Static | ZeroBOX

PE Compile Time

2023-03-31 11:41:38

PE Imphash

b1e867ef87efb215fbaa4877aa8fac3e

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00124a11 0x00124c00 6.5592760347
.ozhbtym 0x00126000 0x0000508a 0x00005200 5.98452214436
.rdata 0x0012c000 0x0002c74a 0x0002c800 5.8735943174
.data 0x00159000 0x000077e4 0x00002e00 3.88800064441
.ozhbtym 0x00161000 0x00000050 0x00000200 0.0
.rsrc 0x00162000 0x0000d420 0x0000d600 7.86085871844
.reloc 0x00170000 0x0000a048 0x0000a200 6.69470561542

Resources

Name Offset Size Language Sub-language File type
ZIP 0x00162fd0 0x0000c2cb LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED Zip archive data, at least v1.0 to extract
RT_ICON 0x00162180 0x00000ca8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_GROUP_ICON 0x00162e28 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_VERSION 0x00162e40 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED PGP symmetric key encrypted data - Plaintext or unencrypted data
RT_MANIFEST 0x0016f2a0 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x52c050 GetComputerNameW
0x52c054 GetModuleFileNameA
0x52c058 GetCurrentProcessId
0x52c05c OpenProcess
0x52c060 GetModuleFileNameW
0x52c064 SetLastError
0x52c068 WaitForSingleObject
0x52c06c CreateEventW
0x52c070 FreeLibrary
0x52c074 WinExec
0x52c07c CopyFileW
0x52c080 SetStdHandle
0x52c090 GetOEMCP
0x52c094 LocalFree
0x52c098 LocalAlloc
0x52c09c LoadResource
0x52c0a0 FindResourceW
0x52c0a4 SizeofResource
0x52c0a8 LockResource
0x52c0ac GetTickCount
0x52c0b0 GetCurrentThread
0x52c0b4 Sleep
0x52c0b8 GetProcessHeap
0x52c0bc HeapAlloc
0x52c0c0 GetLastError
0x52c0c4 GetTempPathA
0x52c0cc GetShortPathNameA
0x52c0d0 LoadLibraryW
0x52c0d4 GetProcAddress
0x52c0d8 WideCharToMultiByte
0x52c0dc MultiByteToWideChar
0x52c0e8 GetCurrentProcess
0x52c0ec DuplicateHandle
0x52c0f0 CloseHandle
0x52c0f4 WriteFile
0x52c0f8 SetFileTime
0x52c0fc SetFilePointer
0x52c100 ReadFile
0x52c104 GetFileType
0x52c108 CreateFileW
0x52c10c CreateDirectoryW
0x52c110 TerminateProcess
0x52c118 GetACP
0x52c11c IsValidCodePage
0x52c120 FindNextFileW
0x52c124 FindFirstFileExW
0x52c128 FindClose
0x52c130 GetFileSizeEx
0x52c134 GetConsoleOutputCP
0x52c138 SetFilePointerEx
0x52c13c ReadConsoleW
0x52c140 GetConsoleMode
0x52c144 EnumSystemLocalesW
0x52c148 GetUserDefaultLCID
0x52c14c IsValidLocale
0x52c150 GetLocaleInfoW
0x52c154 LCMapStringW
0x52c158 CompareStringW
0x52c15c GetCommandLineW
0x52c160 GetCommandLineA
0x52c164 GetStdHandle
0x52c168 ExitProcess
0x52c16c GetModuleHandleExW
0x52c174 ExitThread
0x52c178 CreateThread
0x52c17c LoadLibraryExW
0x52c180 TlsFree
0x52c184 TlsSetValue
0x52c188 TlsGetValue
0x52c18c TlsAlloc
0x52c190 RtlUnwind
0x52c194 RaiseException
0x52c198 GetStringTypeW
0x52c19c GetCPInfo
0x52c1a0 WriteConsoleW
0x52c1a4 CompareStringEx
0x52c1a8 LCMapStringEx
0x52c1ac DecodePointer
0x52c1b0 EncodePointer
0x52c1b8 InitializeSListHead
0x52c1bc GetStartupInfoW
0x52c1c0 IsDebuggerPresent
0x52c1c4 GetModuleHandleW
0x52c1c8 ResetEvent
0x52c1cc SetEvent
0x52c1e0 FlushFileBuffers
0x52c1e8 MapViewOfFile
0x52c1ec CreateFileMappingW
0x52c1f0 AreFileApisANSI
0x52c1f8 HeapCreate
0x52c1fc HeapFree
0x52c204 GetFullPathNameW
0x52c208 GetDiskFreeSpaceW
0x52c20c OutputDebugStringA
0x52c210 LockFile
0x52c21c GetFullPathNameA
0x52c220 SetEndOfFile
0x52c224 UnlockFileEx
0x52c228 GetTempPathW
0x52c22c CreateMutexW
0x52c230 GetFileAttributesW
0x52c234 GetCurrentThreadId
0x52c238 UnmapViewOfFile
0x52c23c HeapValidate
0x52c240 HeapSize
0x52c244 FormatMessageW
0x52c248 GetDiskFreeSpaceA
0x52c24c GetFileAttributesA
0x52c254 OutputDebugStringW
0x52c258 FlushViewOfFile
0x52c25c CreateFileA
0x52c260 LoadLibraryA
0x52c268 DeleteFileA
0x52c26c DeleteFileW
0x52c270 HeapReAlloc
0x52c274 GetSystemInfo
0x52c278 HeapCompact
0x52c27c HeapDestroy
0x52c280 UnlockFile
0x52c284 LockFileEx
0x52c288 GetFileSize
0x52c294 GetSystemTime
0x52c298 FormatMessageA
Library ADVAPI32.dll:
0x52c008 LookupAccountNameW
0x52c020 InitializeAcl
0x52c024 GetTokenInformation
0x52c028 GetLengthSid
0x52c02c FreeSid
0x52c030 EqualSid
0x52c034 DuplicateToken
0x52c03c AddAccessAllowedAce
0x52c040 AccessCheck
0x52c044 OpenThreadToken
0x52c048 OpenProcessToken
Library SHELL32.dll:
0x52c2a8 ShellExecuteExA
Library ole32.dll:
0x52c2fc CoInitializeEx
0x52c300 CoGetObject
0x52c304 CoUninitialize
Library WININET.dll:
Library NETAPI32.dll:
0x52c2a0 Netbios
Library ntdll.dll:
0x52c2bc NtFreeVirtualMemory
0x52c2c8 RtlAcquirePebLock
0x52c2d0 RtlReleasePebLock
0x52c2d8 RtlCreateHeap
0x52c2dc RtlDestroyHeap
0x52c2e0 RtlAllocateHeap
0x52c2e4 RtlFreeHeap
0x52c2e8 NtClose
0x52c2ec NtOpenKey
0x52c2f0 NtEnumerateValueKey
0x52c2f4 NtQueryValueKey

!This program cannot be run in DOS mode.
