popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2041-05-18 05:41:32

PE Imphash

4328f7206db519cd4e82283211d98e83

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00026000 0x00025a00 6.25658622837
.sdata 0x00028000 0x0000102a 0x00001200 3.9978077191
.rsrc 0x0002a000 0x0002e9f8 0x0002ea00 5.65078328468
.reloc 0x0005a000 0x0000000c 0x00000200 0.101910425663
.idata 0x0005c000 0x00002000 0x00000200 1.14864242974
.themida 0x0005e000 0x004e2000 0x00000000 0.0
.boot 0x00540000 0x00306200 0x00306200 7.94927032547

Resources

Name Offset Size Language Sub-language File type
RT_CURSOR 0x0002b3d8 0x00000134 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_CURSOR 0x0002b3d8 0x00000134 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_CURSOR 0x0002b3d8 0x00000134 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_CURSOR 0x0002b3d8 0x00000134 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_CURSOR 0x0002b3d8 0x00000134 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_CURSOR 0x0002b3d8 0x00000134 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_CURSOR 0x0002b3d8 0x00000134 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_BITMAP 0x0002b9f4 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_BITMAP 0x0002b9f4 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_BITMAP 0x0002b9f4 0x000000e8 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x00031214 0x00010828 LANG_ENGLISH SUBLANG_ENGLISH_US dBase III DBT, version number 0, next free block index 40
RT_ICON 0x00031214 0x00010828 LANG_ENGLISH SUBLANG_ENGLISH_US dBase III DBT, version number 0, next free block index 40
RT_ICON 0x00031214 0x00010828 LANG_ENGLISH SUBLANG_ENGLISH_US dBase III DBT, version number 0, next free block index 40
RT_ICON 0x00031214 0x00010828 LANG_ENGLISH SUBLANG_ENGLISH_US dBase III DBT, version number 0, next free block index 40
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x000443a4 0x000002a0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x00055828 0x00002092 LANG_NEUTRAL SUBLANG_NEUTRAL Delphi compiled form 'TWizardForm'
RT_RCDATA 0x00055828 0x00002092 LANG_NEUTRAL SUBLANG_NEUTRAL Delphi compiled form 'TWizardForm'
RT_RCDATA 0x00055828 0x00002092 LANG_NEUTRAL SUBLANG_NEUTRAL Delphi compiled form 'TWizardForm'
RT_RCDATA 0x00055828 0x00002092 LANG_NEUTRAL SUBLANG_NEUTRAL Delphi compiled form 'TWizardForm'
RT_RCDATA 0x00055828 0x00002092 LANG_NEUTRAL SUBLANG_NEUTRAL Delphi compiled form 'TWizardForm'
RT_RCDATA 0x00055828 0x00002092 LANG_NEUTRAL SUBLANG_NEUTRAL Delphi compiled form 'TWizardForm'
RT_RCDATA 0x00055828 0x00002092 LANG_NEUTRAL SUBLANG_NEUTRAL Delphi compiled form 'TWizardForm'
RT_RCDATA 0x00055828 0x00002092 LANG_NEUTRAL SUBLANG_NEUTRAL Delphi compiled form 'TWizardForm'
RT_RCDATA 0x00055828 0x00002092 LANG_NEUTRAL SUBLANG_NEUTRAL Delphi compiled form 'TWizardForm'
RT_RCDATA 0x00055828 0x00002092 LANG_NEUTRAL SUBLANG_NEUTRAL Delphi compiled form 'TWizardForm'
RT_RCDATA 0x00055828 0x00002092 LANG_NEUTRAL SUBLANG_NEUTRAL Delphi compiled form 'TWizardForm'
RT_RCDATA 0x00055828 0x00002092 LANG_NEUTRAL SUBLANG_NEUTRAL Delphi compiled form 'TWizardForm'
RT_GROUP_CURSOR 0x00057934 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_CURSOR 0x00057934 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_CURSOR 0x00057934 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_CURSOR 0x00057934 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_CURSOR 0x00057934 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_CURSOR 0x00057934 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_CURSOR 0x00057934 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_ICON 0x00057948 0x0000003e LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_VERSION 0x00057988 0x000003d4 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x00057d5c 0x00000c9b LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, UTF-8 Unicode (with BOM) text

Imports

Library kernel32.dll:
0x45c078 GetModuleHandleA
Library mscoree.dll:
0x45c080 _CorExeMain
!This program cannot be run in DOS mode.
`.sdata
@.reloc
B.idata
.themida
KDBM(l
Y_c
Y_c
Z?_d
_b`*
v4.0.30319
#Strings
Motser
ExtensionAttribute
System.Runtime.CompilerServices
System.Core
System
mscorlib
CompilationRelaxationsAttribute
Boolean
RuntimeCompatibilityAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
String
TargetFrameworkAttribute
System.Runtime.Versioning
Motser.exe
<Module>
znuqSUkVSOS0mZcxF4
NC51x28vlC8sGlU7uB
Object
Chr_0_M_e
lN4XYKYwBEvp9w9adC
dSL4263eSS3y2fRvO1
FileZilla
nfL5B2t8UyTiF6SoNf
NordApp
