Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00002000	0x00026000	0x00025e00	6.24476222784
.sdata	0x00028000	0x0000102a	0x00001200	4.01050639838
.rsrc	0x0002a000	0x0002e9f8	0x0002ea00	5.62096807711
.reloc	0x0005a000	0x0000000c	0x00000200	0.101910425663
.idata	0x0005c000	0x00002000	0x00000200	1.14864242974
.themida	0x0005e000	0x004b0000	0x00000000	0.0
.boot	0x0050e000	0x002c7600	0x002c7600	7.95208370769

Name	Offset	Size	Language	Sub-language	File type
RT_CURSOR	0x0002b3d8	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	data
RT_CURSOR	0x0002b3d8	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	data
RT_CURSOR	0x0002b3d8	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	data
RT_CURSOR	0x0002b3d8	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	data
RT_CURSOR	0x0002b3d8	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	data
RT_CURSOR	0x0002b3d8	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	data
RT_CURSOR	0x0002b3d8	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	data
RT_BITMAP	0x0002b9f4	0x000000e8	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x0002b9f4	0x000000e8	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_BITMAP	0x0002b9f4	0x000000e8	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_ICON	0x00031214	0x00010828	LANG_ENGLISH	SUBLANG_ENGLISH_US	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x00031214	0x00010828	LANG_ENGLISH	SUBLANG_ENGLISH_US	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x00031214	0x00010828	LANG_ENGLISH	SUBLANG_ENGLISH_US	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x00031214	0x00010828	LANG_ENGLISH	SUBLANG_ENGLISH_US	dBase III DBT, version number 0, next free block index 40
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_STRING	0x000443a4	0x000002a0	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_RCDATA	0x00055828	0x00002092	LANG_NEUTRAL	SUBLANG_NEUTRAL	Delphi compiled form 'TWizardForm'
RT_RCDATA	0x00055828	0x00002092	LANG_NEUTRAL	SUBLANG_NEUTRAL	Delphi compiled form 'TWizardForm'
RT_RCDATA	0x00055828	0x00002092	LANG_NEUTRAL	SUBLANG_NEUTRAL	Delphi compiled form 'TWizardForm'
RT_RCDATA	0x00055828	0x00002092	LANG_NEUTRAL	SUBLANG_NEUTRAL	Delphi compiled form 'TWizardForm'
RT_RCDATA	0x00055828	0x00002092	LANG_NEUTRAL	SUBLANG_NEUTRAL	Delphi compiled form 'TWizardForm'
RT_RCDATA	0x00055828	0x00002092	LANG_NEUTRAL	SUBLANG_NEUTRAL	Delphi compiled form 'TWizardForm'
RT_RCDATA	0x00055828	0x00002092	LANG_NEUTRAL	SUBLANG_NEUTRAL	Delphi compiled form 'TWizardForm'
RT_RCDATA	0x00055828	0x00002092	LANG_NEUTRAL	SUBLANG_NEUTRAL	Delphi compiled form 'TWizardForm'
RT_RCDATA	0x00055828	0x00002092	LANG_NEUTRAL	SUBLANG_NEUTRAL	Delphi compiled form 'TWizardForm'
RT_RCDATA	0x00055828	0x00002092	LANG_NEUTRAL	SUBLANG_NEUTRAL	Delphi compiled form 'TWizardForm'
RT_RCDATA	0x00055828	0x00002092	LANG_NEUTRAL	SUBLANG_NEUTRAL	Delphi compiled form 'TWizardForm'
RT_RCDATA	0x00055828	0x00002092	LANG_NEUTRAL	SUBLANG_NEUTRAL	Delphi compiled form 'TWizardForm'
RT_GROUP_CURSOR	0x00057934	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_CURSOR	0x00057934	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_CURSOR	0x00057934	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_CURSOR	0x00057934	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_CURSOR	0x00057934	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_CURSOR	0x00057934	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_CURSOR	0x00057934	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_ICON	0x00057948	0x0000003e	LANG_ENGLISH	SUBLANG_ENGLISH_US	data
RT_VERSION	0x00057988	0x000003d4	LANG_ENGLISH	SUBLANG_ENGLISH_US	data
RT_MANIFEST	0x00057d5c	0x00000c9b	LANG_ENGLISH	SUBLANG_ENGLISH_US	XML 1.0 document, UTF-8 Unicode (with BOM) text

!This program cannot be run in DOS mode.