`.ozhbtym
`.rdata
@.data
.ozhbtymP
@.reloc
FPh,eT
u&8FIu!8FJu
u&8FIu!8FJu
t$ OPV
L$Dj0V
>F:L$ u
D$$_^[
D$$_^[
L$l_^3
L$l_^3
<etZ<EtV;
VVh,sT
8D$ t!
D$ PRh
8D$ t!
D$ PRh
D$ PRh
PRh(tT
9~T~)ff
PRh<tT
8D$0t&
D$0PRhHtT
8D$0t!
D$0PRhTtT
8D$0t!
D$0PRh`tT
PRhltT
PRh|tT
49</t<\t
</tJ<\tF
8D$ t)
D$ PRh
8D$ t%
D$ PRh0uT
D$(SVW
t$,9|$$
D$,_^[3
QSVk5@
s';O s"
G,;G0r
9N`~03
W9S`~,3
t58C+tg
;C4sj
Fh;^ v
L$ QSV
L$$_^[3
L$l_^[3
D$(;\$$
\$P;\$$u
uy8F+u
t88^+u3
u%8F+u
uA9~DtY
;x,v(h
t39pLt
T$8;D$
D$(_^[
L$D_^[3
~89OLu(
A$J+D$
;t$$rw
tA+t$$
@<+A ;
u/;D$0w;
D$,;T$0
L$(VQSP
T$(;D$0
F4;H$v+h
f+D$Hf
\$,f;G
;D$<s(
\$@+H8
T$8+y8
T$4;|$h
T$\u-;
D$4+T$|B
T$LF;t$`}
L$H;t$$uaB
;T$ }
D$ GH;
9\$ ~f
C;\$ |
D$ SVW
;C<v4h
9D$(r%
L$L_^[3
D$ SVW
L$,_^[3
;W,v5h
L$<_^[3
L$$_^[3
L$<_^[3
tjPhxwT
;|$Htfh(xT
PQhlxT
D$D^[3
t29qLt
t 9Q<t
L$4VPj
T$D;|$
D$@RQPWS
D$<}$j
@<+C ;
T$ 9A0
D$(h\yT
L$4A;L$,r
D$(h|yT
D$(h@sT
8D$#tH
T$ ;L$<t
;T$,v:h
;D$Du;
\$0;\$ s
L$|_^[
u2h\zT
PFt48S
PFt48S
PFt48S
D$lh4{T
D$lhH{T
L$xA;L$pr
D$l_^3
w(;yPu#
f9B:vc
u[h\zT
L$D9E VW
D$08GQu
L$,_^[3
9D$lwp
L$@;L$
D$(+D$DP
+D$dPQ
L$<_^[3
\$,9^H
T$H;T$`|
|$@9;~y
\$P;8|
D$(WSQR
8;SVWuv
;Al~"h\
D$,98~'
D$<;D$0
L$|_^3
5uN9H0
4uf9H0
D$8_^[
L$4;L$,
D$0;|$,|
f9H }$
L$89H0
L$,9H0
D$@_^[
D$@_^[3
t^QPh8
CG;\$,|
T$(9P0
@0;L$8uw;
D$89D$
;t$Tt6
L$\_^[3
F@[_^]
t$ 9p0
T$(t j
T$89H0
u"9~xu
L$$_^[3
L$$_^[3
G f;C
<2tM<-tI
@_^[Y]
A f;F t6
u$9~xu
L$(8_I
|$09x0
t$8VVVVVh
L$4_^[3
T$ f;C*
u"9{xu
T$ 9H0
D$ ;D$,
T$p9H0
@M:FFt
L$<_^[3
L$\_^3
T$ 9A0
SX#T$
L$ 9H0
T$49P0
L$09H0
L$,9P0
\$49H0
L$49H0
T$49P0
C*@;Gl~
L$d_^[3
u/8GIu!8GJu
f;O2sN
f;H*}U
L$T_^[3
L$D_^[3
f!HN_^[
L$49P0
T$09P0
T$49H0
T$49P0
L$(9H0
L$09X0
D$48AI
L$t_^[3
u$PVh|
u"9wxu
u"9{xu
D$ QRP
L$,A;L$$r
D$ QSP
L$4_^[3
D$$9T$
L$<_^[3
D$<9s$
T$L9H0
t$89H0
D$h+D$4
tZ9L$t
L$T9H0
L$(9p0
f;H*}Q
L$,9H0
L$4_^[3
;L$,|7
9D$ v/
T$8<'u
L$|_^[3
T$,9P0
|$ teA
x}f;C(tw
u 9Sxu
|$<9x0
T$(f;A2
L$t_^[3
t0;F u
L$D_^[3
9T$4wAr
u/8FIu!8FJu
f;G4s_3
t$ 9t$
@(9D$ u
@*9D$ |+
+T$(+T$ +
T$|9H0
|$t9x0
|$t9x0
T$,9H0
|$,9H0
T$D9P0
L$(f;P*}k
u 9pxu
u"9Axu
T$\9P0
|$d9x0
T$4t:;
|$@9P0
f;8t?A
T$D9H0
D$89D$
u 9sxu
T$$9H0
L$ ;Y(~
O2f9K2
K*f;N*
C(f;F(
T$4;T$H
L$D9H0
L$@9H0
\$<9X0
t$4tlA
t$4t)A
tuPh@sT
\$$9X0
\$$9X0
\$|9X0
T$T9x0
T$T9H0
+D$8Phh
D$(9X(}
T$H9P0
T$`WPj
G$ u2;
L$Xf;C*
D$t9Q0
T$X9x0
D$X9Q0
T$hf;H2
T$X9H0
T$`9x0
L$(jhW
L$0A;L$(r
tT9pLt
;Gh~Sh(
u,h\zT
D$XSVW
t%j0SW
T$89H0
\$,9H0
T$$9H0
D$,f+V
I09\$@}C;
L$(9P0
L$T9H0
T$H9H0
L$T9H0
L$T9H0
T$D9P0
|$$9H0
|$$t!ff
T$89P0
L$49H0
L$49H0
|$ tyA
GWVPh
L$\_^3
D$89Q0
L$,9H0
L$89P0
T$,9H0
L$d_^[3
L$49H0
|$ t$f
|$$9x0
f9D$4|6
f9D$4|*
L$,;t$
\$$9X0
L$ 9H0
T$,9H0
L$ 9H0
\$09H0
D$X;D$LwP
