popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-08-04 08:00:07

PDB Path

C:\xampp\htdocs\Cryptor\d074412e45c942e3986da5700d2f27be\Loader\pr2\Release\pr2.pdb

PE Imphash

97750a00050e37c7b56da7bc3864f0f1

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00040345 0x00040400 6.6002569304
.rdata 0x00042000 0x0000991a 0x00009a00 5.11268121311
.data 0x0004c000 0x00002120 0x00000e00 3.83036922178
.gfids 0x0004f000 0x00000228 0x00000400 1.72433478448
.rsrc 0x00050000 0x000005c0 0x00000600 3.77254134718
.reloc 0x00051000 0x0000251c 0x00002600 6.63612366451

Resources

Name Offset Size Language Sub-language File type
RT_MENU 0x000501b0 0x0000004a LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x00050210 0x00000120 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x00050210 0x00000120 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00050410 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ACCELERATOR 0x00050200 0x00000010 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x00050440 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library dbghelp.dll:
0x4421dc MiniDumpWriteDump
Library KERNEL32.dll:
0x442008 CreateFileW
0x44200c GetFileSize
0x442010 ReadFile
0x442014 SetFilePointer
0x442018 WriteFile
0x44201c CloseHandle
0x442020 GetCurrentProcess
0x442024 GetCurrentProcessId
0x442028 VirtualProtect
0x44202c SetFilePointerEx
0x442030 GetConsoleMode
0x442034 GetConsoleCP
0x442038 FlushFileBuffers
0x44203c HeapReAlloc
0x442040 HeapSize
0x442048 GetProcessHeap
0x44204c LCMapStringW
0x442050 DecodePointer
0x442054 GetTimeFormatW
0x442058 GetDateFormatW
0x44205c OutputDebugStringW
0x442060 OutputDebugStringA
0x442064 EnumSystemLocalesW
0x442068 GetUserDefaultLCID
0x44206c IsValidLocale
0x442070 GetLocaleInfoW
0x442074 GetStringTypeW
0x442078 SetStdHandle
0x44208c GetCommandLineW
0x442090 GetCommandLineA
0x442094 GetCPInfo
0x442098 GetOEMCP
0x44209c IsValidCodePage
0x4420a0 FindNextFileW
0x4420a4 CompareStringW
0x4420a8 SetLastError
0x4420b0 GetCurrentThreadId
0x4420b8 InitializeSListHead
0x4420bc IsDebuggerPresent
0x4420c8 GetStartupInfoW
0x4420d0 GetModuleHandleW
0x4420d4 TerminateProcess
0x4420d8 RaiseException
0x4420dc RtlUnwind
0x4420e8 GetLastError
0x4420ec WriteConsoleW
0x4420f0 EncodePointer
0x442104 TlsAlloc
0x442108 TlsGetValue
0x44210c TlsSetValue
0x442110 TlsFree
0x442114 FreeLibrary
0x442118 GetProcAddress
0x44211c LoadLibraryExW
0x442120 GetStdHandle
0x442124 GetModuleFileNameW
0x442128 GetModuleFileNameA
0x44212c MultiByteToWideChar
0x442130 WideCharToMultiByte
0x442134 ExitProcess
0x442138 GetModuleHandleExW
0x44213c GetACP
0x442140 HeapFree
0x442144 HeapAlloc
0x442148 GetCurrentThread
0x44214c GetFileType
0x442150 FindClose
0x442154 FindFirstFileExA
0x442158 FindFirstFileExW
0x44215c FindNextFileA
Library USER32.dll:
0x442164 LoadIconW
0x442168 LoadCursorW
0x44216c GetWindowLongW
0x442170 MessageBeep
0x442174 MessageBoxW
0x442178 GetWindowTextW
0x44217c SetWindowTextW
0x442180 EndPaint
0x442184 BeginPaint
0x442188 GetDC
0x44218c UpdateWindow
0x442190 GrayStringA
0x442198 LoadAcceleratorsW
0x44219c SendDlgItemMessageW
0x4421a0 GetDlgItem
0x4421a4 EndDialog
0x4421a8 DialogBoxParamW
0x4421ac ShowWindow
0x4421b0 DestroyWindow
0x4421b4 CreateWindowExW
0x4421b8 RegisterClassExW
0x4421bc PostQuitMessage
0x4421c0 DefWindowProcW
0x4421c4 SendMessageW
0x4421c8 DispatchMessageW
0x4421cc TranslateMessage
0x4421d0 GetMessageW
0x4421d4 LoadStringW
Library COMDLG32.dll:
0x442000 GetOpenFileNameW
!This program cannot be run in DOS mode.