`.sdata

@.reloc

B.idata

.themida

KDBM(l

Y_c

Z?_d

_b`*

v4.0.30319

#Strings

Disponed

ExtensionAttribute

System.Runtime.CompilerServices

System.Core

System

mscorlib

CompilationRelaxationsAttribute

Boolean

RuntimeCompatibilityAttribute

DebuggableAttribute

System.Diagnostics

DebuggingModes

String

TargetFrameworkAttribute

System.Runtime.Versioning

Disponed.exe

FEyeIGEdJrCKktS7bw

wXwDD7RcJxpqFnsguC

Object

Chr_0_M_e

hXZoAUtBKjO5fPLloh

jRxGtweWXY1m4bjXlT

FileZilla

QpHJdvZ7WSyStqFo53

NordApp

CryptoProvider

CryptoHelper

StringDecrypt

EndpointConnection

Program

EvqdhNByHdeJafvoqf

EntryPoint

FileScanner

RecoursiveFileGrabber

AllWalletsRule

ArmoryRule

AtomicRule

BinanceRule

oLYK77rSiIvis7qu80

CoinomiRule

DesktopMessangerRule

DiscordRule

<GetTokens>d__2

ElectrumRule

EthRule

E_x0_d_u_S

GameLauncherRule

GuardaRule

mYDict

OpenVPNRule

ProtonVPNRule

ResultFactory

ParsingStep

MulticastDelegate

r83TGZqF9aGJCAZqg4

vTwYpR4RRtJQH5JIhq

DataBaseConnection

CommandLineUpdate

DownloadAndExecuteUpdate

DownloadUpdate

ITaskProcessor

OpenUpdate

TaskResolver

WjtJ0RxtbyynNAqUQY

Extensions

yUBjeZLZtPTgjndJ6n`2

K1RfuGatUKMbmREJ4r

GdiHelper

DeviceCap

sdEXLZWuG4R0pwiQca

GeoHelper

NativeHelper

AH6stHvcnMSbPaqtOa

UVbVvb7ExuCJQqGf4S

SystemInfoHelper

UbLGnoTiuNkYdkXW8g

FileCopier

FileScannerArg

FileScannerRule

IRemoteEndpoint

RecordHeaderField

ValueType

SqliteMasterEntry

TableEntry

Autofill

ScannedBrowser

ScannedCookie

Account

BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO

BCRYPT_KEY_LENGTHS_STRUCT

BCRYPT_OAEP_PADDING_INFO

BCRYPT_PSS_PADDING_INFO

HardwareType

UpdateAction

ScanningArgs

ScanDetails

SystemHardware

BrowserVersion

ScannedFile

UpdateTask

ScanResult

GeoInfo

GeoPlugin

LocalState

OsCrypt

__StaticArrayInitTypeSize=6

__StaticArrayInitTypeSize=10

__StaticArrayInitTypeSize=12

__StaticArrayInitTypeSize=14

__StaticArrayInitTypeSize=16

__StaticArrayInitTypeSize=18

__StaticArrayInitTypeSize=20

__StaticArrayInitTypeSize=22

__StaticArrayInitTypeSize=24

__StaticArrayInitTypeSize=28

__StaticArrayInitTypeSize=30

__StaticArrayInitTypeSize=32

__StaticArrayInitTypeSize=38

__StaticArrayInitTypeSize=40

__StaticArrayInitTypeSize=42

__StaticArrayInitTypeSize=44

__StaticArrayInitTypeSize=46

__StaticArrayInitTypeSize=48

__StaticArrayInitTypeSize=52

__StaticArrayInitTypeSize=58

__StaticArrayInitTypeSize=62

__StaticArrayInitTypeSize=72

__StaticArrayInitTypeSize=76

__StaticArrayInitTypeSize=78

__StaticArrayInitTypeSize=88

__StaticArrayInitTypeSize=90

__StaticArrayInitTypeSize=102

__StaticArrayInitTypeSize=114

__StaticArrayInitTypeSize=124

__StaticArrayInitTypeSize=144

__StaticArrayInitTypeSize=152

__StaticArrayInitTypeSize=154

__StaticArrayInitTypeSize=176

<Module>{4CFEA016-826C-4ED1-A989-1BF47982EBEE}

MoEWhesVhpKgvMvCUI

Pk5ixfPFeoGEV0S4OV

wllF38kSFCegrwKPTB

PsWROvw7qDtIrMKEIm

RZgmKjbaujfMFfKWsr

Y14Jg6SAB8GbCbq16c

Attribute

fZB8ZbjJZ6Mai281Q2`1

VpEGEFHNnkcZv9k4VF

RgeChKFY1DReQlAODA

uP3hm4KbqZeu71d1kQ

ceONQL2sqtqbnBfCsk

hO8Dod5MpvQN8LRfGy

rKvH9YOYeJFf1rSQMo

B1JpMZcdxASB6ZAmUm

Wmnq6biZaBKDd2txBv

bgkx6CghyLjek5iSGq

JFxOaXpg0wbkWZTyh5

dn8SOFXLKeZP4dbYbg

<PrivateImplementationDetails>{E2A93ED1-FF0F-4C85-8CB5-360A695FBE3D}

__StaticArrayInitTypeSize=256

__StaticArrayInitTypeSize=64

List`1

System.Collections.Generic

IList`1

profiles

IEnumerator`1

Enumerator

Func`2

IntPtr

Enumerable

System.Linq

Select

IEnumerable`1

GetEnumerator

get_Current

RuntimeHelpers

InitializeArray

RuntimeFieldHandle

FileInfo

System.IO

get_Directory

DirectoryInfo

FileSystemInfo

get_FullName

Contains

IsNullOrEmpty

get_Chars

ToString

ToUpper

Remove

Concat

Func`1

MoveNext

IDisposable

Dispose

IEnumerator

System.Collections

Exception

If2NmFTgE

Combine

Exists

IsNullOrWhiteSpace

op_Inequality

BMFY8uJ8R

DateTime

StartsWith

Convert

ToInt64

get_Now

AddMonths

get_Ticks

dlUuAs3qv

w1sot1XDQ

Replace

ToInt32

IKS6WW1nb

FromBase64String

MakeTries

success

Invoke

DVqVOWfuP

StringSplitOptions

ToArray

ReadAllText

hDUYZCkuGm

UvsYQqtodn

XLSYfgQNXl

Hu1YyYD8XR

udlYEXhuXs

NMRYM9PGGi

P8GYHY229m

OR3YmxtQji

qnaY5GiM1M

TeUYDIQsYn

S7FYIBGrbv

.cctor

YnEYeJ9ZH3

Environment

ExpandEnvironmentVariables

IGnYGLNvLT

get_Count

IF4YrNbKN1

cM2YivvjJ3

k8cY8vslVG

GetFolderPath

SpecialFolder

Format

AddRange

pTmJJpKwl

XmlTextReader

System.Xml

XmlDocument

XmlReader

get_DocumentElement

XmlElement

XmlNode

get_ChildNodes

XmlNodeList

get_ItemOf

TZd18jLU4

get_Name

op_Equality

get_InnerText

Encoding

System.Text

get_UTF8

GetString

eX7TGnSu2

GeckoRoamingName

profilesDirectory

GeckoLocalName