9t$$~m
F;t$$|
T$09P0
t$H9p0
t$$9p0
t$H9H0
L$L9p0
D$ SVW
9T$Pwcr
P;|$$|
9T$\w>r
D$(9H$t
|$0;y,
|$,9x0
L$H9H0
t$$9H0
T$D9P0
T$,9P0
L$$9P0
L$0t"j
f#D$$f
?8WIu/
|$(t#A
H0f;J.}
D$,9D$ v\
L$\_^[3
L$\_^[3
u"9{xu
D$ SVW
uq8FIul
f;F*}
T$ 9H0
t$ 9q0
T$df;H*
f;A*}A
(9t$`t
L$,9H0
|$$9H0
T$,9P0
vPh@sT
q@f;A*
@L#J(#B,
L$ 9P0
9T$PwTr
D$ _^[
T$,9P0
L$,F;t$D|
T$<9H0
T$ 9H0
|$hf9G2
uIf9D$TwB
T$(9H0
|$@9H0
L$49L$@
t$<f;0
t$`t:A
T$49H0
;D$<tD
L$H;P\|
D$p9A0
L$,;L$
L$p9H0
D$ 9A u
vd9x\~N
!t$ !\$$
L$`#L$ #T$$
9T$Pw]r
L$$SVW
D$\;9|
|$4tn@
9L$Hr<h$
f#D$`f9D$du-f
D$t#D$Xf
u%+t$t
#D$t#T$p
D$P;D$p
T$,_^[
A f;FHt
L$p9H0
G$#O #E
#L$P#D$0
\$d;A0
G$#O #E
#T$P#L$0
f;C*}
\$@9H0
L$`9H0
T$@9Q0
F$#N #E
#8;8u";
#K #C$
#N #F$
#p@#XD
B0f;A.
#AH#QL
@~)j@h
F,uv9D$8tU
L$(;0|
#P(#L$@
L$L9P0
L$<9x0
u"9{xu
D$PPh|
D$ ;D$
D$(;D$8w4
D$ ;D$8w-
D$ ;D$8w"
;D$8w>
;D$8wY
D$ ;D$8w9
9T$8w4r
#$%&'()*+,-.
565.789/
KLMNOGP
.O[\]^
._`abcde.8
fghijjklmmnopqrstuvvvvvvvvwxyz{|}~~
<>td<<u
L$$Ph@sT
9 u(HI
t;hLgT
9u(t&j
tGhLgT
t:hLgT
A<#A8Y]
t6hLgT
lhos;J
t<hLgT
t4hLgT
F<#F8u_
tChLgT
L$$_^[3
PH;QDu
PD+QH;U
AH;BDt5
PH;QDtG
JH;HDt
PH;QDt+
AH+B@P
JH+H@Q
AH+B@P
PH;QDtD
P0;Q(t7
A0;B(t7
A0;B4tY
P0;Q(t7
A0;B(t7
A0;B(t7
J0;H(t7
P0;Q4tY
J4;H,u
AP;BTt
A(h$GS
A,h4GS
A0hDGS
A4h`GS
A8hpGS
A<h|GS
Adh0HS
AhhHHS
AlhXHS
AphdHS
AthpHS
xL}t$j
E Phl[S
tBhxsS
tKh8tS
tKhXtS
tKhxtS
tKh8uS
tKhXuS
tKhxuS
tKh4vS
tKhTvS
tKhtvS
tKh4wS
tKhTwS
tKhtwS
tKh4xS
tKhTxS
tKhtxS
tKh4yS
tKhTyS
tKhtyS
tKh4zS
tKhTzS
tKhtzS
tKh4{S
tKhT{S
tKht{S
tKh4|S
tKhT|S
tKht|S
tKh4}S
tKhT}S
tKht}S
tKh4~S
tKhT~S
tKht~S
<xt><Xu=
<xt <Xt
<xtJ<XuI
<xt)<Xt%j
PPPPPWS
QQSVWd
URPQQhP
UQPXY]Y[
VPPPPP
VPPPPP
j0Z9~4t
j0Z9~4t
j0Z9~4t
uj*Xf;
<j*Xf;
<ItC<Lt3<Tt#<h
A<lt'<tt
<ItC<Lt3<Tt#<h
A<lt'<tt
Tt)jhZf;
JjlZf;
F +F4+
8^8tb9^4~]
V +V4+
tb9^4~]
V.jx_f;
~ +~4+
F.jgYf;
PRRRRR
PPPPPPPP
PSSSSS
<ItM<Lt:<Tt'<h
?<lt <tt
PVVVVV
PVVVVV
PWWWWW
j,hHoU
PVVVVV
PVVVVV
f9<H_}
f9<H_}
SWt@jU
_tqPVj@
ARPRQh
jYjf
uSSSSj
M,j"^QRRRRR
Vj0XPW
r!SSPVQ
dr#SSjdVQ
M$j"^QRRRRR
j"[VWWWW
<at.<rt!<wt
<=upG8
[ShT*T
[Sh\*T
[Shd*T
D8(Ht'
D8(Ht5F
L:-^_[
PPPPPVW
PP9E u!PPSVP
u kE$<
j-Xf9E
f9:t!V
QQSVj8j@
NX9^`t1
;V\uYW
u2Vj@hP+T
9C`u99C\t4
u29K\t-
WHPh`.T
HPhP+T
_PVVVVV
j"_SVVVV
PVVVVV
^PSSSSS
j"^WSSSS
WVVVVV
PVSRSQV
^PQQQQQ
E ^PQQQQ
CY<u
PPPPPPPP
u!h<rS
u$honS
u$h*oS
uEhyTS
uBhzTS
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
Buffer out of range (provided length greater than buffer size)
Unknown exception
bad array new length
string too long
iostream
iostream stream error
bad cast
bad locale name
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
invalid string position
vector too long
8-oVX]
!wt$Kr!