`.rdata
@.data
.gfids
@.rsrc
@.reloc
tW=4:}
||t(=c
||t5=c
>Ph`#D
QQSVWd
t.hl*D
URPQQh@v@
tK<_t<<$t8<<t4<>t0<-t,<a|
<z~$<A|
E<$uMR
MwnhT6D
QPh*.D
<0|L<9
tE<A|2<P
t9<_u5
t.<_u*
<A|,<P
WPh*.D
t}hd4D
<$u"8F
YPSh|.D
<0| <9
<0|^<8
;t$,v-
UQPXY]Y[
u0jAXf;
u0jAXf;
<xt"<Xt
u/jAXj
F4_^[]
F4_^[]
F4_^[]
F4_^[]
F4_^[]
F4_^[]
Tt1jhZ;
Tt1jhZ;
Tt1jhZ;
Tt1jhZ;
Tt1jhZ;
Tt1jhZ;
^$+^8+
^$+^8+
^$+^8+
^$+^8+
^$+^8+
^$+^8+
N2jx_f;
~$+~8+
N2jx_f;
~$+~8+
N2jx_f;
~$+~8+
N2jx_f;
~$+~8+
N2jx_f;
~$+~8+
N2jx_f;
~$+~8+
F2jgYf;
F(jgYjGZ
F2jgYf;
F2jgYf;
F2jgYf;
F(jgYjGZ
F2jgYf;
F2jgYf;
x(j$Xf9
x(j$Xf9
VWh@9D
t/j=[f;
QSSSSj
YYh("D
t#VhD:D
tyPVj@W
_tcPVj@
u#j,Xf;
Wj0XPS
9>t^j*Xf
SSSPSW
u-PSSW
WWWPWS
u-PWWS
SSVWh
f9:t!V
tl9tX
QQSWj0j@
jYjf
u^9^\t/
VX9^`tT
;N\u\W
u2Vj@h`TD
9C`u99C\t4
9C`u5Wj
WHPhpWD
HPh`TD
t"k509D
PPPPPWS
PP9E u:PPVWP
PPPPPPPP
Unknown exception
vector<T> too long
string too long
invalid string position
bad allocation
bad function call
regex_error(error_collate): The expression contained an invalid collating element name.
regex_error(error_ctype): The expression contained an invalid character class name.
regex_error(error_escape): The expression contained an invalid escaped character, or a trailing escape.
regex_error(error_backref): The expression contained an invalid back reference.
regex_error(error_brack): The expression contained mismatched [ and ].
regex_error(error_paren): The expression contained mismatched ( and ).
regex_error(error_brace): The expression contained mismatched { and }.
regex_error(error_badbrace): The expression contained an invalid range in a { expression }.
regex_error(error_range): The expression contained an invalid character range, such as [b-a] in most encodings.
regex_error(error_space): There was insufficient memory to convert the expression into a finite state machine.
regex_error(error_badrepeat): One of *?+{ was not preceded by a valid regular expression.
regex_error(error_complexity): The complexity of an attempted match against a regular expression exceeded a pre-set level.
regex_error(error_stack): There was insufficient memory to determine whether the regular expression could match the specified character sequence.
