Static | ZeroBOX

PE Compile Time

2049-05-06 01:57:08

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0001a0ec 0x0001a400 5.81650441504
.rsrc 0x0001e000 0x00010f1c 0x00011000 2.48767086827
.reloc 0x00030000 0x0000000c 0x00000400 0.0558553080537

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0001e100 0x00010828 LANG_NEUTRAL SUBLANG_NEUTRAL dBase III DBT, version number 0, next free block index 40
RT_GROUP_ICON 0x0002e938 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0002e95c 0x000003c0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0002ed2c 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
KDBM(
Y_c
Y_c
,.oy
v4.0.30319
#Strings
__StaticArrayInitTypeSize=10
<>9__0_10
<Id1>b__0_10
get_Id10
set_Id10
Entity10
__StaticArrayInitTypeSize=20
359A00EF6C789FD4C18644F56C5D3F97453FFF20
Entity20
__StaticArrayInitTypeSize=30
__StaticArrayInitTypeSize=40
FB10FF1AD09FE8F5CA3A85B06BC96596AF83B350
77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
A8F9B62160DF085B926D5ED70E2B0F6C95A25280
F413CEA9BAA458730567FE47F57CC3C94DDF63C0
<>9__0_0
<Id1>b__0_0
<DomainExists>b__0_0
<>c__DisplayClass0_0
<GetWindowsVersion>g__HKLM_GetString|11_0
<>9__1_0
<WriteLine>b__1_0
<GetDefaultIPv4Address>b__1_0
<>9__2_0
<Init>b__2_0
<>9__5_0
<Id3>b__5_0
<>9__8_0
<ListOfPrograms>b__8_0
<>9__9_0
<.ctor>b__9_0
<AvailableLanguages>b__9_0
<.ctor>b__0
<>o__0
<>p__0
718D1294A5C2D3F3D70E09F2F473155C4F567201
2FBDC611D3D91C142C969071EA8A7D3D10FF6301
<Id1>b__11
get_Id11
set_Id11
Entity11
sf34asd21
Entity21
5228E4D31C49B8491CE9A64B37F69147CCED17E1
989657DD93570810E43C5B1F68E529460CA796F1
<>9__0_1
<DomainExists>b__0_1
<>9__1_1
<GetDefaultIPv4Address>b__1_1
<scannedfiles>5__1
<Id1>b__1
<.ctor>b__1
<>p__1
Func`1
Nullable`1
IEnumerable`1
IOrderedEnumerable`1
CallSite`1
Task`1
ICollection`1
IEnumerator`1
IList`1
ChannelFactory`1
get_Id1
set_Id1
Entity1
__StaticArrayInitTypeSize=102
2A19BFD7333718195216588A698752C517111B02
__StaticArrayInitTypeSize=12
<>9__0_12
<Id1>b__0_12
get_Id12
set_Id12
Entity12
__StaticArrayInitTypeSize=22
__StaticArrayInitTypeSize=32
ConvertFromUtf32
Microsoft.Win32
ToUInt32
ToInt32
A937C899247696B6565665BE3BD09607F49A2042
__StaticArrayInitTypeSize=42
__StaticArrayInitTypeSize=152
__StaticArrayInitTypeSize=62
__StaticArrayInitTypeSize=72
__StaticArrayInitTypeSize=282
D67333042BFFC20116BF01BC556566EC76C6F7E2
EB7EF1973CDC295B7B08FE6D82B9ECDAD1106AF2
<>9__0_2
<Id1>b__0_2
<tokens>5__2
<DomainExists>b__2
<GetTokens>d__2
<>p__2
Func`2
KeyValuePair`2
get_Id2
set_Id2
LSIDsd2
aso0shq2
slkahs2
Entity2
04EC68A0FC7D9B6A255684F330C28A4DCAB91F13
get_Id13
set_Id13
Entity13
asdoiad0123
asd44123
sdf923
EB14352FBADB40E2FA237D444A6575B918573C43
4E3D7F188A5F5102BEC5B820632BBAEC26839E63
kadsoji83
sdfkas83
8C550EA96A693C687FFAB21F3B1A5F835E23E3B3
06F9FDEBE7AEF3F08523BDDDE7FCB7F4A217E7B3
387D8DBBFB12BA323F1E0F1F539B4DA9550070C3
C39241F447680C35D3966F9446AAE6D462E04AD3
79E9B68FB6E1987DED749BCD71143BD8EB323CE3
FCEAB39EEBEA9BEA6AC370A00D87E5EE20EC94F3
<Id1>b__3
<>s__3
Func`3
get_Id3
set_Id3
dvsjiohq3
asdk9y3
Entity3
4EF472E2E74116C7FD95C74AB422CCF80DB1C404
__StaticArrayInitTypeSize=14
get_Id14
set_Id14