!wt$Kr!
@=M`kn
in Json::Value::duplicateStringValue(): Failed to allocate string value buffer
in Json::Value::duplicateAndPrefixStringValue(): length too big for prefixing
in Json::Value::duplicateAndPrefixStringValue(): Failed to allocate string value buffer
assert json failed
in Json::Value::setComment(): Comments must start with /
assert json failed
assert json failed
Null Value Passed to Value Constructor
assert json failed
assert json failed
in Json::Value::asCString(): requires stringValue
Type is not convertible to string
LargestInt out of Int range
LargestUInt out of Int range
double out of Int range
Value is not convertible to Int.
LargestInt out of UInt range
LargestUInt out of UInt range
double out of UInt range
Value is not convertible to UInt.
LargestUInt out of Int64 range
double out of Int64 range
Value is not convertible to Int64.
LargestInt out of UInt64 range
double out of UInt64 range
Value is not convertible to UInt64.
Value is not convertible to double.
Value is not convertible to float.
Value is not convertible to bool.
in Json::Value::clear(): requires complex value
in Json::Value::resize(): requires arrayValue
assert json failed
in Json::Value::operator[](ArrayIndex): requires arrayValue
in Json::Value::resolveReference(): requires objectValue
in Json::Value::operator[](int index): index cannot be negative
in Json::Value::operator[](ArrayIndex)const: requires arrayValue
in Json::Value::getMemberNames(), value must be objectValue
in Json::Value::operator[](int index) const: index cannot be negative
in Json::Value::resolveReference(key, end): requires objectValue
in Json::Value::find(key, end, found): requires objectValue or nullValue
in Json::Value::removeMember(): requires objectValue
A valid JSON document must be either an array or an object value.
Exceeded stackLimit in readValue().
Syntax error: value, object or array expected.
Missing ':' after object member name
Missing ',' or '}' in object declaration
Missing '}' or object member name
Missing ',' or ']' in array declaration
' is not a number.
Empty escape sequence in string
Bad escape sequence in string
Line %d, Column %d
additional six characters expected to parse unicode surrogate pair.
expecting another \u token to begin the second half of a unicode surrogate pair
Bad unicode escape sequence in string: four digits expected.
Bad unicode escape sequence in string: hexadecimal digit expected.
for detail.
%%.%ug
-Infinity
-1e+9999
Infinity
1e+9999
000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
indentation
commentStyle
enableYAMLCompatibility
dropNullPlaceholders
useSpecialFloats
precision
commentStyle must be 'All' or 'None'
indentation
commentStyle
enableYAMLCompatibility
dropNullPlaceholders
useSpecialFloats
precision
commentStyle
indentation
enableYAMLCompatibility
dropNullPlaceholders
useSpecialFloats
precision
Extra non-whitespace after JSON value.
Exceeded stackLimit in readValue().
A valid JSON document must be either an array or an object value.
Syntax error: value, object or array expected.
nfinity
nfinity
Missing ':' after object member name
keylength >= 2^30
Duplicate key: '
Missing ',' or '}' in object declaration
Missing '}' or object member name
Missing ',' or ']' in array declaration
Unable to parse token length
' is not a number.
Empty escape sequence in string
Bad escape sequence in string
additional six characters expected to parse unicode surrogate pair.
Line %d, Column %d
expecting another \u token to begin the second half of a unicode surrogate pair
Bad unicode escape sequence in string: four digits expected.
Bad unicode escape sequence in string: hexadecimal digit expected.
for detail.
collectComments
allowComments
strictRoot
allowDroppedNullPlaceholders
allowNumericKeys
allowSingleQuotes
stackLimit
failIfExtra
rejectDupKeys
allowSpecialFloats
collectComments
allowComments
strictRoot
allowDroppedNullPlaceholders
allowNumericKeys
allowSingleQuotes
stackLimit
failIfExtra
rejectDupKeys
allowSpecialFloats
allowComments
strictRoot
allowDroppedNullPlaceholders
allowNumericKeys
allowSingleQuotes
stackLimit
failIfExtra
rejectDupKeys
allowSpecialFloats
collectComments
allowComments
strictRoot
allowDroppedNullPlaceholders
allowNumericKeys
allowSingleQuotes
stackLimit
failIfExtra
rejectDupKeys
allowSpecialFloats
ConstIterator to Iterator should never be allowed.
map/set too long
0123456789-+Ee
0123456789ABCDEFabcdef-+Xx
deque<T> too long
0123456789ABCDEFabcdef-+XxPp
0123456789abcdef
0123456789abcdef
=j&&LZ66lA??~
}{))R>
f""D~**T
V22dN::t
o%%Jr..\$
&&Lj66lZ??~A
99rKJJ
==zGdd
""Df**T~
;22dV::tN
$$Hl\\
C77nYmm
%%Jo..\r
>!KK
55j_WW
&Lj&6lZ6?~A?
~=zG=d
"Df"*T~*
2dV2:tN:
x%Jo%.\r.
t>!K
a5j_5W
ggV}++
Lj&&lZ66~A??
bS11*?
Xt,,4.
RRvM;;
MMfU33
PPxD<<%
Bc!! 0
~~zG==
Df""T~**;
dV22tN::
xxJo%%\r..8$
tt>!