CryptoProvider
CryptoHelper
StringDecrypt
EndpointConnection
Program
RkZ335qyXrsapf9cXS
EntryPoint
FileScanner
RecoursiveFileGrabber
AllWalletsRule
ArmoryRule
AtomicRule
BinanceRule
SSXtoUrsGw46PaUFH8
CoinomiRule
DesktopMessangerRule
DiscordRule
<GetTokens>d__2
ElectrumRule
EthRule
E_x0_d_u_S
GameLauncherRule
GuardaRule
mYDict
OpenVPNRule
ProtonVPNRule
ResultFactory
ParsingStep
MulticastDelegate
TiXpwnFZTnTEchhwaL
F99DWkwyltHhk46abU
DataBaseConnection
CommandLineUpdate
DownloadAndExecuteUpdate
DownloadUpdate
ITaskProcessor
OpenUpdate
TaskResolver
psVBXZI0bWIAyOGbHV
Extensions
YtgrtyB0rOy08yWxaX`2
MGKyxfHYIx9w1olGAM
GdiHelper
DeviceCap
kmyGLQe7TQc5EUvVuT
GeoHelper
NativeHelper
dXU8xoAWVHDEGgjYbt
YPG9aBd4oGBBn9wGWP
SystemInfoHelper
tNEE5lcx5mS3WitjlY
FileCopier
FileScannerArg
FileScannerRule
IRemoteEndpoint
RecordHeaderField
ValueType
SqliteMasterEntry
TableEntry
Autofill
ScannedBrowser
ScannedCookie
Account
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO
BCRYPT_KEY_LENGTHS_STRUCT
BCRYPT_OAEP_PADDING_INFO
BCRYPT_PSS_PADDING_INFO
HardwareType
UpdateAction
ScanningArgs
ScanDetails
SystemHardware
BrowserVersion
ScannedFile
UpdateTask
ScanResult
GeoInfo
GeoPlugin
LocalState
OsCrypt
<PrivateImplementationDetails>
__StaticArrayInitTypeSize=6
__StaticArrayInitTypeSize=10
__StaticArrayInitTypeSize=12
__StaticArrayInitTypeSize=14
__StaticArrayInitTypeSize=16
__StaticArrayInitTypeSize=18
__StaticArrayInitTypeSize=20
__StaticArrayInitTypeSize=22
__StaticArrayInitTypeSize=24
__StaticArrayInitTypeSize=28
__StaticArrayInitTypeSize=30
__StaticArrayInitTypeSize=32
__StaticArrayInitTypeSize=38
__StaticArrayInitTypeSize=40
__StaticArrayInitTypeSize=42
__StaticArrayInitTypeSize=44
__StaticArrayInitTypeSize=46
__StaticArrayInitTypeSize=48
__StaticArrayInitTypeSize=52
__StaticArrayInitTypeSize=58
__StaticArrayInitTypeSize=62
__StaticArrayInitTypeSize=72
__StaticArrayInitTypeSize=76
__StaticArrayInitTypeSize=78
__StaticArrayInitTypeSize=88
__StaticArrayInitTypeSize=90
__StaticArrayInitTypeSize=102
__StaticArrayInitTypeSize=114
__StaticArrayInitTypeSize=124
__StaticArrayInitTypeSize=144
__StaticArrayInitTypeSize=152
__StaticArrayInitTypeSize=154
__StaticArrayInitTypeSize=176
<Module>{10B494D3-1244-49F4-91D0-D601A3591912}
iRbbEvUf86yqhQ7731
yI6522o07BJp4ZmGGF
oJiXl9ls7Six6k1pNL
xkqagFQDNBuaBrd680
ToNjgsZ6j0p6XYM0Ke
Fy2COmEcfLP1k5RDey
Attribute
d3aw6O76J95lwjqHAr`1
yaK9qlbcnCvk2BrRUM
p6r5ijuYKQDLwGOVxb
YkENxDfcQqKpKuRMT2
eu9AmqjdaLK625Whgp
RH5Am2NGam1mvNcvNl
p6eFZDPGeHPbMf97kT
isxdh7WgUny7KAMS9k
mZa3sQ4nLixmeMs3vJ
BkMNPsx6IbkfHDYcSL
TKvLT60n6htyHlkyt1
yb1yB4yM2eiJege8Em
<PrivateImplementationDetails>{7B1204A7-43A1-4F87-94FF-1937A7873EF2}
__StaticArrayInitTypeSize=256
__StaticArrayInitTypeSize=64
List`1
System.Collections.Generic
IList`1
profiles
IEnumerator`1
Enumerator
Func`2
IntPtr
Enumerable
System.Linq
Select
IEnumerable`1
GetEnumerator
get_Current
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
FileInfo
System.IO
get_Directory
DirectoryInfo
FileSystemInfo
get_FullName
Contains
IsNullOrEmpty
get_Chars
ToString
ToUpper
Remove
Concat
Func`1
MoveNext
IDisposable
Dispose
IEnumerator
System.Collections
Exception
znukqSUVS
Combine
Exists
IsNullOrWhiteSpace
op_Inequality
LS08mZcxF
DateTime
StartsWith
Convert
ToInt64
get_Now
AddMonths
get_Ticks
FTCG51x2v
tC8YsGlU7
Replace
ToInt32
yBB3Y5SAJ
FromBase64String
MakeTries
success
Invoke
XywtY8v7o
StringSplitOptions
ToArray
ReadAllText
kw78VdKnlE
Ii88jme49y
eo58NrVfC7
eRc8P8ZwZk
zRH8WKxUIG
dRD8MD5tLm
Xv38in4yUd
tk48LiwWSD
GpS8RUuXJX
a5X8OmORcp
V2v8aIdUJc
.cctor
dZA8KKcaNW
Environment
ExpandEnvironmentVariables
FgE84jxJba
get_Count
W4i8xVS4GC
rI380vOc2r
DuZ8ysBdiB
GetFolderPath
SpecialFolder
Format
AddRange
PJ1q5N4XY
XmlTextReader
System.Xml
XmlDocument
XmlReader
get_DocumentElement
XmlElement
XmlNode
get_ChildNodes
XmlNodeList
get_ItemOf
EwBrEvp9w
get_Name
op_Equality
get_InnerText
Encoding
System.Text
get_UTF8
GetString
RadFCYSL4
GeckoRoamingName
profilesDirectory
GeckoLocalName
uVj8gQTnUo
Tdo8sPpgvL
zvx8TqJB6m
get_Exists
GetDirectories
SelectSingleNode
BCryptOpenAlgorithmProvider
UInt32
phAlgorithm
pszAlgId
pszImplementation
dwFlags
bcrypt.dll
BCryptCloseAlgorithmProvider
hAlgorithm
BCryptGetProperty
hObject
pszProperty
pbOutput
cbOutput
pcbResult
S6ewSS3y2
BCryptSetProperty
BCryptImportKey
hImportKey
pszBlobType
pbKeyObject
cbKeyObject
pbInput
cbInput
BCryptDestroyKey
BCryptDecrypt
pPaddingInfo
Decrypt
bMasterKey
chiperText
GetEncoding
GetBytes
zRvIO1HfL
lB2B8UyTi
CryptographicException
System.Security.Cryptography
Marshal
System.Runtime.InteropServices