Entity14
__StaticArrayInitTypeSize=24
sdfo8n234
gkdsi8y234
46884713B2F882E5304A1FF1B16370575A53E434
__StaticArrayInitTypeSize=34
sdfk8h34
asdlasd9h34
__StaticArrayInitTypeSize=144
__StaticArrayInitTypeSize=44
__StaticArrayInitTypeSize=154
93D9D319FF04F5E54F3A6431407A7B90388FDC54
FromBase64
ToInt64
99086C63443EF4224B60D2ED08447C082E7A0484
1076B53156E190E9BCBE281016712F2D3F02D3B4
<>9__0_4
<Id1>b__0_4
<file>5__4
get_Id4
set_Id4
fdfg9i3jn4
Entity4
EB2DB456E0D779E528D1474FA55AC99055A5E815
38F431A549411AEB32810068A4C83250B2D31E15
get_Id15
set_Id15
Entity15
askd435
A898408AA9A30B686240D921FE0E3E3A01EE91A5
<Id1>b__5
<>s__5
get_Id5
set_Id5
Entity5
__StaticArrayInitTypeSize=16
get_Id16
set_Id16
Entity16
410D551BF9DC1F0CF262E4DB1077795D56EEC026
E0CEB3E46E857A70CFB575A05B01A64806A8D426
__StaticArrayInitTypeSize=26
__StaticArrayInitTypeSize=36
__StaticArrayInitTypeSize=76
__StaticArrayInitTypeSize=6
80E5A0A2B81DB2473AFBB3FDD6F479670B7B41C6
<>9__0_6
<Id1>b__0_6
<match>5__6
get_Id6
set_Id6
Entity17
18B532EF2959EF2ED8C549D712E3446FF49E4287
007A56C60CB686C542C5A63F4806094A4F9494B7
89C95FB6F8086AFCCD50B1B257669F2B17C047B7
D82572C56BDDD62E320B8BDAF0397A0DF9DD5BF7
<token>5__7
<Id1>b__7
get_Id7
set_Id7
Entity7
__StaticArrayInitTypeSize=18
Entity18
__StaticArrayInitTypeSize=28
__StaticArrayInitTypeSize=38
__StaticArrayInitTypeSize=48
1A79939AEFF161E557D02CB37CD9A811ABCAF458
__StaticArrayInitTypeSize=58
__StaticArrayInitTypeSize=78
1938FDF81D9EFE09E9786A7A7DDFFBD755961098
DF08DD4DFFDB6C9048202CAE65882EF91ECE6BA8
9B88C78E81ADB9E7247AB37D1F5F3861810916D8
46F273EF641E07D271D91E0DC24A4392582671F8
get_UTF8
<>9__0_8
<Id1>b__0_8
get_Id8
set_Id8
asdkadu8
Entity8
BCEF86DAFC99BA02019A51909C079A7A31931909
Entity19
20CB5B8963ECE3D796594F043D66C0E0BAD86669
2B9522D4F7398AB5DB789596FE5DB90589B031E9
<Id1>b__9
get_Id9
set_Id9
Entity9
<Module>
<PrivateImplementationDetails>
8743F6DD6877BBC815E9F16BEC59057DD1A89B0A
96D6CB223DCF17F7C9F93C825239BDAA3634674A
A3EFD00EA085079EE7F97407F8EFF07E3990696A
4C1117B01D5C4E103EE817F889EC547C63B47B7A
A9139732ED4CF84F8CE948DCB134114E4F24598A
BEDDFAEB0360B1694AB8CD2A69986414790A1D9A
4CDA4454A3C36A7EBDCF8FE8B804B379A31D33CA
LoadLibraryA
EBD075615CBE4A710F9410FFECEAF6110A01922B
DF2BDC3975DC25BFAFFA4976E9CD1E38AADF463B
9D9AF3AE11A58D55EB8A6AEC8F03F7AD01E8994B
5BB3788A197C26B8310159EC9A81635814ABB05B
0410277C15CAD5E63A25F491DAEEF493B897678B
81E046FA1D93B661CC948A4DD1E01F20D6192E9B
28F794B091ED92F57BFC80EA32B18AF3A8183ADB
7FD227EEE2F38A50CFD286D228B794575C0025FB
4369729D8B79D0C651E00137A3B22A1A24DEBB4C
5F2F91D44A21E42A979E24B620CF42F2CB8687EC
System.Drawing.Drawing2D
FD4C77C0C4405C6A46E5C3CE53E0AE6BAEE7746D
6353B688B99A3543932AA127DAA0E48FBC646BBD
B5B4FA236B87DBCD8055443F05776B10DDEFA5CD
6F66485AF823BAE1F185740DA7F4F595701CD22E
E3E8284EDCB98A1085E693F9525A3AC3D705B82E
571B1023DF3ABFB94C92465B365B1814FEBFAB3E
459812D18B50C8E5F96831EFD700F962F692D29E
71E427369E07185AE0407E3FAB1A16ED62BD159E
95098CDF929872F9B67E58070D088F8238F7CABE
CE18B047107AA23D1AA9B2ED32D316148E02655F
4B05CEBD7D70F1607D474CAE176FEAEB7439795F
8C49F78A06E711CF0E21134D0B091985336CC37F
501BADE98ACDE8BF4A0424FD9A4354615FF08C7F