tDSYkcq2UE

B7LYxUNo9e

lJRY7hAXGj

get_Exists

GetDirectories

SelectSingleNode

BCryptOpenAlgorithmProvider

UInt32

phAlgorithm

pszAlgId

pszImplementation

dwFlags

bcrypt.dll

BCryptCloseAlgorithmProvider

hAlgorithm

BCryptGetProperty

hObject

pszProperty

pbOutput

cbOutput

pcbResult

MHCSEOioH

BCryptSetProperty

BCryptImportKey

hImportKey

pszBlobType

pbKeyObject

cbKeyObject

pbInput

cbInput

BCryptDestroyKey

BCryptDecrypt

pPaddingInfo

Decrypt

bMasterKey

chiperText

GetEncoding

GetBytes

zPOp8uAqW

uIdBs3u2M

CryptographicException

System.Security.Cryptography

Marshal

System.Runtime.InteropServices

FreeHGlobal

JKQU4PNh4

BitConverter

jHospR3hN

get_Unicode

s9Z3IkuKr

AllocHGlobal

K42aKuvuf

arrays

Buffer

BlockCopy

DecryptBlob

EncryptedData

DataProtectionScope

System.Security

dataProtectionScope

entropy

ProtectedData

Unprotect

GetMd5Hash

source

MD5CryptoServiceProvider

get_ASCII

HashAlgorithm

ComputeHash

mtdh5WEuS

get_Item

CultureInfo

System.Globalization

get_InvariantCulture

IFormatProvider

ICollection`1

G1GFBHg67

StringBuilder

get_Length

Append

iaKCir2W0

wnWX6UMqX

stringKey

L7Cdbv6Cm

RequestConnection

address

ChannelFactory`1

System.ServiceModel

EndpointAddress

Binding

System.ServiceModel.Channels

CreateChannel

TryGetConnection

TryGetArgs

TryVerify

result

TryGetTasks

remoteTasks

TryCompleteTask

taskId

SuppressFinalize

managed

IClientChannel

ICommunicationObject

kt5AHnUcB

Execute

ThreadStart

System.Threading

Thread

set_IsBackground

SeenBefore

Directory

CreateDirectory

zgkYqKfpCU

jWtYcfadoV

MessageBox

System.Windows.Forms

DialogResult

MessageBoxButtons

MessageBoxIcon

Message

scannerRules

GetFiles

SearchOption

FindPaths

baseDirectory

maxLevel

patterns

TryParse

GetLogicalDrives

rootPath

searchOption

searchPatterns

EnumerateDirectories

GetFolder

scannerArg

filePath

GetScanArgs

bHPRNZQLd

nxPgK4N2n

KeyValuePair`2

browserPaths

get_NewLine

get_Key

get_Value

E3pYOR3hA4

NToY2gBS4p

qDCYWAoBxB

BgUY9H7HW8

GUZYls1kUv

HkNvNO13Q

get_PassedPaths

set_PassedPaths

fileInfo

PassedPaths

GetTokens

<>1__state

<>2__current

<>l__initialThreadId

get_CurrentThread

get_ManagedThreadId

System.IDisposable.Dispose

System.Text.RegularExpressions

Matches

MatchCollection

AppendLine

System.Collections.Generic.IEnumerator<ScannedFile>.get_Current

System.Collections.IEnumerator.Reset

NotSupportedException

System.Collections.IEnumerator.get_Current

System.Collections.Generic.IEnumerable<ScannedFile>.GetEnumerator

System.Collections.IEnumerable.GetEnumerator

IEnumerable

System.Collections.Generic.IEnumerator<ScannedFile>.Current

System.Collections.IEnumerator.Current

RegistryKey

Microsoft.Win32

Registry

CurrentUser

OpenSubKey

GetValue

Reverse

L40n8mmM7

Random

OrderBy

IOrderedEnumerable`1

sl9HSDF234

settings

AKSFD8H23

asdkadu8

get_UserDomainName

get_UserName

sdfo8n234

Assembly

System.Reflection

GetExecutingAssembly

get_Location

sdfi35sdf

InputLanguage

get_CurrentInputLanguage

get_Culture

get_EnglishName

asd44123

GetTypeFromHandle

RuntimeTypeHandle

Binder

Microsoft.CSharp.RuntimeBinder

Microsoft.CSharp

CallSiteBinder

CSharpBinderFlags

CallSite`1

Func`3

CallSite

Create

Target

CSharpArgumentInfo

CSharpArgumentInfoFlags

InvokeMember

fdfg9i3jn4

TimeZoneInfo

get_Local

get_DisplayName

sdf934asd

asdk9345asd

a03md9ajsd

asdk8jasd

ToList

askd435

sdi845sa

get_Actions

set_Actions

Actions

object

method

BeginInvoke

IAsyncResult

AsyncCallback

callback

EndInvoke

__result

aRRYPrWCn1

hyfYb5I1nH

OU9YwR4yyd

lufYji84rr

sHyyOWR9t

HDHEhQyia

UInt64

JG2ZoyN4y

hF6eH9D5m

Fields

vC9GC9TgZ

B0PrVeB1G

get_RowLength

fileName

ReadAllBytes

ParseValue

rowIndex

fieldName

ToLower

CompareTo

rowNum

GetRowCount

pnEL73C6y

Resize

get_BigEndianUnicode

YZMtnUFmd

ReadTable

tableName

Compare

StringComparison

IndexOf

Substring

TrimStart

i3R0dFjk8

Fo94sswMs

MbRQIqRp3

QPsfrRBpX

RowLength

IsValidAction

action

Process

updateTask

ProcessStartInfo

set_UseShellExecute

set_CreateNoWindow

WaitForExit

WebClient

System.Net

DownloadFile

set_WorkingDirectory

set_FileName

DownloadData

WriteAllBytes

iLvigv7O7

v078ZeZMv

ServicePointManager

get_SecurityProtocol

SecurityProtocolType

set_SecurityProtocol

get_ServerCertificateValidationCallback

RemoteCertificateValidationCallback

System.Net.Security

Delegate

set_ServerCertificateValidationCallback

get_TaskProcessors

get_Result

ReleaseUpdates

TaskProcessors

Result

CC3uKLTYZB

NgjuNGS2vn

RVeYzHnXGb

X509Certificate

System.Security.Cryptography.X509Certificates

X509Chain

SslPolicyErrors

DistinctBy