regex_error(error_parse)
regex_error(error_syntax)
regex_error
bad array new length
bad exception
EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
template-parameter-
generic-type-
`anonymous namespace'
`non-type-template-parameter
`template-parameter
`template-type-parameter-
`generic-class-parameter-
`generic-method-parameter-
`vtordispex{
`vtordisp{
`adjustor{
`local static destructor helper'
`template static data member constructor helper'
`template static data member destructor helper'
static
virtual
private:
protected:
public:
[thunk]:
extern "C"
short
unsigned
volatile
std::nullptr_t
std::nullptr_t
<ellipsis>
,<ellipsis>
throw(
double
__int8
__int16
__int32
__int64
__int128
<unknown>
char16_t
char32_t
wchar_t
__w64
UNKNOWN
signed
volatile
`unknown ecsu'
union
struct
class
coclass
cointerface
volatile
const
cli::array<
cli::pin_ptr<
{flat}
`h````
xpxxxx
`h`hhh
xwpwpp
(null)
CorExitProcess
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
AreFileApisANSI
CompareStringEx
EnumSystemLocalesEx
GetActiveWindow
GetDateFormatEx
GetEnabledXStateFeatures
GetLastActivePopup
GetLocaleInfoEx
GetProcessWindowStation
GetSystemTimePreciseAsFileTime
GetTimeFormatEx
GetUserDefaultLocaleName
GetUserObjectInformationW
GetXStateFeaturesMask
IsValidLocaleName
LCMapStringEx
LCIDToLocaleName
LocaleNameToLCID
LocateXStateFeature
MessageBoxA
MessageBoxW
RoInitialize
RoUninitialize
AppPolicyGetProcessTerminationMethod
AppPolicyGetThreadInitializationType
AppPolicyGetShowDeveloperDiagnostic
AppPolicyGetWindowingModel
SetThreadStackGuarantee
SystemFunction036
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
?5Wg4p
%S#[k=
"B <1=
_hypot
_nextafter
RSDSiS
C:\xampp\htdocs\Cryptor\d074412e45c942e3986da5700d2f27be\Loader\pr2\Release\pr2.pdb
.text$mn
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.gfids$y
.rsrc$01
.rsrc$02
MiniDumpWriteDump
dbghelp.dll
CreateFileW
GetFileSize
ReadFile
SetFilePointer
WriteFile
CloseHandle
GetCurrentProcess
GetCurrentProcessId
VirtualProtect
KERNEL32.dll
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
DefWindowProcW
PostQuitMessage
RegisterClassExW
CreateWindowExW
DestroyWindow
ShowWindow
DialogBoxParamW
EndDialog
GetDlgItem
SendDlgItemMessageW
LoadAcceleratorsW
TranslateAcceleratorW
GrayStringA
UpdateWindow
BeginPaint
EndPaint
SetWindowTextW
GetWindowTextW
MessageBoxW
MessageBeep
GetWindowLongW
LoadCursorW
LoadIconW
USER32.dll
GetOpenFileNameW
COMDLG32.dll
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
TerminateProcess
RaiseException
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetCurrentThread
GetFileType
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
OutputDebugStringA
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetProcessHeap
SetConsoleCtrlHandler
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer
WriteConsoleW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.PAVexception@std@@
.?AVbad_alloc@std@@
.?AVinvalid_argument@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVoverflow_error@std@@
.?AVruntime_error@std@@
.?AVbad_function_call@std@@
.?AVregex_error@std@@
.?AVtype_info@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
.?AVDNameNode@@
.?AVcharNode@@
.?AVpcharNode@@
.?AVpDNameNode@@
.?AVDNameStatusNode@@
.?AVpairNode@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
F0H4`4
6&7]7u7
8=8U8u8
;<%<1<S<
=C=K=b=
=/><>w>
1!161;1I1N1Y1k1p1~1
2/252;2m2
3<3[3b3
3*404I4P4X4`4f4l4r4
545F5p5
5-676H6d6o6u6
99.9=9L9[9j9
;Y<c<_=n>
2"222d2j2p2v2|2
3$3*30363<3B3H3N3b3z3
434R4q4
5%5B5a5
6%666G6X6i6z6
8:8?8F8M8T8[8b8i8p8w8~8
989X9x9
<*=S=k=
&090L0X0h0y0
0;1H1o1w1
2"212:2G2v2~2
4(4N4l4
5/545Y5a5~5
6 7)767A7J7Y7d7l7v7
8&8.8:8C8H8N8X8b8r8
9%9-959@9E9K9U9_9r9w9
:%:O:^:
1R2U3f3
88$8(8,808
2'2O2c2
7-7R7Y7b7p7w7}7
7g8l8q8
9"9'979<9A9
9!:=:L:X:f:
;?;D;I;
<6<?<D<I<m<y<~<
<*=2=7=G=Q=v=
1'1-151<1E1N1S1[1a1x1
3"4>4E4X4e4w4}4
7K8Y8w8
<&=G=f=
4;5N5~5
6.7Y7t7~7
8F8k8p8|8
<%=P=Z=d=n=x=
?$?Z?^?b?f?j?n?
1(2.2X2}2
7D8q8}8
8\9p9v9
;$;1;t;
< <'<s<{<
=$=j=n=r=v=z=~=
>B>Y>v>
1'1>1H1o1
565Y5h5
8$8;8x8
;A;Q;a;w;
;#<?<D<X<
=D=W=a=s=
>5>F>u>
00=0r0y0
0:1R1[1q1
4*5A5n5{5
:>:^:~:
;1;J;T;k;K<P<p<
=4>K>l>~>
0/0T0}0
3+4]4i4
5]5h5w5
6B6N6_6x6
8#9/9:9F9M9R9X9]9c9h9m9s9x9~9
;!;';P;
=(=?=k=
>%>8>d>R?\?i?
3,4}4C:
:*:J:\:|:
;/;Q;f;
<=#='=+=/=3=7=;=
1'2+2/23272;2?2C2
2G3K3O3S3W3[3_3c3
5(6D6H6L6P6T6X6\6`6d6h6l6p6:7
:=:C:I:O:U:[:a:g:m:s:y:
:(:/:A:
;9;D;W;
;#=9=s=
>$>.>K>Q>Y>g>
>2?@?L?b?u?
0,151n1y1
8 8&848:8D8`8f8p8
00_0h0
0*131}1
2?3]3j3y3
6P6[6m6s6
:U:n:s:|:
;A=G=O=[=
=(>\>g>q>
2#252O2
2D3W314
7^7b7j7v7
88*808>8
:8;>;a;s;
0e0?2_2
5!5D5M5j5
56&6N6b6|6
7+777B7`7
8<8Q8a8n8
9P9c9:g:
0(0<0U0i0
1!1:1N1g1{1
2N9&<e<l<w<
1(171E1Q1]1k1{1
2V3[3b3
8"8)8/8J8Q8
8Z:3;R;u;
< <-<7<G<
80A0E0K0O0U0Y0c0v0
051c1u1
797W7j7
9(949E9S9^9&:
:%;4;q;
0"1K1f1
4,5;5I5f5n5
6N6U6^6
777C7u7
;Y>c>m>
?!?3?E?W?i?{?
4 4\4 6'6/676?6
3f3P6$7Z7
1>1S1k1
444j4|4
435I5\5
6@6E6K6Q6c6i6t6y6~6
7*7/747D7I7N7^7c7h7x7}7
8.83888H8M8R8b8g8l8|8
9"92979<9L9Q9V9f9k9p9
:&:2:>:R:h:
;$;=;V;x;
<<$<)<F<k<v<{<
=$=)=.=K=p=
?4???D?I?d?n?
050Q0\0a0f0~0
1&101L1w1
2.2R2]2b2g2
5)5K5V5[5`5x5
7*7/7?7I7n7y7~7
;";(;1;7;
='>0>H>Z>
>X?`?r?w?
="=Y=`=
:f;)<V<
7K7r7}7
8;8Z8p8z8
8&9O9x9
?$?4?f?
0010B1
2(232@2R2
273L3U3^3p3
6D6N6s6
>9?A?I?Q?Y?w?
4I5f5v5
8C8O8[8n8
9!9-999L9p9
=!=}=->5>
0U0[0o0u0z0
:<;M;{?
8"8(8.848:8@8F8L8R8X8^8d8j8p8v8|8
9$9*90969<9B9H9N9T9Z9`9f9l9
j7n7r7v7z7~7
?"?&?*?.?2?6?:?>?B?F?J?N?R?V?Z?^?b?f?j?n?r?v?z?~?
2024282L4P4T4h4l4p4t4x4|4
: :$:(:D:H:l:p:t:x:
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<p<t<x<|<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
T7X7\7`7d7h7l7p7t7x7|7
<$<,<0<4<8<<<
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:
`4l4x4
5 5,585D5P5\5h5t5
6(646@6L6X6d6p6|6
7$707<7H7T7`7p7|7
8$808<8H8T8`8l8x8
;$;,;4;<;D;L;T;\;d;l;t;|;
<$<,<4<<<D<L<T<\<d<l<t<|<
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=P=X=`=h=p=x=
> >(>0>8>@>H>P>X>`>h>p>x>
? ?(?0?8?@?H?P?X?`?h?p?x?