B14D74C51EAE4F88FBF39B8BD07DA392799FCAAF
7BF285852D43939E0FBD7B6C5592189AF986E8BF
3DB6DAD76E13B54DC03AF1C6092C40388E57FBBF
get_ASCII
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
get_JSON
FromJSON
ToJSON
OpenVPN
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO
BCRYPT_OAEP_PADDING_INFO
BCRYPT_PSS_PADDING_INFO
System.IO
BCRYPT_KEY_LENGTHS_STRUCT
value__
cbData
ProtectedData
bEncryptedData
cbAuthData
pbAuthData
mscorlib
DecryptBlob
System.Collections.Generic
get_Id
get_ManagedThreadId
<>l__initialThreadId
pszAlgId
get_SessionId
set_MaxBytesPerRead
get_CurrentThread
GetDecoded
BytesToStringConverted
<Id10>k__BackingField
<Id11>k__BackingField
<Id1>k__BackingField
<Id12>k__BackingField
<Id2>k__BackingField
<Id13>k__BackingField
<Id3>k__BackingField
<Id14>k__BackingField
<Id4>k__BackingField
<Id15>k__BackingField
<Id5>k__BackingField
<Id16>k__BackingField
<Id6>k__BackingField
<Id7>k__BackingField
<Id8>k__BackingField
<Id9>k__BackingField
<irrpre>k__BackingField
<Main>k__BackingField
<PassedPaths>k__BackingField
<os_crypt>k__BackingField
<First>k__BackingField
<encrypted_key>k__BackingField
RecordHeaderField
ReadToEnd
CreateBind
method
Discord
sdf934asd
asdk9345asd
adkasd8u3hbasd
kkdhfakdasd
sdfk38jasd
asdk8jasd
sdfm83kjasd
asdaid9h24kasd
sdfk83hkasd
sdf9j3nasd
asdasod9234oasd
a9duh3zd
NetworkInterface
Replace
IsNullOrWhiteSpace
CreateInstance
cbNonce
pbNonce
source
set_Mode
FileMode
set_SmoothingMode
chainingMode
SessionMode
X509CertificateValidationMode
set_CertificateValidationMode
set_InterpolationMode
set_TransferMode
set_PixelOffsetMode
SecurityMode
SelectSingleNode
XmlNode
xmlNode
get_Unicode
get_BigEndianUnicode
FromImage
MessageBoxImage
set_Message
get_CurrentInputLanguage
AddRange
EndInvoke
BeginInvoke
ReadContextTable
IEnumerable
IDisposable
Visible
ToDouble
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
Rectangle
ReadFile
profile
hModule
get_Name
procName
fieldName
tableName
fileName
ChromeGetRoamingName
get_EnglishName
ChromeGetLocalName
get_FullName
ItemName
get_UserDomainName
get_UserName
ChromeGetName
GetProcessesByName
get_DisplayName
filename
DateTime
get_CreationTime
AppendLine
WriteLine
get_NewLine
Combine
LocalMachine
DataProtectionScope
dataProtectionScope
OperationContextScope
pszBlobType
ChangeType
ValueType
MessageCredentialType
set_ClientCredentialType
GetType
get_PropertyType
blvnzcwqe
FileShare
Compare
System.Core
get_irrpre
get_CurrentUICulture
get_Culture
get_InvariantCulture
get_CurrentCulture
GetImageBase
ItemBase
WebResponse
GetResponse
System.IDisposable.Dispose
Reverse
get_ServiceCertificate
Create
MulticastDelegate
DebuggerBrowsableState
LocalState
<>1__state
Delete
CallSite
DynamicAttribute
CompilerGeneratedAttribute
UnverifiableCodeAttribute
DebuggableAttribute
DebuggerBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
SecurityPermissionAttribute
ObfuscationAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DataMemberAttribute
EnumMemberAttribute
CompilationRelaxationsAttribute
DataContractAttribute
ServiceContractAttribute
OperationContractAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ParamArrayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
ToByte
get_Value
GatherValue
get_HasValue
GetValue
SetValue
ReadContextValue
Remove
Querns.exe
get_Size
cbSize
_pageSize
set_MaxReceivedMessageSize
ChangeSize
_sqlDataTypeSize
MaxAuthTagSize
set_MaxBufferPoolSize
newSize
GetVirtualDisplaySize
Serialize
Deserialize
Resize
SizeOf
get_ItemOf
IndexOf
sdfi35sdf
authTag
get_Png
System.Threading
NetTcpBinding
_dbEncoding
GetEncoding
get_CurrentEncoding
System.Drawing.Imaging
FileScanning
System.Runtime.Versioning
ToString
GetString
GetHexString
Substring
System.Drawing
ConvertToULong
scannerArg
Search
GetMd5Hash
ComputeHash
dbPath
profilePath
GetFolderPath
rootPath
get_Width
get_VirtualScreenWidth
get_Length
dwMinLength
set_MaxJsonLength
set_MaxStringContentLength
get_RowLength
dwMaxLength
set_MaxArrayLength
StartsWith
set_MaxDepth
AsyncCallback
callback
IsLoopback
PreCheck
PresentationFramework
AllocHGlobal
FreeHGlobal
get_Local
Marshal
X509CertificateRecipientClientCredential
cbLabel
pbLabel
System.ServiceModel
CreateChannel
IContextChannel
maxLevel
kernel32.dll
System.Xml
EntityReaderSql
FileStream
GetResponseStream
MemoryStream
Program
get_Item
get_Is64BitOperatingSystem
phAlgorithm
HashAlgorithm
Random
RootNum
rowNum
op_LessThan
TimeSpan
CopyFromScreen
get_PrimaryScreen
get_Main
set_Main
get_FileVersion
dwInfoVersion
GetWindowsVersion
get_Authentication
X509ServiceCertificateAuthentication
get_Location
System.Net.NetworkInformation
UnicastIPAddressInformation
GatewayIPAddressInformation
pszImplementation
System.Globalization
System.Runtime.Serialization
System.Web.Script.Serialization
SecurityAction
System.Reflection
InputLanguageCollection
MatchCollection
UnicastIPAddressInformationCollection
GatewayIPAddressInformationCollection
PathsCollection
ManagementObjectCollection
RequestConnection
connection
SearchOption
searchOption
CryptographicException
NotSupportedException
InvalidOperationException
System.ServiceModel.Description
StringComparison
MessageBoxButton
CompareTo
FileInfo
fileInfo
TimeZoneInfo
CultureInfo
pPaddingInfo
FileSystemInfo
RegionInfo
FileVersionInfo
GetVersionInfo
CSharpArgumentInfo
DirectoryInfo
PropertyInfo
IsLocalIp
Bitmap
MessageSecurityOverTcp
Microsoft.CSharp
asdak83jq
System.Linq
InvokeMember
GetSerialNumber
MessageHeader
CreateHeader
AddressHeader
ConfigReader
XmlReader
StreamReader
XmlTextReader
MD5CryptoServiceProvider
OpenAlgorithmProvider
ConnectionProvider
IFormatProvider
provider
StringBuilder
dataFolder
SpecialFolder
FullInfoSender
PartsSender
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
Buffer
GameLauncher
FileSearcher
ManagementObjectSearcher
FileCopier
EnvironmentChecker
Invoker
IPv4Helper
GdiHelper
SystemInfoHelper
CryptoHelper
ToUpper
CurrentUser
GetDelegateForFunctionPointer
adapter
BitConverter
EntityResolver
ToLower
JavaScriptSerializer
IEnumerator
ManagementObjectEnumerator
System.Collections.Generic.IEnumerable<Entity5>.GetEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
Extractor
.cctor
connector
RosComNadzor
IntPtr
base64str
sdkf9h234as
set_ReaderQuotas
XmlDictionaryReaderQuotas
Graphics
System.Diagnostics
Fields
get_Bounds
GetGraphicCards