pp|B>>q
aaj_55
UUPx((
='9-6d
_jbF~T
11#?*0
,4$8_@
t\lHBW
QPeA~S
>4$8,@
p\lHtW
+HpXhE
T[$:.6
,4$8'9-6:.6$1#?*XhHpSeA~NrZlE
Sbt\lH
QeFbF~TiKwZ
4$8,9-6'.6$:#?*1hHpXeA~SrZlN
SbE\lHtQeF
F~TbKwZi
$8,4-6'96$:.?*1#HpXhA~SeZlNrSbE
lHt\eF
Q~TbFwZiK
8,4$6'9-$:.6*1#?pXhH~SeAlNrZbE
SHt\lF
QeTbF~ZiKw
Object not Initialized
Data not multiple of Block Size
need dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
invalid literal/length code
invalid distance code
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid bit length repeat
oversubscribed dynamic bit lengths tree
incomplete dynamic bit lengths tree
oversubscribed literal/length tree
incomplete distance tree
incomplete literal/length tree
oversubscribed distance tree
empty distance tree with lengths
invalid distance code
invalid literal/length code
Qkkbal
-1.1.3
unknown compression method
invalid window size
incorrect header check
need dictionary
incorrect data check
unknown zip result code
Success
Culdn't duplicate handle
Couldn't create/open file
Failed to allocate memory
Error writing to file
File not found in the zipfile
Still more data to unzip
Zipfile is corrupt or not a zipfile
Error reading file
Caller: faulty arguments
Caller: the file had already been partially unzipped
Caller: can only get memory of a memory zipfile
Caller: not enough space allocated for memory zipfile
Caller: there was a previous error
Caller: additions to the zip have already been ended
Caller: mixing creation and opening of zip
Zip-bug: internal initialisation not completed
Zip-bug: trying to seek the unseekable
Zip-bug: the anticipated size turned out wrong
Zip-bug: tried to change mind, but not allowed
Zip-bug: an internal error during flation
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
User-Agent
Content-Type
DELETE
GetModuleFileNameW
FreeLibrary
CloseHandle
GetCommandLineW
GetTempPathA
GetTempPathW
GetTempFileNameA
WaitForSingleObject
GetFileAttributesW
CreateDirectoryW
CreateMutexW
GetLastError
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
CreateFileA
DeviceIoControl
CreateWaitableTimerW
SetWaitableTimer
GetNativeSystemInfo
GetVersionExW
GetSystemInfo
GetCurrentThreadId
GetEnvironmentVariableW
GetTickCount
DeleteFileA
DeleteFileW
CopyFileA
PeekMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
GetMessageW
GetInputState
GetSystemMetrics
GetWindowThreadProcessId
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetPathFromIDListA
SHGetSpecialFolderLocation
URLDownloadToFileW
URLDownloadToFileA
PathFileExistsW
SHGetValueW
SHSetValueW
PathFileExistsA
RegOpenKeyW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExA
CryptUnprotectData
InternetCloseHandle
InternetSetOptionW
InternetConnectA
HttpSendRequestA
InternetOpenA
InternetReadFile
InternetSetOptionA
InternetCrackUrlA
HttpOpenRequestA
InternetQueryDataAvailable
HttpQueryInfoA
HttpAddRequestHeadersA
InternetGetCookieA
([\S]+?)=([^;|^\r|^\n]+)
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36
HTTP/1.1
(.+?): ([^;|^\r|^\n]+)
Set-Cookies
Set-Cookie: ([^\r|^\n]+)
vector<bool> too long
()$^.*+?[]|\-{},:=!
xdigit
My local test also works
local test failed
\Google\Chrome\User Data\Local State
os_crypt
encrypted_key
RtlGetNtVersionNumbers
RtlGetNtVersionNumbers
Microsoft Windows 8.1
Microsoft Windows 10
Microsoft Windows NT 4.0
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows Me
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 R2
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Unknow OS
OS Read Error
http\shell\open\command
Chrome
HKEY_CURRENT_USER
SOFTWARE\Google\Chrome
FireFox
HKEY_CURRENT_USER
SOFTWARE\Mozilla\Firefox
FireFox
HKEY_CURRENT_USER
SOFTWARE\Mozilla\Firefox
SOFTWARE\Clients\StartMenuInternet
DELETE
{"active_permissions":{"api":["activeTab","browsingData","contentSettings","contextMenus","cookies","downloads","downloadsInternal","history","management","notifications","privacy","storage","tabs","topSites","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["http://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["http://*/*","https://*/*"]},"commands":{},"content_settings":[],"creation_flags":38,"events":[],"from_webstore":false,"granted_permissions":{"api":["activeTab","browsingData","contentSettings","contextMenus","cookies","downloads","downloadsInternal","history","management","notifications","privacy","storage","tabs","topSites","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["http://*/*","https://*/*"],"manifest_permissions":[],"scriptable_host":["http://*/*","https://*/*"]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13296819775087021","location":4,"newAllowFileAccess":true,"path":"C:\\Program Files\\nndannfdnoaiphfc
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
10:41:23
10:41:23
10:41:23
10:41:23
10:41:23
10:41:23
RiiUjhQ9p5ALGm7z
YarlICNMSLkEk9Hx
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
application/x-www-form-urlencoded;charset=utf-8
http://ngdatas.pw/
https://www.ippfinfo.top/
0.0.0.0
%d.%d.%d.%d
\Google\Chrome\User Data\
\Secure Preferences
\Google\Chrome\User Data\
\Extensions
ConvertSidToStringSidW
\Google\Chrome\User Data
C:\Program Files
\js\background.js
nndannfdnoaiphfcbbpgkhodebpoiocf
cmd.exe /c taskkill /f /im chrome.exe
const mac = '
const channelid ='
const version='
const bid='
x64-dev
SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Default
extensions.settings.