property

GroupBy

IGrouping`2

aaOuogoIf7

cKVuui3bJS

h1RuY92MJj

ChangeType

StripQuotes

ContainsDomains

domains

SelectMany

ReplaceEmptyValues

jBpib0JDSUaSrntsy8

v0rSr3AbdqPiE6A2wX

EsiuJfC5Or

X7vu1ge7kr

y4PuTF7xa9

RCTu60CotV

RFquV8UcRf

rghMcOgSU

JavaScriptSerializer

System.Web.Script.Serialization

System.Web.Extensions

get_JSON

set_MaxJsonLength

FromJSON

Deserialize

ToJSON

Serialize

dTFHwUXqf

GetDeviceCaps

gdi32.dll

GetWindowsScreenScalingFactor

Double

percentage

Graphics

System.Drawing

FromHwnd

GetHdc

ReleaseHdc

MonitorSize

Rectangle

Screen

get_PrimaryScreen

get_Bounds

get_Width

get_Height

get_Size

Bitmap

InvokeConstructor

Func`5

GetMember

FromImage

set_InterpolationMode

InterpolationMode

System.Drawing.Drawing2D

set_PixelOffsetMode

PixelOffsetMode

set_SmoothingMode

SmoothingMode

Action`5

s8jmNV4lR

MemoryStream

ImageFormat

System.Drawing.Imaging

get_Png

Stream

value__

VERTRES

DESKTOPVERTRES

RVYuSt14bT

zgJup9O4Fq

UBZuBNgAQ9

HHKuUuUI1L

oRo54spog

LoadLibrary

kernel32.dll

sBMD8kAT6

FreeLibrary

uvFI7dPSn

GetProcAddress

XiL7AJeHg

uPQT8lmocgDbdLEy93

GetDelegateForFunctionPointer

nCmdShow

CreateBind

BasicHttpBinding

set_MaxBufferSize

set_MaxReceivedMessageSize

set_MaxBufferPoolSize

TimeSpan

FromMinutes

set_CloseTimeout

set_OpenTimeout

set_ReceiveTimeout

set_SendTimeout

set_TransferMode

TransferMode

set_UseDefaultWebProxy

set_ProxyAddress

XmlDictionaryReaderQuotas

System.Runtime.Serialization

set_MaxDepth

set_MaxArrayLength

set_MaxBytesPerRead

set_MaxNameTableCharCount

set_MaxStringContentLength

set_ReaderQuotas

BasicHttpSecurity

set_Mode

BasicHttpSecurityMode

set_Security

GetProcessors

ManagementObjectSearcher

System.Management

ManagementObjectCollection

ManagementObjectEnumerator

ManagementObject

ManagementBaseObject

GetGraphicCards

ToUInt32

GetFirewalls

GetBrowsers

LocalMachine

GetSubKeyNames

FileVersionInfo

GetVersionInfo

get_FileVersion

GetSerialNumber

ListOfProcesses

GetCurrentProcess

get_SessionId

GetProcessesByName

ListOfPrograms

AvailableLanguages

get_InstalledInputLanguages

InputLanguageCollection

TotalOfRAM

ToDouble

GetWindowsVersion

get_Is64BitOperatingSystem

aWbkDakIa

RTuua1hAZq

tg2uhPLO6R

aaXuFGI9Yc

FPousWGL9e

NCBu3U23i2

LiQqb34by

q429OY1VL

r9dxyV8BC

CopyFile

CreateShadowCopy

GetTempFileName

syCceDepx

ChromeGetName

ChromeGetRoamingName

ChromeGetLocalName

Delete

r2ZlmYVeW

nbEOm4M89

nw421arK8

VRtWOE1vo

get_Tag

set_Tag

set_Directory

get_Pattern

set_Pattern

get_Recoursive

set_Recoursive

Pattern

Recoursive

r6IbCSuaZ

set_Name

CheckConnect

GetArguments

VerifyScanRequest

GetUpdates

VerifyUpdate

updateId

ItemName

RootNum

SqlStatement

Content

v6APf1K7i

nk4w7u4qA

set_Value

OfHjX35gT

fxUzCmFVW

M55NKkcSkG

YNTNNgQWvK

bdTNYo5bLs

hCjNu79q7k

get_BrowserName

set_BrowserName

get_BrowserProfile

set_BrowserProfile

get_Logins

set_Logins

get_Autofills

set_Autofills

get_CC

set_CC

get_Cookies

set_Cookies

IsEmpty

BrowserName

BrowserProfile

Logins

Autofills

ANtNojxmRk

iS4N6Wu86L

tK3NVdm2WX

zRYNJfA0nw

ymZN1t7mFo

tC2NToWqEj

wMeNSOjmLW

get_Host

set_Host

get_Http

set_Http

get_Path

set_Path

get_Secure

set_Secure

get_Expires

set_Expires

Secure

Expires

coBNpvb8YQ

cJYNBGSOgr

yyfNULtkQ6

X1aNsUZHiN

get_HolderName

set_HolderName

get_Month

set_Month

get_Year

set_Year

get_Number

set_Number

HolderName

Number

eZ2N3OjMwj

neRNa3ei7W

wEPNhp3cMm

get_URL

set_URL

get_Username

set_Username

get_Password

set_Password

Username

Password

BCRYPT_INIT_AUTH_MODE_INFO_VERSION

cbSize

dwInfoVersion

pbNonce

cbNonce

pbAuthData

cbAuthData

pbMacContext

cbMacContext

cbData

SizeOf

dwMinLength

dwMaxLength

dwIncrement

pbLabel

cbLabel

cbSalt

Processor

Graphic

Download

DownloadAndEx

OpenLink

dkxNFFQ4HP

zZfNCIr6cK

m2YNXlLUqL

mXbNdJKdo4

YhdNAHRK6a

kEONRxgoaI

PonNgQtZTr

tjlNvbThZ9

i0hNnuoIBE

UtPNLplmNo

cq3Nt0iHs6

bIBN0o9CUk

FIgN4MMiU3

fA1NQUlAgC

get_ScanBrowsers

set_ScanBrowsers

get_ScanFiles

set_ScanFiles

get_ScanFTP

set_ScanFTP

get_ScanWallets

set_ScanWallets

get_ScanScreen

set_ScanScreen

get_ScanTelegram

set_ScanTelegram

get_ScanVPN

set_ScanVPN

get_ScanSteam

set_ScanSteam

get_ScanDiscord

set_ScanDiscord

get_ScanFilesPaths

set_ScanFilesPaths

get_BlockedCountry

set_BlockedCountry

get_BlockedIP

set_BlockedIP

get_ScanChromeBrowsersPaths

set_ScanChromeBrowsersPaths

get_ScanGeckoBrowsersPaths

set_ScanGeckoBrowsersPaths

ScanBrowsers

ScanFiles

ScanFTP

ScanWallets

ScanScreen

ScanTelegram

ScanVPN

ScanSteam

ScanDiscord

ScanFilesPaths

BlockedCountry

BlockedIP

ScanChromeBrowsersPaths