0 0(00080@0H0P0X0`0h0p0x0
1 1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
D6L6T6\6d6l6t6|6
9$9(909H9X9\9l9p9t9|9
:0:@:D:T:X:\:`:h:
;,;0;@;D;H;L;T;l;|;
<,<0<8<P<`<d<t<x<|<
=4=D=H=X=\=`=h=
>(>,><>@>D>L>d>t>x>
3 3@3H3T3|3
4$4,40444<4P4X4l4t4|4
5 5(5<5D5L5T5X5`5h5p5t5|5
6$6<6@6`6h6l6
7D7H7P7X7`7d7l7
8 8@8`8
9 9@9L9h9
:(:D:H:h:
;(;H;h;
<(<H<h<
=(=H=d=h=
>(>D>H>
2 303@3P3`3x3
:0:L:h:x:
<0<H<d<
h`~A37
km97I)
f=xSoH^z?
"_4bg=
!1Sk{.J
X1i]M'G<
$7K3#Z1
7&3#Z1
7&3#Z1
;5N8vx
niJcHq
SDAh<"
Y=0i)_
TwM~8$
oOc5vC}
PKj4\p
MKNGon
25&3sn
sQ.QHA
*fd;xt
xFbK H
DHoq2.
NehS}}E/
WbZ`c(2-
`#kOL.v0
c!g=&K
z25ta=9
xvTM*L
.15iyG
W 1|s-
BzyGNr
|=}0)1S+
n?m|GF
\Z)K"j
^&Of{
z#Z1zT
?_7.^M
%4EX{>
X{e%+o1
2hjyQe
<;~:b:
0:.&;_
\?$FR`
`D\;1q+2
6>X#^j
1 =lk4
QgHF.\'05
c{zz!?
po,NP>
.<k[ea
-w41t!'
s(1!E,
2 8!w,ZKYBB
Wf[H|IL
sIiL.U
}e"+d.
),jTPT#
V>De+@
h,YuwP
MS/GuR
)*pNfh~4
.7[tq!
Ux\|'|7
Z078c~f`
&m8KX#
Vpww:z
qC6="*
J8727<
8PZjp!
v{y~L.v0
P+y*['k
_aN{B&l
e>pI'
/&j{$1
KNx.Sw
:(P;e|
h.w^3b
J|nUG/
lkAQ@1le
zRw0?b
dMRn>b
L\N["r
I;)5AC
E-91FA
z']Z3<z
\q6)LJ
\~5s^]
G^b4X}
{BiEaB3
<*s?8Q
w@Z!{e
&0P('g
<z{?X3s
:j&EX
mfQ\BZ';2
\~5s:]
dm2JUr
>VNR?E
#9;+2n
y>jB<%
k&jW'
\Cv*6=
6)JB[M
z3{znE
7>pL'1
c3@Jt:6
Vca.jRYI
?>,\btS
{rY@xb
\25t0"s)
HNp5*b
ZB`Xnhk
/l&z_(
90?>JA
N,&/$z
5t0bs)-
?&I/K1
FL[5E)
rkiXqF
0-2OL.r
4+z 5t
G~uRjK
wQ!~v<
3&:5|R1
*0~drc
(^#b3"
3. 1Cs(
",g<[d
78q?ZZ{
SFf$:5
5?>j x
H[k_W\
ls~)8gx
6VNR=B
<M 6:r
'o:n&J
V$aS[<G
z/lG^b8
T>*4\}
<m@#a"
:$Zj@D
(}*4si"C
,5kHP!
A\%'(b
<;qn?sA
^Ep9_'
79?y))&v
MN&>?Y
Zrm&9<`
twG~b jK
SI)\?[
/`%zN/
HMJr`%
6RB*~1
n&<))'
Whh~9
:9gY;?tDo
Zvl%2O
;bA\%m
6`>ofI
$aF[<G\
nE>Qc\
u3 .H:{R
/DB(dY
F}H/&,
G:#UH[7m
,Xp[]V
?_)zNB
R$a\[<G
g[NRx1
3mW8P0
q|hLkE-
Q<;q*b:jn
.</~=hS
I3fo=.
B Zw+)I
v8)u6o
}BFQpy
%&4m$Vp
7&3#Z1
TUVWXFq6
pJbQJ~
4OX^N$
4<XJN
j9[l ^j
LQvg$U
e+713QZO
)4|X7N.
u7/z=4
e>7&3#Z
e>7]3-Z
)4|X7N
!<.f@H
v<nfWH
#e|7T3OZT
O4]X7N
B={1(I
fRHxR&
z4OX7N
n5GM04
7Z3#Z6
em7-3-Z
eI7&3#ZS
4NXYNZ
4EXdN*
?4NXJNk
E9*lG^j
fwH*R
9;l~^j
!<.fPHzR<
f H:Rl
m=11[I
z9"l=^
4,X^ND
<~fwHmRl
Y9[l ^
f HR,
fRHJR,
em7-3%Z0
4EX+N;
ph=&Kw
N4|X^N;
=9alG^j
F<{f}H
7*3-Z
7&3#Z-?
R!Gj7?h9#
rh=&K@
#1o<q:
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
mzC?ZI
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
7&3#Z1
w=q+N}qd
0rgGWObu
/)F9CF
i@1.ce
Mbb^21
/fr!VW
Lh8Bw&t_X
}5Pa)1
k1?J|G
Ld!k^ck
~AEHT,;<{
5nS"Hc
m!EQK=~
r6|Nf%
xoyor[
>1P(9y
K8/%+Y
:;UgH%u]
/2ml1?e
N#p7<l
30O1yiP
,T\'T<
8+&f5'
6}N|"9
:v/foNr
!}TjH$
):PuC})+
e85br
jJpIhj>
>Pyh?d
2)\s 4
sh0gVF
rmf7yIB
n|Xi'!
?ji0U4[
+Pbs@T
.24^Hv
.ZF}Z0|&b
$TgY?E_R
Jh}28l}
2YXx`%
KN*c>UEC9
yykhPaH(
]`Y.rs
~G!,a7
5NZ<Ln
$MC%)
>./3YUL
uCYue|
$Ix97'
]A_xxv
z&aN#h
j\i7_,2I
_%gT'/]x
$\k_*R
jR|k?Z
Qu#);d$
6OX7xb
x7c0h4i
$Gs4*E
zIY]k#
?6"p:Bf
vE*Qy!
cgAU$S
olI<PQ>j
ioFz4*
ScrG"
A0LG55
pm#NjJ+
qT]qI:%
+.)^.
c}N9sL
:s{qwA
Ku%\Ht
;T9UAR
gXC5vY
a0 {Y#
Yv^=oH[
~jf7<SL
3`3d0<E
>wrHTF3
+c3t83<Y
]7J/,V
fJYP9M
v$\xo]
NTci4't
^>.n1i
em"]Xm
R|@v}i
di#CuM
p]%(V3g
k&AP2z%7
W]9{0n@@
,||P&}
T3#G5*b
Sv_!5R
G/iQ!
pJEG-d
iFw$zN
;ZX|7V!
2q\s(3:R
t86oKL
Jc`PEs#
W&6&=W
tz:{}-
uZiV]~
oE4Tf\
?ASx/D
n>\W#%%
XEN}Xrj
bxd\hW
;)}F_i
15\Q"$T
YoyC28
&}GL6@
5)c,%|W
ig541n`
/X7}"
[/Sr:U
o@ee1g
Llm(j_
1ilcu0T
E\v}"C
&WdEb_1
a;hn9j9
a829!R
&wbeo)*
#Lj+I;
7I4#Jf
+;o)[f&
luV3a:F
#MAl@%oH
Kp\4lG
[4hP=jW
XD`-Mx4
Reu-/=
WCgn%jQZ
O{]bdb
ga`dl#b
&~SI*U
deUk{7
|qf-u5!y
K{_c)m
/7r\w?I3
M{Z}IWa
k0g@&d)Z
@kk$)X
n!-@z2
z5Nnvc
4F|B8L
Sbuq_J
xK)ol|
v(*%++1
PG5=7G
dyi2*e
lRow)7
K`{L,19Hwe
4NLk0N1
eWdqwI
8' (@N.
oV6*^g%D
;c.0Pdh
mX-S%<0
]hmCJbG(S=
o(EB3t-
' zW]#e
nc{3X{
:yy#t\
pe_N,2
eAH &U
Npz1NY
a}'&mNY8
~:l6el
^K&?GO
%0y5KG
dOR1JJ6e
V?&*;4
bm26Bk}
>L4<[8
&$QzuL
s^SA;t
(YMy*fM
uYc)7F
{4mdpb
)P9/Y,
MW*%>`
``-YC2Q
MZdeVd
HMkx*]-Rp
k$&\8W"^
Iy+N!'