nndannfdnoaiphfcbbpgkhodebpoiocf
\u003C
extensions
settings
nndannfdnoaiphfcbbpgkhodebpoiocf
protection
extensions
settings
nndannfdnoaiphfcbbpgkhodebpoiocf
protection
\u003C
protection
super_mac
https://lgfftg.s3.eu-west-3.amazonaws.com/613jyr1
https://htyjh.s3.ap-south-1.amazonaws.com/613fdh2
https://uewrgu.s3.us-west-2.amazonaws.com/613dge3
","message":"
","code":"
{"type":"installresult","uid":"
success
err : write reg failed(RegCreateKeyExA)
err : write reg failed(RegSetValueExA)
err : extension dir not found(possible no chrome installed)
err : zip release failed
err : securepref not found
err : parse json failed
err : unknown
","channelid":"
","bid":"
","adminmode":"
","version":"
application/x-www-form-urlencoded;charset=utf-8
h56hklIS584DFBkJ
/Home/Index/lkdinl
http://
RtlGetNtVersionNumbers
SOFTWARE\Clients\StartMenuInternet
http\shell\open\command
RtlGetNtVersionNumbers
Microsoft Windows 8.1
Microsoft Windows 10
Microsoft Windows NT 4.0
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows Me
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 R2
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Unknow OS
OS Read Error
The NCBENUM return adapter number is: %d
%02X%02X%02X%02X%02X%02X
mutexmutex
DELETE
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
http://www.channelinfo.pw/index.php/Home/Index/getExe
exe_url
exe_name
run_value
country_code
abandon_country
pre_checks
post_checks
subrate
channelid
https://iplogger.org/1rDMq7
https://iplogger.org/1rd8N6
https://iplogger.org/1spuy7
https://iplogger.org/1uS4i7
https://iplogger.org/1uW6i7
https://iplogger.org/1TW3i7
https://iplogger.org/1q6Jt7
https://iplogger.org/1JD967
https://iplogger.org/1xvbz7
https://iplogger.org/1J2q67
https://iplogger.org/1ELna7
https://iplogger.org/1E2ma7
https://iplogger.org/1xWbz7
https://iplogger.org/1J9q67
https://iplogger.org/1Jeq67
https://iplogger.org/1NyYz7
https://iplogger.org/1NuYz7
https://iplogger.org/1NpYz7
https://iplogger.org/1NaYz7
https://iplogger.org/19iM77
https://iplogger.org/1NsYz7
https://iplogger.org/1ibws7
https://iplogger.org/1XJq97
https://iplogger.org/1VPXi7
https://iplogger.org/1LvRk7
https://iplogger.org/1HQGc7
https://iplogger.org/1HWGc7
https://iplogger.org/1vk2Q7
https://iplogger.org/1vx2Q7
https://iplogger.org/1vv2Q7
https://iplogger.org/1vb2Q7
https://iplogger.org/1bV787
https://iplogger.org/1b4887
https://iplogger.org/1H3Fa7
https://iplogger.org/1Ghzj7
https://iplogger.org/1Gjzj7
https://iplogger.org/1Gczj7
https://iplogger.org/1Gbzj7
https://iplogger.org/1fHtp7
https://iplogger.org/1x5bg7
https://iplogger.org/1pdxr7
https://iplogger.org/1Pdet7
https://iplogger.org/1BBCf7
https://iplogger.org/1s4qp7
https://iplogger.org/1s5qp7
https://iplogger.org/1TXch7
https://iplogger.org/1TCch7
https://iplogger.org/1TBch7
https://iplogger.org/1Tkij7
https://iplogger.org/1CUGu7
https://iplogger.org/1CDGu7
https://iplogger.org/1GiLz7
https://iplogger.org/1GaLz7
https://iplogger.org/1SWks7
https://iplogger.org/1Sxzs7
https://iplogger.org/1Smzs7
https://iplogger.org/1746b7
https://iplogger.org/1756b7
https://iplogger.org/1Cr3a7
https://iplogger.org/1G7Sc7
https://iplogger.org/1Z7qd7
https://iplogger.org/169Bx7
https://iplogger.org/1lcZz
https://iplogger.org/1RWXp7
https://iplogger.org/143up7
https://iplogger.org/14Jup7
https://iplogger.org/1GWfv7
https://iplogger.org/1mxKf7
https://iplogger.org/1rqRg7
https://iplogger.org/1pcji7
https://iplogger.org/12QMs7
https://iplogger.org/12TMs7
https://iplogger.org/1YkFc7
https://iplogger.org/1Dk7g7
https://iplogger.org/1Dv7g7
https://iplogger.org/1Dn7g7
https://iplogger.org/1Dm7g7
https://iplogger.org/1tEnk7
https://iplogger.org/1DnXg7
https://iplogger.org/1tTnk7
https://iplogger.org/1tUnk7
https://iplogger.org/1tAnk7
https://iplogger.com/1XZnD4
https://iplogger.com/1XXnD4
https://iplogger.org/1tSnk7
https://iplogger.org/1nvRF4
https://iplogger.org/1nnRF4
https://iplogger.org/1ntLF4
https://iplogger.org/1N3J25
https://iplogger.org/1nmWH4
https://iplogger.org/1nQWH4
https://iplogger.org/1nWWH4
https://iplogger.org/1nEWH4
https://iplogger.org/1nRWH4
https://iplogger.org/1nTWH4
https://iplogger.org/1ngVH4
https://iplogger.org/1nhVH4
https://iplogger.org/1njVH4
https://iplogger.org/1nkVH4
https://iplogger.org/1nxVH4
https://iplogger.org/1nEYJ4
https://iplogger.org/1nRYJ4
https://iplogger.org/1nTYJ4
https://iplogger.org/1nzmX4
https://iplogger.org/1ncmX4
Exe Param error
os version too low
your_download_code.txt
success
LMozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
User-Agent
----WebKitFormBoundary
multipart/form-data; boundary=
https://sm.ms/api/v2/upload?inajax=1
https://sm.ms/api/v2/upload?inajax=1
----WebKitFormBoundary
"; filename="
Content-Disposition: form-data; name="
Content-Type: image/png
----WebKitFormBoundary
User-Agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
----WebKitFormBoundary
multipart/form-data; boundary=
https://prntscr.com/upload.php
https://prntscr.com/upload.php
DELETE
----WebKitFormBoundary
"; filename="
smfile
Content-Disposition: form-data; name="
Content-Type: image/png
----WebKitFormBoundary
file_id
Content-Disposition: form-data; name="
----WebKitFormBoundary
DELETE
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36
https://www.google.com
https://www.google.com/search?q=admob&oq=admob
https://www.bing.com
https://www.aol.com
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36
https://m.facebook.com/composer/ocelot/async_loader/?publisher=feed#_=_
\"accessToken\":\"
https://graph.facebook.com/v14.0/me?fields=adaccounts{account_id,account_status,amount_spent,is_prepay_account,name,currency,adtrust_dsl,account_currency_ratio_to_usd},accounts,businesses{created_time,credit_cards{is_user_verified},verification_status}&access_token=