FreeHGlobal
h6S5oNf2k
BitConverter
u33n5yXrs
get_Unicode
MpfH9cXS2
AllocHGlobal
TXteoUsGw
arrays
Buffer
BlockCopy
DecryptBlob
EncryptedData
DataProtectionScope
System.Security
dataProtectionScope
entropy
ProtectedData
Unprotect
GetMd5Hash
source
MD5CryptoServiceProvider
get_ASCII
HashAlgorithm
ComputeHash
F6PAaUFH8
get_Item
CultureInfo
System.Globalization
get_InvariantCulture
IFormatProvider
ICollection`1
TiXdpwnZT
StringBuilder
get_Length
Append
mTEcchhwa
Jx9U9DWky
stringKey
ttHohk46a
RequestConnection
address
ChannelFactory`1
System.ServiceModel
EndpointAddress
Binding
System.ServiceModel.Channels
CreateChannel
TryGetConnection
TryGetArgs
TryVerify
result
TryGetTasks
remoteTasks
TryCompleteTask
taskId
SuppressFinalize
managed
IClientChannel
ICommunicationObject
yUclsVBXZ
Execute
ThreadStart
System.Threading
Thread
set_IsBackground
SeenBefore
Directory
CreateDirectory
mhZ89KYC2B
D6e8XTopro
MessageBox
System.Windows.Forms
DialogResult
MessageBoxButtons
MessageBoxIcon
Message
scannerRules
GetFiles
SearchOption
FindPaths
baseDirectory
maxLevel
patterns
TryParse
GetLogicalDrives
rootPath
searchOption
searchPatterns
EnumerateDirectories
GetFolder
scannerArg
filePath
GetScanArgs
GbWQIAyOG
yHVZJtgrt
KeyValuePair`2
browserPaths
get_NewLine
get_Key
get_Value
nNu8SLcxXT
Yrw86tKYoa
BPm8DbZbv1
nrA82U3xsE
kjZ8vZNg56
I0rEOy08y
get_PassedPaths
set_PassedPaths
fileInfo
PassedPaths
GetTokens
<>1__state
<>2__current
<>l__initialThreadId
get_CurrentThread
get_ManagedThreadId
System.IDisposable.Dispose
System.Text.RegularExpressions
Matches
MatchCollection
AppendLine
System.Collections.Generic.IEnumerator<ScannedFile>.get_Current
System.Collections.IEnumerator.Reset
NotSupportedException
System.Collections.IEnumerator.get_Current
System.Collections.Generic.IEnumerable<ScannedFile>.GetEnumerator
System.Collections.IEnumerable.GetEnumerator
IEnumerable
System.Collections.Generic.IEnumerator<ScannedFile>.Current
System.Collections.IEnumerator.Current
RegistryKey
Microsoft.Win32
Registry
CurrentUser
OpenSubKey
GetValue
Reverse
Dxa7XO9wC
Random
OrderBy
IOrderedEnumerable`1
sl9HSDF234
settings
AKSFD8H23
asdkadu8
get_UserDomainName
get_UserName
sdfo8n234
Assembly
System.Reflection
GetExecutingAssembly
get_Location
sdfi35sdf
InputLanguage
get_CurrentInputLanguage
get_Culture
get_EnglishName
asd44123
GetTypeFromHandle
RuntimeTypeHandle
Binder
Microsoft.CSharp.RuntimeBinder
Microsoft.CSharp
CallSiteBinder
CSharpBinderFlags
CallSite`1
Func`3
CallSite
Create
Target
CSharpArgumentInfo
CSharpArgumentInfoFlags
InvokeMember
fdfg9i3jn4
TimeZoneInfo
get_Local
get_DisplayName
sdf934asd
asdk9345asd
a03md9ajsd
asdk8jasd
ToList
askd435
sdi845sa
get_Actions
set_Actions
Actions
object
method
BeginInvoke
IAsyncResult
AsyncCallback
callback
EndInvoke
__result
mhc8msWdi5
YM18h9hDYE
uTN8JuM36d
BoL8CEddgf
WyGPLQ7TQ
q5EWUvVuT
UInt64
dXUV8xoWV
mDEKGgjYb
Fields
fCP4G9aB4
sGBxBn9wG
get_RowLength
fileName
ReadAllBytes
ParseValue
rowIndex
fieldName
ToLower
CompareTo
rowNum
GetRowCount
OpK1O6q0B
Resize
get_BigEndianUnicode
Tk7bQwCaG
ReadTable
tableName
Compare
StringComparison
IndexOf
Substring
TrimStart
Q6gumsiNx
tB0fDPmaG
EyxjfYIx9
i1oNlGAMB
RowLength
IsValidAction
action
Process
updateTask
ProcessStartInfo
set_UseShellExecute
set_CreateNoWindow
WaitForExit
WebClient
System.Net
DownloadFile
set_WorkingDirectory
set_FileName
DownloadData
WriteAllBytes
CPQ0NEE5l
F5myS3Wit
ServicePointManager
get_SecurityProtocol
SecurityProtocolType
set_SecurityProtocol
get_ServerCertificateValidationCallback
RemoteCertificateValidationCallback
System.Net.Security
Delegate
set_ServerCertificateValidationCallback
get_TaskProcessors
get_Result
ReleaseUpdates
TaskProcessors
Result
AF0Gp3ldL7
e6oGk4yBMI
oZI8zreyHy
X509Certificate
System.Security.Cryptography.X509Certificates
X509Chain
SslPolicyErrors
DistinctBy
property
GroupBy
IGrouping`2
FxPGYDbQYQ
gTJGGesSBT
t2LG81rS15
ChangeType
StripQuotes
ContainsDomains
domains
SelectMany
ReplaceEmptyValues
M9wCgp5KO6q0Bvk7Qw
YaGX6gnmsiNxlB0DPm
rIsGqPHxim
Ou9GrZP9Y2
xWUGFgPVWP
unWG3ob4dh
emYGtgktEu
AlYMwRbbE
JavaScriptSerializer
System.Web.Script.Serialization
System.Web.Extensions
get_JSON
set_MaxJsonLength
FromJSON
Deserialize
ToJSON
Serialize
Sf8i6yqhQ
GetDeviceCaps
gdi32.dll
GetWindowsScreenScalingFactor
Double
percentage
Graphics
System.Drawing
FromHwnd
GetHdc
ReleaseHdc
MonitorSize
Rectangle
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
get_Size
Bitmap
InvokeConstructor
Func`5
GetMember
FromImage
set_InterpolationMode
InterpolationMode
System.Drawing.Drawing2D
set_PixelOffsetMode
