popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2022-09-30 23:44:51

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0000e764 0x0000e800 5.68241979636
.rsrc 0x00012000 0x000007ff 0x00000800 4.88486615034
.reloc 0x00014000 0x0000000c 0x00000200 0.0815394123432

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000120a0 0x000002cc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0001236c 0x00000493 LANG_NEUTRAL SUBLANG_NEUTRAL exported SGML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Action`10
<Main>b__0_0
<Read>b__0
<GetText>b__0
<SetText>b__0
<Read>b__2_1
IEnumerable`1
CallSite`1
List`1
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
X509Certificate2
AsyncClient2
ToUInt64
ToInt64
ToUInt16
ToInt16
HMACSHA256
get_UTF8
<Module>
KlRMyViNTAA
oGHSFgSCtEyDLodRA
vLDMWqWvwYA
liNkxelhnA
SystemParametersInfoA
ORtGxLlVtA
iHZIvQGYkvA
VHBTEADCBvMmATqAB
lVsOoqlcCxSaQEKB
sOXOwqWHHCmNB
FYztnNykQTrjPzygB
XkrztAqoKPLkB
dfGwxeuyWQkB
EGaUAwvAAmB
rmCDGUnTBQoB
IDrSWfNKYCVtB
eFZODMlEuzyB
KVongZGiNIYC
dbglPdDotJsYC
rQOOhChgeFUZC
dbSgCOGAwzjLchC
TDIxUySEqUQyViC
WlNxLvjEdPmmmC
UqTUMSpuCsC
bfFsetsthpxvC
TMnqmneAjDhzwHD
MapNameToOID
get_FormatID
OCTgLMWZcaND
FVcntiDtBbQD
URgcbCyVqVwIKUD
WIKNlWfgXOWbD
tPeXhTCFcHZsbD
SQVEeVTYRjsHWOeD
tYvuKEFEkD
okNqwQTiAE
yzaLojgRKmcFE
YGmuMuAyDGcGE
obefzqLeMzbBlNLE
MFbaPvtVGoQE
lERkPtACFjCKWE
ruxfotaTVLJdE
PEvuXeWGLeE
CRvKTiAujZpbRljE
NqSxwvHwMmE
RjlSVWmXSHARF
EAUBfMWBZnakF
lvGGBqrGkRWnF
UTgfhYCFtpnpF
LhRHhZjnjgGuqF
YkyLYkZmbhzF
PivWjnSKifEG
IVNBnAdcLJG
RSNCJHkdoJG
gMgLPcUHuqNG
XRjOInVGXG
EmhXhUDWkYlG
hTNCpVsOlclG
xoOUWjMiZiqoG
JwOMGZEzdtG
oRaPEjryfjvG
UKmlmhCsXCH
BqlYDaaAPZlKH
cDAbRMhGxpSiXH
lwiTPIfUZzXH
chkxvXkexeH
fjZKEKrhpqH
YRcDKvoGSaAI
ifcJbZwodjOpICI
HpTmYJJMsWGI
get_ASCII
KTLNFhgehYYlKI
rqfzbwzNcRI
vYZtkJgIanRKVI
dOZVXBSybAIvqlI
ZDzLXBShQcVRpI
iiAjOoDcpI
KQwsJtcCvxI
jOLovLvqEJ
zXEMNrygCmIMIJ
xMStUKgdwNIJ
ZYAgoxBATJ
zYUhzuFLlvTJ
rwLAALNwvbJ
MgRLUDbspapQgJ
baEZncUxtQRJoJ
HjjSoUAeHwUrJ
WGQZSajhubHueOAK
tpxIqZCWAK
HQYVdTQoLLK
mZCiDvYAQNK
SqWjMSsOZgpOK
ftKseEuObaK
VAfBmftefK
dKGvarbUTlK
nIAGStcVcTnK
PWAudIfkqK
guJYdmhLbvK
bIJzLXWlNZlyK
nJIxYrMDAL
sOpMsSAuKXL
cMpaTOJiWZL
ywLxgjBQQDfiL
FPfdgvfmvQkL
tuvDaRKEqL
rieNVtwliUZwuxMqL
qkgVRDjHAM
VGukyRPgzcniyAM
LdcbhQxRmWwOKJjCM
ZtUvGLaRiDM
kTKMgejpUnKIM
bSNuFleQwRYQKM
BeefUgHttiJEfVM
iqjRpqvUfbkM
ppoeaPXJqmkM
vHoXARpYmJDoM
ReTFqGXQiIN
