x123624c | 0x3c4 | Delphi compiled form 'TPasswordDialog' | 0.4678423236514523 | ||
RT_RCDATA | 0x1236610 | 0xc8a | Delphi compiled form 'TScrFindDlgForm' | 0.3660436137071651 | ||
RT_RCDATA | 0x123729c | 0xc47 | Delphi compiled form 'TScrReplaceDlgForm' | 0.3706649697741012 | ||
RT_GROUP_CURSOR | 0x1237ee4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x1237ef8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1237f0c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1237f20 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1237f34 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1237f48 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1237f5c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1237f70 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1237f84 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1237f98 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1237fac | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1237fc0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1237fd4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_CURSOR | 0x1237fe8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1237ffc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x1238010 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1238024 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1238038 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x123804c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x1238060 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0x1238074 | 0x30 | data | English | United States | 0.8541666666666666 |
RT_GROUP_ICON | 0x12380a4 | 0x14 | data | 1.15 | ||
RT_GROUP_ICON | 0x12380b8 | 0x14 | data | 1.15 | ||
RT_GROUP_ICON | 0x12380cc | 0x14 | data | 1.15 | ||
RT_GROUP_ICON | 0x12380e0 | 0x14 | data | 1.15 | ||
RT_GROUP_ICON | 0x12380f4 | 0x14 | data | 1.15 | ||
RT_GROUP_ICON | 0x1238108 | 0x14 | data | 1.15 | ||
RT_VERSION | 0x123811c | 0x368 | data | 0.4518348623853211 | ||
RT_MANIFEST | 0x1238484 | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
DLL | Import |
---|---|
winmm.dll | timeGetTime |
oleacc.dll | LresultFromObject |
SHLWAPI.DLL | PathMatchSpecW |
wininet.dll | InternetCloseHandle, InternetReadFile, InternetOpenW, InternetOpenUrlW, HttpQueryInfoW |
winspool.drv | DocumentPropertiesW, ClosePrinter, OpenPrinterW, GetDefaultPrinterW, EnumPrintersW |
comdlg32.dll | FindTextW, ReplaceTextW, ChooseFontW, ChooseColorW, GetSaveFileNameW, GetOpenFileNameW, PrintDlgW |
comctl32.dll | ImageList_GetImageInfo, FlatSB_SetScrollInfo, InitCommonControls, ImageList_DragMove, ImageList_Destroy, _TrackMouseEvent, ImageList_DragShowNolock, ImageList_Add, FlatSB_SetScrollProp, ImageList_GetDragImage, ImageList_Create, ImageList_EndDrag, ImageList_DrawEx, ImageList_SetImageCount, FlatSB_GetScrollPos, FlatSB_SetScrollPos, InitializeFlatSB, ImageList_Copy, FlatSB_GetScrollInfo, ImageList_Write, ImageList_DrawIndirect, ImageList_SetBkColor, ImageList_GetBkColor, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Replace, ImageList_GetImageCount, ImageList_DragEnter, ImageList_GetIconSize, ImageList_SetIconSize, ImageList_Read, ImageList_DragLeave, ImageList_LoadImageW, ImageList_Draw, ImageList_Remove, ImageList_ReplaceIcon, ImageList_SetOverlayImage |