PixelOffsetMode
set_SmoothingMode
SmoothingMode
Action`5
w73L1uI65
MemoryStream
ImageFormat
System.Drawing.Imaging
get_Png
Stream
value__
VERTRES
DESKTOPVERTRES
BRXGwaLjRP
XWdGI8MLCw
pi2GBrwTfv
DjMG5IX2Oh
S20R7BJp4
LoadLibrary
kernel32.dll
umGOGFeJi
FreeLibrary
Ql9as7Six
GetProcAddress
Uk1TpNLbk
kY5SAJGmywY8v7osJ1
GetDelegateForFunctionPointer
nCmdShow
CreateBind
BasicHttpBinding
set_MaxBufferSize
set_MaxReceivedMessageSize
set_MaxBufferPoolSize
TimeSpan
FromMinutes
set_CloseTimeout
set_OpenTimeout
set_ReceiveTimeout
set_SendTimeout
set_TransferMode
TransferMode
set_UseDefaultWebProxy
set_ProxyAddress
XmlDictionaryReaderQuotas
System.Runtime.Serialization
set_MaxDepth
set_MaxArrayLength
set_MaxBytesPerRead
set_MaxNameTableCharCount
set_MaxStringContentLength
set_ReaderQuotas
BasicHttpSecurity
set_Mode
BasicHttpSecurityMode
set_Security
GetProcessors
ManagementObjectSearcher
System.Management
ManagementObjectCollection
ManagementObjectEnumerator
ManagementObject
ManagementBaseObject
GetGraphicCards
ToUInt32
GetFirewalls
GetBrowsers
LocalMachine
GetSubKeyNames
FileVersionInfo
GetVersionInfo
get_FileVersion
GetSerialNumber
ListOfProcesses
GetCurrentProcess
get_SessionId
GetProcessesByName
ListOfPrograms
AvailableLanguages
get_InstalledInputLanguages
InputLanguageCollection
TotalOfRAM
ToDouble
GetWindowsVersion
get_Is64BitOperatingSystem
gaggFDNBu
slAGeaqDrr
I2xGARRHBh
LWBGdcFV7p
rYSGndjjJu
U9cGHOG5lj
a6X9YM0Ke
Fy22COmcf
MBrsd680S
CopyFile
CreateShadowCopy
GetTempFileName
sNjXgs6j0
ChromeGetName
ChromeGetRoamingName
ChromeGetLocalName
Delete
KP1vk5RDe
IY3Saw6O6
X956lwjqH
orsDWttNY
get_Tag
set_Tag
set_Directory
get_Pattern
set_Pattern
get_Recoursive
set_Recoursive
Pattern
Recoursive
x0WhoeVIe
set_Name
CheckConnect
GetArguments
VerifyScanRequest
GetUpdates
VerifyUpdate
updateId
ItemName
RootNum
SqlStatement
Content
vd3muaK9q
tcnJCvk2B
set_Value
hRUCMd6r5
JjYzKQDLw
cOVkpxbCkE
BxDkkcQqKp
EuRk8MT23u
QAmkGqdaLK
get_BrowserName
set_BrowserName
get_BrowserProfile
set_BrowserProfile
get_Logins
set_Logins
get_Autofills
set_Autofills
get_CC
set_CC
get_Cookies
set_Cookies
IsEmpty
BrowserName
BrowserProfile
Logins
Autofills
Cookies
U25kYWhgp2
n5Ak3m2Gam
xmvktNcvNl
p6ekqFZDGe
mPbkrMf97k
NFskFxdh7g
rnykw7KAMS
get_Host
set_Host
get_Http
set_Http
get_Path
set_Path
get_Secure
set_Secure
get_Expires
set_Expires
Secure
Expires
RkLkIhK57S
mCukBciiW6
IJVk57EgHm
tMNkn1nwHD
get_HolderName
set_HolderName
get_Month
set_Month
get_Year
set_Year
get_Number
set_Number
HolderName
Number
Dh2kHxHZa3
PQnkeLixme
Is3kAvJPkM
get_URL
set_URL
get_Username
set_Username
get_Password
set_Password
Username
Password
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
cbSize
dwInfoVersion
pbNonce
cbNonce
pbAuthData
cbAuthData
pbMacContext
cbMacContext
cbData
SizeOf
dwMinLength
dwMaxLength
dwIncrement
pbLabel
cbLabel
cbSalt
Processor
Graphic
Download
DownloadAndEx
OpenLink
BPskd6Ibkf
nDYkccSLSK
SLTkU6n6ht
HHlkokyt1u
x1yklB4M2e
JJekQge8Em
u9RkZLyqEV
r3GkE5fRtH
VM5k7rDnop
PJik1ZX2kM
tHVkbOxKkh
vnDkuCuQm1
KebkfYpkjn
SFKkjuOUN1
get_ScanBrowsers
set_ScanBrowsers
get_ScanFiles
set_ScanFiles
get_ScanFTP
set_ScanFTP
get_ScanWallets
set_ScanWallets
get_ScanScreen
set_ScanScreen
get_ScanTelegram
set_ScanTelegram
get_ScanVPN
set_ScanVPN
get_ScanSteam
set_ScanSteam
get_ScanDiscord
set_ScanDiscord
get_ScanFilesPaths
set_ScanFilesPaths
get_BlockedCountry
set_BlockedCountry
get_BlockedIP
set_BlockedIP
get_ScanChromeBrowsersPaths
set_ScanChromeBrowsersPaths
get_ScanGeckoBrowsersPaths
set_ScanGeckoBrowsersPaths
ScanBrowsers
ScanFiles
ScanFTP
ScanWallets
ScanScreen
ScanTelegram
ScanVPN
ScanSteam
ScanDiscord
ScanFilesPaths
BlockedCountry
BlockedIP
ScanChromeBrowsersPaths
ScanGeckoBrowsersPaths
P7dkNeFhQl
tlQkPu8OnO
O7xkWP2TN2
CJrkVIay9T
s4fkKKl1Em
O3sk4RTX6e
WjZkxHgpab
KVNk0346m3
maPkyfh0f8
WMwkMZHh9S
IaQkibMO4R
TndkL1Cidr
F4gkRvAedh
FCdkOr9EMb
HlBkaSoPG5
pWPkTtNGoR
get_SecurityUtils
set_SecurityUtils
get_AvailableLanguages
set_AvailableLanguages
get_Softwares
set_Softwares
get_Processes
set_Processes
get_SystemHardwares
set_SystemHardwares
get_Browsers
set_Browsers
get_FtpConnections
set_FtpConnections
get_InstalledBrowsers
set_InstalledBrowsers
get_ScannedFiles
set_ScannedFiles
get_GameLauncherFiles
set_GameLauncherFiles
get_ScannedWallets
set_ScannedWallets
get_NordAccounts
set_NordAccounts
get_Open
set_Open
get_Proton
set_Proton
get_MessageClientFiles
set_MessageClientFiles
get_GameChatFiles
set_GameChatFiles
SecurityUtils
Softwares
Processes
SystemHardwares
Browsers
FtpConnections
InstalledBrowsers
ScannedFiles