jEIbCvsiFWN
iACQeEoSMefZN
OeAEunFIAPvdN
AcwJjEVzjvgN
gwOYCpwjwufkN
lsxeckvuYsN
EEYkEEusedFO
fqfPGBptgGO
System.IO
RolJmgHQMKSOO
SKJEaGXuWOO
IxeQbnGawqcOO
rQTHgXRECPO
ZScAPnwfxTO
xvLWalYrwO
UdLzaxceqBP
mUZiopuIseisGP
SsVsdGzLiQYNkKP
CRHZcMNXNP
EPdYUvPgHTaP
MQexTYWdhP
yjQTAIwuYiP
IRroWfidxGniP
gqgVvvaFBIwoNmP
QjafxmUxsJJYQ
kUaeKjErCXNbQ
HnMOGaeoXYooQ
HQJgvkNqYuQ
OePphYzszUhzLevQ
kGwcNQZPFyLBR
lQafFpxPAxIZBR
JvaVyjNhkDQVR
vsCKZDmVLiR
lNqxkombNlR
iKbaJLVjKjJmR
AUsNvIwqYoR
spRnlrbFwzYHAS
qexiwryseuWIS
kPHzbeouJS
tpxOFsXmHpRKS
wrTQsELqsMSS
iLTKSLRHHTS
zblKbVvWFiZYS
FenMSGdSgOwgaS
jXwpqTaldTsLjaS
irTniLEOOeS
EWcJOxymaclgS
mWyqtYYswlgS
yKgVsWPWDtKptS
iwQWDGgTLT
fwdDKtKSkAtFUT
qLWfHCMBdT
hgrNjuHmiT
TvyQpaacxWcmlT
ngECqdEHLuQoT
aJzTgiSIIpT
NZEkmGFKNNOjGrT
stmfaqbaWFYwT
CzwOYGJuExT
QNkFjhtZDumwDU
TPueTHDVMnbLU
ZWlFKiUEjNU
NYgvHBfFTbgnVU
ncUpwTKAoPBmZU
PQbTIsfSkU
CnJRHKkbYmU
DQDmwXoxJBV
get_IV
set_IV
GenerateIV
CaIzmGbuIGBLV
KAfbXCggicKqWdTV
exYZOFZxMtvvTV
loSRJPReSxYV
CltcrZJIdlncV
BhOvWeGTnRVeV
LoPyqLLjJBUfV
eVOeXyCHIgvnjV
dIUaYpAYGW
cMNoWSqRYLPW
xGBgElIQUUW
tujoBRNhdoyXW
nmPyxgFPxtegWmW
UeiVzeCnWuwzW
HMdtDPlnPabblBX
LXtMXlINtXXoJUX
UuwjReyIRjEabYX
VBQdDAfuiFNLMVaX
edTnyEyunbsX
IJGROKOxKwX
gIeWkLyiOVfswX
HmJHBBReaEHY
MGTeTMMXXXY
vgcEGEqhwAtcY
ffcxQXFLpY
UnPXWXaxuY
fihIVgTaeqpRWEZ
FEAJeQbMeXpGZ
jQrIgzCqCKwLZ
EPptZiOJZJNZ
WlMUtocEuWkQZ
bWwmPmXydSZ
IHNFhkKLwhepaZ
sgrDwACrqeZ
xTXyuDXbSjnRgZ
NMqVhfrnpzHJqkZ
zHKbgCVGvGQwtZ
value__
KmgTXolJutNMCa
BRhuztATarkFa
zDKLLANLgfHa
xxmWmDMyIXa
ENJRbjpqRwXaea
aEPvtTOdAuBchga
ZZxGQiIiFza
ADXtwvjkza
JMHViHUmKWXisHb
ZcaAIkFMPb
ZQZhpmdEMZb
XQwmHYOLyHYZb
wsLtrHjbhb
mscorlib
SKmBFaLmWIKNmHIc
YmCWuDMKejtaLmJc
niLgrBCKcfFdwJc
ZEDdwTSjsEduQoQc
tiljxODXuRc
dcDwXbrnmnVc
MOaIwUAjGzTLecc
ogGbcNKiyjntdc
jttNihEkgc
System.Collections.Generic
Microsoft.VisualBasic
APkEvewhwkmc
get_SendSync
WndProc
sZZVMbjNXFqc
ValoBcdpistPWDVuc
PmITaJTaVxAd
irQBOBwgNCzDd
GetWindowThreadProcessId
GetProcessById
BxfzTTWKiqERd
SFQGMBMkIwEIFVd
STdcPYnTpoZZd
EndRead
BeginRead
Thread
HJwWXzGQfWqfLkad
uVJvKygtGdd
SHA256Managed
get_Connected
get_IsConnected
set_IsConnected
get_Guid
<SendSync>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<Ping>k__BackingField
<ActivatePong>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
hWndChild
FwhXQziOgNEsmd
Append
RegistryValueKind
CompareMethod
method
kJnpuJUkttHrd
Clipboard
TrFkpHIYjQmJe