shell32.dll | SHBrowseForFolderW, DragQueryFileW, SHGetSpecialFolderLocation, Shell_NotifyIconW, DragAcceptFiles, SHGetPathFromIDListW, SHGetFileInfoW, SHGetFolderPathW, SHGetMalloc, SHGetDesktopFolder, IsUserAnAdmin, SHAppBarMessage, ShellExecuteW |
user32.dll | CopyImage, MoveWindow, SetMenuItemInfoW, GetMenuItemInfoW, DefFrameProcW, SetCaretPos, GetCaretPos, ScrollWindowEx, GetDlgCtrlID, FrameRect, RegisterWindowMessageW, GetMenuStringW, FillRect, ClipCursor, SendMessageA, IsClipboardFormatAvailable, EnumWindows, ShowOwnedPopups, GetClassInfoExW, GetClassInfoW, GetScrollRange, SetActiveWindow, GetActiveWindow, DrawEdge, GetKeyboardLayoutList, LoadBitmapW, EnumChildWindows, GetScrollBarInfo, UnhookWindowsHookEx, SetCapture, GetCapture, CreatePopupMenu, ShowCaret, GetMenuItemID, DestroyCaret, CharLowerBuffW, PostMessageW, SetWindowLongW, IsZoomed, SetParent, DrawMenuBar, GetClientRect, IsChild, SendDlgItemMessageW, IntersectRect, IsIconic, CallNextHookEx, ShowWindow, SetForegroundWindow, GetWindowTextW, IsDialogMessageW, DestroyWindow, RegisterClassW, EndMenu, CharNextW, GetFocus, GetDC, SetFocus, ReleaseDC, mouse_event, GetClassLongW, SetScrollRange, DrawTextW, PeekMessageA, MessageBeep, SetClassLongW, LockWindowUpdate, RemovePropW, GetSubMenu, EqualRect, DestroyIcon, IsWindowVisible, PtInRect, DispatchMessageA, UnregisterClassW, GetTopWindow, SendMessageW, GetMessageTime, NotifyWinEvent, GetComboBoxInfo, CreateMenu, LoadStringW, CharLowerW, SetWindowRgn, SetWindowPos, GetMenuItemCount, GetSysColorBrush, GetWindowDC, DrawTextExW, EnumClipboardFormats, ScrollDC, GetScrollInfo, SetWindowTextW, GetMessageExtraInfo, GetSysColor, EnableScrollBar, TrackPopupMenu, DrawIconEx, GetClassNameW, GetMessagePos, GetIconInfo, SetScrollInfo, GetKeyNameTextW, GetDesktopWindow, SetCursorPos, GetCursorPos, SetMenu, GetMenuState, GetMenu, SetRect, GetKeyState, IsRectEmpty, ValidateRect, IsCharAlphaW, GetCursor, KillTimer, BeginDeferWindowPos, WaitMessage, TranslateMDISysAccel, GetWindowPlacement, GetClipboardFormatNameW, CreateIconIndirect, GetMenuItemRect, CreateWindowExW, ChildWindowFromPoint, GetDCEx, InsertMenuItemA, PeekMessageW, MonitorFromWindow, GetUpdateRect, SetTimer, WindowFromPoint, BeginPaint, RegisterClipboardFormatW, MapVirtualKeyW, OffsetRect, IsWindowUnicode, DispatchMessageW, TrackPopupMenuEx, CreateAcceleratorTableW, DefMDIChildProcW, GetSystemMenu, SetScrollPos, GetScrollPos, InflateRect, DrawFocusRect, ReleaseCapture, LoadCursorW, ScrollWindow, GetLastActivePopup, GetCursorInfo, GetSystemMetrics, CharUpperBuffW, ClientToScreen, SetClipboardData, GetClipboardData, SetWindowPlacement, SetCaretBlinkTime, GetCaretBlinkTime, GetMonitorInfoW, CheckMenuItem, CharUpperW, DefWindowProcW, GetForegroundWindow, ToAscii, EnableWindow, GetWindowThreadProcessId, RedrawWindow, EndPaint, MsgWaitForMultipleObjectsEx, TrackMouseEvent, LoadKeyboardLayoutW, ActivateKeyboardLayout, GetParent, CreateCaret, MonitorFromRect, InsertMenuItemW, GetPropW, MessageBoxW, SetPropW, UpdateWindow, MsgWaitForMultipleObjects, DestroyMenu, SetWindowsHookExW, GetDoubleClickTime, EmptyClipboard, GetDlgItem, AdjustWindowRectEx, IsWindow, DrawIcon, EnumThreadWindows, InvalidateRect, SetKeyboardState, GetKeyboardState, ScreenToClient, DrawFrameControl, IsCharAlphaNumericW, BringWindowToTop, SetCursor, CreateIcon, RemoveMenu, SubtractRect, GetKeyboardLayoutNameW, OpenClipboard, TranslateMessage, MapWindowPoints, EnumDisplayMonitors, CallWindowProcW, CountClipboardFormats, CloseClipboard, DestroyCursor, CopyIcon, PostQuitMessage, ShowScrollBar, EnableMenuItem, DeferWindowPos, HideCaret, EndDeferWindowPos, FindWindowExW, MonitorFromPoint, LoadIconW, SystemParametersInfoW, GetWindow, GetWindowLongW, GetWindowRect, InsertMenuW, IsWindowEnabled, IsDialogMessageA, FindWindowW, DeleteMenu, GetKeyboardLayout |