GameLauncherFiles
ScannedWallets
NordAccounts
Proton
MessageClientFiles
GameChatFiles
etOkg6eT23
NkGksRNVRc
m43kXqbLNh
get_Counter
set_Counter
get_HardType
set_HardType
Counter
HardType
wYnk9W5iWt
IwLk20Cxai
iDykvLmgQX
get_NameOfBrowser
set_NameOfBrowser
get_Version
set_Version
get_PathOfFile
set_PathOfFile
NameOfBrowser
Version
PathOfFile
C5FkS0Pk6A
xF8k6pTOC9
XGokDgoU6m
Kqakh6h5WC
onykmPpAiH
filename
get_NameOfFile
set_NameOfFile
get_Body
set_Body
get_NameOfApplication
set_NameOfApplication
get_DirOfFile
set_DirOfFile
NameOfFile
NameOfApplication
DirOfFile
tNmkJ77KT8
xQrkC5o4MT
P6okzTSlnQ
yF38pRR0UF
get_TaskID
set_TaskID
get_TaskArg
set_TaskArg
get_Action
set_Action
get_DomainFilter
set_DomainFilter
TaskID
TaskArg
Action
DomainFilter
xE28k3uDZn
qQn88Q2iLl
BXq8GQEiCW
Mp68YtHsQh
XZ983sVJkx
hNw8tPcDTM
wAi8qRnY91
GHq8rkHigq
mAO8Fij2K9
rW38w7XM6w
CaJ8IMAYTR
mpL8Bymn6D
TZH856MX5U
kFw8nCa17h
oHb8H9pGcS
get_Hardware
set_Hardware
get_ReleaseID
set_ReleaseID
get_MachineName
set_MachineName
get_OSVersion
set_OSVersion
get_Language
set_Language
get_Resolution
set_Resolution
get_ScanDetails
set_ScanDetails
get_Country
set_Country
get_City
set_City
get_TZ
set_TZ
get_IPv4
set_IPv4
get_Monitor
set_Monitor
get_ZipCode
set_ZipCode
get_FileLocation
set_FileLocation
get_SeenBefore
set_SeenBefore
Hardware
ReleaseID
MachineName
OSVersion
Language
Resolution
Country
Monitor
ZipCode
FileLocation
d5K8eyHbyp
WXk8AEtuVR
fRA8deni4F
d558cwsdNa
get_IP
set_IP
set_Location
get_PostalCode
set_PostalCode
Location
PostalCode
GCh8Un7XN5
mRE8o33WnU
uC08lu5xJn
DFA8QT0gWF
acV8ZDm6wK
wR28EXwFnl
get_geoplugin_request
set_geoplugin_request
get_geoplugin_city
set_geoplugin_city
get_geoplugin_region
set_geoplugin_region
get_geoplugin_countryCode
set_geoplugin_countryCode
get_geoplugin_latitude
set_geoplugin_latitude
get_geoplugin_longitude
set_geoplugin_longitude
geoplugin_request
geoplugin_city
geoplugin_region
geoplugin_countryCode
geoplugin_latitude
geoplugin_longitude
DxA87WrJIs
auN810NKcq
Mbs8be06C5
get_postal_code
set_postal_code
get_ip
set_ip
get_country_code
set_country_code
postal_code
country_code
DTo8uu3vBV
get_os_crypt
set_os_crypt
os_crypt
Cy18f0NafB
get_encrypted_key
set_encrypted_key
encrypted_key
007A56C60CB686C542C5A63F4806094A4F9494B7
00D675BCFF1D9FECDD0CA29C78CB6A24748C8788
0120863AC3B080C82E4A63FF1C012D6F1F216979
0410277C15CAD5E63A25F491DAEEF493B897678B
04EC68A0FC7D9B6A255684F330C28A4DCAB91F13
085EF559935ACAE54FCEBE778C7DE9948289EEDA
0E5921723BD3C6CB75662A156FB56AF05A7152C6
1076B53156E190E9BCBE281016712F2D3F02D3B4
1558D1AECB3B09D208F6718AB18D24E2F6DF5828
1674D4347598B476FA761898A499DB4C02053102
17C588718030CA902BC760013FE165199AD1C85F
18B532EF2959EF2ED8C549D712E3446FF49E4287
1FD54CE7DFC413755F07B7B76B1B118B3B2F3844
20CB5B8963ECE3D796594F043D66C0E0BAD86669
24745D8330E61F986032C2034A579B0B80181594
2A92E2F98903398CD12F10BDF583F44C2C6EEBF5
2ADC9207E27E1E7B3C16C7A8A6F212757DCFE863
2B9522D4F7398AB5DB789596FE5DB90589B031E9
2FBDC611D3D91C142C969071EA8A7D3D10FF6301
359A00EF6C789FD4C18644F56C5D3F97453FFF20
387D8DBBFB12BA323F1E0F1F539B4DA9550070C3
38F431A549411AEB32810068A4C83250B2D31E15
3DB6DAD76E13B54DC03AF1C6092C40388E57FBBF
3EEECA8C90CAA62AB5F9CCDD8715DA5023F4BA00
3F6BA22DF7E6EB52DA3166FB3020D155A2776ED2
3F97CA5BE7FE9C129528F72AF4DFC001E9A3D047
4369729D8B79D0C651E00137A3B22A1A24DEBB4C
459812D18B50C8E5F96831EFD700F962F692D29E
46884713B2F882E5304A1FF1B16370575A53E434
46F273EF641E07D271D91E0DC24A4392582671F8
4956BACC797B0C6C013C7E4846581396C9EF0D8E
4B05CEBD7D70F1607D474CAE176FEAEB7439795F
4C1117B01D5C4E103EE817F889EC547C63B47B7A
4CDA4454A3C36A7EBDCF8FE8B804B379A31D33CA
4E3D7F188A5F5102BEC5B820632BBAEC26839E63
4EC18FAB222C9FF2E5161F21A90F187D5D98E042
4EF472E2E74116C7FD95C74AB422CCF80DB1C404
501BADE98ACDE8BF4A0424FD9A4354615FF08C7F
53BC7B81AC10B7341D170997DB2266FA0D71C1E0
571B1023DF3ABFB94C92465B365B1814FEBFAB3E
57F4CB785574C3A09AF99937BF91EA2C31E37C8A
5BB3788A197C26B8310159EC9A81635814ABB05B
5F2F91D44A21E42A979E24B620CF42F2CB8687EC
66AC11F7A6BA80682D713682C531A74CE1550B1D
67CD3B1DF0AD5BAEAA1ABDDA3FCAFB2EEBDD2684
6F66485AF823BAE1F185740DA7F4F595701CD22E
703C0129D2425B4E51361C24EBE8A0042E483AC5
71E427369E07185AE0407E3FAB1A16ED62BD159E
77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
79E9B68FB6E1987DED749BCD71143BD8EB323CE3
80E5A0A2B81DB2473AFBB3FDD6F479670B7B41C6
81E046FA1D93B661CC948A4DD1E01F20D6192E9B
855FED6E03442FBB3AF914FFBFA9DA82813817A1
8743F6DD6877BBC815E9F16BEC59057DD1A89B0A
89597D644F71E5F46E2E63751A3C5F94FCFCD516
89C95FB6F8086AFCCD50B1B257669F2B17C047B7
8C49F78A06E711CF0E21134D0B091985336CC37F
95098CDF929872F9B67E58070D088F8238F7CABE
96D6CB223DCF17F7C9F93C825239BDAA3634674A
989657DD93570810E43C5B1F68E529460CA796F1
9B88C78E81ADB9E7247AB37D1F5F3861810916D8
9D9AF3AE11A58D55EB8A6AEC8F03F7AD01E8994B
A3EFD00EA085079EE7F97407F8EFF07E3990696A
A8A5F2DC86E781EC7360D1DDBE09F80EEECE48EA
A8F9B62160DF085B926D5ED70E2B0F6C95A25280
A9139732ED4CF84F8CE948DCB134114E4F24598A
A937C899247696B6565665BE3BD09607F49A2042
A9B6DE7C485B3014653A30C8B4BEFA8F70610178
B14822E504AE1EF678AE0E823684D7B32F95A725
B14D74C51EAE4F88FBF39B8BD07DA392799FCAAF
B2EB15883388285C96FCF1CD87620F26DA5A6BF3
B5B4FA236B87DBCD8055443F05776B10DDEFA5CD
BEDDFAEB0360B1694AB8CD2A69986414790A1D9A
C1B005D0B122F7297BE8C0A68C739049E1D1C94B
C39241F447680C35D3966F9446AAE6D462E04AD3
C58D707276695E733863DD82C6DF4DF66A3AD49C
C65515937CF3E8EBE3C3FC981DC02EF6D36A9E53
CA800E6788E431A0A8BC7A47AE9929225FEE5702
CE18B047107AA23D1AA9B2ED32D316148E02655F
D67333042BFFC20116BF01BC556566EC76C6F7E2
D7DC31ED4320E74979DEC780486CF9586470608F
D82572C56BDDD62E320B8BDAF0397A0DF9DD5BF7
DF08DD4DFFDB6C9048202CAE65882EF91ECE6BA8
DF2BDC3975DC25BFAFFA4976E9CD1E38AADF463B
E0CEB3E46E857A70CFB575A05B01A64806A8D426
E3E8284EDCB98A1085E693F9525A3AC3D705B82E
E63C93C721909983D6276C980CFF923987A4D2AA
E705C6345C26AF82E64D22DBE44B2A3514F2F06F
EB1349E7340F525AD3415F68FF2122BA8CAC3682
EB14352FBADB40E2FA237D444A6575B918573C43
EB2DB456E0D779E528D1474FA55AC99055A5E815
EB7EF1973CDC295B7B08FE6D82B9ECDAD1106AF2
EBD075615CBE4A710F9410FFECEAF6110A01922B
F413CEA9BAA458730567FE47F57CC3C94DDF63C0
F6D3693E1C1902D55B9438ED1414AC12A2B4E5F9
FB77AA8CDAF4D2192696350B7AB546B533467477
FB9B7F75FCE124A01CC281A8F6810C5AA65607C0
FD4C77C0C4405C6A46E5C3CE53E0AE6BAEE7746D
FE2C2369398F2E9CCEE2214F4E86D8EFDE954FAF
FE79FF373808574898C82AC1320C55C1182FB75A
cTXGcGr9r8
Module
tRm8t4bbJhARp
typemdt
FieldInfo
MethodInfo
ResolveType
GetFields
MemberInfo
get_MetadataToken
ResolveMethod
MethodBase
CreateDelegate
SetValue
get_Assembly
get_ManifestModule
G7DGXKrKbg
QJaGS23BJo
L44G6tbEVk
RNDGJYP7aD
uh6GCaNCa6
p0JYkjSei8
RQ1Y8PjeCL
eqEYYuegTr
IRjYtmPDdL
fIgYFjgWyP
HClYwraPUw
zdWYB6A47j
F8pYHKv3GD
Hashtable
GM3YIYEvMA
zReGzSAwUN
wmfGhB8L1R
NdGGDmZuKW
XR8YrNELI6
fCHYpGP2Em
n8OGvFhCWg
Cy2Gmarij9
IQ8Y3VKtL2
FeTYGr4BEe
SortedList
DEcYqEU3hM
R2xG9MqA8Q
IWaY5PHKRD
mATG2caID0
SBTYnGmvfT
RSACryptoServiceProvider
set_UseMachineKeyStore
yYs8t4bvAoDEb
djWGUjfUr8
sddGoM8F5O
UInt16
eEfGlh1LVj
K7jGQ1Yvl1
HgDGZ1Y1gS
XTgGErwkn8
DlgG7LK1Sy
aGnG1MJKaR
SymmetricAlgorithm
AesCryptoServiceProvider
RijndaelManaged
Activator
CreateInstance
ObjectHandle
System.Runtime.Remoting
Unwrap
HXRGbCwfOo
CryptoConfig
get_AllowOnlyFipsAlgorithms
XpKGuUxSt6
lulGj5VHkX
TxoGNjh0j4
CryptoStream
BinaryReader
ICryptoTransform
CryptoStreamMode
FbEGPDGvXK
CQjGWL3Ug0
XGYGV2Zow9
z6tGKTmggE
GetMethod
MViG4EnoEv
GetName
AssemblyName
get_CodeBase
GetType
GetProperty
PropertyInfo
XLNGxSBy9M
FileStream
FileMode
FileAccess
FileShare
UUuG0tGqwj
set_Key
set_IV
CreateDecryptor
qFoGyFykQb
cuEGMKivR5
GetGic0RT1
yUDGL7sZmF
YDxGRdUXZm
UVlGO1kwSY
yt8GaZpNr0
GwcGTfoD15
ec2GgUWDGk
LpCGseTCyc
cvp2IDZqVXRiRPo5Vc
GetManifestResourceStream
pvOai0S5FfXpDcd9KZ
get_BaseStream
a8p3tpDjBem18L35WF
set_Position
KkCW3IqQ9SxIWbarbQ
puvuXMfDyOXatxBJOj
ReadBytes
hosimMnycutnlmcvEL
kg4eLuNtY76km0ospO
Wid2QAlyOnPjrkgIfr
DngbgmRWJu0Fy9kmEK
GetPublicKeyToken
AnAigmvQyEkV4usq56
iIPnnuLCO2MCoaynU4
CipherMode
xLsETB1p9gnp6iDCOv
hBuZWRrdKlKOcqWpe9
hlr1YYEl5KTyFZB3rF
FlushFinalBlock
kyQT1JbJD3QOWhqvPE
WdRwbj9D1kD0wy9riZ
HtdBdya5caFnAsjEqt
L0VKx6e3cijmh16h0R
fiKSbBQWeYMMyB5tTr
qDcgxfdNfg7kFVIRnV
HYGqMLxWJIPsD4QLd4
PWttNY1b0WoeVIeEd3
jwAYeaMU73
CreateEncryptor
ToBase64String
classthis
nativeEntry
nativeSizeOfCode
mAcYA0kWE5
uXJYdGhW55
HCtYcilZlC
o8Z8t4bzBk7OI
MqfYZ0YROW
mw1YEXuZZZ
NuMY7YeTTy
jFoY1rLMXM
lBkYoDJq5X
PFWYlh8DME
GetManifestResourceNames
HhOYQJ9d7v
ResolveEventArgs
AppDomain
get_CurrentDomain
ResolveEventHandler
add_ResourceResolve
kLjw4iIsCLsZtxc4lksN0j
g47I5YAVTaIuyPiFEX
GsdkancZBT7GFWPTpJ
Ci3qqDWLy015CeP8nN
wldEqNKrQr7AhletF3
t9kgcPjqJE9cLFq3au
KgYYs3IW9Tjv8aC000
SiiSuaqa0kSrFJKuof
LSlNMWOVjnvaB1EWDk
Xgkct9Q7GVNrbWIocY
KXFgA5p58R3hc7YRXB
s09lRR6nTnxFNUM8bM
DlMYbNDGc2
IsLittleEndian
VymYucOHMM
GIeYf8EYOJ
e9bYjnresO
mo7YNqkkAV
hgIYPubFOr
KfxYW2uI0q
TRWYVI0VxO
MYbYKaa7Jk
X7CY4wyWMH
OlLYxoaWNX
AbRY00CYfW
EhcYy4LIOW
cn1YMchwvy
CKYYiXlBeb
I7WYLyU1ak
qCNYRHuce2
vyoYOdITHP
dsaYadbRyY
rtDYTZCVF2
MpqYgcbVDK
$$method0x6000007-1
$$method0x6000020-1
$$method0x6000020-2
$$method0x600002a-1
$$method0x600002a-2
$$method0x6000039-1
$$method0x600005f-1
$$method0x600027b-1
ZfAXjhegmEJdpQsaYX.nBpD6MWsBFLv7WnM3C
6VdInD4RTUqtjLbdic.ehR2KXKOIsWQLO90hF
UnverifiableCodeAttribute
ParamArrayAttribute
CompilerGeneratedAttribute
DynamicAttribute
ReliabilityContractAttribute
System.Runtime.ConstrainedExecution
Consistency
ServiceContractAttribute
OperationContractAttribute
DataContractAttribute
DataMemberAttribute
EnumMemberAttribute
DebuggerHiddenAttribute
UnmanagedFunctionPointerAttribute
CallingConvention
FlagsAttribute
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
Endpoint
CheckConnect
EnvironmentSettings
SetEnvironment
GetUpdates
VerifyUpdate1
AutofillT
Namespace
BrowserExtension
Value7
ScannedBrowserT
Namespace
BrowserExtension
BrowserName
BrowserProfile
Logins
Autofills
Cookies6
ScannedCookieT
Namespace
BrowserExtension
Secure
Expires+
Namespace
BrowserExtension
HolderName
Number0
AccountT
Namespace
BrowserExtension
Username
Password
HardwareType
RemoteTaskAction5
ScanningArgsT
Namespace
BrowserExtension
ScanBrowsers
ScanFiles
ScanFTP
ScanWallets
ScanScreen
ScanTelegram
ScanVPN
ScanSteam
ScanDiscord
ScanFilesPaths
BlockedCountry
BlockedIP#
ScanChromeBrowsersPaths"
ScanGeckoBrowsersPaths4
ScanDetailsT
Namespace
BrowserExtension
SecurityUtils
AvailableLanguages
Softwares
Processes
SystemHardwares
Browsers
FtpConnections
InstalledBrowsers
ScannedFiles
GameLauncherFiles
ScannedWallets
Proton
MessageClientFiles
GameChatFiles7
SystemHardwareT
Namespace
BrowserExtension
Counter
HardType7
BrowserVersionT
Namespace
BrowserExtension
NameOfBrowser
Version
PathOfFile4
ScannedFileT
Namespace
BrowserExtension
NameOfFile
NameOfApplication
DirOfFile3
UpdateTaskT
Namespace
BrowserExtension
TaskID
TaskArg
Action
DomainFilter3
ScanResultT
Namespace
BrowserExtension
Hardware
ReleaseID
MachineName
OSVersion
Language
ScreenSize
ScanDetails
Country
TimeZone
Monitor
ZipCode
FileLocation
SeenBefore
GeoPlugin
geoplugin_request
geoplugin_city
geoplugin_region!
geoplugin_countryCode
geoplugin_latitude
geoplugin_longitude
postal_code
country_code
LocalState
os_crypt
OsCrypt
encrypted_key
ToNjgsZ6j0p6XYM0Ke.xkqagFQDNBuaBrd680+Fy2COmEcfLP1k5RDey+d3aw6O76J95lwjqHAr`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]
Mi;;!j
%9^8=3
*qg,aq
ITr-41Kn
R^pI~Ron
"*rCd2
%? *U|
`|$'BmG
ROJW3]
2sd{^Z
}Nh.;Q
J1ETUb]9
~atkuM
:mmt3Ss
RB!<}w
so\.hc
_CorExeMain
mscoree.dll
Rfhn M
wwwwwwwwwwwww
wwwwwwwwwwwwwp
wwwwwwwww
wwwwww|
hOLM2H
#/z>,;
|Q!r@7S6
%n$&3|3,:
['4zM*8
2F$#9O*%=T.&?V1&?X2&>W1$<U.!6N+
0C%"8L'#;O(#:N("6J'
A0Ox@#;pI
yjgX?W/
x[1]qB
$`#$/z5(5
"X-#.xD*8
|gEEC58+.,N
#.m#$/p,&2x8)6
qP7vUDQX54hC
$s1"-z9'4
=>zo#2
?333333
?tE)!XU
?tE)!XU
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
WATAUAVAWH
A_A^A]A\_
@SUVWH
tc9t$puVL
COMCTL32.dll
StrToInt64ExW
StrToIntW
SHLWAPI.dll
GetLastError
LocalFree
CloseHandle
ReadFile
WriteFile
GetCommandLineW
SetConsoleCtrlHandler
SetProcessShutdownParameters
SetCurrentDirectoryW
GetSystemDirectoryW
SetErrorMode
ExitProcess
KERNEL32.dll
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
GetNamedSecurityInfoW
ADVAPI32.dll
CommandLineToArgvW
SHELL32.dll
OLEAUT32.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>PADDINGXXPADDING
qSetup
LibFusion
7PathFunc
SysUtils
eCharacter
KWindows
UTypes
SysInit
System
"RTLConsts
SysConst
YStrUtils
ImageHlp
cInstFunc
RedirFunc
CmnFunc2
VerInfo
AFileClass
Int64Em
6MsgIDs
Compress
Struct
*ShellAPI
3Messages
lTaskbarProgressFunc
dwTaskbarList
CUxTheme
SyncObjs
^Classes
sActiveX
QTypInfo
CVariants
$VarUtils
CommCtrl
DwmApi
5Themes
&Controls
Consts
EActnList
+Graphics
8Registry
IniFiles
vMenus
ImgList
Contnrs
MultiMon
StdActns
nComCtrls
3CommDlg
(ShlObj
UrlMon
?WinInet
RegStr
ComStrs
Printers
WWinSpool
GraphUtil
ListActns
dStdCtrls
ExtCtrls
Dialogs
RHelpIntfs
WideStrUtils
ToolWin
RichEdit
Clipbrd
FlatSB
ARestartManager
FolderTreeView
nUxThemeISX
NewProgressBar
NewCheckListBox
BidiUtils
6TmSchemaISX
FComObj
qComConst
uPSUtils
SpawnClient
BSpawnCommon
>SpawnServer
ResUpdate
RegDLL
NewStaticText
bBitmapImage
Helper
Logging
DebugClient
ScriptRunner
ScriptFunc_R
UninstProgressForm
CmnFunc
\BidiCtrls
NewNotebook
SetupForm
UIStateForm
SetupTypes
Wizard
Extract
NewDisk
oBrowseFunc
LZMADecomp
CompressZlib
ArcFour
#SelFolderForm
PasswordEdit
RichEditViewer
InstFnc2
Install
DebugStruct
SecurityFunc
TScriptDlg
ScriptFunc
uPSRuntime
@ScriptClasses_R
uPSR_comobj
(uPSR_extctrls
uPSR_stdctrls
JuPSR_forms
uPSR_controls
uPSR_graphics
uPSR_classes
uPSR_std
buPSR_dll
NuPSDebugger
SimpleExpression
SelLangForm
SetupEnt
RegSvr
,UninstSharedFileForm
Uninstall
D2009Win2kFix
SXPTheme
SafeDLLPath
!This program cannot be run in DOS mode.