dcCdBgXOxJSNLe
bERBzqsWNLXeRe
Replace
IsNullOrWhiteSpace
CreateInstance
FAzCaMhgxugde
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
DeleteSubKeyTree
PtjnYcxMPHrqQfe
get_Message
IZftoWwEhe
EndInvoke
BeginInvoke
GetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
ToSingle
DownloadFile
IsInRole
WindowsBuiltInRole
get_MainWindowTitle
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_ExStyle
set_ExStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
get_ProcessName
CheckHostName
DateTime
get_LastWriteTime
ToUniversalTime
WriteLine
get_NewLine
Combine
vOjNqEQrfoe
UriHostNameType
get_ValueType
ProtocolType
GetType
SocketType
FileShare
System.Core
MethodBase
Dispose
StrReverse
X509Certificate
Create
MulticastDelegate
GetKeyboardState
SetThreadExecutionState
SetApartmentState
GetKeyState
Delete
CallSite
CompilerGeneratedAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
DeleteValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
Remove
set_BlockSize
get_TotalSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
set_KeySize
SizeOf
UAukMSJNwTbQf
ywxEvZtunUnf
XSRMgzoxlCrJag
yEEDIEUkWredg
tBbIGOznMIRVZHpfg
CryptoConfig
yBVtCXzJDtSkg
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
UTF8Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
ToString
get_AsString
set_AsString
GetString
Substring
System.Drawing
get_ActivatePong
set_ActivatePong
set_ErrorDialog
get_Msg
HCaNYzeByUQKwjEh
IDllUIKkyYKh
lDZVtXQdfSbOh
lEQuPnnnQoZRh
ZdXjcegDbh
LpDYsKPTtattVbh
vvSHUapKkh
NVrGfkbefhmh
IhoNNSaxRqh
ComputeHash
VerifyHash
get_ExecutablePath
GetTempPath
GetFolderPath
get_Length
IqGMgSbDHi
GEbjPQYHqfOaJi
CiECmonjDEgQpMi
TdQxRCVBcHFQi
rEokBDoZBTi
LObqLdEIacJXi
YhSSVVmfVZbbi
imkFqDTqsi
ykcbczyqlxi
yurEXqdTNFzi
CHaEPTalLBTAj
dHDCUdNcZAj
kucgHWjHCj
niqClJepZnlPJFJj
ZaGASLXnlyNQj
jciSooXtqGaFxWj
WMrYgPYWYlnj
ksTcOuPdoNMBk
cxcfygTdEqWVIHaEk
XkOqeFLtqJWQk
ZaenvvRxSRk
jJRPovKzoak
ZcOsnledcQFck
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
callback
RegistryKeyPermissionCheck
FlushFinalBlock
kjlnBpZqek
UcYPUHxwlSgk
EihZxPfTmzauxik
PMnMnDKRnok
kqdkoqQxwwk
MZjeetecnnzk
pJFfIZRYBl
EKwobRFNjKHCl
uhCHAPiGlTCl
wMQyjdSUMUYDHl
fAWUNOwtgRoNl
ggtaOmXtzyNl
VEErMOdCVl
RtlSetProcessIsCritical
Marshal
NetworkCredential
System.Security.Principal
WindowsPrincipal
get_Interval
set_Interval
DjwkeySdezubl
jQqQBOhlqPsmfl
kernel32.dll
user32.dll