version.dll | GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW |
oleaut32.dll | SafeArrayPutElement, SetErrorInfo, GetErrorInfo, VariantInit, VariantClear, SysFreeString, SafeArrayAccessData, SysReAllocStringLen, SafeArrayCreate, CreateErrorInfo, SafeArrayGetElement, GetActiveObject, SysAllocStringLen, SafeArrayUnaccessData, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetUBound, SafeArrayGetLBound, VariantCopyInd, VariantChangeType |
WTSAPI32.DLL | WTSUnRegisterSessionNotification, WTSRegisterSessionNotification |
advapi32.dll | RegSetValueExW, RegConnectRegistryW, RegEnumKeyExW, RegLoadKeyW, RegDeleteKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegUnLoadKeyW, RegSaveKeyW, RegDeleteValueW, RegReplaceKeyW, RegFlushKey, RegQueryValueExW, RegEnumValueW, RegCloseKey, RegCreateKeyExW, RegRestoreKeyW |
msvcrt.dll | memcpy, memset |
kernel32.dll | GetFileType, QueryDosDeviceW, GetACP, CloseHandle, LocalFree, GetCurrentProcessId, SizeofResource, lstrcmpiW, QueryPerformanceFrequency, IsDebuggerPresent, FindNextFileW, GetFullPathNameW, VirtualFree, GetProcessHeap, ExitProcess, HeapAlloc, GetCPInfoExW, GlobalSize, GetLongPathNameW, RtlUnwind, GetCPInfo, EnumSystemLocalesW, GetStdHandle, GetTimeZoneInformation, FileTimeToLocalFileTime, GetModuleHandleW, FreeLibrary, TryEnterCriticalSection, HeapDestroy, ReadFile, GetUserDefaultLCID, LCMapStringA, GetLastError, GetModuleFileNameW, SetLastError, GlobalAlloc, GlobalUnlock, FindResourceW, CreateThread, CompareStringW, GetFileSizeEx, MapViewOfFile, LoadLibraryA, GetVolumeInformationW, ResetEvent, MulDiv, FreeResource, GetDriveTypeW, GetVersion, RaiseException, GlobalAddAtomW, FormatMessageW, SwitchToThread, GetExitCodeThread, OutputDebugStringW, GetCurrentThread, GetFileAttributesExW, LoadLibraryExW, LockResource, FileTimeToSystemTime, GetCurrentThreadId, UnhandledExceptionFilter, GlobalFindAtomW, VirtualQuery, GlobalFree, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, ReleaseMutex, FlushFileBuffers, GetStringTypeExA, LoadResource, SuspendThread, GetTickCount, WritePrivateProfileStringW, GetTempFileNameW, GetFileSize, GlobalDeleteAtom, GetStartupInfoW, GetFileAttributesW, SetCurrentDirectoryW, GetCurrentDirectoryW, InitializeCriticalSection, GetThreadPriority, GetCurrentProcess, GlobalLock, SetThreadPriority, VirtualAlloc, GetTempPathW, GetCommandLineW, GetSystemInfo, LeaveCriticalSection, GetProcAddress, ResumeThread, GetLogicalDriveStringsW, GetVersionExW, GetModuleHandleA, VerifyVersionInfoW, HeapCreate, LCMapStringW, GetDiskFreeSpaceW, VerSetConditionMask, FindFirstFileW, GetUserDefaultUILanguage, GetConsoleOutputCP, UnmapViewOfFile, GetConsoleCP, GlobalHandle, lstrlenW, QueryPerformanceCounter, SetEndOfFile, lstrcmpW, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, CreateMutexA, LoadLibraryW, SetEvent, GetLocaleInfoW, CreateFileW, EnumResourceNamesW, DeleteFileW, IsDBCSLeadByteEx, GetLocalTime, WaitForSingleObject, WriteFile, FindFirstFileExW, CreateFileMappingW, ExitThread, DeleteCriticalSection, GetDateFormatW, TlsGetValue, SetErrorMode, GetComputerNameW, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, RemoveDirectoryW, CreateEventW, GetPrivateProfileStringW, WaitForMultipleObjectsEx, GetThreadLocale, SetThreadLocale |
