Static | ZeroBOX

PE Compile Time

2022-11-08 02:39:22

PE Imphash

520e49367515fc0f38f619960f084b81

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000d2ba 0x00000000 0.0
.rdata 0x0000f000 0x000019ec 0x00000000 0.0
.data 0x00011000 0x0005da3c 0x00000000 0.0
.vmp0 0x0006f000 0x00099b0d 0x00000000 0.0
.vmp1 0x00109000 0x000afdee 0x000b0000 7.91825776245
.rsrc 0x001b9000 0x0002b0d4 0x0002c000 3.0222711113

Resources

Name Offset Size Language Sub-language File type
RT_GROUP_ICON 0x001b9058 0x0002b07c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data

Imports

Library KERNEL32.dll:
0x51c000 GetVersionExA
0x51c004 GetVersion
0x51c008 OpenThread
Library USER32.dll:
0x51c010 CharUpperBuffW
Library KERNEL32.dll:
0x51c018 GetModuleFileNameW
Library KERNEL32.dll:
0x51c020 GetModuleHandleA
0x51c024 LoadLibraryA
0x51c028 LocalAlloc
0x51c02c LocalFree
0x51c030 GetModuleFileNameA
0x51c034 ExitProcess

!This program cannot be run in DOS mode.
`.rdata
@.data
ExitProcess
@6q&|R_)
Ce>8^q
sIVhkv
|S"s,-j~
d>xqpfQ&
z<Top\
cYhuo
tn1#Bt
[l <st
HHWGo\
.UI@nWpZ
{[DG*k
sdT;PIX
3t=M]"e
5|aUb-$
UhP5|<I0O
C,6Xd"k
mj6wl$
W2hTg{
hdRMREJ
&&RgfM
~h-*+c
&| CZ|L
X\jogefK
E?>If]
Y1K|an5
n5\|9e
|mWN_"
m&(F@kR6
&2;Tsg
j>mGFOr
)=>d;>k\
4 dk|i
b84IJkh
,h;50W
8f^{b-
"TV~t4
6S5La
Xb&V4O
Fj*d`
3#v6NK|mBU;
_X|8ze%d
V7Kl6];L
^|jV7b
lm8t)4
t$NkcR
F!>tv
&"pLyE(
tOshmH
tRR7&S
]\L5@Fj
j$f4eDXT4d
c=(Sk<
jCf3e#X
{f|QVD
k8qfhU
&Ex;t[
v=vgxr
n@|J]"
tD(\6L
sgw6dL
j0gve0
2;OT$|
[Ob5[OHk
wKVkBj
$}j:}u
($ ?4E
2wTjy;R
P+Dp~v
=D_QLu
656ZUxU
dN}54h@X
eTEXx`
tlZ%4RwbV
Pvs2`u>f
ez|h3d
BF`FH>(H
&H6xG&
FH"h(\
=hmRzw$
vSfxj5r
hb{dXn
gd:YuM
upMnvUT
*&#u,LY
5^3NXu
dk^<ns_^H"
u*,+JG
v\~#<\
bZf?~t u
Vkv+D
db;YqT
H#1d0v
^! [l*
Xr7WbK
.r,']o
v(<aG~
7aSIZq:2
bboWfP
"Ly|6zd
(hFsg$Q
%t4p;v4
l#E#pa D
"X'[!?ZO
(h}N<<
[ZAj&!X
\3HAWz
CXCRJO
egVVjF
LDk!<cY(
&OK5RGw
5Rm~+>
`20[0L
uxQ0~'
B6Ph)`r
F<Ufk8
o\mcbag5le
7/g,Z:
WC=67F
:>}Y7kZ
P#XnxT"<
20U2`kw
,gehR:
WlH|i_
U8{ U0{
\xe'\Pe_\He
8Nw>(8bO4H
e?\a#
xa8jPM
*4JYg&
mw~ltA
aSL.E$
%'V9UV=kX7yhK'{S
cs-ArN
]Hr|]v3
Nf8+(~
> k.o|
ifu{O0
!bI#8Ok8M
;~J978?
.GtZK77RO
O=N`pJ
&V>O\8
)lh@\l8
P8H^KL
Fb8jwAt
|LUT8d
|eDX04
0|wUW8?
HfLgxv?.