ntdll.dll
Control
ppKVgGwjpl
ucOpMmuMJUySyl
RnlFiqXMUJqCm
xjMYHXKSgEeFJm
FileStream
NetworkStream
SslStream
CryptoStream
GZipStream
MemoryStream
lParam
wParam
nyCqlVpxUdm
get_Item
get_Is64BitOperatingSystem
AitpGJeYCyufm
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
amZqkESmPTim
asNKqNUgrpim
Random
zdLBVuNlMUqm
ICryptoTransform
CJHsoHtmKegGEn
yCOYVUzTCJJn
CkfvhZiBSOn
LadXoEtbSn
eoDMxgEpWUn
fjwkIQVcXAqbUn
ToBoolean
TimeSpan
VlcQwmCCaVAen
X509Chain
AppDomain
get_CurrentDomain
KBpvIzAPBSgln
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
System.Reflection
X509CertificateCollection
ManagementObjectCollection
set_Position
CryptographicException
ArgumentNullException
ArgumentException
pattern
PtwrKJeNQpLxn
tACipvcbbBo
JPAdxULjdwpKIo
rOyUUYxXkTCUPxuRJo
MHeKBITytYwLSnoJo
QTsVsZwnpgetNo
ODhAmQQVlNQo
gJvHHPPpNAUo
jEYqZPfuXo
yOijzZTUJiZo
iQlUQYQbOTklgco
SOrhEekQqkdo
ImageCodecInfo
MethodInfo
FileInfo
DriveInfo
FileSystemInfo
MemberInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
GetLastInputInfo
gRIZvhMHJlCp
ThpDpNnuDp
KgeZMUSGMp
RQMrJpCAbNp
XetGNfkruRhYp
VDGpUsryxCVbap
VPgUGGuKILkfp
NPJwJHxOcOLsNjp
Microsoft.CSharp
CFRYzlPewvp
MMEvXQnNQeJq
tKKIBEOeyMvdawOq
GfNGXxeLxAfcXq
AQEKZmdHwgCaieq
SdaPWMuogQCahq
KdwXJaXRwuZuolq
System.Linq
oXuYdDJpprLrq
FiPjAzLIVpbDsq
LdEkLFprERttq
ClMNotWxkXByq
aQeXoKckkyBFr
oQoJMtzACKr
mdHejrCZUFWr
iGuodYptZr
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
SpecialFolder
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
get_Buffer
set_Buffer
get_AsInteger
set_AsInteger
ManagementObjectSearcher
SessionEndingEventHandler
AddClipboardFormatListener
ToUpper
CurrentUser
StreamWriter
TextWriter
BitConverter
ToLower
AcDUmjXsPyjr
ppjnifOPBBemr
IEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
IntPtr
DXysSNIxgNs
NINvzIWhTPs
RzCdBPLEFdjDLSs
jAUCCmzRVyOONas
imuCbxqFxtMjbs
System.Diagnostics
ubbmoefFcxUcds
FromSeconds
GetMethods
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
ExpandEnvironmentVariables
GetTypes
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Rfc2898DeriveBytes
ReadAllBytes
GetBytes
BindingFlags
CSharpArgumentInfoFlags
CSharpBinderFlags
Strings
SessionEndingEventArgs
VBfnmTtBWEIks
ICredentials
set_Credentials
Equals
SslProtocols
get_CreateParams
System.Windows.Forms
Contains
System.Text.RegularExpressions
System.Collections
StringSplitOptions
get_Chars