SHFolder.dll | SHGetFolderPathW |
gdiplus.dll | GdipFillEllipseI, GdipFillPolygonI, GdipGetHatchForegroundColor, GdipGetPointCount, GdipDrawBezier, GdipCreateMatrix3I, GdipLoadImageFromStream, GdipCreateFont, GdipSetClipPath, GdipCreateLineBrushFromRectI, GdipIsMatrixIdentity, GdipSetSmoothingMode, GdipGetSmoothingMode, GdipResetClip, GdipFillRectangle, GdipFillPath, GdipCreateLineBrushFromRect, GdipAddPathRectangle, GdipDrawString, GdipGetImageGraphicsContext, GdipGetTextureImage, GdipGetMatrixElements, GdipCreateTexture2I, GdipCreateTextureIA, GdipCloneImageAttributes, GdipSetMatrixElements, GdipGetTextureWrapMode, GdipSetImageAttributesThreshold, GdipAddPathPolygon, GdipCombineRegionPath, GdipDeleteFontFamily, GdipSetStringFormatLineAlign, GdipGetStringFormatLineAlign, GdipResetPath, GdipGetFontSize, GdipResetImageAttributes, GdipAddPathEllipse, GdipGraphicsClear, GdipAddPathPie, GdipSetWorldTransform, GdipDrawEllipseI, GdipAddPathCurve2I, GdipDeleteRegion, GdipGetGenericFontFamilySerif, GdipLoadImageFromFileICM, GdipSetImageAttributesRemapTable, GdipCreateTexture, GdipDrawLine, GdipCreatePath2, GdipGetPathWorldBounds, GdipCreateHatchBrush, GdipSetLineGammaCorrection, GdipSetPenDashStyle, GdipGetPenDashStyle, GdipGetFamily, GdipDrawPath, GdipLoadImageFromFile, GdipGetPenFillType, GdipDrawRectangle, GdipTranslateTextureTransform, GdipScaleMatrix, GdipSetImageAttributesNoOp, GdipSaveImageToFile, GdipTranslateMatrix, GdipSetTextRenderingHint, GdipGetTextRenderingHint, GdipAddPathLine, GdipDeleteStringFormat, GdipSetImageAttributesToIdentity, GdipSetPenEndCap, GdipGetGenericFontFamilyMonospace, GdipGetImageThumbnail, GdipGetCompositingQuality, GdipSetCompositingQuality, GdipAddPathString, GdipGetImageWidth, GdipTransformMatrixPoints, GdipCreateFromHDC, GdipSetImageAttributesColorKeys, GdipSaveAddImage, GdipCreateSolidFill, GdipGetGenericFontFamilySansSerif, GdipSetImageAttributesOutputChannelColorProfile, GdipSetStringFormatAlign, GdipGetStringFormatAlign, GdipInvertMatrix, GdipGetHatchBackgroundColor, GdipDeletePath, GdipSetImageAttributesGamma, GdipScaleWorldTransform, GdipShearMatrix, GdipCreateFontFamilyFromName, GdipDisposeImageAttributes, GdipIsMatrixInvertible, GdipCreateMatrix2, GdipCreateMatrix3, GdipRotateWorldTransform, GdipCreateRegionRect, GdipSetStringFormatTrimming, GdipGetImageRawFormat, GdipCreateMatrix, GdiplusShutdown, GdipSetLinePresetBlend, GdipScaleTextureTransform, GdipLoadImageFromStreamICM, GdipSetImageAttributesColorMatrix, GdipAddPathRectangleI, GdipGetHatchStyle, GdipGetFamilyName, GdipCreateStringFormat, GdipCloneMatrix, GdipDrawArc, GdipResetWorldTransform, GdipAlloc, GdipDeleteMatrix, GdipDrawBeziers, GdipRotateTextureTransform, GdipSetClipRegion, GdipMultiplyWorldTransform, GdipClosePathFigure, GdipDrawImageI, GdipAddPathCurve, GdipDrawEllipse, GdipGetPathPoints, GdipAddPathArc, GdipGetStringFormatTrimming, GdipCreateLineBrushFromRectWithAngle, GdipAddPathCurveI, GdipCreatePath, GdipGetPathTypes, GdipAddPathLine2I, GdipCreatePen1, GdipCreatePen2, GdipSetStringFormatHotkeyPrefix, GdipVectorTransformMatrixPoints, GdipGetFontStyle, GdipCloneStringFormat, GdipGetImageAttributesAdjustedPalette, GdipDeletePen, GdipRotateMatrix, GdipDeleteGraphics, GdipDeleteFont, GdipCreateLineBrushFromRectWithAngleI, GdipFree, GdipCreateTexture2, GdipSetImageAttributesOutputChannel, GdipResetTextureTransform, GdipCreateTextureIAI, GdipReleaseDC, GdipAddPathPolygonI, GdipSetStringFormatFlags, GdipGetStringFormatFlags, GdipGetPenBrushFill, GdipSetPenBrushFill, GdipGetImagePixelFormat, GdipGetStringFormatHotkeyPrefix, GdipTranslateWorldTransform, GdipGetImageHeight, GdipGetDC, GdipSetTextureWrapMode, GdipCreateRegionPath, GdipCreateImageAttributes, GdiplusStartup, GdipDeleteBrush, GdipCombineRegionRegion, GdipCreateLineBrushI, GdipCreateLineBrush, GdipTransformMatrixPointsI, GdipFillPolygon, GdipDrawImageRect, GdipDrawImageRectRect, GdipImageRotateFlip, GdipFillEllipse, GdipAddPathBezier, GdipSaveImageToStream, GdipVectorTransformMatrixPointsI, GdipMultiplyMatrix, GdipMeasureString, GdipDisposeImage, GdipSetImageAttributesWrapMode, GdipFlush, GdipSetClipRect |
ole32.dll | CreateDataAdviseHolder, OleRegEnumVerbs, CoCreateInstance, OleGetClipboard, OleSetClipboard, IsEqualGUID, OleFlushClipboard, CreateStreamOnHGlobal, CLSIDFromProgID, CoGetClassObject, CoInitialize, OleDraw, CoTaskMemAlloc, DoDragDrop, StringFromCLSID, RevokeDragDrop, IsAccelerator, CoUninitialize, ReleaseStgMedium, RegisterDragDrop, OleInitialize, ProgIDFromCLSID, OleUninitialize, CoDisconnectObject, CoTaskMemFree, OleSetMenuDescriptor |
gdi32.dll | Pie, SetBkMode, GetRandomRgn, CreateCompatibleBitmap, BeginPath, GetEnhMetaFileHeader, CloseEnhMetaFile, RectVisible, AngleArc, CloseFigure, ResizePalette, SetAbortProc, SetTextColor, GetTextColor, StretchBlt, RoundRect, SelectClipRgn, RestoreDC, SetRectRgn, FillPath, GetTextMetricsW, GetWindowOrgEx, CreatePalette, CreateDCW, CreateICW, PolyBezierTo, GetStockObject, CreateSolidBrush, GetBkMode, Polygon, MoveToEx, PlayEnhMetaFile, Ellipse, StartPage, GetBitmapBits, StartDocW, AbortDoc, GetSystemPaletteEntries, GetEnhMetaFileBits, CreatePenIndirect, GetEnhMetaFilePaletteEntries, SetMapMode, GetMapMode, CreateFontIndirectW, PolyBezier, ExtCreatePen, LPtoDP, GetNearestColor, EndDoc, GetObjectW, GetCurrentObject, GetWinMetaFileBits, SetROP2, GetTextExtentExPointW, GetEnhMetaFileDescriptionW, ArcTo, CreateEnhMetaFileW, Arc, CreateRectRgnIndirect, SelectPalette, SetGraphicsMode, ExcludeClipRect, SetWindowOrgEx, MaskBlt, EndPage, EndPath, DeleteEnhMetaFile, Chord, SetDIBits, SetViewportOrgEx, GetViewportOrgEx, CreateRectRgn, RealizePalette, SetDIBColorTable, GetDIBColorTable, CreateBrushIndirect, PatBlt, StrokePath, SetEnhMetaFileBits, Rectangle, DeleteDC, SaveDC, BitBlt, SetWorldTransform, FrameRgn, GetDeviceCaps, GetTextExtentPoint32W, AbortPath, GetClipBox, Polyline, IntersectClipRect, CreateBitmap, CombineRgn, SetWinMetaFileBits, CreateDIBitmap, GetStretchBltMode, CreateDIBSection, SetStretchBltMode, GetDIBits, ExtCreateRegion, LineTo, GetRgnBox, EnumFontsW, SetWindowExtEx, CreateHalftonePalette, DeleteObject, SelectObject, ExtFloodFill, UnrealizeObject, CopyEnhMetaFileW, OffsetRgn, SetBkColor, GetBkColor, CreateCompatibleDC, GetObjectA, GetBrushOrgEx, GetCurrentPositionEx, SetDCPenColor, GetNearestPaletteIndex, SetTextAlign, CreateRoundRectRgn, GetTextExtentPointW, ExtTextOutW, SetBrushOrgEx, GetPixel, GdiFlush, SetViewportExtEx, SetPixel, PolyPolyline, EnumFontFamiliesExW, StretchDIBits, GetPaletteEntries |