GetAllNetworkInterfaces
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
get_ChildNodes
AvailableLanguages
get_InstalledInputLanguages
languages
Matches
EnumerateDirectories
GetDirectories
_masterTableEntries
_tableEntries
GetIPProperties
IPInterfaceProperties
GetProperties
ExpandEnvironmentVariables
remoteFiles
GetFiles
profiles
GetSubKeyNames
hardwares
softwares
expires
ListOfProcesses
processes
get_UnicastAddresses
get_GatewayAddresses
StripQuotes
FromMinutes
_fileBytes
ConvertToBytes
GetBytes
GetLogicalDrives
CSharpArgumentInfoFlags
CSharpBinderFlags
dwFlags
configs
settings
get_PassedPaths
set_PassedPaths
FindPaths
browserPaths
AddMonths
get_Ticks
System.Threading.Tasks
Locals
get_Credentials
ClientCredentials
System.ServiceModel.Channels
ListOfPrograms
System.Windows.Forms
GetTokens
domains
Contains
System.Web.Extensions
System.Text.RegularExpressions
System.Security.Permissions
System.Collections
StringSplitOptions
searchPatterns
patterns
Querns
get_Chars
get_OutgoingMessageHeaders
defenders
scanners
RuntimeHelpers
installedBrowsers
GetBrowsers
browsers
SystemParameters
loginPairs
GetProcessors
FileAccess
success
GetCurrentProcess
GetDefaultIPv4Address
IPAddress
get_Address
GetProcAddress
EndpointAddress
address
System.Net.Sockets
AllWallets
Arguments
Supports
get_Exists
DomainExists
get_OperationalStatus
System.Windows
arrays
Concat
AppendFormat
ImageFormat
Extract
ManagementBaseObject
hObject
ManagementObject
cbKeyObject
pbKeyObject
object
Select
Unprotect
System.Net
Target
System.Collections.IEnumerator.Reset
GetOffset
offset
get_Height
get_VirtualScreenHeight
set_RecursionLimit
cbSalt
GetValueOrDefault
pcbResult
IAsyncResult
MessageBoxResult
__result
System.Management
XmlElement
get_DocumentElement
dwIncrement
SqlStatement
Environment
XmlDocument
NetworkInterfaceComponent
System.Collections.Generic.IEnumerator<Entity5>.Current
System.Collections.IEnumerator.Current
System.Collections.Generic.IEnumerator<Entity5>.get_Current
System.Collections.IEnumerator.get_Current
<>2__current
Content
get_Count
set_MaxNameTableCharCount
OsCrypt
get_os_crypt
set_os_crypt
StringDecrypt
TrimStart
Convert
MemoryImport
WebRequest
XmlNodeList
ToList
get_First
set_First
set_Timeout
set_SendTimeout
set_CloseTimeout
set_ReceiveTimeout
set_OpenTimeout
timeout
cbInput
pbInput
cbOutput
pbOutput
FileExt
StringExt
UserExt
MoveNext
System.Text
cipherText
get_InnerText
chiperText
ReadFileAsText
cbMacContext
pbMacContext
ReadMasterOfContext
OperationContext
StartNew
get_Now
kasdihbfpfduqw
endIdx
startIdx
startIndex
rowIndex
MessageBox
OrderBy
display
oldArray
InitializeArray
ToArray
FromBase64CharArray
ToCharArray
get_Key
OpenSubKey
chromeKey
stringKey
bMasterKey
hImportKey
RegistryKey
get_encrypted_key
set_encrypted_key
System.Security.Cryptography
GetExecutingAssembly
get_AddressFamily
SelectMany
BlockCopy
entropy
LoadLibrary
CollectMemory
get_Factory
TaskFactory
ChannelFactory
get_Directory
baseDirectory
CreateDirectory
get_SystemDirectory
profilesDirectory
RegionsCountry
Registry
op_Equality
op_Inequality
System.ServiceModel.Security
System.Security
set_Security
NetTcpSecurity
Entity