GetImageDecoders
RuntimeHelpers
SslPolicyErrors
pqzggPsJYIuCss
FileAccess
get_Success
GetCurrentProcess
IPAddress
System.Net.Sockets
set_Arguments
SystemEvents
Exists
ZeukoOWhVwus
FCCzHDaGmFWNxs
nesAXvgRSBt
tUVWFRRtQXDt
iPjMEmOJGYSEt
alavMrpXodIt
IpuePNwDetiFJt
yMWSBiZGrGJt
DctXSyOFkjMqGIOSt
Concat
ImageFormat
get_AsFloat
set_AsFloat
ManagementBaseObject
object
Collect
Connect
System.Net
Target
Socket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
DqySmysfVXMigSft
op_Explicit
iBPDTfZKibllt
IAsyncResult
RegexResult
result
ZNGhECWtSKrmt
ToUpperInvariant
WebClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
Environment
SetParent
hWndNewParent
System.Collections.IEnumerator.get_Current
GetCurrent
CheckRemoteDebuggerPresent
get_RemoteEndPoint
get_Count
get_TickCount
get_ProcessorCount
GetPathRoot
swNlcwacscqt
FIfVVhjfqt
dsaaTHesJArt
ParameterizedThreadStart
Convert
FailFast
CrQgBNpcst
ToList
CWEtVEIlyPTmut
GetKeyboardLayout
System.Collections.IEnumerator.MoveNext
System.Text
ReadAllText
GetText
SetText
GetWindowText
WJzABzQqUuuxt
iukdAEQzeaWyt
yRCqMKiDazRu
mtoPMBIsYuau
NYhiRdCNbXChu
PPaIZbcBgIku
ocbvigJlHhlu
PMaslTMyorqnpou
ocsJGSWJMMUwBtvu
HNDfJfkCELphyu
jPifJMZeBZORFv
GBsVqETcKv
KYyWvcIYgMv
TjzamgGuSDWwOv
qMewyVhXnuSv
NSZdmwNoeenzQcv
EqYNBwxtrXxmv
vVZTxHnBkXov
gjhVBZmWvmcelRuv
OnYbSgZkEjvv
tPFsghiBWwv
xyzJSoRTxv
ysPOJpJQfAAw
XDMIhXmcNw
EBVjJoSaaZSXPw
OWgPQDEZiPw
JqEByMnijqsSw
pCVsYvYmJeIZw
VtBNRZhgDiw
GetForegroundWindow
set_CreateNoWindow
rATbFMvIAMqUktw
GEgmTqgObAx
ToUnicodeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
dPtvwjuZtptoHx
uNKHokUNvHx
DIYfmYEGOx
JekIeaDfeHqQx
rckGRXajonVrUx
vdtuWyjUUEQWx
GWTJrelZFVWx
wUBfsaEtVtIwLhx
YqHWAJNahx
uGtvKhwTCFmx
oXFnRjjSLHy
NgSjRWwbYMy
yIASyRVAQmLzvMy
GwtTkCAvBRy
LWmUuufQALqlSy
vJyfcQzbJLZy
InitializeArray
ToArray
get_AsArray
get_Key
set_Key
CreateSubKey
OpenSubKey
get_PublicKey
MapVirtualKey
RegistryKey
System.Security.Cryptography
Assembly
AddressFamily
BlockCopy
ToBinary
get_SystemDirectory
Registry
XFUEgPnCty
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
IBuPLKtYFvy
yPcwsdlMTKEpvy
ORIEjhyixvgIz
ZagFEunbtLz
AOvgHcViTYiOXRz
biYblarZLAZrkz
IdIrKEGBJbdHrz
TfkpuGDvQVxuz
WrapNonExceptionThrows
1.0.0.0
).NETFramework,Version=v4.0,Profile=Client
FrameworkDisplayName.NET Framework 4 Client Profile
_CorExeMain
mscoree.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>