`.data
@.reloc
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Common Administrative Tools
Common Programs
Common Documents
Common AppData
Administrative Tools
History
Cookies
Local AppData
AppData
My Music
My Pictures
Personal
DllGetVersion
shlwapi.dll
SHGetFolderPathW
shell32.dll
SOFTWARE\Microsoft\Windows\CurrentVersion
ProfileDirectory
Software\Microsoft\Windows\CurrentVersion\ProfileReconciliation
RegValue
RegKey
Default
MustBeRelative
DefaultDir
LocalFile
CentralFile
*windir
qWPWSh
WPWShx
WideCharToMultiByte
GetProcAddress
FreeLibrary
LoadLibraryA
GetVersionExA
MultiByteToWideChar
lstrlenW
lstrlenA
ExpandEnvironmentStringsW
GetWindowsDirectoryA
GetWindowsDirectoryW
LockResource
LoadResource
FindResourceExW
EnumResourceLanguagesW
GetSystemDefaultLangID
EnumResourceNamesW
lstrcatA
lstrcpyA
CompareStringW
CreateDirectoryA
CreateDirectoryW
GetLastError
ExpandEnvironmentStringsA
lstrcpynW
GetFileAttributesA
GetFileAttributesW
GetSystemDirectoryA
GetSystemDirectoryW
IsBadWritePtr
DisableThreadLibraryCalls
GlobalAlloc
GlobalFree
KERNEL32.dll
RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegOpenKeyA
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
AddAccessAllowedAce
LookupAccountSidW
GetAce
InitializeAcl
SetFileSecurityW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ADVAPI32.dll
SHFOLDER.dll
SHGetFolderPathA
SHGetFolderPathW
T3X3p3t3
44484P4T4X4l4p4t4
4=7t7}7
818G8c8t8
9%9:9b9
:/:J:V:j:~:
=>7>R>g>m>{>
70F0X0
1*1w1|1
819C9V9_9
dll\shfolder.dbg
TMainForm
MainForm
AutoScroll
ClientHeight
ClientWidth
clNavy
Font.Color
clWindowText
Font.Height
Font.Name
MS Sans Serif
Font.Style
OnCloseQuery
FormCloseQuery
OnKeyDown
FormKeyDown
OnPaint
FormPaint
OnResize
FormResize
PixelsPerInch
TextHeight
TNewDiskForm
NewDiskForm
BorderIcons
biSystemMenu
BorderStyle
bsDialog
Caption
ClientHeight
ClientWidth
Font.Color
clWindowText
Font.Height
Font.Name
MS Sans Serif
Font.Style
Scaled
OnCloseQuery
FormCloseQuery
PixelsPerInch
TextHeight
TBitmapImage
DiskBitmapImage
Height
TNewButton
CancelButton
Height
Cancel
Caption
ModalResult
TabOrder
TNewButton
OKButton
Height
Caption
Default
ModalResult
TabOrder
TNewButton
BrowseButton
Height
Caption
TabOrder
OnClick
BrowseButtonClick
PathEdit
Height
TabOrder
TNewStaticText
PathLabel
Height
Caption
FocusControl
PathEdit
TabOrder
TNewStaticText
SelectDiskLabel
Height
AutoSize
Caption
ShowAccelChar
TabOrder
WordWrap
TSelectFolderForm
SelectFolderForm
BorderIcons
biSystemMenu
BorderStyle
bsDialog
Caption
SelectFolderForm
ClientHeight
ClientWidth
Font.Color
clWindowText
Font.Height
Font.Name
MS Sans Serif
Font.Style
Scaled
PixelsPerInch
TextHeight
TNewButton
CancelButton
Height
Cancel
Caption
ModalResult
TabOrder
TNewButton
OKButton
Height
Caption
Default
Enabled
ModalResult
TabOrder
TNewButton
NewFolderButton
Height
Cancel
Caption
Enabled
TabOrder
OnClick
NewFolderButtonClick
PathEdit
Height
TabOrder
OnChange
PathEditChange
TNewStaticText
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.a59ca1678fc13f5d
CAT-QuickHeal Clean
Qihoo-360 Win32/Trojan.Generic.GgIASacA
ALYac Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason malicious.c78316
Arcabit Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Clean
ESET-NOD32 Clean
Baidu Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky VHO:Backdoor.Win32.Agent.gen
Alibaba Clean
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc
ViRobot Clean
Tencent Clean
Ad-Aware Clean
TACHYON Clean
Sophos ML/PE-A
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Emsisoft Clean
Ikarus Trojan-Spy.MSIL.Agent
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Heur!.012124B1
Microsoft Trojan:Win32/Sabsik.FL.B!ml
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Clean
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.R429793
Acronis Clean
McAfee Clean
MAX Clean
VBA32 BScope.Trojan.Wacatac
Cylance Unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.Generic@ML.90 (RDML:NNOTjw1v9ZvpfaDaNW7e3g)
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit PE.Heur.InvalidSig
Fortinet Clean
AVG FileRepMalware
Avast FileRepMalware
CrowdStrike Clean
MaxSecure Clean
No IRMA results available.