,{access_token:"
https://secure.facebook.com/ads/manager/account_settings/account_billing/
Error Reading Accountinfo
https://graph.facebook.com/v14.0/me?fields=adaccounts{account_id,account_status,amount_spent,is_prepay_account,name,currency,adtrust_dsl},accounts,businesses{created_time,credit_cards{is_user_verified},verification_status}&access_token=
User-Agent
Cookie
DELETE
https://www.facebook.com/
{"domain":".facebook.com","expirationDate":"","hostOnly":false,"httpOnly":true,"name":"
","path":"/","secure":false,"session":true,"storeId":"0","value":"
","id":0},
c_user=
https://www.amazon.com/
","id":0},
{"domain":".amazon.com","expirationDate":"","hostOnly":false,"httpOnly":true,"name":"
","path":"/","secure":true,"session":true,"storeId":"0","value":"
c_user=
select count(*) as RCount from cookies
select host_key,name,encrypted_value,expires_utc from cookies where host_key like '
; %s=%s
select count(*) as RCount from moz_cookies
SELECT host,name,value,expiry FROM moz_cookies where host='.facebook.com';
%s=%s;
c_user
select count(*) as RCount from moz_cookies
SELECT host,name,value,expiry FROM moz_cookies where host='
%s=%s;
c_user
Cookies
\Google\Chrome\User Data\Default\Cookies
Cookies
\Google\Chrome\User Data\Profile 1\Cookies
\Google\Chrome\User Data\
\Network\Cookies
\Google\Chrome\User Data\
\Cookies
Cookies
Cookies
DELETE
select * from logins where blacklisted_by_user=0
select * from logins where blacklisted_by_user=0 and origin_url like '%
Login Data
\Google\Chrome\User Data\Default\Login Data
Login Data
\Google\Chrome\User Data\Profile 1\Login Data
\Google\Chrome\User Data\
\Login Data
Login Data
\Google\Chrome\User Data\
\Login Data
Login Data
DELETE
running
"Type":"
"data":{
"cUserId":"
"Cookie":
"ChromeMultiProfileData":
"Type":"
"Version":"
"data":{
"RegExist":
"HiddenRegExist":
"Explore":"
"Encode":"
"LoginName":"
"cUserId":"
"SubChannelRun":"
"Psw":"
"UserAgent":"
"Cookie":
"NickName":"
"Page":"
"PageDetail":"
"BM":"
"Balance":"
"CreditCard":"
"AdsCreditCard":"
"HasTrans":"
"Threshold":"
"AccountStatus":"
"AccountJson":
"BillingInfo":
"Paypal":"
"FrieldsCount":"
"OS":"
"campaigntoken":"
"IEHistory":
"MachineID":"
"bid":"
"ChannelID":"
application/x-www-form-urlencoded;charset=utf-8
https://hdbywe.s3.us-west-2.amazonaws.com/dfgg320
h56hklIS584DFBkJ
running
"Type":"
"data":{
"cUserId":"
"Cookie":
"Type":"
"Version":"
"data":{
"RegExist":
"Explore":"
"Encode":"
"LoginName":"
"Psw":"
"Cookie":
"OS":"
"ChannelID":"
"MachineID":"
application/x-www-form-urlencoded;charset=utf-8
"InstallResult":"
"Version":"
"ChannelID":"
"MachineID":"
"RegExist":
"OS":"
"Explore":"
"DefaultExplore":"
"cUserId":"
"LoginName":"
"ReadCookiesResult":"
"ReadInfoResult":"
"ServiceList":"
"ProcessList":"
"ErrMsg":"
application/x-www-form-urlencoded;charset=utf-8
"MachineID":"
"SubChannelID":"
"PreRegKeyCheck":"
"RunResult":"
application/x-www-form-urlencoded;charset=utf-8
install
chrome|firefox|ie
\Google\Chrome\User Data\Profile 1\Cookies
\Google\Chrome\User Data\Profile
\Cookies
Default
datr|sb|c_user|xs|pl|fr
.facebook.com
c_user
Default
Default
.facebook.com
Profile
datr|sb|c_user|xs|pl|fr
.facebook.com
c_user
.facebook.com
datr|sb|c_user|xs|pl|fr
.facebook.com
c_user
Default
datr|sb|c_user|xs|pl|fr
.facebook.com
c_user
Profile 1
.facebook.com
[zhuanyi]
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; Tablet PC 2.0; .NET4.0E)
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0
no fbcookies found
amazon_us
chrome|firefox|ie
datr|sb|c_user|xs|pl|fr
.amazon.com
c_user
.amazon.com
.amazon.com
amazon_uk
chrome|firefox|ie
datr|sb|c_user|xs|pl|fr
.amazon.co.uk
c_user
.amazon.co.uk
.amazon.co.uk
{"Explore":"%ls","Encode":"%ls","cUserId":"%ls","LoginName":"%ls","Psw":"%ls","Page":"%ls","Balance":"%ls","CreditCard":"%ls","Paypal":"%ls","FrieldsCount":"%ls","Cookie":%ls}
http://www.mkpmc.com/Home/Index/getdata
http://www.mkpmc.com
http://www.mkpmc.com
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
Mar 31 2023
10:41:34
10:41:34
10:41:34
10:41:34
10:41:34
10:41:34
"profilecount":
"data":[
"profilename":
"loginname":
"psw":
"userid":
"cookies":
"fulllogindata":
"site":
"loginname":
"psw":
"fulllogindata":
"accountinfo":{
"UserNickName":
"page":
"pagedetail":
"balance":
"card":
"adscard":
"threshold":
"billinginfo":
"paypal":
"frieldcount":
"accountstatus":
"url":
"title":
DELETE
SleepConditionVariableCS
WakeAllConditionVariable
bad allocation
regex_error(error_collate): The expression contained an invalid collating element name.
regex_error(error_ctype): The expression contained an invalid character class name.
regex_error(error_escape): The expression contained an invalid escaped character, or a trailing escape.
regex_error(error_backref): The expression contained an invalid back reference.
regex_error(error_brack): The expression contained mismatched [ and ].
regex_error(error_paren): The expression contained mismatched ( and ).
regex_error(error_brace): The expression contained mismatched { and }.
regex_error(error_badbrace): The expression contained an invalid range in a { expression }.
regex_error(error_range): The expression contained an invalid character range, such as [b-a] in most encodings.
regex_error(error_space): There was insufficient memory to convert the expression into a finite state machine.
regex_error(error_badrepeat): One of *?+{ was not preceded by a valid regular expression.
regex_error(error_complexity): The complexity of an attempted match against a regular expression exceeded a pre-set level.
regex_error(error_stack): There was insufficient memory to determine whether the regular expression could match the specified character sequence.
regex_error(error_parse)
regex_error(error_syntax)
regex_error
success
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
cross device link
destination address required
device or resource busy
directory not empty
executable format error
file exists
file too large
filename too long
function not supported
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
interrupted
invalid argument
invalid seek
io error
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no lock available
no message available
no message
no protocol option
no space on device
no stream resources
no such device or address
no such device
no such file or directory
no such process
not a directory
not a socket
not a stream
not connected
not enough memory
not supported
operation canceled
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
permission denied
protocol error
protocol not supported
read only file system
resource deadlock would occur
resource unavailable try again
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many files open
too many links
too many symbolic link levels
value too large
wrong protocol type
unknown error
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyz
bad exception
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__swift_3
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
(null)
[aOni*{
~ $s%r
@b;zO]
v2!L.2
IND)ind)
IND)ind)
CorExitProcess
_hypot
_nextafter
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
AreFileApisANSI
CompareStringEx
EnumSystemLocalesEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
LCIDToLocaleName
LocaleNameToLCID
RoInitialize
RoUninitialize
AppPolicyGetProcessTerminationMethod
AppPolicyGetThreadInitializationType
]vQ<)8
|)P!?Ua0
Eb2]A=
u?^p?o4
y1~?|"
?x+s7
?5Od%
?|I7Z#
>,'1D=
?g)([|X>=
~U`?K
:h"?bC
@H#?43
Ax#?uN}*
r7Yr7=
F0$?3=1
H`$?h|
&?~YK|
sU0&?W
<8bunz8
?#%X.y
F||<##
<@En[vP
UTF-16LEUNICODE
1#QNAN
1#SNAN
?5Wg4p
%S#[k=
"B <1=
?COMPILER=msvc-1913
THREADSAFE=1
20b:20e
20c:20e
40f-21a-21d
local time unavailable
second
minute
localtime
unixepoch
weekday
start of
%04d-%02d-%02d %02d:%02d:%02d
%02d:%02d:%02d
%04d-%02d-%02d
%06.3f
julianday
datetime
strftime
current_time
current_timestamp
current_date
failed to allocate %u bytes of memory
failed memory resize %u to %u bytes
(NULL)
922337203685477580
API call with %s database connection pointer
unopened
invalid
Savepoint
AutoCommit
Transaction
SorterNext
PrevIfOpen
NextIfOpen
Checkpoint
JournalMode
Vacuum
VFilter
VUpdate
InitCoroutine
MustBeInt
IfNullRow
SeekLT
SeekLE
SeekGE
SeekGT
NoConflict
NotFound
SeekRowid
NotExists
IfSmaller
SorterSort
Rewind
RowSetRead
RowSetTest
Program
FkIfZero
IfNotZero
IsNull
NotNull
ElseNotEq
DecrJumpZero
IncrVacuum
Return
EndCoroutine
HaltIfNull
Integer
String
SoftNull
Variable
IntCopy
ResultRow
CollSeq
AddImm
RealAffinity
Permutation
BitAnd
ShiftLeft
ShiftRight
Subtract
Multiply
Divide
Remainder
Concat
Compare
BitNot
Column
String8
Affinity
MakeRecord
ReadCookie
SetCookie
ReopenIdx
OpenRead
OpenWrite
OpenDup
OpenAutoindex
OpenEphemeral
SorterOpen
SequenceTest
OpenPseudo
ColumnsUsed
Sequence
NewRowid
Insert
InsertInt
Delete
ResetCount
SorterCompare
SorterData
RowData
NullRow
SeekEnd
SorterInsert
IdxInsert
IdxDelete
DeferredSeek
IdxRowid
Destroy
ResetSorter
CreateBtree
SqlExec
ParseSchema
LoadAnalysis
DropTable
DropIndex
DropTrigger
IntegrityCk
RowSetAdd
FkCounter
MemMax
OffsetLimit
AggStep0
AggStep
AggFinal
Expire
TableLock
VBegin
VCreate
VDestroy
VColumn
VRename
Pagecount
MaxPgcnt
PureFunc0
Function0
PureFunc
Function
CursorHint
Explain
AreFileApisANSI
CharLowerW
CharUpperW
CloseHandle
CreateFileA
CreateFileW
CreateFileMappingA
CreateFileMappingW
CreateMutexW
DeleteFileA
DeleteFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddressA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile
CreateEventExW
WaitForSingleObject
WaitForSingleObjectEx
SetFilePointerEx
GetFileInformationByHandleEx
MapViewOfFileFromApp
CreateFile2
LoadPackagedLibrary
GetTickCount64
GetNativeSystemInfo
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
CreateFileMappingFromApp
Antivirus Signature
Bkav W32.ZomcoLwocqeN.Trojan
Lionic Trojan.Win32.FBStealer.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Lazy.318125
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Gen:Variant.Lazy.318125
Malwarebytes Spyware.Socelars
Zillya Trojan.Agent.Win32.3252738
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Lazy.318125
K7GW Spyware ( 0056c7821 )
K7AntiVirus Spyware ( 0056c7821 )
Baidu Clean
VirIT Trojan.Win32.PSWStealer.EUD
Cyren W32/Trojan.SICT-8657
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 a variant of Win32/Spy.Agent.PYV
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Script.FBStealer.gen
Alibaba TrojanSpy:Win32/RedLineStealer.915c33ab
NANO-Antivirus Trojan.Script.Stealer.jvhbnw
ViRobot Clean
Rising Stealer.FBAdsCard!1.CE03 (CLASSIC)
Emsisoft Gen:Variant.Lazy.318125 (B)
F-Secure Heuristic.HEUR/AGEN.1307847
DrWeb Trojan.Siggen19.56605
VIPRE Gen:Variant.Lazy.318125
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.th
Trapmine malicious.moderate.ml.score
Sophos Mal/Generic-S
Ikarus Trojan-Spy.Win32.Agent
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1307847
MAX malware (ai score=84)
Antiy-AVL Clean
Gridinsoft Spy.Win32.Socelars.bot
Xcitium Clean
Arcabit Trojan.Lazy.D4DAAD
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Script.FBStealer.gen
Microsoft Trojan:Win32/RedLineStealer.RT!MTB
Google Detected
AhnLab-V3 Trojan/Win.Socelars.C5388913
Acronis suspicious
McAfee Artemis!D5CDDEBC7857
TACHYON Trojan/W32.FBStealer.1511936
VBA32 BScope.Trojan.Agentb
Cylance unsafe
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Malware.Win32.Gencirc.10be23f5
Yandex TrojanSpy.Agent!LWiA6/o4emo
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Agent.PYV!tr
BitDefenderTheta Gen:NN.ZexaF.36344.CD0@aSUlYigj
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
No IRMA results available.