SHA256
IFnrI0mx0Z1QUCsBNXxsqrnWvWkgVhwte9TWCpt5u3eVBl/uY28+rdlsDCvvLrcV+BMpJ1CBWjiqSMb0dk5jIg==
/KR8hECmh2Cz7gtdQ2m3cMBvik9K6DGB7J2kjO1XQxoxMzls6tvk4114SRsIW0M3DwSW/hBh+TB7gTYQFBiT5Etn7jLs+3J5wBrfppCUi/Bw+5zZw2BltagUp+mswmir8WFTq/Qg3EE4Ydp/wXA9EXVZAYyAQFfR7Bb0vx6I3FPHcOQWH2xBnNavCBc6xVl0
E2GlFC5J/1oLQJwx4C3ChPHprXzmgjULomwa1axYRAoN2R26BHkTT4vV3pISDe7xQ/WcoFY/e1gcQCzZdqnthgl/7QhZBQzK+RN14MW0G9k=
WDKhMuvfoq1ZD2NO1Sd2iah2Dwk3eIHGJfmtZiG44GNQfX4WQ51+xVfuZ9ERcL7iGvfKqFRMZlXPdhwtkv5Fgg==
%AppData%
MkZCUENkWmp6WVNwellwYWpPN2ZlWlJYWEtjeDQ3ME8=
OIQ+ZqnKqSl7RjOED+sFfP8+WrOLrlvKmkncWkql+stAhvRDMt2nCPgQEEdIlZf6C8L4C41fn5PH6KHFrx0pE9ETAryJTc7YpT1l133Wmls=
LPA7KzmvTon4KBM77DzXtgwH8ke3vrkS/t54r0rJkUrkEldNmSxlHu9/hD8qwK58+DOgka5WBjiskIg1Y6C7QXRsHknLQEIiuksZ+z+JGo4HjBPXPNLgmydwqfSmFHtidboQ6feWYJbWVce1Wz/Od7A4dHFVgMcuotLGGTAWC2gP5EsQoGz8IcpyHlhxPL2rpiezIX+1fZm4HCjUrKcJ3axkkgQ+tnEbaahSSIQaJycfV+F7OJADwJ3KLet6MCoDOg6aE53KGq4tPAopGzoGjIIVfvPUT7o2/apT85Yjr2heUava5ui9CcufWC7SFeho1vo9JV7tlySHTxzhOgjow0sL2bJExbaY5vh7pXVmU/Fb78+8hU1nWiNnwp7Mx0V5XMqyweMQZzeNGnbkwOx3k1DTY3rJa5aqVK2E4IaklBH5kUCt5IBdVUqXh/KmWt97WHKz336VLpJafpvickgRaVrW4qUq6QEtpdMQo1Mu+9sV8BvUNEYvSPGPUxFJIFvx5PKOJIAAuNMQTx4zyb15m0jgOSWhI4XlrZpG22ZonCw0yZJZeQwkCCAGA09D1J3YknyJoWHpQBYOghI+ZR2Lczj8Jd9QV4RbT2Rf3Gm3Mtpk2YSxzU893nQqw0t4zHTXmJSzH2fm0fHXpAf3uzPRd3XuXPMtiHmfkQHFFmLLW5lTJwtMadUCk/kdbGweuUGa8i5CvOMIsQNTWsW5J4i6fPaTUKVYXW/eAgYX4u+HaTV2NoqB48uJEBvALxMMCjQbGU6A5+II+3epTYX1oDbtQJc2vxwvWv4CDq7FynwoFUfRxivtqH7Vz+4beJgG/CPVb3yvWZfhmaXp/hy8G+ZSx4pUnnZ7XPRFBcm8uCv+vS33i8VnYIkN+V60ke6Q33oMyJ9s1JF1FP61/pmApH/b+nc8ptuUD6Hy/ZU+7UngDoh1TtxY1z0hjqd+E+DWVM5Wn+bMnfhh+gEADunq1ZjkiztsNnAzZvDNNa7S4v+aUTpo6RFbqS8UvaJcXNj6On/2
T2zTMg1SMBhuYKly/Dz9hcycDDZYKG7QuNdmDt3+vZ4wV2yhPR/dmWHLG1YPF1mrDS6GX+ZTD9wT3gbCBfdFJKtLjtt+cZHRmsrgameanyYBOcQrk/lpSeAYPihstByvJ248FCqptC2Gj7M39oTCPUola6kUjZ8Z24dnJsoESiwizSexhw+OC7GECsOzL5AYyF5MOCpi3ow6QlacUASdbqqzXvF/3etFSY5VBuaOaHUwGkl9J6z0OAqSi4qiclmlkrJPAqIF5GcQx1y8aYIxpPh7lfhG4bTiOXvZuOvV+Jm5NQ2q+ZG7OBzlY2oCNy0vh9MpvMzEOBoHyF/AiTCIZCboS3tMzW3D7GrqTy+3QjygYl4yCpRJehIBFvdt7PHtx3QUgtB9ULkRRARYJYVa5decIYsmodcKRcFYZV86bdaJmPfMsAJUbFZAqONuUw8VmuNr/AF3hS1ucHZfbHvEzgdWxin83AOgGs72c37+Eu0RfcvqLJWROK/OPXgymS6kfkd+vKeAi2G7/OoOC4N7RMSUVZEfmjkYjY17hJwObUp7fJDOo6Gfq9nxK1hW2kLr4d31YrJYRykPLEA180y1bfVcUVj3GLt1uGyL3JzfBzZrqU8dIHONl6n8hSjVWgo3Qxalfm4ATEqowZg6pXIESog3ftqIaSUJulFZrdzuoM5Akk0EX8wTnkDRhEFOVbqmMMjmIeFcAkyiw8dO6iHITsh8y9gUjivWyMRqJ7WYronrk9usAMiUjj0/Ak9bu0sBUtG1Y0d9492YYX2qBMGVAeIES3YKFw6AgSYRCsAi5BSrP3ety4mMClMDin83cocDsHeck9BBgMkmqj0lslt2oJVTSYteLjxRKi6EVwnQehG20/mj+puZ3vmxso4h4zwe3MDdcDDOFB5OoM+qYqGVbdLUmPzaf7lBIYwR3JJ7h3OcKI0hXCyWjCQKYR5ATT7NbmBCmi0QIW/i5OUsoDCFeg==