$Ff3e[Xc4
'eyXc4=
=T{#:FG
[L!#E24
<6-284
?<gg?Of
>pMV(j
W]MC6|
X`eHXP4x
8e(XX4H
`HePXx4
%;e9X?4=
nUeGXM4k
[Ye_Xp4
%dQUfSx
!'%;9?=*Q)
_t<<L2
D@oBf+
Ht6p@)
K^!;/`
NOVzc5C:
;mMyN#O
y~9P:$
Dc1wM"N
IxIPIHI
!OMGN_OWX/J
-C#sMANSO!P
D%iMyNAOSP1I
PbI\JRW
_;Rtq{V
IzI:yc-w:R
PC:oJXR
I(I8_ }
lJ'I?I7W
IpWhq'x
vUf|8x
~<L~QF
QyErfzX
le4,UVV
He\XB8
}(v''W
d+fC{vx<t|
-xk51h
2U`&xtSr|
efXz4d
hEDbj&`
&lTUV&XtK\
4LeDX\4T
lUd8tL
3KeCXS4
Yt0Z[9
UhurB$4
OpenThread
(Vq5Tq{
Z+;e.GER^
`@C:YF
2)3Qw%
<qg-y3h_
.u{]~w
vVf4D<
rfL~QF#l
4w{nhF
}X<2fx&lZ,
%fHn|`
kdSuGmf<8
b@C<>c^
xG;\44
{|zu@X
VtfxD4$
esX_4;
C@I)|/v
%`k7UF{5U
Iu*(4f
LWm)-78
UM)i9wJNU
`k%$ v0
F:":^F
5GL.&
Pz?tcL
4o_~(8N}
LocalAlloc
^nEALxo
)E%i~
u)o?5_]
-/ig=-s
,[jvg?
&2n>4^
Wjm.qA
V|$.)K
EbVXzc
v#P{dM
Un'7qM
Es#=x)
16jsvzd
+YH;pR
LocalFree
A;J:T9
H!Osi5
\yDs"Y
8uggaz'
fx%>^J\p.
2nbe9c,v
EB&t{s
GetVersion
K0+!7i
D$$h[}u
JHC);^
j`IG8m+
D$,98R
GetModuleFileNameA
A+"6al
2Ecc*&
P7$QvF2
/user32.dll
0MmI.e
Tp+[BK
0=;)x?h
/:0Z x
3TBwe0
eo)6=V
o7S2>aR
I_/EE;
USER32.dll
==a3,O
24R|];
*va`q,
pj%>jz
p+6k*8
8"!3i|
6<Kd86sI
K~c91j
T*^h5W,
/jfL`@
$]1m2hq
TP{GCb5#
)t<q+`
(9YWRH
oDf=eg
k#x7-i
MMk&ah
j9$h
o4tn[qy
8TG|kk
)]3l0l&&
((~b>?+h
[Kzn3L
*w5pn3L
GR+5?r
ZrI@ ,
AwD02v@
[+@^o
ht$nxT
xOm"5d
KERNEL32.dll
[ebd$7
bjAL8m
GetModuleHandleA
,b9r,\o#
$$mqIH
?Nr'G8i^P|/Y.
GetVersionExA
$ ^nEFT
%t$ t
CharUpperBuffW
GetModuleFileNameW
xG!E%77L
{$Q1/t
)Z*{nPJ
gKwUY?
LoadLibraryA
({thS
^|d|XdJJ
&WTuh%dP|
\?YL`}4g
|]Tj>V
Qp|fOhmad
oV}1r2
#(~s2x
6{j}+?V2
q+gZMKs7#Hs4I
dz&v4GtFlk
aUR$zT
We|4.
)psB^3y|
}s;6xC
v[{\%Ud
XfTCeUL
LZVU_
wBX#1d
B"t/xU
~mT}J
t",Cc?
&|QedC
z!}Rld
jk$_9w
h,xi]a
vrf|5$
KNYy[$
8=amV^
(+.:MV
?E&Ewf
f[2lj.qa
<jFnF0bkR
Xwme:d
ClxsIi
vRfu @x
J'xr{F
l+CaeX
[n;X8}
:;emsW
k\<CNR
PxEb@~
-7@dG|` 4
L([c1K
tO&93!
FTF"v|,S
'[Ldws|
lk;;*AS
44sD4D6
5Y#)gF
b*vjfxz
Hx=90]
_[vE=z
]ydRVl
l}4Y2LY
;KNEMDvL
,v>4nD
p&eh|Ev
tp@Hr;O
ZxGMI(
oP$C`z
'_S6;T\e
T?ipco
m~s5dA7
S1-;<8
%pAqjaL
Ea:s@}
N&5r#C
EH@ywC
X-/cd|Kq
f8Zf}v<+^
^ rI8;
8!v"a-
fsP1@z
1>qTH
J;#bqFb
/VQESgn
oPSh_&
``|&L,
_n1D:9l#v
<UCTLm
F(qnpha
85Lzn\N
B=?XE"
\6|F0Rl`
;|(8j$
jQ>xjt
eB*W")
>jw8Fu
fLU\8l
%tYnr"h
kW7Ddc
Xg3X'j
FSjCUf38#
u305d"F)
m<SnLX
F48 Tc
Nlgc~q
~mspzJr
k3SpUU0
=>q2cY
_~2Gv8H
6x^,-Vl
B6H+T`\7bQ
Xqb(cS
ELpr^q
<V%*rf$S}
r,dlmt
cdP$a6d
><^VPw
{RO=y/
~8L`:H=&
ljsy&+
*hS"bH
'+yuQJ
4(>aLu
i,xF s
Krm#{{pX
no|Xzn
_$`fqS
n$9ykVs
h8i^iR
6`|\P>
n#Ab~[
m}lwwP
lNqq3{
Jt#tX2
jHjm*n
VU>D,M
8jX|GN
UQr~"6r
k86FS|`
[6bkCC6kKs
lD2$U0{LV,
nEj<fLX\4l
jCUf38#
f|JxD&
rc@ck\
5J~J`&
&|}p4J
o<7zen5nB
5pjsMxH
h}DwqjS
zemLJj
D8wtl.}
&{8.co
aTpgR4u{
AzL@lw
$&daeQ"
,Jkv6I
BW@TF;^|ld
T8Y{0-
}#L$2_#A
uy'M:xb
6NK{~C
>[\.S{Ci8~
YB>KM
8u{XEqcv>}
aSb>8=b
m=~=;qZP9OaH
`joi;n
Vp)l7z
}+cwyG
BG$fD
VT)x(4
fhbdnpj
lVXRT^`Z
\FHBDNPJ
L6824>@:
<&("$.0*
crfL^~QFlc
8u=xkv
7vSx}v
{egacmoi
kUWQS]_Y
[EGACMOI
K5713=?9
;%'!#-/)
w,|<4LL
0H8kZL6P
f.U"8(
e>Uf*p.
#eKXS4c
<4eLXD4\
e;XK4S
uC{:fi
8SUt1,6
L1yx5N
tw<TxeTE6Lf
|dUP8$M
KAtrP=)q
DzxS8Q
v9J0I@
K{v|D,
4p=O V
bRPJk8
|te\X~4n
f&hDkb
lETVXXGtt\6
+e;XC4k
e+Vft2
_230FVd!%
}(8b"fd
eXn3Js
dB3xr`
(%;b,@z
}v:?D,
kl8Mqp
)zR1'k_
-0eWav
_*T-ki
v|IfU/
pB@cE6O
G+j"!8
_FevQZ
mH_cJCrzi
k,;<]v
J<!4Lvb&=
86_.y!
O(*6,p
zjZU7r
M.z5[l
j(lf@3
}d3vI!
:x{y}D
VrBxd0
jL7!h:
SMNyT>
hBXCZR
[9UE}}
]K*`P)
aW:4,h
LdeD4=ll
L5f8Ex
,9RqwZ
8L,MRxue
aACTds(
=q_"8{
F7jL:N
;nlY.h`
z'76v,
aeSXb[
7lqUf(
MLJ$j[
R"Bx3x,
(2<Jo!
O](P'J
`<CDkY
B>-K5A{c
LTmW$`
xW~&/C
<*r;SHY
`trGa/
jHmvcj
$'c.9(
hkQlopc
m?t4_T
QMy:vBJ
+KP_(t
Nvtw`+;
Lxa+9!
klqsWj
*9g}un
J^/,y@
G]pa:[}
YbrwCf
#)x?D>
>l8[K3
\.bxH`I
fzf7xq
L&j/m
{3"v,m
g$v]Kt
w!N23[
4NxVi&
vs!a-
EkvJ`mc
M[igIhLd
g(h ,@b
:Fvsdf
|2T!)%;0"
3y"k-b
$=;hknj
B9Z)%JD
{wnXRf
03Rku`
+gdiuvQ
/&*\]q
qfIm#;
,I^F=z
F;yo}7
n!(r<}
I3MKNm
d)P|]Z
{y.xbV
z4+ZX|K
me>J-|
p!!xUB)
Xt@DAJ
$Yu,xfk
7'jhpT
CElIL{W
Df>kl:
vY\{TL
pGzm+K
bqy(7,
8rxr^%J
-ARxpd.
3cfJui
DG`~:&
>HBrV{
tkEP C
X?W$Rrp
@.3!hf
^ty=48
N{6sk:
pFKs%KfQR
>V/Lld
H{fJYZ
/)r'_^Y
`'ikAf
|u24/K
ZJ%[&)
qQMO;&2
+jAwhm
IK&}v<
kXz!Kv9
pV.(*9^
t~{v2D
gIJqN9
Uu;"NA
pRyzt/
0j4FYSKMi
`pKoTU
L&Bvu
AP_uN?
L&+K@[Nk
8xYmJ:
z*"DvF
5rG/A;
zW+iYz
n}u$^<r
NK@#($
[XBgyx
vB!rsS)^0
a7mhg
=N!IV%
jT+YJM
SvJJ/?
GzJ,K+
.?`|h9
N3Kb$@1
p5*H%V
bCvq_c+
|]<&Yv>{Uh
tuo*wJ
zn&0dh
$uqLjy
FvKl~]
q5Cr/P
L!%ZLm
u9#r":"
4.nFHz
vj!h1:A
fgxK&:4
v6qJVi
!s4t|jw
K?f~cG
EksLmw
V^%x`
"YEa.:
%\,YWv{
6^=;};ZM
]xxL[+
1jcm/L
zqjMQh1g
NdzFed
DL|.?]
.:TqD<
+$x([9
\Ver(n
GvquO/
zdVJP)
`IYyzW
YdMK>!<
Rz-BlZ
(;dWj[9
Sfj&C[
zD1-_5
q9Q+&C
zmvb|I
%`J7_E
aidpBf
Jv*3=
DTW?N[
,rguRG
hxb,:0
0~2x=k
}wFUvx
kLmsw9
Ex[_L@
F+~/{#2
o@cdkO
Mw(ofei
8u\7cz
aDl*)
A1BE;l_Tz
\Rk!uE
qU~B~h
)v>mc4
k{FO<
eB`d;4
B1vI_54~
DcN~<
v.do2ug
rgxarzCK
j= M;4
zlX!ef
6<'QX[
5Z ;B^
$5&)."
}szTR{
%;~(Lr
M^gv'q
exVgdm
h*{t&y
p4r4k.j
oq3?rS
b?5R)V
AdNoE
Oa}$2w5
p@DiZ*
`qML[O
,8&K;G
*9J>t?
z,UH"Y
?ot8;)T\ys
vjRprRv
aA;/hO^$Y
|)Q]Dz$j
JU^wo@
q3qVj;;*
RzKq;I%o
Y_,}x%
~/5 ofX
?f\mX#
:Fc>z_
>vyP6E
M-xS+)
2;cGbf
m$n-0J)j
<'d!I6
GSvJY.
r)4y2(z
-2RTo!
gCIl4<
rS+;8z
URxy@'u
Qs@=AM
!&"7qn
vfLBB#
\;`W;TG
xD-Fwy
y<0vm]/
4yWpd'L
M51jl\2
6KC;5=
x2dRW]O
Y_It}Q
dhFv3+
$y~km}u
%,X<;Xzf
eG*!;m
!>;y#1
\ FeI)S
I%1uYis
ohKw9M
kXm-H"
MJn9ei
4}h?[d
d~!!-~
CR-T!=y
7IrK4:
{/7r5W
Zvu >j
}+u*&`
c>ttaW
v!gOpnl
:\MQ?2Stg
<(&uvcs
A_%>peU
z3D/%j
pTi(]K.
3;tgzGI
rZFo1i
Z-r6"K
cC|.liXo
UFa}K<C
Mr3N8w5
nV/J&f
$AlPFj
?oNjR7
KU/7T(;
9Kp/KD7
f-O:eY
JHgz/>
#0mF<vV
0D.UNV
P(u_!z
}!z>l>
f9X0Jz$o
@m_iuC
X_Gr!~
jR@_8;0
6KBFTph
R~Tj~5
]efkK6
M4*m)5
d]fY<I
,otdx_&z
)wO[wdWk'mDz
BHNl1]
T+Wv:-
t,<]U{
u?w]!L
U'beJ5
&h4KQFY
OR6)-
ubSZgI
IyA$g~
0(J&5'r
:8^w!o
?\4v*g
'HC>T=
w?LZkX
8!DT33
5$6L0S:}vl
pQCQ<v/
!FAZy2
cp6l7N
@2r{}OM
==[Tv]rm
+>Omb*3
rK-19R
-Dtcfsx
-LzqVZ
k*LAy
2`w8/T
dOl<.k
|q|4PP!
M:@L'z
=z20H%
?,KP x
1FhCE(
8Gicx'IU
r8M[h
PypmF%
vpb6PFKA
N0&*HWEr
M2@Y+T
vqf0ya}
O$KXN
_/)$3=
Lz1z3f
G0ghNt
ARN^*H
,>Am)P
f:ISUl
"o4|*r
V6G9>$
{\_~KW
zhx|BA:
\7CU{3
D~qw+JT
9hkI Cg
@:9?,`nP
MV,1Wf
rHAl'7
,#suzFsV
85L@&O
|Ifc9W
PFLrmA
^MdK.U
hq!TKu
zNdAxm
]j|arx
pxKHU
$rxPqO
>n#l'ji
<FUsgdz
|Wz(nR+
|zr(LiV
7$j].K
l@{uXv
%9v1KH
z^wK\+
uzvVes
hw]%xL
po"J0=U
%Yr<O.
)ewd5+l
y)wRCm
iE>vM/+
UGXv"r
A$24 d
RXy]z(
I(L}+a
p7[s&
B'xp|pO
k`ypGp
{=*7+V
`g%Tu$3
v/-[:
s[OKy
tx_1P5
l$k2[pl
=!";ZMH
!Fb&Kws
5-8&nz
<DCv_zz
\I(_mz8
nsN}0^
Dt)T=>pyR
vkSerqr,L
p;GQu'
9FvI;1
eRd~>B
K9uaj&
W|pY2dn
Ufsz>5wv
mE9J;^
hj]a}.e
^In:y(
z'7;]xp@x
~,]dr-X
~osn<7|.
V}a;t{|Y
apv#>M!
T?! ;`
v{z&2
A^Hj{>
Uxbzf}t[
t$p8bk
zxH,!\
_+Gq^,
{s'3e0
rf}>+=
`{-*>
=.xG&
1*>280v
%5g;REZ@
%~z,4&
!r5IO0f
fGoFg5
Mhbl3[
zz5+Fw
{7X p-
|31)JrTN
rD+YW{
,QlX<2dPp
r~vcl-
qQfGjb
ajUV+t
#@t$`#
-{~?3m
i&5Lqvk
KP3Z,q
z{9/oc
+)udJlJ
jNwo26
5Ttr^%
Rh P:z/$
/RL8WP0
Ct-Nsp[
s1DGp,
2LBIz^
t`30T|ju
>l}}I*K
:v8\kx
2;zt~uk
zN)GbP
Ze4J^c
6+Dw%z
&2>UugI
Z3q<8s
G:!\ ,
qWx%y@
vx>#)7K
\XPCyq
na&.tut
j;\_Zu
)vR 7MQ
r]o(@`-j
Azlorub
w3Kz};D
?e`t<K
)+~SJ4Y
4I"!Ji
BUh8%~vI
_,/Zjf
uzQ]4-,
n%Td+3,
xqH,vk
p<D+hv
]vU,@|
RDH@Kiez
w"h]i1
_z!YWr
C'ejG(&X
MJJ cK
oSHd\L&
x/*f%
>ph6Q8
Vwb]h|
uZ%;@LJ
ix4PYju;
3j\S\R
E$:|Q[
He![N-
PN<`@+NM
L@Nv$/
xDvR,
t}\zMCSh
jv38Gd
:~lb(v
h G{[!
Qy#1+G
Q4'S;s9
6,^kw~
|+IvE=x
VA_ctW
kGjAWG
vQ}&G
8RXhb$
/A$Tot]Yv H
bhw}LWv
|oU.ki
T|vCj*
>jg!e-
qGgvfE
?586;%
pX2"K',
kQym26
#k`R_p
pjsfxhPz
(@rEVs4
jy;(fT
aL,#2*l
@tqKa,
&5;({k
!Cvj.=1
nvv3YU
t(B]Z^
kdOM;#M}
VzL$,J
mT={p3
1p)P|dfH
PdN{{V</
L#N_*b
R?N]t
CE[KL?2
WxdkY&
wzCL<j
4{$xh-
I3h5~@
`x$)VY
xlJCv,
ZRQ#M;q
p5Qw|2
SG]I~:
0fYe3^
!Hz4':
Z,)H@z
q%Ht\`
QNg;L*
,~h1Z`z
rTjeU3
N@%z*Q
EkJz-1
uBZ&<1/
>M&rhY
=AjI+Hhx
mS;zDj
Kg?>tk
>Plv#-4
F<6d*!6
v<VLn[A
8$"q}J
bUjwxlzgD
9/ZK6"
#zaeSXbn0
|"/st)+
e8ftr,
hOBjAW
:jX|dp
L:\@>K;b
J9Gd,zq'p
g@#|mv
p'@5@=
Y1uTGZ
4TO2v0
jz(3y
6{_] ^
,w3EzM
;GKzmbj
0?>,"Q
8>`c:1
TV8%7w
L~LZAU
kg,Prd
ND`6=8p
o@d/vu
oruc(D
JN)GVs
tlzJ,9b
/=:s7L
Ye*NRr
1&z}:V
6b@\ `
oCA.P'
uD]~f
{'..xN
>3D<,]
de-DGN
lhvx`u
JZ=;M2
r|rsA<
%Or*9C
oKFpKD7V
v n986_
|}Y[8r
7'u=,lN
p~^qk@
yf&s.I
2pEC!v~
ja6%4@
CKT`.>H
o}v"C_
rExyTS
X0czjA
8X1&9J{
"b&Lk7q
|t5WEe
ptiBz/
~tLR%g
?Be}{w1
4~C/evc
ys]&9k
"-2.H4
|&p5`
o{J@%0a
i_0?6r=
o8&@xTpvi
`vp!u/
\{TQqPZx
ms4'Mx
'{VD`o
b={\qK
#L*YL4z
vdG%kL
<d4a*C
dYdB[1
?T-2]$
PFEO8aI
<"/SCN
0 $E1rN
BxbfrT
6Lp'y
rms2 ,
R|.',0
rxmFo:K
{]C`aQ
96#Mj}
ar$HWGT0<
3{tud (Y
BJkz0:P
UIvGnf
N Ge*=Vj
C"$x
`\;te|
]{0k,v
b~?Kta-i
W:SVQdx
3{Li3*
/f*xg`!
lG'#NO
B`_py[
>_pou|;
\f}1B.zv
):[i~P
Y+52%@
mB4tqz
aCf:I(
(49xNL%
1Lpv;`
oTWzp&
arw."Nv
sv/ '#
9Coq%Ir+
eg{~\,"L
TzVy>I+
BOv\"<
04{OMN
',/!.q
{sL50<
pqvJbN
9\szW[
]M$OZ;kg
r,\7G+#
ZN(Negu"pH
R)USvS
z<LY)5
I5;NA>#
},-MTS
EWxRbj
m$Mrid
1p*V_X
Z!%GtaW
G5W%Y\
E]&AjjY
4MBsAJ
as}xQ{we]
_g8h0'
zf}d1W
)p0;%
u~rZgBl
N*iNSu
1~kdc,
bxRKa=|
'YR~\=
{X;[Nzu
7R]S=5
:UQ} ,
"=\;yo
|h)8b+_
j^>4h{
RG9n\<
dHCo#lu
Ic8s-^xb
2n9::9
Nz.cP+
O~&!F?X
GUpqai
]e4nEm
7>cD?u
RK"JB]
W!c?K.cZx
0dh1Ij}
ja`q.
<gk%p/
8h0MB.
hU'RMhG
D$<hOV03
pPephttps
pldap
pPephttp
pfile
WFA Hotspot 2.01'0%
Hotspot 2.0 Trust Root CA - 030
131208120000Z
431208120000Z0P1
WFA Hotspot 2.01'0%
Hotspot 2.0 Trust Root CA - 030
LWdO%b
+H/@9.
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
061110000000Z
311110000000Z0l1
DigiCert Inc1
www.digicert.com1+0)
"DigiCert High Assurance EV Root CA0
:8P[w1
AA"Nea
Unizeto Sp. z o.o.1
Certum CA0
020611104639Z
270611104639Z0>1
Unizeto Sp. z o.o.1
Certum CA0
Washington1
Redmond1
Microsoft Corporation1B0@
9Microsoft ECC Development Root Certificate Authority 20180
180227203058Z
430227203856Z0
Washington1
Redmond1
Microsoft Corporation1B0@
9Microsoft ECC Development Root Certificate Authority 20180v0
4http://www.microsoft.com/pkiops/Docs/Repository.htm
GlobalSign Root CA - R61
GlobalSign1
GlobalSign0
141210000000Z
341210000000Z0L1 0
GlobalSign Root CA - R61
GlobalSign1
GlobalSign0
PmBf/M
'YLv9[
Entrust, Inc.1(0&
See www.entrust.net/legal-terms1907
0(c) 2009 Entrust, Inc. - for authorized use only1200
)Entrust Root Certification Authority - G20
090707172554Z
301207175554Z0
Entrust, Inc.1(0&
See www.entrust.net/legal-terms1907
0(c) 2009 Entrust, Inc. - for authorized use only1200
)Entrust Root Certification Authority - G20
DigiCert Inc1
www.digicert.com1 0
DigiCert Global Root CA0
061110000000Z
311110000000Z0a1
DigiCert Inc1
www.digicert.com1 0
DigiCert Global Root CA0
hn\#2K
f}s#Q{[
US1%0#
Starfield Technologies, Inc.1200
)Starfield Class 2 Certification Authority0
040629173916Z
340629173916Z0h1
US1%0#
Starfield Technologies, Inc.1200
)Starfield Class 2 Certification Authority0
qQ<0._
US1%0#
Starfield Technologies, Inc.1200
)Starfield Class 2 Certification Authority
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
100119000000Z
380118235959Z0
Greater Manchester1
Salford1
COMODO CA Limited1+0)
"COMODO RSA Certification Authority0
HCgNr*
N4hRF\
GlobalSign nv-sa1
Root CA1
GlobalSign Root CA0
980901120000Z
280128120000Z0W1
GlobalSign nv-sa1
Root CA1
GlobalSign Root CA0
US1)0'
Internet Security Research Group1
ISRG Root X10
150604110438Z
350604110438Z0O1
US1)0'
Internet Security Research Group1
ISRG Root X10
qiJffl
AB_g$H
Greater Manchester1
Salford1
Comodo CA Limited1!0
AAA Certificate Services0
040101000000Z
281231235959Z0{1
Greater Manchester1
Salford1
Comodo CA Limited1!0
AAA Certificate Services0
2http://crl.comodoca.com/AAACertificateServices.crl06
0http://crl.comodo.net/AAACertificateServices.crl0
Baltimore1
CyberTrust1"0
Baltimore CyberTrust Root0
000512184600Z
250512235900Z0Z1
Baltimore1
CyberTrust1"0
Baltimore CyberTrust Root0
CTh`xWiM
<dc:title>
>Print</rdf:li>
f:Alt>
Description rdf:
xmpGImg="http://
pplication/pdf</
http://ns.adobe.
com/xap/1.0/"
/1.0/g/img/">
-08T18:49:43+05:
</rd
nts/1.1/">
dc:format>
<dc:format>a%
<rdf:!
-
<rdf:)
</rdf:Descript1
xmlns:xmp="=
xmlns:9
about=""
E
ns.adobe.com/xapA
<xmp:MetaM
</dc:title>
lns:dc="http://pU
dataDate>2011-12Q
]>>/Page
url.org/dc/elemeY
<rdf:li xml:e
lang="x-default"a
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
090318100000Z
290318100000Z0L1 0
GlobalSign Root CA - R31
GlobalSign1
GlobalSign0
,3:;%
0?1$0"
Digital Signature Trust Co.1
DST Root CA X30
000930211219Z
210930140115Z0?1$0"
Digital Signature Trust Co.1
DST Root CA X30
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
130801120000Z
380115120000Z0b1
DigiCert Inc1
www.digicert.com1!0
DigiCert Trusted Root G40
]J<0"0i3
v=Y]Bv
PAq=?Mp#
L?n(Zy&
QuoVadis Limited1%0#
Root Certification Authority1.0,
%QuoVadis Root Certification Authority0
010319183333Z
210317183333Z0
QuoVadis Limited1%0#
Root Certification Authority1.0,
%QuoVadis Root Certification Authority0
.$T@$8
!https://ocsp.quovadisoffshore.com0
Reliance on the QuoVadis Root Certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certification practices, and the QuoVadis Certificate Policy.0"
http://www.quovadis.bm0
QuoVadis Limited1%0#
Root Certification Authority1.0,
%QuoVadis Root Certification Authority
}MQpxW
00.ico
00.ico
00.ico
00.ico
DigiCert Inc1
www.digicert.com1 0
DigiCert Global Root G20
130801120000Z
380115120000Z0a1
DigiCert Inc1
www.digicert.com1 0
DigiCert Global Root G20
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
990709183120Z
190709184036Z0
Salt Lake City1
The USERTRUST Network1!0
http://www.usertrust.com1
UTN-USERFirst-Object0
1http://crl.usertrust.com/UTN-USERFirst-Object.crl0)
ECS1ECS2
ECS3ECS40
ECS5ECS6B
ECDPECDV
ECK1ECK2
PROCESSOR_ARCHITECTURE=x86
__COMPAT_LAYER=Installer
PROCESSOR_ARCHITEW6432=AMD64
ProgramData=C:\ProgramData
USERDOMAIN_ROAMINGPROFILE=N1
ProgramW6432=C:\Program Files
HOMEPATH=\Users\Administrator
ALLUSERSPROFILE=C:\ProgramData
PSModulePath=C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
PSModulePath=C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
">
<rdf
windir=C:\Windows
:RDF xmlns:rdf="
http://www.w3.or
g/1999/02/22-rdf
PUBLIC=C:\Users\Public
5M0MpCehiHzreSzN
Tczkc9d"?>
-syntax-ns#">
SESSIONNAME=Console
<rdf:Descrip
tion rdf:about="
NUMBER_OF_PROCESSORS=20
<</Length 4504
4/Subtype/XML/Ty
USERNAME=Administrator
pe/Metadata>>str
LOGONSERVER=\\N1
ZES_ENABLE_SYSMAN=1
PROCESSOR_LEVEL=6
dobe:ns:meta/" x
pmeta xmlns:x="a
PROCESSOR_REVISION=9702
P Core 5.0-c060
61.134777, 2010/$
02/12-17:32:00
egin="
" id="W,
SystemRoot=C:\Windows
<?xpacket b0
:xmptk="Adobe XM<
4O0-%i1
[:DSBt
0Q~nPMC
1DD}9Se
xm|
<</Metadata 2 8
<</D<</ON[5 0 R T
Order 177 0 R/RBl
0 R/OCPropertiest
1 0 ob
54 0 R 176 0 R]/
0 R]>>/Pages 3
5 0 R 54 0 R 176
0 R/Type/Catalog
Groups[]>>/OCGs[
endobj
2 0 ob
0ZXWFlaW1xdXl9WZ
KBry4/PE&#xA;1OT
O9ehV.
\REGISTRY\USER\S-1-5-21-3663381481-973154884-531017070-500
\REGISTRY\USER\S-1-5-21-3663381481-973154884-531017070-500
ManualNewWord.dll.2.Config
\REGISTRY\USER\S-1-5-21-3663381481-973154884-531017070-500
\REGISTRY\USER\S-1-5-21-3663381481-973154884-531017070-500
zh-Hans
\REGISTRY\USER\S-1-5-21-3663381481-973154884-531017070-500
\REGISTRY\USER\S-1-5-21-3663381481-973154884-531017070-500
\REGISTRY\USER\S-1-5-21-3663381481-973154884-531017070-500
\REGISTRY\USER\S-1-5-21-3663381481-973154884-531017070-500
\REGISTRY\USER\S-1-5-21-3663381481-973154884-531017070-500
\REGISTRY\USER\S-1-5-21-3663381481-973154884-531017070-500
Buypass Class 2 Root CA
TrustedPeople
DigiCert Baltimore Root
Sectigo (UTN Object)
GlobalSign Root CA - R1
DigiCert Global Root G2
GlobalSign Root CA - R3
Thawte Timestamping CA
QuoVadis Root CA 2 G3
GlobalSign Root CA - R6
RSA/SHA256
RSA/SHA256
RSA/SHA256
RSA/SHA256
RSA/SHA384
RSA/SHA256
SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider
http://crl3.digicert.com/sha2-assured-cs-g1.crl
http://crl4.digicert.com/sha2-assured-cs-g1.crl
C:\Users\Administrator\Desktop\vm\kernel32.dll
C:\Users\Administrator\Desktop\vm\kernel32.dll
SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider
C:\Users\Administrator\Desktop\vm\kernel32.DLL
C:\Users\Administrator\Desktop\vm\kernel32.DLL
C:\Users\Administrator\Desktop\vm\kernel32.dll
SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider
C:\Users\Administrator\Desktop\vm\kernel32.dll
SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider
ECDSA/SHA384
TF_ThreadMgr
lsapolicylookup
ECDSA/SHA384
\??\C:\Users\Administrator\Desktop\vm\3005.qmananan.exe
C:\Program Files (x86)\SogouWBInput\5.5.0.2580\Data
\??\C:\Users\Administrator\Desktop\vm\3005.qmananan.exe
Microsoft ECC Product Root Certificate Authority 2018
Microsoft Time Stamp Root Certificate Authority 2014
\??\C:\Users\Administrator\Desktop\vm\3005.qmananan.exe
\??\C:\Users\Administrator\Desktop\vm\3005.qmananan.exe
\??\C:\Users\Administrator\Desktop\vm\3005.qmananan.exe
\??\C:\Users\Administrator\Desktop\vm\3005.qmananan.exe
\??\C:\Users\Administrator\Desktop\vm\3005.qmananan.exe
C:\Windows\SysWOW64\cryptnet.dll
\??\C:\Users\Administrator\Desktop\vm\3005.qmananan.exe
Software\Policies\Microsoft\SystemCertificates\trust
System\RemoteTextInputProcessorDefault1
C:\Program Files (x86)\SogouWBInput\5.5.0.2580\Data
RSA/SHA256
RSA/SHA256
RSA/SHA256
07CEF2F654E3ED6050FFC9B6EB844250_
B398B80134F72209547439DB21AB308D_
ACF244F1A10D4DBED0D88EBA0C43A9B5_
B2FAF7692FD9FFBD64EDE317E42334BA_
3FE2BD01AB6BC312BF0DADE7F797388F_
C8E534EE129F27D55460CE17FD628216_
GlobalSign Code Signing Root R45
07CEF2F654E3ED6050FFC9B6EB844250_
VeriSign Class 3 Public Primary CA
07CEF2F654E3ED6050FFC9B6EB844250_
Entrust.net
RSA/SHA256
DigiCert
VeriSign
DigiCert
C:\Users\Administrator\Desktop\vm\
Antivirus Signature
Bkav Clean
Lionic Clean
tehtris Clean
MicroWorld-eScan Gen:Trojan.Heur.RP.kzZ@bSjE9Ykb
FireEye Generic.mg.ef4a2bb28bee4196
CAT-QuickHeal Clean
McAfee Clean
Cylance unsafe
VIPRE Gen:Trojan.Heur.RP.kzZ@bSjE9Ykb
Sangfor Trojan.Win32.Agent.A02q
K7AntiVirus Trojan ( 7000001c1 )
BitDefender Gen:Trojan.Heur.RP.kzZ@bSjE9Ykb
K7GW Trojan ( 7000001c1 )
CrowdStrike win/malicious_confidence_100% (W)
BitDefenderTheta AI:Packer.EDAA4FEB1F
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/Packed.VMProtect.ABO
Cynet Malicious (score: 100)
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Generic@AI.100 (RDMK:cmRtazoLb3Z0aDToUkpQRn1XQhqL)
TACHYON Clean
Emsisoft Gen:Trojan.Heur.RP.kzZ@bSjE9Ykb (B)
Baidu Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.tm
Trapmine malicious.high.ml.score
CMC Clean
Sophos Mal/VMProtBad-A
SentinelOne Static AI - Suspicious PE
GData Gen:Trojan.Heur.RP.kzZ@bSjE9Ykb
Jiangmin Clean
Webroot Clean
Avira TR/Crypt.XPACK.Gen
Antiy-AVL Clean
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Heur.RP.ED8E8F
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Farfli.DSK!MTB
Google Detected
AhnLab-V3 Trojan/Win.Farfli.R562279
Acronis suspicious
VBA32 BScope.Backdoor.Farfli
ALYac Gen:Trojan.Heur.RP.kzZ@bSjE9Ykb
MAX malware (ai score=81)
Malwarebytes Malware.AI.1768574864
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Win32.Trojan.Crypt.Lajl
Yandex Clean
Ikarus Trojan.Win32.VMProtect
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Zard.30!tr
AVG Win32:RATX-gen [Trj]
Avast Win32:RATX-gen [Trj]
No IRMA results available.