CreateDnsIdentity
EndpointIdentity
IsNullOrEmpty
GetProperty
pszProperty
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
Exclude
Feature
preset(normal);-renameT
StripAfterObfuscation
Microsoft Visual Studio
Visual Studio Installer
Visual Studio
(Microsoft Corporation Copyright
2021
15.9.28307.1440
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4:
ApplyToMembers
Exclude
StripAfterObfuscation
Exclude
StripAfterObfuscation
Entity8T
Namespace
Entity&
Entity9T
Namespace
Entity'
Entity10T
Namespace
Entity'
Entity11T
Namespace
Entity'
Entity12T
Namespace
Entity'
Entity13T
Namespace
Entity'
Entity14T
Namespace
Entity'
Entity15T
Namespace
Entity'
Entity16T
Namespace
Entity'
Entity17T
Namespace
Entity&
Entity2T
Namespace
Entity&
Entity1T
Namespace
Entity&
Entity3T
Namespace
Entity&
Entity4T
Namespace
Entity
EntityTUwSystem.ServiceModel.SessionMode, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SessionMode
Entity5T
Namespace
Entity&
Entity7T
Namespace
Entity
LocalState
OsCrypt
os_crypt
encrypted_key
_CorExeMain
mscoree.dll
V3=2V3=
V3=4V3=
V3=XV3=
V3=6V3=
V3=}V3=
V3=8V3=
V3=7V3=
V3=:V3=
V3=YV3=
V3=<V3=
V3=>V3=
V3=;V3=
V3=?V3=
V3=`V3=
V3=AV3=
V3=#V3=
V3=DV3=
V3=CV3=
V3=EV3=
V3=iV3=
V3=GV3=
V3=+V3=
V3=IV3=
V3=KV3=
V3=yV3=
V3=MV3=
V3=OV3=
V3=RV3=
V3=TV3=
V3=UV3=
V3=XV3=
V3=[V3=
V3=~V3=
V3=\V3=
V3=~V3=
V3=^V3=
V3=~V3=
V3=aV3=
V3=~V3=
V3=cV3=
V3=~V3=
V3=eV3=
V3=~V3=
V3=IV3=
V3=hV3=
V3=~V3=
V3=FV3=
V3=GV3=
V3=jV3=
V3=~V3=
V3=FV3=
V3=lV3=
V3=~V3=
V3=HV3=
V3=nV3=
V3=~V3=
V3=%V3=
V3=BV3=
V3=qV3=
V3=~V3=
V3=3V3=
V3=|V3=
V3=sV3=
V3=~V3=
V3=3V3=
V3=uV3=
V3=~V3=
V3=2V3=
V3=?V3=
V3=wV3=
V3=~V3=
V3=/V3=
V3=wV3=
V3=zV3=
V3=~V3=
V3=.V3=
V3=|V3=
V3=FV3=5V3=
V3=~V3=
V3=,V3=
V3=;V3=
V3=~V3=
V3=%V3=
V3=?V3=
V3=~V3=
V3=+V3=
V3=tV3=
V3=;V3=
V3=~V3=
V3=(V3=
V3=UV3=
V3=;V3=
V3=~V3=
V3='V3=
V3=8V3=
V3=$V3=
V3=;V3=
V3=~V3=
V3=&V3=
V3=pV3=
V3=;V3=
V3=~V3=
V3=$V3=
V3=XV3=
V3=;V3=
V3=~V3=
V3="V3=
V3=5V3=
V3=&V3=
V3=;V3=
V3=~V3=
V3= V3=
V3=kV3=
V3=;V3=
V3=~V3=
V3=V3=
V3=[V3=
V3=;V3=
V3=~V3=
V3=0V3=
V3=(V3=
V3=;V3=
V3=~V3=
V3=eV3=
V3=;V3=
V3=~V3=
V3=]V3=
V3=;V3=
V3=~V3=
V3=*V3=
V3=;V3=
V3=~V3=
V3=;V3=
V3=~V3=
V3=`V3=
V3=;V3=
V3=~V3=
V3=,V3=
V3=;V3=
V3=~V3=
V3=;V3=
V3=~V3=
V3=cV3=
V3=;V3=
V3={V3=
V3=.V3=
V3=;V3=
V3=zV3=
V3=;V3=
V3=zV3=
V3=fV3=
V3=;V3=
V3=zV3=
V3=0V3=
V3=;V3=
V3=zV3=
V3=;V3=
V3=zV3=
V3=;V3=
V3=zV3=
V3=)V3=
V3=;V3=
V3=zV3=
V3=]V3=
V3=;V3=
V3=zV3=
V3=;V3=
V3=zV3=
V3='V3=
V3=;V3=
V3=zV3=
V3=ZV3=
V3=;V3=
V3=}V3=
V3=;V3=
V3=~V3=
V3=%V3=
V3=;V3=
V3=~V3=
V3=WV3=
V3=;V3=
V3=~V3=
V3=;V3=
V3=~V3=
V3=#V3=
V3=;V3=
V3=~V3=
V3=TV3=
V3=;V3=
V3=~V3=
V3=mV3=
V3=;V3=
V3=~V3=
V3=6V3=
V3=!V3=
V3=;V3=
V3=~V3=
V3=QV3=
V3=;V3=
V3=~V3=
V3=sV3=
V3=;V3=
V3=~V3=
V3=;V3=
V3=V3=
V3=;V3=
V3=~V3=
V3=V3=
V3=OV3=
V3=;V3=
V3=~V3=
V3=!V3=
V3=xV3=
V3=;V3=
V3=~V3=
V3="V3=
V3=?V3=
V3=;V3=
V3=~V3=
V3=$V3=
V3=LV3=
V3=;V3=
V3=~V3=
V3=&V3=
V3=|V3=
V3=;V3=
V3=~V3=
V3=(V3=
V3=BV3=
V3=?V3=
V3=~V3=
V3=)V3=
V3==V3=4V3=
V3=~V3=
V3=+V3=
V3=~V3=
V3=-V3=
V3=FV3=
V3=~V3=
V3=/V3=
V3=}V3=
V3=~V3=
V3=/V3=
V3={V3=
V3=~V3=
V3=,V3=
V3=JV3=
V3=xV3=
V3=~V3=
V3=QV3=
V3=vV3=
V3=~V3=
V3=LV3=
V3=tV3=
V3=~V3=
V3=MV3=
V3=OV3=
V3=qV3=
V3=~V3=
V3=RV3=
V3="V3=
V3=oV3=
V3=~V3=
V3=nV3=
V3=~V3=
V3=kV3=
V3=~V3=
V3=hV3=
V3=~V3=
V3=gV3=
V3=~V3=
V3=dV3=
V3=~V3=
V3=bV3=
V3=~V3=
V3=`V3=
V3=^V3=
V3=[V3=
V3=ZV3=
V3=XV3=
V3=UV3=
V3=SV3=
V3=zV3=
V3=RV3=
V3=OV3=
V3=3V3=
V3=NV3=
V3=tV3=
V3=LV3=
V3=MV3=
V3=JV3=
V3=+V3=
V3=IV3=
V3=kV3=
V3=GV3=
V3=EV3=
V3=EV3=
V3=%V3=
V3=DV3=
V3=eV3=
V3=AV3=
V3=AV3=
V3=AV3=
V3=#V3=
V3==V3=
V3=cV3=
V3=3V3=
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
3!4"5%627B8E:H;M<\=]Q^
STU"V$WAXAYAZA[A\A]A^A_A`AaAbAcAdAeAfAgAhAiAjAkAlAmAnAoApAqArAsAtA
LEnvironmentogiEnvironmentn DatEnvironmenta
Environment
WSystem.Texteb DatSystem.Texta
System.Text
CoCryptographyokieCryptographys
Cryptography
ExtGenericension CooGenerickies
Generic
OFileInfopeFileInfora GFileInfoX StabFileInfole
FileInfo
OpLinqera GLinqX
ApGenericpDaGenericta\RGenericoamiGenericng\
Network
Extension
UNKNOWN
cFileStreamredFileStreamit_cFileStreamardFileStreams
FileStream
cookies.sqlite
GetDirectories
Entity12
EnumerateDirectories
String.Replace
String.Remove
bcrFileStream.IOypt.dFileStream.IOll
FileStream.IO
BCrstring.EmptyyptOpestring.EmptynAlgorithmProvistring.Emptyder
string.Empty
BCruintyptCloseAlgorituinthmProvuintider
BCrUnmanagedTypeyptDecrUnmanagedTypeypt
UnmanagedType
BCrhKeyyptDeshKeytroyKhKeyey
BCpszPropertyryptGepszPropertytPropepszPropertyrty
pszProperty
BCEncodingryptSEncodingetPrEncodingoperEncodingty
Encoding
BCrbMasterKeyyptImbMasterKeyportKbMasterKeyey
bMasterKey
windows-1251
Microsoft Primitive Provider
ChainingModeGCM
AuthTagLength
ChainingMode
ObjectLength
KeyDataBlob
net.tcp://
localhost
9ea6953ac0aefa4f612b65f2d391a27e
Authorization
DRszFDsbNxwjMwJTPgszUyM9AR8OJSNQOAZTVA==
FycoKDsGU1Q=
Caravaning
Yandex\YaAddon
*wallet*
ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZu
\TeEnvironmentlegraEnvironmentm DEnvironmentesktoEnvironmentp\tdEnvironmentata
string.Replace
%USERPFile.WriteROFILE%\AppFile.WriteData\RoamiFile.Writeng
File.Write
Handler
%USERPserviceInterface.ExtensionROFILE%\ApserviceInterface.ExtensionpData\LocaserviceInterface.Extensionl
serviceInterface.Extension
ProldCharotonVoldCharPN
oldChar
nSystem.CollectionspvoSystem.Collections*
System.Collections
UNIQUE
Armenia
Azerbaijan
Belarus
Kazakhstan
Kyrgyzstan
Moldova
Tajikistan
Uzbekistan
Ukraine
Russia
https://api.ip.sb/ip
SELSystem.Windows.FormsECT * FRSystem.Windows.FormsOM WinSystem.Windows.Forms32_ProcSystem.Windows.Formsessor
System.Windows.Forms
roSystem.Linqot\CISystem.LinqMV2
System.Linq
SELSystem.LinqECT * FRSystem.LinqOM WinSystem.Linq32_VideoCoSystem.Linqntroller
AdapterRAM
SOFTWARE\WOW6432Node\Clients\StartMenuInternet
SOFTWARE\Clients\StartMenuInternet
shell\open\command
Unknown Version
SELESystem.ManagementCT * FRSystem.ManagementOM WiSystem.Managementn32_DisSystem.ManagementkDrivSystem.Managemente
System.Management
SerialNumber
SELSystem.Text.RegularExpressionsECT * FRSystem.Text.RegularExpressionsOM Win32_PSystem.Text.RegularExpressionsrocess WSystem.Text.RegularExpressionshere SessSystem.Text.RegularExpressionsionId='
System.Text.RegularExpressions
FileSystem
SSystem.ELECT * FRSystem.OM WiSystem.n32_ProcSystem.ess WherSystem.e SessiSystem.onId='
System.
ExecutablePath
Concat0 MConcatb oConcatr Concat0
Concat
SELEMemoryCT * FMemoryROM WiMemoryn32_OperMemoryatingSMemoryystem
Memory
{0}{1}{2}
SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
CSDVersion
Unknown
Network\
String
Replace
0.0.0.0
@autofillProfilesTotal of RAMVPEntity12N
AppData\Local\
[^\u0020-\u007F]UNKNOWN
Local State
ProcessId
1*.1l1d1b
Profile_%appdata%\
logins
{0}\FileZilla\recentservers.xml
%appdata%\discord\Local Storage\leveldb
\tdata
MB or
[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
profiles\Windows\
user.config
{0}\FileZilla\sitemanager.xml
cookies.sqlite
\Program Files (x86)\
config
0123468800
displayName
Nametdata
SELECT * FROM
\Program Data\
AFileSystemntivFileSystemirusPrFileSystemoduFileSystemct|AntiFileSystemSpyWFileSystemareProFileSystemduct|FireFileSystemwallProdFileSystemuct
*ssfn*
DisplayVersion
%localappdata%\
-*.lo--gLocalPrefs.json
OpHandlerenVPHandlerN ConHandlernect%DSK_23%Opera GXcookies
//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeROOT\SecurityCenter
ROOT\SecurityCenter2Web DataSteamPath
waasflleasft.datasf
Extension Cookies
CommandLine
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Cookies
TotalVisibleMemorySize
Software\Valve\SteamLogin Data
ID: waasflletasfv11
NumberOfCores
\Program Files\
Opera GX Stable
nameProfile_Unknown
, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext
//settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueLocal Extension Settingsmoz_cookies
User Data
windows-1251, CommandLine:
DisplayName
NordVpn.exe*NoGetDirectoriesrd
*.vstring.Replacedf
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Visual Studio Installer
CompanyName
FileDescription
Microsoft Visual Studio
FileVersion
15.9.28307.1440
InternalName
Querns.exe
LegalCopyright
Microsoft Corporation Copyright
2021
LegalTrademarks
OriginalFilename
Querns.exe
ProductName
Visual Studio
ProductVersion
15.9.28307.1440
Assembly Version
15.9.28307.1440
Antivirus Signature
Bkav W32.AIDetectNet.01
Lionic Clean
tehtris Clean
DrWeb Trojan.PWS.StealerNET.125
MicroWorld-eScan Trojan.GenericKDZ.94427
FireEye Generic.mg.80d473e74ef0af5c
CAT-QuickHeal Trojan.GenericFC.S29514937
ALYac Trojan.GenericKDZ.94427
Cylance Unsafe
VIPRE Trojan.GenericKDZ.94427
Sangfor Clean
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKDZ.94427
K7GW Trojan ( 700000121 )
K7AntiVirus Trojan ( 700000121 )
Arcabit Trojan.Generic.D170DB
BitDefenderTheta Gen:NN.ZemsilF.36276.km0@aapAZPf
VirIT Trojan.Win32.PSWStealer.ETI
Cyren W32/MSIL_Kryptik.ITJ.gen!Eldorado
Symantec Trojan.Whispergate
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Spy.RedLine.A
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.Generic-9933689-0
Kaspersky HEUR:Trojan.MSIL.Agent.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Stealer.Agent!1.DC63 (CLASSIC)
Sophos Mal/Reline-B
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition GenericRXQA-AF!80D473E74EF0
Trapmine Clean
CMC Clean
Emsisoft Trojan.GenericKDZ.94427 (B)
Ikarus Trojan-Spy.RedLineStealer
Jiangmin Clean
Webroot Clean
Google Detected
Avira HEUR/AGEN.1252166
MAX malware (ai score=81)
Antiy-AVL Trojan[Spy]/MSIL.RedLine
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Microsoft Trojan:MSIL/Redline.R!MTB
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.MSIL.Agent.gen
GData MSIL.Trojan-Stealer.Redline.G
Cynet Malicious (score: 100)
AhnLab-V3 Infostealer/Win.RedLine.C5321976
Acronis suspicious
McAfee GenericRXQA-AF!80D473E74EF0
TACHYON Clean
VBA32 Trojan.MSIL.InfoStealer.gen.U
Malwarebytes Spyware.PasswordStealer.MSIL
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Trojan-Psw.Win32.Stealer.16000501
Yandex Trojan.Agent!pTjNyoR0y4g
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Agent.DFY!tr
AVG Win32:PWSX-gen [Trj]
Cybereason malicious.83707e
Avast Win32:PWSX-gen [Trj]
No IRMA results available.