u1Bju4JP15FvqBxCDG0eeZr+jIlsHYX0NqnvDZBLRpVbrDhYGi1Jvo4mOan/yIA7YvGmej6fz13qkc+RxNzW0A==
Fa3YeMI/HIr4iB3s0yMY3yNKvSabdmgisHU55GNqdUCrC4ar1NVq2Ic0lDTR3UEAUnmtxLlHFPpmXg0FkZKpQg==
EYs+67OTVXbHItQExWrYCbaCRMk7x4jcbBM9e8LkZBUIlLXk8RE5rvaAaYVVJ0POVj8FnEMnTrU5ePviAwsB1Q==
J6ScMtXkSSGSLnTfoPghQ6Xdry4W+cOpeD304bcaC5aeIwXJr5f5aoQws7Em8FUlSUcucvwTqCWka87i1t4xYw==
4BdZ6cH9B/1k87EpK/8lPZCOH6VqJx52i3ENupWSJ2QUt/5MYuDSrZ61ZWnmQwbqfSzYTkOu/KYc9SmMtseYkg==
lG56Nm9Zwmh2dmfeM36Sq9N3HIzSeoCjJotUelBwnZDnSgqdxIpbM9eaSCiKST1PSo0W6cFEeXDO1aQnAkICpg==
JbfOXGIcJzluFcrOoCLzS18gk0tj8vQCq3cjRhbUm4DQyL3PFmThl8bWTNtfUmapZ47Npuvo9cfaUibwQxyecQ==
rTM14mJPE99lKkLEu8mX2Nb1nzTUlR+l300yOzE3QlPzC2Nghm3xWmvAJwNtE42pbyjzAJiXaI6xycQOEQ/oRQ==
6izpncAFqAJ2T5ulTVYiK1CXBNL635KOKzBlCUmCu1zwKlsZD/yHRpDRkctaUjwKRmpEhfM1nEE5OOfbZkGWCg==
Packet
Message
LastTime
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
@echo off
timeout 3 > NUL
START "" "
" /f /q
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
\b(bc1|[13])[a-zA-HJ-NP-Z0-9]{26,45}\b
\b(0x)[a-zA-HJ-NP-Z0-9]{40,45}\b
T[A-Za-z1-9]{33}
BTC Clipper
ETH Clipper
Trc20 Clipper
Err HWID
ClientInfo
Microsoft
Version
Performance
Pastebin
Antivirus
\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\LOCK
Puplic
MetaMask
\AppData\Roaming\Bitcoin\settings.json
btccore
Bitcoin Core
\AppData\Roaming\Exodus\exodus.conf.json
Exodus
\AppData\Roaming\atomic\Cookies
atomic
Atomic
Installed
Return
Escape
LControlKey
RControlKey
RShiftKey
LShiftKey
Capital
[SPACE]
[ENTER]
[CTRL]
[Shift]
[Back]
[CAPSLOCK: OFF]
[CAPSLOCK: ON]
\Log.tmp
seconds
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Software\
plugin
savePlugin
gettxt
passload
DicordTokens
WebBrowserPass
anydesk
getscreen
WDExclusion
weburl
killps
ResetScale
KillProxy
backproxy
uacoff
sendPlugin
Hashes
AllInOne
Password
Tokens
Reset Scale succeeded!
BackProxy.Class1
Plugin.Plugin
Msgpack
Received
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Stub.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
No antivirus signatures available.
No IRMA results available.