84NuK_
_X~Pa3
l`8jp@
/Q?63#
JbW#nz
=0y5"A)
y/b^0K
ya,5RJ
-qsm9n
-9 WS)
-<k#t+
PSSG!$w?/
uFpBYI
Djjjjj
Binary
button
Choose File
BUTTON
Write to file
Read from file
Open File
File open error
Can't open file explorer
C:\Users\Gleb\Desktop\hex_dump.txt
Out Buffer
Dadvapi32
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
(null)
Runtime Error!
Program:
<program name unknown>
Microsoft Visual C++ Runtime Library
mscoree.dll
BLC_ALL
LC_COLLATE
LC_CTYPE
LC_MONETARY
LC_NUMERIC
LC_TIME
((((( H
(
((((( H
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
Dja-JP
american
american english
american-english
australian
belgian
canadian
chinese
chinese-hongkong
chinese-simplified
chinese-singapore
chinese-traditional
dutch-belgian
english-american
english-aus
english-belize
english-can
english-caribbean
english-ire
english-jamaica
english-nz
english-south africa
english-trinidad y tobago
english-uk
english-us
english-usa
french-belgian
french-canadian
french-luxembourg
french-swiss
german-austrian
german-lichtenstein
german-luxembourg
german-swiss
irish-english
italian-swiss
norwegian
norwegian-bokmal
norwegian-nynorsk
portuguese-brazilian
spanish-argentina
spanish-bolivia
spanish-chile
spanish-colombia
spanish-costa rica
spanish-dominican republic
spanish-ecuador
spanish-el salvador
spanish-guatemala
spanish-honduras
spanish-mexican
spanish-modern
spanish-nicaragua
spanish-panama
spanish-paraguay
spanish-peru
spanish-puerto rico
spanish-uruguay
spanish-venezuela
swedish-finland
america
britain
england
great britain
holland
hong-kong
new-zealand
pr china
pr-china
puerto-rico
slovak
south africa
south korea
south-africa
south-korea
trinidad & tobago
united-kingdom
united-states
Dapi-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
api-ms-win-appmodel-runtime-l1-1-2
user32
api-ms-
ext-ms-
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
iE&xit
h&About ...
About pr2
MS Shell Dlg
pr2, Version 1.0
Copyright (c) 2021
Dialog
MS Shell Dlg
Cancel
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic Clean
MicroWorld-eScan Generic.Cryptor.X.C25762D1
FireEye Generic.mg.c2bd160e08dec3da
CAT-QuickHeal Clean
McAfee Clean
Cylance Unsafe
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Generic.Cryptor.X.C25762D1
K7GW Clean
Cybereason Clean
BitDefenderTheta Gen:NN.ZexaE.34058.HyZ@aa2Bxsli
Symantec Clean
ESET-NOD32 Clean
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:Backdoor.Win32.Androm.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Kryptik!1.D84E (CLASSIC)
Ad-Aware Generic.Cryptor.X.C25762D1
TACHYON Clean
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.hc
CMC Clean
Emsisoft Generic.Cryptor.X.C25762D1 (B)
Ikarus Clean
GData Generic.Cryptor.X.C25762D1
Jiangmin Clean
Webroot Clean
Avira Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Script/Wacatac.B!ml
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
VBA32 BScope.Trojan-Dropper.Injector
ALYac Generic.Cryptor.X.C25762D1
MAX malware (ai score=88)
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Suspicious PE
eGambit Clean
Fortinet W32/GenKryptik.FIIH!tr
Qihoo-360 HEUR/QVM10.1.07DD.Malware.Gen
Avast Clean
CrowdStrike Clean
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.