ScanGeckoBrowsersPaths

NnWNfKE330

J3CNy7uhIS

FFSNEwoJT3

vlyNZJUU2L

IsFNeb7FOr

V4oNGGdrJD

HrRNrgnSMr

wYxNiLjTEm

XtON8xmuUO

vpZNM7i0NK

xCxNHJaamr

RxCNmQ9ppV

AcFN5ipWp5

jHvNDhYA05

aCLNI2FfDV

CgZN772Uo7

get_SecurityUtils

set_SecurityUtils

get_AvailableLanguages

set_AvailableLanguages

get_Softwares

set_Softwares

get_Processes

set_Processes

get_SystemHardwares

set_SystemHardwares

get_Browsers

set_Browsers

get_FtpConnections

set_FtpConnections

get_InstalledBrowsers

set_InstalledBrowsers

get_ScannedFiles

set_ScannedFiles

get_GameLauncherFiles

set_GameLauncherFiles

get_ScannedWallets

set_ScannedWallets

get_NordAccounts

set_NordAccounts

get_Open

set_Open

get_Proton

set_Proton

get_MessageClientFiles

set_MessageClientFiles

get_GameChatFiles

set_GameChatFiles

SecurityUtils

Softwares

Processes

SystemHardwares

Browsers

FtpConnections

InstalledBrowsers

ScannedFiles

GameLauncherFiles

ScannedWallets

NordAccounts

Proton

MessageClientFiles

GameChatFiles

nN5NkmCH71

wutNxUrBCb

XayNchhUni

get_Counter

set_Counter

get_HardType

set_HardType

Counter

HardType

stENqv2jla

G19N9KKLHl

RQiNlKVe9s

get_NameOfBrowser

set_NameOfBrowser

get_Version

set_Version

get_PathOfFile

set_PathOfFile

NameOfBrowser

Version

PathOfFile

vD7NOsE3OB

oUrN2MuC8B

RajNWJMNjs

VQXNb42tX1

Wx8NPGEl91

filename

get_NameOfFile

set_NameOfFile

get_Body

set_Body

get_NameOfApplication

set_NameOfApplication

get_DirOfFile

set_DirOfFile

NameOfFile

NameOfApplication

DirOfFile

Q7jNwS2HVg

zGeNjYFEwo

lkVNzFOBuT

q5RYKLHV07

get_TaskID

set_TaskID

get_TaskArg

set_TaskArg

get_Action

set_Action

get_DomainFilter

set_DomainFilter

TaskID

TaskArg

Action

DomainFilter

V8jYNJaShw

JaKYYMbWy9

x36Yu8nlyA

RMyYo9nVS8

JSOY6MxFeI

YAtYVV0dxI

gNUYJndKHq

PUSY1NnWTe

wq2YTKo45Q

MuHYSRv1DF

UZFYpAEqZN

DbjYBnwIZg

QwPYUZKXMe

JqyYskrZjt

W0MY3S3QOO

get_Hardware

set_Hardware

get_ReleaseID

set_ReleaseID

get_MachineName

set_MachineName

get_OSVersion

set_OSVersion

get_Language

set_Language

get_Resolution

set_Resolution

get_ScanDetails

set_ScanDetails

get_Country

set_Country

get_City

set_City

get_TZ

set_TZ

get_IPv4

set_IPv4

get_Monitor

set_Monitor

get_ZipCode

set_ZipCode

get_FileLocation

set_FileLocation

get_SeenBefore

set_SeenBefore

Hardware

ReleaseID

MachineName

OSVersion

Language

Resolution

Country

Monitor

ZipCode

FileLocation

QHcYa3XLDl

xWTYhSbuBP

RQTYFe9n0H

BDvYCx4ENK

get_IP

set_IP

set_Location

get_PostalCode

set_PostalCode

Location

PostalCode

shGYX5xrp1

K3WYd3gP0N

Q74YAICn32

Xj6YRx1iXU

kYrYgiVZCY

aUSYvrmu3X

get_geoplugin_request

set_geoplugin_request

get_geoplugin_city

set_geoplugin_city

get_geoplugin_region

set_geoplugin_region

get_geoplugin_countryCode

set_geoplugin_countryCode

get_geoplugin_latitude

set_geoplugin_latitude

get_geoplugin_longitude

set_geoplugin_longitude

geoplugin_request

geoplugin_city

geoplugin_region

geoplugin_countryCode

geoplugin_latitude

geoplugin_longitude

EUhYnfSKst

QR8YLKVk45

fxkYtQFvk9

get_postal_code

set_postal_code

get_ip

set_ip

get_country_code

set_country_code

postal_code

country_code

Id8Y0j5GeN

get_os_crypt

set_os_crypt

os_crypt

eMlY4vXDYs

get_encrypted_key

set_encrypted_key

encrypted_key

007A56C60CB686C542C5A63F4806094A4F9494B7

00D675BCFF1D9FECDD0CA29C78CB6A24748C8788

0120863AC3B080C82E4A63FF1C012D6F1F216979

0410277C15CAD5E63A25F491DAEEF493B897678B

04EC68A0FC7D9B6A255684F330C28A4DCAB91F13

085EF559935ACAE54FCEBE778C7DE9948289EEDA

0E5921723BD3C6CB75662A156FB56AF05A7152C6

1076B53156E190E9BCBE281016712F2D3F02D3B4

1558D1AECB3B09D208F6718AB18D24E2F6DF5828

1674D4347598B476FA761898A499DB4C02053102

17C588718030CA902BC760013FE165199AD1C85F

18B532EF2959EF2ED8C549D712E3446FF49E4287

1FD54CE7DFC413755F07B7B76B1B118B3B2F3844

20CB5B8963ECE3D796594F043D66C0E0BAD86669

24745D8330E61F986032C2034A579B0B80181594

2A92E2F98903398CD12F10BDF583F44C2C6EEBF5

2ADC9207E27E1E7B3C16C7A8A6F212757DCFE863

2B9522D4F7398AB5DB789596FE5DB90589B031E9

2FBDC611D3D91C142C969071EA8A7D3D10FF6301

359A00EF6C789FD4C18644F56C5D3F97453FFF20

387D8DBBFB12BA323F1E0F1F539B4DA9550070C3

38F431A549411AEB32810068A4C83250B2D31E15

3DB6DAD76E13B54DC03AF1C6092C40388E57FBBF

3EEECA8C90CAA62AB5F9CCDD8715DA5023F4BA00

3F6BA22DF7E6EB52DA3166FB3020D155A2776ED2

3F97CA5BE7FE9C129528F72AF4DFC001E9A3D047

4369729D8B79D0C651E00137A3B22A1A24DEBB4C

459812D18B50C8E5F96831EFD700F962F692D29E

46884713B2F882E5304A1FF1B16370575A53E434

46F273EF641E07D271D91E0DC24A4392582671F8

4956BACC797B0C6C013C7E4846581396C9EF0D8E

4B05CEBD7D70F1607D474CAE176FEAEB7439795F

4C1117B01D5C4E103EE817F889EC547C63B47B7A