Name | Ordinal | Address |
---|---|---|
__dbk_fcall_wrapper | 2 | 0x414024 |
dbkFCallWrapperAddr | 1 | 0xb2f644 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
German | Germany | |
Dutch | Belgium |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 16:44:49 |
Start date: | 30/04/2024 |
Path: | C:\Users\user\Desktop\SetupSuite_21.8_win64_86_sm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x5a0000 |
File size: | 18'984'288 bytes |
MD5 hash: | DDDA012671F0CA2CA213060073B063E2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 16:44:51 |
Start date: | 30/04/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x790000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 16:44:51 |
Start date: | 30/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 16:45:11 |
Start date: | 30/04/2024 |
Path: | C:\Windows\SysWOW64\explorer.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbc0000 |
File size: | 4'514'184 bytes |
MD5 hash: | DD6597597673F72E10C9DE7901FBA0A8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Has exited: | true |
Target ID: | 8 |
Start time: | 16:45:20 |
Start date: | 30/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb20000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 31.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 5.4% |
Total number of Nodes: | 149 |
Total number of Limit Nodes: | 7 |
Graph
Function 005BFCEE Relevance: 1.6, APIs: 1, Instructions: 123nativeCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C040E Relevance: 5.5, APIs: 3, Instructions: 995memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005BF5CE Relevance: 4.6, APIs: 3, Instructions: 79fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005BFBBE Relevance: 3.0, APIs: 2, Instructions: 50fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005BF1FE Relevance: 1.5, APIs: 1, Instructions: 25libraryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C121E Relevance: 1.5, APIs: 1, Instructions: 204COMMON
Control-flow Graph
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005BFC8E Relevance: 1.3, APIs: 1, Instructions: 23memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005C03BE Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0C0A3DF0 Relevance: 11.5, Strings: 8, Instructions: 1523COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0C0A5890 Relevance: 7.5, Strings: 4, Instructions: 2513COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0C0914E0 Relevance: 2.1, Strings: 1, Instructions: 803COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0C08ABB0 Relevance: 1.7, Strings: 1, Instructions: 499COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0C0B1378 Relevance: .3, Instructions: 259COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0C08E6D0 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0C0BA671 Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0C0A7900 Relevance: .1, Instructions: 142COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0C0A39E0 Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0C08FBF0 Relevance: 7.8, Strings: 6, Instructions: 275COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0C097F20 Relevance: 5.1, Strings: 4, Instructions: 112COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |