Static | ZeroBOX

PE Compile Time

2022-09-30 23:44:51

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0000e724 0x0000e800 5.67075888729
.rsrc 0x00012000 0x000007ff 0x00000800 4.88486615034
.reloc 0x00014000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000120a0 0x000002cc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0001236c 0x00000493 LANG_NEUTRAL SUBLANG_NEUTRAL exported SGML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Action`10
<Main>b__0_0
<Read>b__0
<GetText>b__0
<SetText>b__0
<Read>b__2_1
IEnumerable`1
CallSite`1
List`1
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
X509Certificate2
ToUInt64
ToInt64
ToUInt16
ToInt16
HMACSHA256
get_UTF8
<Module>
FWachwCqJsMLNA
ikRrnNIyoiSTA
qhkjaPvkdVA
cJYjHBdwqPVSKdA
rmRSOfzMxMNiA
sbzWtOCCOMWjA
SystemParametersInfoA
ENZXrfYUSpA
opvNeHNaVwQJGvetA
BEggacnryA
WBzfuQLMmojlgTAB
aWWXLYqHjRBB
bezJVivOwatmFB
HOErHZtewCGB
ZdHotmAfpdGB
iKFPUfvHWB
PvVVSQsWXgZB
TdIUNFftgfB
ZtgHYTzQijXoB
phoeJLkoaDxPocuB
xgUfMvIOFQMJC
fxqYGERDSoiJC
bEQachqbKC
wKKyaHMSvOiyOC
IfFXqKLGzkXC
VzXskQnhuiQMFaC
AseeKEunbC
SYyIzWZKtkBnC
eBUMNvhWSlpC
OoqEMZfvzvC
ivziHTYgbiYUBD
MapNameToOID
get_FormatID
jCRxhwXfebSLD
xEEOptiohfJFPMD
fmCEGzFudCRzOD
VykJQmkvUQD
MsNhBbmbSVRD
lxxuuaHYTYD
RZcZtweJZD
BMmdNDFAjXdD
JsCGIFtPzpdD
XoMllMfTcrD
zkddewyLTepMzD
ihOldMTcXzD
OMBzswIbrLFCE
pzPcmUdsqmGE
XvCwEXVEHE
ncxSLESmimLHE
YbaofFPQudE
adbKMpAWfoHeE
UJmEBoSRmlZOhnE
lAOxtkFdQfsE
kpQiIXBaeOBF
KhOuLmaETIF
JiJWBiycXgJF
vTMAvIHzdRF
xTFUORVfFSF
iQPhPRCUOZUF
tzMxTHiSpkyjF
uayjFHkNWyJAnF
IPxLgoPgMmyqF
IwxcUdyXRezmrF
caNkxWklPUtF
txfYiOMgCG
QiIzAKvthDG
GDnCeoUxsmG
xSdeinIOKwacNwG
rbDkDqoQfUMesvpxG
CErYzhoVWDWslFH
LhPRbVemzNH
TrxwZncrUVH
vhqMWdVzntH
SteknhJEFpmKgLuH
ajlBdsiyGSBI
get_ASCII
kbwBHObFqjdUPI
DrTgAgxMnwI
pjtnShSVvgUwxI
BSXyBSgxdLxhLJ
mpXUeRgTxGRTxNJ
rjafhVhfWTJ
NMyrWPbkvVJ
YfudErOygJ
cOEMSOcThJ
HUOOYIVjhiJ
jHSIAFeVJvJ
ZFlOsPGxBK
NrnaRTXCJK
fxieUmUZwRK
WGTVvsGjAATK
HgtNcMPjsnlxUK
zjXkLRrZXYpVK
auerJufXyGyCWK
UzDZxvZxNAtxZK
YlsHrvGYFJfK
iZRMgANTWxnK
knONsFzqRkHZhWioK
bROzyMXsfvYYFpK
RPamZWrFWaCCL
wqyupSGTDWXHL
qMOSAbZZLedjPL
KsHScAWQmTTL
ctjMAIUMmvzgL
aAovbBoEiL
OZLjopNamEmiL
sofekwbdcZzCM
rbXLOtaBMhUM
KlVjKKcjnOcM
MoZnCmaKKaOCwrhM
cWveGQaViM
dCUQzxZuoSawM
zaIrPCHVUIzvVON
KzMviXGCGnUN
AuufRlANcuZZN
viIBBbvqOvXBECO
System.IO
nupkKgmhkJO
WMuMlycnndpQO
dASlytBFWfUXO
biVIPCyLBhOIkZO
noEPiDiUamJPdO
RIDhEafOOSBDtlO
IlkwrAEjDJrO
MDqPaslTLWxO
jYKNZmMjaTAP
WNupQgwkLMP
CYEsjDkVwLPP
fAdmOcDPNEQP
pVruANQSGXfLYP
byZNTjonbP
SYTPVJRWXzpP
mCevgcpkOeixP
TKedmhnXwSkGQUQ
wVyumxUaVreQ
qUxKkFlqOFrQ
KivhlSCCruZxQ
xaiaKRjyJHR
qIlrqyssoUBBQR
tveKNPyPMCVOnTR
hCnXcfLLmlR
eixCVPqrRwR
VpMguDkhRdIS
poFEYLFdEhQS
JZrdHcylPvQS
OJodvNZccOHVS
nZPbCoQdKFKrxeDXS
qzYUjRxqdjGwOXS
iVFhUUVPKJMYS
TFiOUJJxHzXxcS
BqijpmrIYdS
onKJcDVqjeS
cKzpXjgTZgS
UijykahPnLoS
dBZEdkOhVOszpS
XIVLeGymWqS
AaiXOarzvkRsS
orNhWpPiakeFT
HfMZBmIMLT
BhRGDyJkQST
sHIcSltuQfUuST
lToDWNqiHTT
rAmVCYPnoaT
vmUUdgxcyeT
oeuttzqtlTsHFhbgT
HfypqRIvjQrLHQqT
TmIWJngMNLBjAU
egVaDBHlPqFU
tTMLgeaPMqOqNPU
sQpkMYvTUevtoUU
FNjvJPWhViU
yLvEkwOBeqfmU
fkyliBbKrU
JITRhbaMCFCV
JRcAqbjIaTAFV
get_IV
set_IV
GenerateIV
aRDrpLYUmidFQV
BEoXkPeSeTV
CRkzszblgCucYV
JjhfNrwyilnV
XUnfZQyAmKuqIuV
HrwVCSMDZVNW
DkNvjdhzaHfSNRW
aRiBCDOMpORW
LQHkxgsclDWW
yCYCGnkdXjYW
CMEIoMPEGSZW
cQCMuFYaUxeW
ttFcZhnCbMlkW
ZqLHwDMOsNJrW
nSFmulBqLlrzW
YNhUOZMKdCUCX
dbOuCATgfRFGX
vOzOhvrxIX
FIgNWaOROKGbtJX
sEnldNHbYQX
TmyzQDKfucGFUX
IKCUxdrrrSxaX
rkQcyidAVKlX
utevmGMkuPCsX
jXGIXWDByX
gWCvdnfNuYCY
WtuIJHtaulvFY
WxWfYhUvnDoeGY
KChrlRrYmRYyGY
myuIWYtNzQY
YEvdMKDVUY
ZdHLgygmAGZeY
kQjUXpYireY
AxkdyEmwxawCfY
jltCbVWAtZxWGRJZ
QKDrRaLPMWzHeMZ
lgZiKmGONZ
NawTHCgpYuJCTZ
uQDPsyXuTZ
rISLDeEPWAUZ
mMwEyTNlqTZZ
LjIiMkOZhLihiYjcZ
RixqSkiTJdAEveZ
XelTEgWsAXLoZ
value__
PzUORMWnCOtifAa
zStmOMIBHa
UttpAcFujGQKa
udgnOjuTUYa
obFvNUbdbza
JfNgOnhlXTFb
TAZdZPFCUTsRb
dOuaTCgLnWXVb
IHczITsppUZb
qFdCUjdskTgb
AprMMfiejghb
mscorlib
MfESjRbQllb
fhEOLtkpvRHkzb
PPkwVtYzqqMDc
XPajmgXClDIc
jkFARWSqfEEJc
gHSJUUxuudlJLc
ULCxMnAuxrysOc
VLXXkntighUXRc
ubKZISSVvHrMnwVc
fVbiSHXAYUzwVc
hwbxVlnQkYWfec
System.Collections.Generic
Microsoft.VisualBasic
get_SendSync
WndProc
AIgYjkaOJvoc
IPFbuESWDypKQId
wpzHASHdbId
GetWindowThreadProcessId
yNGpRhevjqvId
GetProcessById
bPQYErQQRGTd
wGalYSYpQWd
saAJJPJAYd
ENATciPVad
EndRead
BeginRead
Thread
fETODRQFEed
SHA256Managed
get_Connected
get_IsConnected
set_IsConnected
get_Guid
IdsTGYZVkRBYjd
<SendSync>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<Ping>k__BackingField
<ActivatePong>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
hWndChild
Append
RegistryValueKind
CompareMethod
method
ugOICnGNHgzpd
Clipboard
JBcTcELcGKocKNxd
AkItBqNZhFnhECe
iBHECVviGe
EubsMbGPxALe
wHhypZFzUe
Replace
IsNullOrWhiteSpace
CreateInstance
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
DeleteSubKeyTree
get_Message
EndInvoke
BeginInvoke
GetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
ToSingle
DownloadFile
IsInRole
WindowsBuiltInRole
get_MainWindowTitle
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_ExStyle
set_ExStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
get_ProcessName
CheckHostName
DateTime
get_LastWriteTime
ToUniversalTime
WriteLine
get_NewLine
Combine
UriHostNameType
get_ValueType
ProtocolType
GetType
SocketType
FileShare
System.Core
MethodBase
Dispose
StrReverse
X509Certificate
Create
MulticastDelegate
GetKeyboardState
SetThreadExecutionState
SetApartmentState
GetKeyState
Delete
CallSite
CompilerGeneratedAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
DeleteValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
Remove
kBzBgyGcxLamwe
NarfyryWImxwe
set_BlockSize
get_TotalSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
set_KeySize
UDZsKjJkBf
qyLijkCukwgIJf
QWHflocMalcxpKf
OVWnMbfCVbwwNf
SizeOf
EwinHrhWAWff
ViSqNWKDaYAxHscpf
ivOpAiEgEvf
AwRpvixxszf
uXQkLNPaytZDg
DicNdXZyFGg
BYNnDxWrIHg
TUvmtBSTlUNQg
jZjxRWjVEVyWQg
UjsuaxVrURg
mdtGhpMOxonBWg
LQsDTSMaOOXzsYbYg
BbictkjBchcZg
oTqNtSUdfg
CryptoConfig
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
UTF8Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
ToString
get_AsString
set_AsString
GetString
Substring
System.Drawing
get_ActivatePong
set_ActivatePong
iXTVzyprhFog
set_ErrorDialog
sVaCbLsKirg
get_Msg
KGUdOEdlvOxg
tdGTyjnpVwBh
fpVTmEIhwxIh
JjEYFYIztfh
akGlvtrbGHZBqih
REoZyPGSxbkDxmh
qhhwrdgrPnh
ComputeHash
VerifyHash
get_ExecutablePath
GetTempPath
GetFolderPath
get_Length
qmOjLiSKvh
vGCHtLzxJpvh
vkspnuEzHVUMxoKi
IVEQrFhxbpcrKi
EbhBJDGEmcvLi
uYGCZNAHQhVi
yfbNNUqjaGZi
fzIFuDHEGei
lTkrsUgYbGfi
YhFYitnxTdgfi
kalMcsmwGzJhi
OwvjCMBPSuOki
qdkMcWCBmi
tRqGmEPtDpIMmi
EobNjxYzwoi
XYkduZbCBPj
GjvfOBxvWRj
mLXXqnmiXYlkRj
tJGxCiFyvQITj
sXKDCGXzYLZj
ADQTdatdkfTfrfbj
VrHanYDwGtDJpj
YjvmAXhhRavj
cANnYAqopOyj
gkWBvwstBApniyj
tvZqYlKwnmSAk
pEmNndiwHIk
iirhFENpKk
tnLURFFqKPMk
LHKibdVfiPgXdaQNk
YMcBCepTtdTRk
uzcGCModwqTk
BqTcqYXtgYk
zbCRitMQCck
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
callback
RegistryKeyPermissionCheck
FlushFinalBlock
yTnRSRTuSqUfk
tERCBCuBZJWxnk
NyKVxibOMpk
MCKmgVkzXeBl
raMvMtdgDXEl
kLAYElrEntARKXIl
vnjUlvJyJUGadSEOl
boSLlGNRUl
RtlSetProcessIsCritical
Marshal
NetworkCredential
System.Security.Principal
WindowsPrincipal
get_Interval
set_Interval
fGYMoiRwWObl
eJEpfhUSsnpVbl
dhsXJpdIdLpkdcll
kernel32.dll
user32.dll
ntdll.dll
Control
xgkyzaPiWMpl
KVMgSAAqzdCcLql
ShIEGBrhMgsCm
ThKZtBRfqaEm
FileStream
NetworkStream
SslStream
CryptoStream
GZipStream
MemoryStream
lParam
wParam
oyIQiuFsYAbm
get_Item
get_Is64BitOperatingSystem
aQcgPYAajUFfm
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
UbfnyszeAXnm
ipkXHIjwfDom
Random
ICryptoTransform
iVKCYEMfxlcsm
wMYYVLNLSkNdxm
xhjiuDlvpSvym
LvhPtyNZnsHn
sKYsDQHaxRAwMn
GURlbguvzswmSn
kOvTGWxKtKPadUn
ToBoolean
TimeSpan
vngakpqsLvAcn
X509Chain
AppDomain
get_CurrentDomain
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
System.Reflection
X509CertificateCollection
ManagementObjectCollection
set_Position
CryptographicException
ArgumentNullException
ArgumentException
pattern
pmHukLxEbeJEo
VdAZoOkjRCOo
DdZagxKllFRo
PLtfnNaBWJXo
jsNqiQFsGfpdXo
lTmRzakLgAZo
NMnEaSjAfo
aBXAtznBVEfo
aQRrEuQaMTiLfo
ImageCodecInfo
MethodInfo
FileInfo
DriveInfo
FileSystemInfo
MemberInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
GetLastInputInfo
HGdbvBoBzvGjo
fHSTCWsNBqpo
CuWncyiAbtNp
ItLRHjCMOLCsnFRp
ErjKjaVNNWRp
qgVRpZlANSp
AfFpDbhTRcp
RVWFUIJmeVBep
ejgqwuywBSRkmp
rsnamrjfqcGrp
Microsoft.CSharp
pzNsysMcyRiOosp
cFPeOzgtaUwbGq
XxmaoZGxqMEVyHq
rddwbJcQQxQOUIq
RclxAMglLfaMq
QbXirNbFjtbQq
System.Linq
RSIpAWzouuCmqq
JCdRBOZyKKDr
TfrzfWjsWsWvLr
lwuNsfYQzmkMr
fqJSmYoPDRr
YcHQVXhqzWr
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
SpecialFolder
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
get_Buffer
set_Buffer
get_AsInteger
set_AsInteger
ManagementObjectSearcher
SessionEndingEventHandler
AddClipboardFormatListener
ToUpper
CurrentUser
StreamWriter
TextWriter
BitConverter
ToLower
GXAOVdeWIrUPbmr
VVNrDpfNzNxtmr
xMQQjcPhor
IEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
hFaFXDvulrr
IntPtr
RRtnXLKQZeCs
FmqweUvIiPs
BPIVvEhOqqQcKcs
System.Diagnostics
FromSeconds
GetMethods
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
ExpandEnvironmentVariables
GetTypes
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Rfc2898DeriveBytes
ReadAllBytes
GetBytes
BindingFlags
CSharpArgumentInfoFlags
CSharpBinderFlags
Strings
SessionEndingEventArgs
SDfcHuLqxHdks
ICredentials
set_Credentials
Equals
SslProtocols
get_CreateParams
System.Windows.Forms
Contains
System.Text.RegularExpressions
System.Collections
StringSplitOptions
izdLnKoRGIqs
get_Chars
GetImageDecoders
RuntimeHelpers
SslPolicyErrors
FileAccess
get_Success
GetCurrentProcess
IPAddress
System.Net.Sockets
set_Arguments
SystemEvents
Exists
KexQCTFNBCInuxs
EKINMFfjgEbAt
pZqFtrlFBoiHt
wKTDNPjwMVZt
Concat
ImageFormat
get_AsFloat
set_AsFloat
ManagementBaseObject
object
Collect
Connect
System.Net
Target
Socket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
op_Explicit
IAsyncResult
RegexResult
result
LMzDdWHQBnt
ToUpperInvariant
WebClient
AsyncClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
Environment
SetParent
hWndNewParent
System.Collections.IEnumerator.get_Current
GetCurrent
CheckRemoteDebuggerPresent
get_RemoteEndPoint
get_Count
get_TickCount
get_ProcessorCount
GetPathRoot
FpoOIvuCFtot
OCzerEHKqOrt
ParameterizedThreadStart
Convert
FailFast
ToList
GetKeyboardLayout
System.Collections.IEnumerator.MoveNext
System.Text
ReadAllText
GetText
SetText
GetWindowText
vEVNyEFLwUFu
MtXKwZFucLu
ptypGOdXOkgfu
cRpHJnRXRqhu
sYJpnlXeqjoou
DGzHEwedkVHv
ntKpTmuQygPJv
upPncCEmMv
OjfGIUaLTkPv
dARFRwSvkYv
kCAGKQfgNcQbcv
IyseWieAWjv
yARtnTKUPIkv
czGYxtHUTsBnnv
stVAQIecTXdgrv
FqGcPPUOpsv
jLJuJZKVpvv
PvJZzITJeTPDDw
ejhwkOVcCNSGw
SDsSkQZXyTHw
xvGrhJzCBIw
FnxCARxQOw
ugAIXUyXnIuQw
oinfPmryZw
dVnAEDIxxaw
eLitnppRjw
GetForegroundWindow
set_CreateNoWindow
QZWeaVyfYIrw
lSbXyaDYWfvw
wCefzJHIwPww
EgmNGSFqohJyw
wwhaiwgQbSZnjzw
ToUnicodeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
nPyfNkGYkIGPIx
KTSSjQpnkMTx
FuDluiAlEzRBUx
joxJSoPbJcVx
DCuHivMUXwXx
JhKbXuLUkkpx
HxyBfFGWbqux
gOqyGNJjsux
cWnimUnPSwx
sZJgioaLYuxx
EnXNuhPjEy
sFAwXKZsxvmKy
PqjzegqllPy
InitializeArray
ToArray
get_AsArray
get_Key
set_Key
CreateSubKey
OpenSubKey
get_PublicKey
MapVirtualKey
RegistryKey
yCGyfHwwnfy
System.Security.Cryptography
dBMKCxVfky
Assembly
AddressFamily
BlockCopy
ToBinary
get_SystemDirectory
Registry
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
wOKaKgPqFMFNXvy
AFsQEcbssKbNcvy
AmJjfZytqmdAz
AMNZLiyYkXmAz
TFrZRvPcTz
RwNvxnCxomkVz
zSQbLbCnxRSuGbz
JZcGtdKmVJgz
bjxsBaITfinz
oQpdUKkFTUzsz
WrapNonExceptionThrows
1.0.0.0
).NETFramework,Version=v4.0,Profile=Client
FrameworkDisplayName.NET Framework 4 Client Profile
_CorExeMain
mscoree.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>
SHA256
j2QwrEutPamTtziJopjW8rTgXC1yNn7AKX14DISnA6LradUM73oxT5fpf7Ys+rtpXVoM381C1SHy0sV3kmJXtuZUVHCzavLbkKbvMwtLl5ZNxoeEO8Iu3MeROS6xSHl/
8o3xJeb/NZuCE9JHkziO5FRRJES7EdQfq4bL7VQ+lF30g7RY1zyKOL7U3sLE04NqVzdSPPCde545cBjb/4VUTYWIUy4NBR26V28SX8IqMp1JxB0/bauS8lPisAzDrkfV
u+EcitLNgn5lRQqNp/Ll4q9ykl+h3THId82mTJBxbKyTb+lMe6eTUTuyu6TwUtipzGbLHHE2y5KqGT9tdFJ7oM099ZcGy9h/tDMAiodixyc=
PcOHv93cnP4gtRyg5fO7+qFC+lqtpdxAQ/77xez3qK6Ut2Q6hiLJ+o3vsVkvBME7gA5WkzHm3ru37abv/zag6Q==
%AppData%
MEMxZHMzc1JwSnI1RDdPYXJ3aVFGV2VsdXZlOVBIbno=
FnDDHG2pIR6pTXvFBOKiOfj7ojkVgHoRMF71iAiQnGGl4S6MX1lhZJDlgZdB9hId4Vf83GYz8JvNHM0M+rWbWcUVngrLdzeOSZrcI7DC8Ik=
ZQexBoiAgxUEKFzFp5BXfqgdWjbce2c4IR3/e2uwbwdE7SHel6F6Y62biUooejgYdK0pvoKfqbD3ayvuYwNXKA31W/0cAFDI/CCkCcTaBEGrmmPLgoU8qRUEdQpr1N/aPppCwNOOW98OBWwWVtbp03BrgEiLKMpsK1Kj/3yCKAvWUJ+QW4XxCEHwuODkrvI0hrhixgvSHO8Hvue/8zC6mFpl4HC89irfXvsw7eLFDhPW9Tdae8wanKEm5B5z2DFXLX31b9uwa57VbmtoFHziKbmlPbSPi6RkzMc1vjtD4sQN5UjUD8kn/uXUjCUlHWtNNMzw/8J0PQOeEG6boH6zc2zUPNtA25SKK1casrnV5qlJIP4N2EO5hB9P6HSg1s7xWK/gHlu6LKtRyjmHpORriauxPamF2tqo8+J2c6Zpf0o5g7SmCRb7lYTZtaAXtity4fRcKA1bckSh/IMvEXNGw6b5+509Cpe067vzQnAujxYn7Uj+Lq/o3LSeoZmJqmb4hXwFmpgm1eQrIKeVMxgvJQp4y+LuJOIHhDO+sI+7ixzNdMTpDV6z8T7NsoVLI02nwYRCMtboFMm0Re5n8pSQpmArzScCoFAakQzX6lxifozISSAJL7YkKOtWjVykIMnMtbBF17ozaLHyM3KcWPhaFuu1QIBOTgY1Psx6K8anczTOr3++GCUSiCrEHWHZaBd9PbGp40e7D/u49Hv/UGvasu2GoxYWqz7OviWv/wHjP99KwcXqNZ22BCbii3RzppBwYhOk+gxsj/Pfiw7ammE6QMchnBeYm3A9cyGJgB8+nxd8KaKLVc/LZs5UBawkr3SlW2AwG2osIu3uLvau2ERxhTJC+By/A0UjqRImsROU7T4tP7d2Vfwh/IhqYGpgPHkwQ2FpTn9vqbwNH3js7UTEbC1zPGlP2VJh1/s/OZgp4Pvui3usPizb9e1eJKKVrpxYqy9ftZwZ1J9ZraMOLwzdbvGcbdlJnZmdlxVxcwRfHRfK9982YxompIWxOn7DHLoJ
Rbwy4io5UPxqhdWIVLPf+5quI9gOKOAXQWh7VqFHIAKgXhYSrW5Dm9cHUUdAkx49hlmY9Hoc+kcKMV5xPnwKWiJh5YTqRKwdYZ50rjBVzoyN8ysPlQT+2WbKRGS7njHBAlxxiL/xi5B1MFWFnXvxpIXOi8C/pUlsKbcfIwOrg1XPmC+tGeHsuDvVXxtQZ33UuC14jFpLYl1CQThLwV47X/JD9V452eDSFyq8oxKjhXbEoV9pUtIU7PjwFjP1TwWtynj9ry11qNAoWhskYywm76VzlvKbBshJnOY+XB/6v4E5vVDoYRZSxBnAHEncJ1D7JIUTm9RTdRo914XjBT09MIl8yuflQiB0QfrrTJZJ1yN2yN6uzD6pSo3gRX0Yq0yfP3kPJVzgV58noia72GgtxYPiiwBr8CQUoQGkfXoO/8dPVL93g1eFsu7wFkc5Vww3qeaanBU0ixqRbpwvljZEUkpWho2uotVE9mEbaWJTLrguQcfzdBOjQH1ZQhPfDqKK1hnKVsMU3J2CFlzXHJ2bvQGHuDPUaH+3hjzNzrZy5vwU8wreOG8E2LppdlKO+0opnySVbAwCxBQW6ZIA1jD4R2k+a8heUortRebwndHY1LeoZ3pooRT4C0Oeaa/zZD6f4x3xqM1zOSULa/Z6u1auhHLnMhqtl74mTE4mdd5DTN9/5Qky9M2v3ZqLcNNK1RFSp4m68smb/VAJCS72CeuhTIzv6juPWUy1pCkjzWrTgb+oXCpOdBdL7taMcUoSi92gjFxlIS+Vh4UiBYRy+YTQRYy3nr97IJdRpXB3bj9AvTFryhRL94lR2cgLNHPnRi5NQAjK7fNNoT86K5PTBA9oy/XKbc9EMzKcLwy/mybCgHE2ZRoNex1e3fkmbO4y+6mgQofsZQsL6+nl+xNS0QnOMAzGW0dCwy4dZhTpap5q8qB1VJcypQXHnRvudSJZNhoac9T7i9Zm1EzSqtbYWjUSkQ==
EwqQdfzDc6jgm8TOxaZDz0AGvnViIDJmHSOSJ/TxiH/TOaRrytZOnz5AdbUPEhRo5iipNMZ4OD7RAXqEGexfLw==
ACOKM3RZoZHzx/q/TWHY+HR/n+FD9fkj0mWwdVvs7iNiyrqewshmhtB/ZkgnHpCUpbNCh4RGD9Wj5KCvL4iGhQ==
cXllYZlLquCs/vkbO0g0aky9Ycnd8luoYU5iamU/xalrICHvknWW64qbwP9RpbpFKm/ctwnlO5aqoD+ISVSWhA==
3vrW2Gok46SI3/zvuhAugJGkPFuPvPW4/9yVj0nWVNoXFfpOJivvno+w53WS0hGnOVNSyiiYgMFdDTJAII0Esg==
vp61jHjSgZIiKNxKNGGB4+M1qUvM+4BlTsdy95hyKcxYojD1a1zA98lOpkPPvSXZfh0F/uqZeBUm7W5kgH+NbA==
y0nHcKcsQbD79SIL41LT76sVVoG58lKMwBczvKlx3pWkIcYQuF1KF5JvamGekG6bHNluOhpTmb9sa78c2aWe+w==
/wy6d9P3PsWfQCF2RILgU8Yff9oY+5ESl24OfiQXJ2B5ACX3X1qcuzf9/isv4CafmBrvxgSxnHnphJwusLIqhQ==
pO6Vublob9LCI/CjtuWAvwOquZv+qptg+nVXhfit5aiX/vLIgixXEcVLfjVQ+kXOoebI2yhb8wwhDIkvI08Fzw==
1rQm2znIpjv2GuJ331shOVs8b8sW3ekvQ2VfR3lzpIn0UbUdmizYMt8hGynkt6R2YfDeKunkKz4kQKVVW1p0Dw==
Packet
Message
LastTime
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
@echo off
timeout 3 > NUL
START "" "
" /f /q
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
\b(bc1|[13])[a-zA-HJ-NP-Z0-9]{26,45}\b
\b(0x)[a-zA-HJ-NP-Z0-9]{40,45}\b
T[A-Za-z1-9]{33}
BTC Clipper
ETH Clipper
Trc20 Clipper
Err HWID
ClientInfo
Microsoft
Version
Performance
Pastebin
Antivirus
\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\LOCK
Puplic
MetaMask
\AppData\Roaming\Bitcoin\settings.json
btccore
Bitcoin Core
\AppData\Roaming\Exodus\exodus.conf.json
Exodus
\AppData\Roaming\atomic\Cookies
atomic
Atomic
Installed
Return
Escape
LControlKey
RControlKey
RShiftKey
LShiftKey
Capital
[SPACE]
[ENTER]
[CTRL]
[Shift]
[Back]
[CAPSLOCK: OFF]
[CAPSLOCK: ON]
\Log.tmp
seconds
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Software\
plugin
savePlugin
gettxt
passload
DicordTokens
WebBrowserPass
anydesk
getscreen
WDExclusion
weburl
killps
ResetScale
KillProxy
backproxy
uacoff
sendPlugin
Hashes
AllInOne
Password
Tokens
Reset Scale succeeded!
BackProxy.Class1
Plugin.Plugin
Msgpack
Received
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Stub.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
No antivirus signatures available.
No IRMA results available.