4CDA4454A3C36A7EBDCF8FE8B804B379A31D33CA

4E3D7F188A5F5102BEC5B820632BBAEC26839E63

4EC18FAB222C9FF2E5161F21A90F187D5D98E042

4EF472E2E74116C7FD95C74AB422CCF80DB1C404

501BADE98ACDE8BF4A0424FD9A4354615FF08C7F

53BC7B81AC10B7341D170997DB2266FA0D71C1E0

571B1023DF3ABFB94C92465B365B1814FEBFAB3E

57F4CB785574C3A09AF99937BF91EA2C31E37C8A

5BB3788A197C26B8310159EC9A81635814ABB05B

5F2F91D44A21E42A979E24B620CF42F2CB8687EC

66AC11F7A6BA80682D713682C531A74CE1550B1D

67CD3B1DF0AD5BAEAA1ABDDA3FCAFB2EEBDD2684

6F66485AF823BAE1F185740DA7F4F595701CD22E

703C0129D2425B4E51361C24EBE8A0042E483AC5

71E427369E07185AE0407E3FAB1A16ED62BD159E

77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60

79E9B68FB6E1987DED749BCD71143BD8EB323CE3

80E5A0A2B81DB2473AFBB3FDD6F479670B7B41C6

81E046FA1D93B661CC948A4DD1E01F20D6192E9B

855FED6E03442FBB3AF914FFBFA9DA82813817A1

8743F6DD6877BBC815E9F16BEC59057DD1A89B0A

89597D644F71E5F46E2E63751A3C5F94FCFCD516

89C95FB6F8086AFCCD50B1B257669F2B17C047B7

8C49F78A06E711CF0E21134D0B091985336CC37F

95098CDF929872F9B67E58070D088F8238F7CABE

96D6CB223DCF17F7C9F93C825239BDAA3634674A

989657DD93570810E43C5B1F68E529460CA796F1

9B88C78E81ADB9E7247AB37D1F5F3861810916D8

9D9AF3AE11A58D55EB8A6AEC8F03F7AD01E8994B

A3EFD00EA085079EE7F97407F8EFF07E3990696A

A8A5F2DC86E781EC7360D1DDBE09F80EEECE48EA

A8F9B62160DF085B926D5ED70E2B0F6C95A25280

A9139732ED4CF84F8CE948DCB134114E4F24598A

A937C899247696B6565665BE3BD09607F49A2042

A9B6DE7C485B3014653A30C8B4BEFA8F70610178

B14822E504AE1EF678AE0E823684D7B32F95A725

B14D74C51EAE4F88FBF39B8BD07DA392799FCAAF

B2EB15883388285C96FCF1CD87620F26DA5A6BF3

B5B4FA236B87DBCD8055443F05776B10DDEFA5CD

BEDDFAEB0360B1694AB8CD2A69986414790A1D9A

C1B005D0B122F7297BE8C0A68C739049E1D1C94B

C39241F447680C35D3966F9446AAE6D462E04AD3

C58D707276695E733863DD82C6DF4DF66A3AD49C

C65515937CF3E8EBE3C3FC981DC02EF6D36A9E53

CA800E6788E431A0A8BC7A47AE9929225FEE5702

CE18B047107AA23D1AA9B2ED32D316148E02655F

D67333042BFFC20116BF01BC556566EC76C6F7E2

D7DC31ED4320E74979DEC780486CF9586470608F

D82572C56BDDD62E320B8BDAF0397A0DF9DD5BF7

DF08DD4DFFDB6C9048202CAE65882EF91ECE6BA8

DF2BDC3975DC25BFAFFA4976E9CD1E38AADF463B

E0CEB3E46E857A70CFB575A05B01A64806A8D426

E3E8284EDCB98A1085E693F9525A3AC3D705B82E

E63C93C721909983D6276C980CFF923987A4D2AA

E705C6345C26AF82E64D22DBE44B2A3514F2F06F

EB1349E7340F525AD3415F68FF2122BA8CAC3682

EB14352FBADB40E2FA237D444A6575B918573C43

EB2DB456E0D779E528D1474FA55AC99055A5E815

EB7EF1973CDC295B7B08FE6D82B9ECDAD1106AF2

EBD075615CBE4A710F9410FFECEAF6110A01922B

F413CEA9BAA458730567FE47F57CC3C94DDF63C0

F6D3693E1C1902D55B9438ED1414AC12A2B4E5F9

FB77AA8CDAF4D2192696350B7AB546B533467477

FB9B7F75FCE124A01CC281A8F6810C5AA65607C0

FD4C77C0C4405C6A46E5C3CE53E0AE6BAEE7746D

FE2C2369398F2E9CCEE2214F4E86D8EFDE954FAF

FE79FF373808574898C82AC1320C55C1182FB75A

rXguCyiSRr

Module

rZ6Gkh33qE1mj

typemdt

FieldInfo

MethodInfo

ResolveType

GetFields

MemberInfo

get_MetadataToken

ResolveMethod

MethodBase

CreateDelegate

SetValue

get_Assembly

get_ManifestModule

yUTuc0C3kl

t9juWmJiLd

gijubd8iXv

YLEoNA3uox

eUeoYpgtEq

K0noVnWshQ

XqKoTCHC6c

stroSvoB4P

MgWopQYA4Y

AMjoUU8l2U

XuGosmAxCS

kmkuwTKdlE

UQUu9u8ZDZ

kHHoutsFMw

SortedList

PUWoKK3O5d

LPruPFO8wm

ROKuqIfNWb

nw0ulw6G6V

Weuo6O7LDb

hKlo18uA1N

mUQujDQsfV

BaOuOA4oKx

AC8oBv5tML

OPCuzwa69R

tcTu2kNMix

kwQooKthVW

QXHoJnmcvC

cpyo3E2Qns

Hashtable

RSACryptoServiceProvider

set_UseMachineKeyStore

OsjGkh3et12Eq

mbnuX3xQ7x

nHfudY6T8g

UInt16

KciuA8kZIl

p22uRYTN9S

eV7ug3Vg5N

WAmuvcwwYG

y97untUMbP

cCruL4CPqg

SymmetricAlgorithm

AesCryptoServiceProvider

RijndaelManaged

Activator

CreateInstance

ObjectHandle

System.Runtime.Remoting

Unwrap

dRiut5jMiy

CryptoConfig

get_AllowOnlyFipsAlgorithms

nUcu0HmFJ5

Ck5uQ3ZtQR

zn3uf687A9

ICryptoTransform

BinaryReader

CryptoStream

CryptoStreamMode

EfouyilSWD

ATIuELEXr9

PUruZVtvMr

l9yuey3bF3

GetMethod

AnCuG8UvXU

GetName

AssemblyName

get_CodeBase

GetType

GetProperty

PropertyInfo

tEfur2mgVi

FileStream

FileMode

FileAccess

FileShare

CQDuiYSlOy

set_Key

set_IV

CreateDecryptor

pIku878U2D

ELiuMwVynC

wLTuH3130O

kWIumoZXri

xyUu5K15mk

YXSuDa6C2T

fFmuIcE2k6

QNcu7YcOyo

ItCukJ6jQw

x9ouxXCqMs

yP18ff1sKRO8GvUf6O

GetManifestResourceStream

zcuQYGTL50YQ23hYm0

get_BaseStream

Yiwir7FBHk0UcX77XQ

set_Position

U6mpS7pmY0RrR9TxnT

xRpYgYhDjX5fZnEw61

ReadBytes

adXTkSZcxyf3Zj49AV

Tu2GGvoa62fiFiURmu

x3OJjiltXBcPvZKGij

wVlEj2OpKbAVIda6Xk

GetPublicKeyToken

HtOJa9q6RsIr26iuPi

hetmfDykbig71lP3MP

CipherMode

tq1fftQ6pmBVDfKV6R

D04MZhisFUv3fpktOt

JGERVNCshemdsCFICf

FlushFinalBlock

h1AAgbBR9mq1pLfMCi

svZajk8FSXGPFCWam6

GZA6R7gsFcS63HsSWx

IXtducKhV0WrSCPFLK

Km6ka9DJ2Nomtw3xqt

LKc4omcoS5WKowHOHr

gkCvebvBnQyVKhV8Sv

JYxkhFygItjUtIg5f1

Aefoael9Mo

CreateEncryptor

ToBase64String

classthis

nativeEntry

nativeSizeOfCode

vbAohIpjIs

xQ2oFCw6kB

JJXoCVNm7j

EwZGkh3zJ6x1O

tB0ogLSrux

cEKov0KbFy

RHSone7qQ1

NeooLUsLuM

PYFodJepJo

U48oAioUtd

GetManifestResourceNames

MlloRJHyZ2

ResolveEventArgs

AppDomain

get_CurrentDomain

ResolveEventHandler

add_ResourceResolve

kLjw4iIsCLsZtxc4lksN0j

zS40uHWLcfQDqa39Jr

S5toyBLnVAmEQ5fQk7

D53xauBPgnvc371VdK

rZ1hrliYcftdPdG7tm

siHWrHbFqoEoQYAwix

NKyoC39pNv1estMGiA

M60NCVfPd3xTiZQfsf

AYO7YOd3MhDqVqg2aV

axSgXXT0Sb7Km6Umk5

gAhAHujvCip7tlYNNK

cw01Prvwnd10NbOY2x

K1Aot7bWNE

IsLittleEndian

O3Lo0xBqxL

wbto4A299F

bdkoQZPC5Y

h3tofF6ONk

s6poyQWYl9

q4ToEcfFQg

xLyoZWuJpc

hNRoeZYvNk

RtQoGWJCwy

eFborWdKEW

D8ioiLfNwy

NqOo8OEnJj

JU6oMirgU3

eyuoHvmdFF

nEVomJfYvU

Hbeo5O8sgk

GhJoD5dask

q1SoIqtH2i

jRio7xPwlO

zsCokJm4Jm

$$method0x6000007-1

$$method0x6000020-1

$$method0x6000020-2

$$method0x600002a-1

$$method0x600002a-2

$$method0x6000039-1

$$method0x600005f-1

$$method0x600027b-1

1Oafj8klytYqlTgmsy.ot5m8iRGsoKl6CkTCJ

BOkyAtYcNCKhs3TNDJ.a09UQZMUKOPpkbLQWi

UnverifiableCodeAttribute

ParamArrayAttribute

CompilerGeneratedAttribute

DynamicAttribute

ReliabilityContractAttribute

System.Runtime.ConstrainedExecution

Consistency

ServiceContractAttribute

OperationContractAttribute

DataContractAttribute

DataMemberAttribute

EnumMemberAttribute

DebuggerHiddenAttribute

UnmanagedFunctionPointerAttribute

CallingConvention

FlagsAttribute

System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

SkipVerification

WrapNonExceptionThrows

.NETFramework,Version=v4.0

FrameworkDisplayName

.NET Framework 4

Endpoint

CheckConnect

EnvironmentSettings

SetEnvironment

GetUpdates

VerifyUpdate1

AutofillT

Namespace

BrowserExtension

Value7

ScannedBrowserT

Namespace

BrowserExtension

BrowserName

BrowserProfile

Logins

Autofills

Cookies6

ScannedCookieT

Namespace

BrowserExtension

Secure

Expires+

Namespace

BrowserExtension

HolderName

Number0

AccountT

Namespace

BrowserExtension

Username

Password

HardwareType

RemoteTaskAction5

ScanningArgsT

Namespace

BrowserExtension

ScanBrowsers

ScanFiles

ScanFTP

ScanWallets

ScanScreen

ScanTelegram

ScanVPN

ScanSteam

ScanDiscord

ScanFilesPaths

BlockedCountry

BlockedIP#

ScanChromeBrowsersPaths"

ScanGeckoBrowsersPaths4

ScanDetailsT

Namespace

BrowserExtension

SecurityUtils

AvailableLanguages

Softwares

Processes

SystemHardwares

Browsers

FtpConnections

InstalledBrowsers

ScannedFiles

GameLauncherFiles

ScannedWallets

Proton

MessageClientFiles

GameChatFiles7

SystemHardwareT

Namespace

BrowserExtension

Counter

HardType7

BrowserVersionT

Namespace

BrowserExtension

NameOfBrowser

Version

PathOfFile4

ScannedFileT

Namespace

BrowserExtension

NameOfFile

NameOfApplication

DirOfFile3

UpdateTaskT

Namespace

BrowserExtension

TaskID

TaskArg

Action

DomainFilter3

ScanResultT

Namespace

BrowserExtension

Hardware

ReleaseID

MachineName

OSVersion

Language

ScreenSize

ScanDetails

Country

TimeZone

Monitor

ZipCode

FileLocation

SeenBefore

GeoPlugin

geoplugin_request

geoplugin_city

geoplugin_region!

geoplugin_countryCode

geoplugin_latitude

geoplugin_longitude

postal_code

country_code

LocalState

os_crypt

OsCrypt

encrypted_key

RZgmKjbaujfMFfKWsr.PsWROvw7qDtIrMKEIm+Y14Jg6SAB8GbCbq16c+fZB8ZbjJZ6Mai281Q2`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]

K_Zs=E

uK%nF-

}#=D'&%

a*R_|

)ZE#dG

Fd3lw!

:aVFcm

=-/:K\

iEhgDT+

sX8'#h>

*W[OeFwaw

<fqx;`

ly7"xvAF#c

q7dKff

MQfP~O

dm>&}V

esYdR4

_]R>W8

Wbso!'~S5w#6k

f6b.6

e_pF<g

_CorExeMain

mscoree.dll

Rfhn M

wwwwwwwwwwwww

wwwwwwwwwwwwwp

wwwwwwwww

wwwwww|

PMK%_YV1f_[:f_\;`YW1QML%321

MLL'QQQ3SSS<XWWD\[[K_^]R`_^W_^^X_^^R]\\KXXWDTSS<RRR3NMM'@@@

(GGGCvvvf

xxxgIIID)

ojjkB...

NNN/xww_

|{{`PPQ/+*+

qot??>B

-0"""3%%%6))):,,,=--->---?,,,=))):%%&6""#3 0

FFF&XXX/eee8onnAutsIwvvPzxxW~||]

}|]{yyWxwvQuttIpooAgff8ZZZ/HHH&/..

+@@@9]]]IrrrX

htttY___ICCC:!!!,

778!>>>*GGG5QPPB]]]Pnnna~~~t

upoob__^QRRRBIHH5???*989!434

>>?'YYZ7popI

\rrrI\\\8AAA(

!;:<1[[\Gttu_

zwww`]]]H===2

GFG&XWW5hggGyxx\

u{zz]jijHYYY6III'444

! ! IHI3jijK

gmmmKKKK4""#

///&POP<kjkW

wnnnWSSS<101&

GGG%eee:zyyR

n}}}Shhh:JJJ%

,+,'eeeD

khhiE/./(

IIJ0ccdH

mgfgIMLM0>=>&&&

??@%fef=

]iij=BBC%

??@'\\]A

d``aBAAB(

TST*popF

jsssGVUV+102

PPR.sqsK

uvuwMTSU/213

WVX+qprM

uvuwNZY[-$$%

NZZ\,325

SSV-ssuL

xwvyMWVY-547

YY[(vvxJ

s{y|J][^("!$

FEI$vuxD

r{y|DJHL$'%)

IHL!dcg=

gigk>MKO"0/2

ausv9KJM

:8>!qptB

{utxC><B"(&-

hyx|?_]c

gjgo384?

Oebk+TQY

R]Ye&40?

?333333

?tE)!XU

!This program cannot be run in DOS mode.

`.rdata

@.data

.pdata

@.rsrc

WATAUAVAWH

A_A^A]A\_

@SUVWH

tc9t$puVL

COMCTL32.dll

StrToInt64ExW

StrToIntW

SHLWAPI.dll

GetLastError

LocalFree

CloseHandle

ReadFile

WriteFile

GetCommandLineW

SetConsoleCtrlHandler

SetProcessShutdownParameters

SetCurrentDirectoryW

GetSystemDirectoryW

SetErrorMode

ExitProcess

KERNEL32.dll

FreeSid

SetNamedSecurityInfoW

SetEntriesInAclW

AllocateAndInitializeSid

GetNamedSecurityInfoW

ADVAPI32.dll

CommandLineToArgvW

SHELL32.dll

OLEAUT32.dll

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>PADDINGXXPADDING

qSetup

LibFusion

7PathFunc

SysUtils

eCharacter

KWindows

UTypes

SysInit

System

"RTLConsts

SysConst

YStrUtils

ImageHlp

cInstFunc

RedirFunc

CmnFunc2

VerInfo

AFileClass

Int64Em

6MsgIDs

Compress

Struct

*ShellAPI

3Messages

lTaskbarProgressFunc

dwTaskbarList

CUxTheme

SyncObjs

^Classes

sActiveX

QTypInfo

CVariants

$VarUtils

CommCtrl

DwmApi

5Themes

&Controls

Consts

EActnList

+Graphics

8Registry

IniFiles

vMenus

ImgList

Contnrs

MultiMon

StdActns

nComCtrls

3CommDlg

(ShlObj

UrlMon

?WinInet

RegStr

ComStrs

Printers

WWinSpool

GraphUtil

ListActns

dStdCtrls

ExtCtrls

Dialogs

RHelpIntfs

WideStrUtils

ToolWin

RichEdit

Clipbrd

FlatSB

ARestartManager

FolderTreeView

nUxThemeISX

NewProgressBar

NewCheckListBox

BidiUtils

6TmSchemaISX

FComObj

qComConst

uPSUtils

SpawnClient

BSpawnCommon

>SpawnServer

ResUpdate

RegDLL

NewStaticText

bBitmapImage

Helper

Logging

DebugClient

ScriptRunner

ScriptFunc_R

UninstProgressForm

CmnFunc

\BidiCtrls

NewNotebook

SetupForm

UIStateForm

SetupTypes

Wizard

Extract

NewDisk

oBrowseFunc

LZMADecomp

CompressZlib

ArcFour

#SelFolderForm

PasswordEdit

RichEditViewer

InstFnc2

Install

DebugStruct

SecurityFunc

TScriptDlg

ScriptFunc

uPSRuntime

@ScriptClasses_R

uPSR_comobj

(uPSR_extctrls

uPSR_stdctrls

JuPSR_forms

uPSR_controls

uPSR_graphics

uPSR_classes

uPSR_std

buPSR_dll

NuPSDebugger

SimpleExpression

SelLangForm

SetupEnt

RegSvr

,UninstSharedFileForm

Uninstall

D2009Win2kFix

SXPTheme

SafeDLLPath

!This program cannot be run in DOS mode.

`.data

@.reloc

Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Common Administrative Tools

Common Programs

Common Documents

Common AppData

Administrative Tools

History

Local AppData

AppData

My Music

My Pictures

Personal

DllGetVersion

shlwapi.dll

SHGetFolderPathW

shell32.dll

SOFTWARE\Microsoft\Windows\CurrentVersion

ProfileDirectory

Software\Microsoft\Windows\CurrentVersion\ProfileReconciliation

RegValue

RegKey

Default

MustBeRelative

DefaultDir

LocalFile

CentralFile

*windir

qWPWSh

WPWShx

WideCharToMultiByte

GetProcAddress

FreeLibrary

LoadLibraryA

GetVersionExA

MultiByteToWideChar

lstrlenW

lstrlenA

ExpandEnvironmentStringsW

GetWindowsDirectoryA

GetWindowsDirectoryW

LockResource

LoadResource

FindResourceExW

EnumResourceLanguagesW

GetSystemDefaultLangID

EnumResourceNamesW

lstrcatA

lstrcpyA

CompareStringW

CreateDirectoryA

CreateDirectoryW

GetLastError

ExpandEnvironmentStringsA

lstrcpynW

GetFileAttributesA

GetFileAttributesW

GetSystemDirectoryA

GetSystemDirectoryW

IsBadWritePtr

DisableThreadLibraryCalls

GlobalAlloc

GlobalFree

KERNEL32.dll

RegCloseKey

RegQueryValueExA

RegQueryValueExW

RegOpenKeyA

RegCreateKeyExA

RegSetValueExW

RegSetValueExA

AddAccessAllowedAce

LookupAccountSidW

GetAce

InitializeAcl

SetFileSecurityW

SetSecurityDescriptorDacl

InitializeSecurityDescriptor

ADVAPI32.dll

SHFOLDER.dll

SHGetFolderPathA

SHGetFolderPathW

T3X3p3t3

44484P4T4X4l4p4t4

4=7t7}7

818G8c8t8

9%9:9b9

:/:J:V:j:~:

=>7>R>g>m>{>

70F0X0

1*1w1|1

819C9V9_9

dll\shfolder.dbg

TMainForm

MainForm

AutoScroll

ClientHeight

ClientWidth

clNavy

Font.Color

clWindowText

Font.Height

Font.Name

MS Sans Serif

Font.Style

OnCloseQuery

FormCloseQuery

OnKeyDown

FormKeyDown

OnPaint

FormPaint

OnResize

FormResize

PixelsPerInch

TextHeight

TNewDiskForm

NewDiskForm

BorderIcons

biSystemMenu

BorderStyle

bsDialog

Caption

ClientHeight

ClientWidth

Font.Color

clWindowText

Font.Height

Font.Name

MS Sans Serif

Font.Style

Scaled

OnCloseQuery

FormCloseQuery

PixelsPerInch

TextHeight

TBitmapImage

DiskBitmapImage

Height

TNewButton

CancelButton

Height

Cancel

Caption

ModalResult

TabOrder

TNewButton

OKButton

Height

Caption

Default

ModalResult

TabOrder

TNewButton

BrowseButton

Height

Caption

TabOrder

OnClick

BrowseButtonClick

PathEdit

Height

TabOrder

TNewStaticText

PathLabel

Height

Caption

FocusControl

PathEdit

TabOrder

TNewStaticText

SelectDiskLabel

Height

AutoSize

Caption

ShowAccelChar

TabOrder

WordWrap

TSelectFolderForm

SelectFolderForm

BorderIcons

biSystemMenu

Antivirus	Signature
Bkav	Clean
Lionic	Clean
Elastic	malicious (high confidence)
MicroWorld-eScan	Clean
FireEye	Generic.mg.8c69181e218d120c
CAT-QuickHeal	Clean
McAfee	Artemis!8C69181E218D
Cylance	Unsafe
Zillya	Clean
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Clean
BitDefender	Clean
K7GW	Clean
Cybereason	malicious.0fcc22
BitDefenderTheta	Clean
Cyren	Clean
Symantec	Clean
ESET-NOD32	Clean
Baidu	Clean
APEX	Malicious
Paloalto	generic.ml
ClamAV	Clean
Kaspersky	UDS:Trojan-PSW.MSIL.Reline
Alibaba	Clean
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
ViRobot	Clean
Rising	Trojan.Generic@ML.90 (RDML:y77qwDjmHg6VmvokHXqXyg)
Ad-Aware	Clean
TACHYON	Clean
Sophos	ML/PE-A
Comodo	Clean
F-Secure	Clean
DrWeb	Clean
VIPRE	Clean
TrendMicro	Clean
CMC	Clean
Emsisoft	Clean
SentinelOne	Static AI - Malicious PE
GData	Clean
Jiangmin	Clean
eGambit	PE.Heur.InvalidSig
Avira	Clean
Antiy-AVL	Clean
Kingsoft	Clean
Gridinsoft	Trojan.Heur!.012124B1
Arcabit	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
Microsoft	Trojan:Win32/Sabsik.FL.A!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R429793
Acronis	Clean
ALYac	Clean
MAX	Clean
VBA32	BScope.TrojanPSW.Agent
Malwarebytes	Clean
Panda	Clean
Zoner	Clean
TrendMicro-HouseCall	Clean
Tencent	Clean
Yandex	Clean
Ikarus	Trojan-Spy.MSIL.Agent
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Clean
Webroot	Clean
AVG	FileRepMalware
Avast	FileRepMalware
CrowdStrike	Clean
Qihoo-360	Clean

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports