Static | ZeroBOX

PE Compile Time

2063-06-20 15:48:44

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0001a3b4 0x0001a400 5.82217839812
.rsrc 0x0001e000 0x00009b46 0x00009c00 3.24794320348
.reloc 0x00028000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0001e130 0x000094a8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x000275d8 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x000275ec 0x0000036e LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0002795c 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
KDBM(
Y_c
Y_c
v4.0.30319
#Strings
B R x
!J!U!\!
!e!n!w!
__StaticArrayInitTypeSize=10
<>9__0_10
<Id1>b__0_10
get_Id10
set_Id10
__StaticArrayInitTypeSize=20
359A00EF6C789FD4C18644F56C5D3F97453FFF20
__StaticArrayInitTypeSize=30
__StaticArrayInitTypeSize=40
FB10FF1AD09FE8F5CA3A85B06BC96596AF83B350
77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
A8F9B62160DF085B926D5ED70E2B0F6C95A25280
F413CEA9BAA458730567FE47F57CC3C94DDF63C0
<>9__0_0
<Id1>b__0_0
<DomainExists>b__0_0
<>c__DisplayClass0_0
<GetWindowsVersion>g__HKLM_GetString|11_0
<>9__1_0
<WriteLine>b__1_0
<GetDefaultIPv4Address>b__1_0
<>9__2_0
<Init>b__2_0
<>9__5_0
<Id3>b__5_0
<>9__8_0
<ListOfPrograms>b__8_0
<>9__9_0
<.ctor>b__9_0
<AvailableLanguages>b__9_0
<.ctor>b__0
<>o__0
<>p__0
718D1294A5C2D3F3D70E09F2F473155C4F567201
2FBDC611D3D91C142C969071EA8A7D3D10FF6301
<Id1>b__11
get_Id11
set_Id11
sf34asd21
5228E4D31C49B8491CE9A64B37F69147CCED17E1
989657DD93570810E43C5B1F68E529460CA796F1
<>9__0_1
<DomainExists>b__0_1
<>9__1_1
<GetDefaultIPv4Address>b__1_1
<scannedfiles>5__1
<Id1>b__1
<.ctor>b__1
<>p__1
Func`1
Nullable`1
IEnumerable`1
IOrderedEnumerable`1
CallSite`1
Task`1
ICollection`1
IEnumerator`1
IList`1
ChannelFactory`1
get_Id1
set_Id1
__StaticArrayInitTypeSize=102
2A19BFD7333718195216588A698752C517111B02
__StaticArrayInitTypeSize=12
<>9__0_12
<Id1>b__0_12
get_Id12
set_Id12
__StaticArrayInitTypeSize=22
__StaticArrayInitTypeSize=32
ConvertFromUtf32
Microsoft.Win32
ToUInt32
ToInt32
A937C899247696B6565665BE3BD09607F49A2042
__StaticArrayInitTypeSize=42
__StaticArrayInitTypeSize=152
__StaticArrayInitTypeSize=62
__StaticArrayInitTypeSize=72
__StaticArrayInitTypeSize=282
D67333042BFFC20116BF01BC556566EC76C6F7E2
EB7EF1973CDC295B7B08FE6D82B9ECDAD1106AF2
<>9__0_2
<Id1>b__0_2
<tokens>5__2
<DomainExists>b__2
<GetTokens>d__2
<>p__2
Func`2
KeyValuePair`2
get_Id2
set_Id2
LSIDsd2
aso0shq2
slkahs2
04EC68A0FC7D9B6A255684F330C28A4DCAB91F13
get_Id13
set_Id13
asdoiad0123
asd44123
sdf923
EB14352FBADB40E2FA237D444A6575B918573C43
4E3D7F188A5F5102BEC5B820632BBAEC26839E63
kadsoji83
sdfkas83
8C550EA96A693C687FFAB21F3B1A5F835E23E3B3
06F9FDEBE7AEF3F08523BDDDE7FCB7F4A217E7B3
387D8DBBFB12BA323F1E0F1F539B4DA9550070C3
C39241F447680C35D3966F9446AAE6D462E04AD3
79E9B68FB6E1987DED749BCD71143BD8EB323CE3
FCEAB39EEBEA9BEA6AC370A00D87E5EE20EC94F3
<Id1>b__3
<>s__3
Func`3
get_Id3
set_Id3
dvsjiohq3
asdk9y3
4EF472E2E74116C7FD95C74AB422CCF80DB1C404
__StaticArrayInitTypeSize=14
get_Id14
set_Id14
__StaticArrayInitTypeSize=24
sdfo8n234
gkdsi8y234
46884713B2F882E5304A1FF1B16370575A53E434
__StaticArrayInitTypeSize=34
sdfk8h34
asdlasd9h34
__StaticArrayInitTypeSize=144
__StaticArrayInitTypeSize=44
__StaticArrayInitTypeSize=154
93D9D319FF04F5E54F3A6431407A7B90388FDC54
FromBase64
ToInt64
99086C63443EF4224B60D2ED08447C082E7A0484
1076B53156E190E9BCBE281016712F2D3F02D3B4
<>9__0_4
<Id1>b__0_4
<file>5__4
get_Id4
set_Id4
fdfg9i3jn4
EB2DB456E0D779E528D1474FA55AC99055A5E815
38F431A549411AEB32810068A4C83250B2D31E15
get_Id15
set_Id15
askd435
A898408AA9A30B686240D921FE0E3E3A01EE91A5
<Id1>b__5
<>s__5
get_Id5
set_Id5
__StaticArrayInitTypeSize=16
get_Id16
set_Id16
410D551BF9DC1F0CF262E4DB1077795D56EEC026
E0CEB3E46E857A70CFB575A05B01A64806A8D426
__StaticArrayInitTypeSize=26
__StaticArrayInitTypeSize=36
__StaticArrayInitTypeSize=76
__StaticArrayInitTypeSize=6
80E5A0A2B81DB2473AFBB3FDD6F479670B7B41C6
<>9__0_6
<Id1>b__0_6
<match>5__6
get_Id6
set_Id6
18B532EF2959EF2ED8C549D712E3446FF49E4287
007A56C60CB686C542C5A63F4806094A4F9494B7
89C95FB6F8086AFCCD50B1B257669F2B17C047B7
D82572C56BDDD62E320B8BDAF0397A0DF9DD5BF7
<token>5__7
<Id1>b__7
get_Id7
set_Id7
__StaticArrayInitTypeSize=18
__StaticArrayInitTypeSize=28
__StaticArrayInitTypeSize=38
__StaticArrayInitTypeSize=48
1A79939AEFF161E557D02CB37CD9A811ABCAF458
__StaticArrayInitTypeSize=58
__StaticArrayInitTypeSize=78
1938FDF81D9EFE09E9786A7A7DDFFBD755961098
DF08DD4DFFDB6C9048202CAE65882EF91ECE6BA8
9B88C78E81ADB9E7247AB37D1F5F3861810916D8
46F273EF641E07D271D91E0DC24A4392582671F8
get_UTF8
<>9__0_8
<Id1>b__0_8
get_Id8
set_Id8
asdkadu8
BCEF86DAFC99BA02019A51909C079A7A31931909
20CB5B8963ECE3D796594F043D66C0E0BAD86669
2B9522D4F7398AB5DB789596FE5DB90589B031E9
<Id1>b__9
get_Id9
set_Id9
8743F6DD6877BBC815E9F16BEC59057DD1A89B0A
96D6CB223DCF17F7C9F93C825239BDAA3634674A
A3EFD00EA085079EE7F97407F8EFF07E3990696A
4C1117B01D5C4E103EE817F889EC547C63B47B7A
A9139732ED4CF84F8CE948DCB134114E4F24598A
BEDDFAEB0360B1694AB8CD2A69986414790A1D9A
4CDA4454A3C36A7EBDCF8FE8B804B379A31D33CA
InteropSChannelSCHANNELALERTTOKENA
LoadLibraryA
EBD075615CBE4A710F9410FFECEAF6110A01922B
DF2BDC3975DC25BFAFFA4976E9CD1E38AADF463B
9D9AF3AE11A58D55EB8A6AEC8F03F7AD01E8994B
5BB3788A197C26B8310159EC9A81635814ABB05B
0410277C15CAD5E63A25F491DAEEF493B897678B
81E046FA1D93B661CC948A4DD1E01F20D6192E9B
28F794B091ED92F57BFC80EA32B18AF3A8183ADB
7FD227EEE2F38A50CFD286D228B794575C0025FB
dnlibDotNetMDRawTypeRefRowB
dnlibDotNetWriterDebugDirectoryB
4369729D8B79D0C651E00137A3B22A1A24DEBB4C
5F2F91D44A21E42A979E24B620CF42F2CB8687EC
SystemNetUnsafeNclNativeMethodsHttpApiTOKENBINDINGIDENTIFIERVC
System.Drawing.Drawing2D
FD4C77C0C4405C6A46E5C3CE53E0AE6BAEE7746D
6353B688B99A3543932AA127DAA0E48FBC646BBD
B5B4FA236B87DBCD8055443F05776B10DDEFA5CD
6F66485AF823BAE1F185740DA7F4F595701CD22E
E3E8284EDCB98A1085E693F9525A3AC3D705B82E
571B1023DF3ABFB94C92465B365B1814FEBFAB3E
459812D18B50C8E5F96831EFD700F962F692D29E
71E427369E07185AE0407E3FAB1A16ED62BD159E
95098CDF929872F9B67E58070D088F8238F7CABE
CE18B047107AA23D1AA9B2ED32D316148E02655F
4B05CEBD7D70F1607D474CAE176FEAEB7439795F
8C49F78A06E711CF0E21134D0B091985336CC37F
501BADE98ACDE8BF4A0424FD9A4354615FF08C7F
B14D74C51EAE4F88FBF39B8BD07DA392799FCAAF
7BF285852D43939E0FBD7B6C5592189AF986E8BF
3DB6DAD76E13B54DC03AF1C6092C40388E57FBBF
SystemSecurityCryptographyCAPIBaseCERTEXTENSIONG
dnlibDotNetPdbDssSymbolScopeImplG
SystemComponentModelEventHandlerListListEntryG
dnlibDotNetResourcesResourceReaderExceptionH
SystemConfigurationIgnoreSectionHandlerH
get_ASCII
SystemDiagnosticsPerformanceCounterCategoryTypeI
SystemNetDownloadProgressChangedEventHandlerI
dnlibPEImageDosHeaderJ
SystemNetEndiannessK
SystemComponentModelDesignITreeDesignerL
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
get_JSON
FromJSON
ToJSON
dnlibDotNetPdbManagedDbiScopeOemInfoN
System.IO
SystemComponentModelDesignStandardCommandsO
SystemTextRegularExpressionsRegexFCP
dnlibDotNetSigComparerOptionsQ
dnlibDotNetEmbeddedResourceMDR
SystemNetUnsafeNclNativeMethodsRasHelperRASCONNSTATER
SystemNetContextAwareResultR
SystemDiagnosticsCounterCreationDataS
SystemNetTcpStyleUriParserS
SystemNetSocketsIoctlSocketConstantsS
dnlibDotNetDeclSecurityT
dnlibDotNetWriterBlobHeapGetAllRawDatadV
SystemDataDataTableReaderV
SystemIOCompressionGZipStreamW
SystemDataCommonNameValuePermissionX
dnlibDotNetAssemblyResolverFindAssembliesGacExactlydY
SystemLocalAppContextTryGetSwitchDelegateY
SystemNetICloseExY
value__
SystemDataSqlClientSqlNotificationEventArgsa
cbData
ProtectedData
bEncryptedData
cbAuthData
pbAuthData
SystemNetUnsafeNclNativeMethodsNativeNTSSPIb
mscorlib
dnlibDotNetGenericArgumentsStackb
DecryptBlob
System.Collections.Generic
get_Id
get_ManagedThreadId
<>l__initialThreadId
pszAlgId
get_SessionId
set_MaxBytesPerRead
get_CurrentThread
Pumiced
GetDecoded
BytesToStringConverted
<Id10>k__BackingField
<Id11>k__BackingField
<Id1>k__BackingField
<Id12>k__BackingField
<Id2>k__BackingField
<Id13>k__BackingField
<Id3>k__BackingField
<Id14>k__BackingField
<Id4>k__BackingField
<Id15>k__BackingField
<Id5>k__BackingField
<Id16>k__BackingField
<Id6>k__BackingField
<Id7>k__BackingField
<Id8>k__BackingField
<Id9>k__BackingField
<irrpre>k__BackingField
<Main>k__BackingField
<PassedPaths>k__BackingField
<os_crypt>k__BackingField
<First>k__BackingField
<encrypted_key>k__BackingField
ReadToEnd
CreateBind
SystemComponentModelDesignServiceContainerServiceCollectiond
dnlibDotNetPdbPdbUnknownCustomDebugInfod
method
SystemNetUnsafeNclNativeMethodsWinHttpd
MicrosoftCSharpCSharpCodeGeneratord
sdf934asd
asdk9345asd
adkasd8u3hbasd
kkdhfakdasd
sdfk38jasd
asdk8jasd
sdfm83kjasd
asdaid9h24kasd
sdfk83hkasd
sdf9j3nasd
asdasod9234oasd
a9duh3zd
NetworkInterface
Replace
IsNullOrWhiteSpace
CreateInstance
cbNonce
pbNonce
source
set_Mode
FileMode
set_SmoothingMode
chainingMode
X509CertificateValidationMode
set_CertificateValidationMode
set_InterpolationMode
set_TransferMode
set_PixelOffsetMode
SecurityMode
SelectSingleNode
XmlNode
xmlNode
get_Unicode
get_BigEndianUnicode
FromImage
MessageBoxImage
set_Message
get_CurrentInputLanguage
AddRange
EndInvoke
BeginInvoke
ReadContextTable
IEnumerable
IDisposable
Visible
ToDouble
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
Rectangle
ReadFile
profile
hModule
get_Name
procName
fieldName
tableName
fileName
ChromeGetRoamingName
get_EnglishName
ChromeGetLocalName
get_FullName
ItemName
get_UserDomainName
get_UserName
ChromeGetName
GetProcessesByName
get_DisplayName
filename
DateTime
get_CreationTime
AppendLine
WriteLine
get_NewLine
Combine
LocalMachine
DataProtectionScope
dataProtectionScope
OperationContextScope
pszBlobType
ChangeType
ValueType
MessageCredentialType
set_ClientCredentialType
GetType
get_PropertyType
blvnzcwqe
FileShare
Compare
SystemNetFrameHeadere
System.Core
get_irrpre
get_CurrentUICulture
get_Culture
get_InvariantCulture
get_CurrentCulture
GetImageBase
WebResponse
GetResponse
System.IDisposable.Dispose
Reverse
get_ServiceCertificate
Create
MulticastDelegate
DebuggerBrowsableState
<>1__state
Delete
CallSite
DynamicAttribute
CompilerGeneratedAttribute
UnverifiableCodeAttribute
DebuggableAttribute
DebuggerBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DataMemberAttribute
EnumMemberAttribute
CompilationRelaxationsAttribute
DataContractAttribute
ServiceContractAttribute
OperationContractAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ConfusedByAttribute
ParamArrayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
ToByte
get_Value
GatherValue
get_HasValue
GetValue
SetValue
ReadContextValue
Remove
Pumiced.exe
get_Size
cbSize
_pageSize
set_MaxReceivedMessageSize
ChangeSize
_sqlDataTypeSize
MaxAuthTagSize
set_MaxBufferPoolSize
newSize
GetVirtualDisplaySize
Serialize
Deserialize
Resize
dnlibDotNetEmbeddedResourceMDf
SizeOf
get_ItemOf
IndexOf
sdfi35sdf
authTag
get_Png
System.Threading
NetTcpBinding
_dbEncoding
GetEncoding
get_CurrentEncoding
System.Drawing.Imaging
System.Runtime.Versioning
ToString
GetString
GetHexString
Substring
System.Drawing
ConvertToULong
scannerArg
Search
GetMd5Hash
ComputeHash
dbPath
profilePath
GetFolderPath
rootPath
get_Width
get_VirtualScreenWidth
get_Length
dwMinLength
set_MaxJsonLength
set_MaxStringContentLength
get_RowLength
dwMaxLength
set_MaxArrayLength
StartsWith
set_MaxDepth
SystemNetConfigurationWebUtilityElementj
AsyncCallback
callback
IsLoopback
PreCheck
SystemNetSSPIHandlek
dnlibDotNetPdbPdbStateCreateScopeStatek
PresentationFramework
SystemNetNetworkInformationIPInterfacePropertiesk
AllocHGlobal
FreeHGlobal
get_Local
Marshal
X509CertificateRecipientClientCredential
cbLabel
pbLabel
System.ServiceModel
CreateChannel
IContextChannel
maxLevel
kernel32.dll
System.Xml
SystemComponentModelDoWorkEventArgsl
FileStream
GetResponseStream
MemoryStream
get_Item
get_Is64BitOperatingSystem
phAlgorithm
HashAlgorithm
Random
RootNum
rowNum
op_LessThan
TimeSpan
CopyFromScreen
get_PrimaryScreen
SystemRuntimeVersioningFrameworkNamen
SystemSRDescriptionAttributen
get_Main
set_Main
get_FileVersion
dwInfoVersion
GetWindowsVersion
get_Authentication
X509ServiceCertificateAuthentication
get_Location
System.Net.NetworkInformation
UnicastIPAddressInformation
GatewayIPAddressInformation
pszImplementation
System.Globalization
System.Runtime.Serialization
System.Web.Script.Serialization
System.Reflection
InputLanguageCollection
MatchCollection
UnicastIPAddressInformationCollection
GatewayIPAddressInformationCollection
PathsCollection
ManagementObjectCollection
RequestConnection
connection
SearchOption
searchOption
CryptographicException
NotSupportedException
InvalidOperationException
System.ServiceModel.Description
StringComparison
MessageBoxButton
SystemCollectionsConcurrentConcurrentBagThreadLocalListn
SystemTextRegularExpressionsCompiledRegexRunnerFactoryn
CompareTo
FileInfo
fileInfo
TimeZoneInfo
CultureInfo
pPaddingInfo
FileSystemInfo
RegionInfo
FileVersionInfo
GetVersionInfo
CSharpArgumentInfo
DirectoryInfo
PropertyInfo
SystemTextRegularExpressionsRegexCompilationInfoo
SystemCollectionsSpecializedStringDictionaryWithComparero
IsLocalIp
Bitmap
MessageSecurityOverTcp
SystemNetInterlockedStackp
SystemNetNetworkInformationFixedInfop
Microsoft.CSharp
SystemNetMimeMultiAsyncResultp
asdak83jq
System.Linq
SystemDiagnosticsEventTypeFilterq
InvokeMember
GetSerialNumber
MessageHeader
CreateHeader
AddressHeader
XmlReader
StreamReader
XmlTextReader
MD5CryptoServiceProvider
OpenAlgorithmProvider
IFormatProvider
provider
StringBuilder
dataFolder
SpecialFolder
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
Buffer
SystemIOPortsSerialPinChanger
ManagementObjectSearcher
Invoker
ToUpper
CurrentUser
GetDelegateForFunctionPointer
adapter
BitConverter
ToLower
JavaScriptSerializer
IEnumerator
ManagementObjectEnumerator
System.Collections.Generic.IEnumerable<Entity5>.GetEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
connector
IntPtr
SystemNetCacheCombinedReadStreamInnerAsyncResultr
base64str
sdkf9h234as
set_ReaderQuotas
XmlDictionaryReaderQuotas
Graphics
System.Diagnostics
Fields
get_Bounds
GetGraphicCards
GetAllNetworkInterfaces
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
get_ChildNodes
AvailableLanguages
get_InstalledInputLanguages
languages
Matches
EnumerateDirectories
GetDirectories
_masterTableEntries
_tableEntries
GetIPProperties
IPInterfaceProperties
GetProperties
ExpandEnvironmentVariables
remoteFiles
GetFiles
profiles
GetSubKeyNames
hardwares
softwares
expires
ListOfProcesses
processes
get_UnicastAddresses
get_GatewayAddresses
StripQuotes
FromMinutes
_fileBytes
ConvertToBytes
GetBytes
GetLogicalDrives
CSharpArgumentInfoFlags
CSharpBinderFlags
dwFlags
configs
settings
get_PassedPaths
set_PassedPaths
FindPaths
browserPaths
AddMonths
get_Ticks
System.Threading.Tasks
Locals
get_Credentials
ClientCredentials
System.ServiceModel.Channels
ListOfPrograms
System.Windows.Forms
GetTokens
domains
Contains
System.Web.Extensions
System.Text.RegularExpressions
System.Collections
StringSplitOptions
searchPatterns
patterns
get_Chars
get_OutgoingMessageHeaders
defenders
scanners
RuntimeHelpers
installedBrowsers
GetBrowsers
browsers
SystemParameters
loginPairs
GetProcessors
FileAccess
success
GetCurrentProcess
GetDefaultIPv4Address
IPAddress
get_Address
GetProcAddress
EndpointAddress
address
System.Net.Sockets
Supports
get_Exists
DomainExists
get_OperationalStatus
System.Windows
AddDays
arrays
Concat
AppendFormat
ImageFormat
Extract
ManagementBaseObject
hObject
ManagementObject
cbKeyObject
pbKeyObject
object
Select
Unprotect
System.Net
Target
System.Collections.IEnumerator.Reset
GetOffset
offset
get_Height
get_VirtualScreenHeight
set_RecursionLimit
cbSalt
GetValueOrDefault
pcbResult
IAsyncResult
MessageBoxResult
__result
System.Management
XmlElement
get_DocumentElement
dwIncrement
SqlStatement
Environment
XmlDocument
NetworkInterfaceComponent
System.Collections.Generic.IEnumerator<Entity5>.Current
System.Collections.IEnumerator.Current
System.Collections.Generic.IEnumerator<Entity5>.get_Current
System.Collections.IEnumerator.get_Current
<>2__current
Content
get_Count
set_MaxNameTableCharCount
get_os_crypt
set_os_crypt
Decrypt
TrimStart
Convert
WebRequest
XmlNodeList
ToList
get_First
set_First
set_Timeout
set_SendTimeout
set_CloseTimeout
set_ReceiveTimeout
set_OpenTimeout
timeout
cbInput
pbInput
cbOutput
pbOutput
MoveNext
System.Text
cipherText
get_InnerText
chiperText
ReadFileAsText
cbMacContext
pbMacContext
ReadMasterOfContext
OperationContext
StartNew
get_Now
kasdihbfpfduqw
endIdx
startIdx
startIndex
rowIndex
BidBindingCookiex
MicrosoftWinSafeHandlesSafeFileMapViewHandlex
dnlibDotNetIOwnerModulex
MessageBox
OrderBy
SystemNetUnsafeNclNativeMethodsHttpApiTOKENBINDINGRESULTDATAVy
display
oldArray
InitializeArray
ToArray
FromBase64CharArray
ToCharArray
get_Key
OpenSubKey
chromeKey
stringKey
bMasterKey
hImportKey
RegistryKey
get_encrypted_key
set_encrypted_key
System.Security.Cryptography
GetExecutingAssembly
get_AddressFamily
SelectMany
BlockCopy
entropy
LoadLibrary
CollectMemory
get_Factory
TaskFactory
ChannelFactory
get_Directory
baseDirectory
CreateDirectory
get_SystemDirectory
profilesDirectory
RegionsCountry
Registry
op_Equality
op_Inequality
System.ServiceModel.Security
System.Security
set_Security
NetTcpSecurity
CreateDnsIdentity
EndpointIdentity
IsNullOrEmpty
GetProperty
pszProperty
dnlibDotNetMDRawMethodSemanticsRowy
dnlibDotNetInterfaceMarshalTypez
SystemDataSqlTypesSqlBinaryz
Confuser.Core 1.6.0+447341964f
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
Nirtro CPU
Helps boost CPU
Nitro NO2
'NireoNO1 Corporation Copyright
2021
15.9.1.22
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
Entity8T
Namespace
Entity
Entity9T
Namespace
Entity
Entity10T
Namespace
Entity
Entity11T
Namespace
Entity'
Entity12T
Namespace
Entity'
Entity13T
Namespace
Entity'
Entity14T
Namespace
Entity'
Entity15T
Namespace
Entity
Entity16T
Namespace
Entity'
Entity17T
Namespace
Entity&
Entity2T
Namespace
Entity
Entity1T
Namespace
Entity
Entity3T
Namespace
Entity&
Entity4T
Namespace
Entity
EntityTUwSystem.ServiceModel.SessionMode, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SessionMode
Entity5T
Namespace
Entity&
Entity7T
Namespace
Entity
LocalState
os_crypt
OsCrypt
encrypted_keyM
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
autofillProfilesTotal of RAMVPEntity12N
AppData\Local\
[^\u0020-\u007F]UNKNOWN
Local State
ProcessId
1*.1l1d1b
Profile_%appdata%\
logins
{0}\FileZilla\recentservers.xml
%appdata%\discord\Local Storage\leveldb
\tdata
MB or
[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
profiles\Windows\
user.config
{0}\FileZilla\sitemanager.xml
cookies.sqlite
\Program Files (x86)\
config
0123468800
displayName
Nametdata
SELECT * FROM
\Program Data\
AFileSystemntivFileSystemirusPrFileSystemoduFileSystemct|AntiFileSystemSpyWFileSystemareProFileSystemduct|FireFileSystemwallProdFileSystemuct
*ssfn*
DisplayVersion
%localappdata%\
-*.lo--gLocalPrefs.json
OpHandlerenVPHandlerN ConHandlernect%DSK_23%Opera GXcookies
//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeROOT\SecurityCenter
ROOT\SecurityCenter2Web DataSteamPath
waasflleasft.datasf
Extension Cookies
CommandLine
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Cookies
TotalVisibleMemorySize
Software\Valve\SteamLogin Data
ID: waasflletasfv11
NumberOfCores
\Program Files\
Opera GX Stable
nameProfile_Unknown
, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext
//settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueLocal Extension Settingsmoz_cookies
User Data
windows-1251, CommandLine:
DisplayName
NordVpn.exe*NoGetDirectoriesrd
*.vstring.Replacedf
'a'e@a
GH#I$J'K4LDMGOJPOQ^R_
$#'&,+10206598WVXVYVZV[V\V]V^V_V`VaVbVcVdVeVfVgVhViVjVkVlVmVnVoVpVqVrVsVtV
LEnvironmentogiEnvironmentn DatEnvironmenta
Environment
WSystem.Texteb DatSystem.Texta
System.Text
CoCryptographyokieCryptographys
Cryptography
ExtGenericension CooGenerickies
Generic
OFileInfopeFileInfora GFileInfoX StabFileInfole
FileInfo
OpLinqera GLinqX
ApGenericpDaGenericta\RGenericoamiGenericng\
Network
Extension
UNKNOWN
cFileStreamredFileStreamit_cFileStreamardFileStreams
FileStream
Network\
cookies.sqlite
GetDirectories
Entity12
EnumerateDirectories
String.Replace
String.Remove
bcrFileStream.IOypt.dFileStream.IOll
FileStream.IO
BCrstring.EmptyyptOpestring.EmptynAlgorithmProvistring.Emptyder
string.Empty
BCruintyptCloseAlgorituinthmProvuintider
BCrUnmanagedTypeyptDecrUnmanagedTypeypt
UnmanagedType
BCrhKeyyptDeshKeytroyKhKeyey
BCpszPropertyryptGepszPropertytPropepszPropertyrty
pszProperty
BCEncodingryptSEncodingetPrEncodingoperEncodingty
Encoding
BCrbMasterKeyyptImbMasterKeyportKbMasterKeyey
bMasterKey
windows-1251
Microsoft Primitive Provider
ChainingModeGCM
AuthTagLength
ChainingMode
ObjectLength
KeyDataBlob
net.tcp://
localhost
4a4f99fe89dec4e624b59feb3785fa77
Authorization
Ah8uGygJFRAiOiQLAA8qWisnIx0hKg5HASRSUw==
KCIHAiw0NFQKJjMKLTJWXwYKDhMKCVhO
Leones
SystemCache
*wallet*
ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZu
\TeEnvironmentlegraEnvironmentm DEnvironmentesktoEnvironmentp\tdEnvironmentata
String
Replace
string.Replace
%USERPFile.WriteROFILE%\AppFile.WriteData\RoamiFile.Writeng
File.Write
Handler
%USERPserviceInterface.ExtensionROFILE%\ApserviceInterface.ExtensionpData\LocaserviceInterface.Extensionl
serviceInterface.Extension
ProldCharotonVoldCharPN
oldChar
nSystem.CollectionspvoSystem.Collections*
System.Collections
UNIQUE
Armenia
Azerbaijan
Belarus
Kazakhstan
Kyrgyzstan
Moldova
Tajikistan
Uzbekistan
Ukraine
Russia
https://api.ip.sb/ip
0.0.0.0
SELSystem.Windows.FormsECT * FRSystem.Windows.FormsOM WinSystem.Windows.Forms32_ProcSystem.Windows.Formsessor
System.Windows.Forms
roSystem.Linqot\CISystem.LinqMV2
System.Linq
SELSystem.LinqECT * FRSystem.LinqOM WinSystem.Linq32_VideoCoSystem.Linqntroller
AdapterRAM
SOFTWARE\WOW6432Node\Clients\StartMenuInternet
SOFTWARE\Clients\StartMenuInternet
shell\open\command
Unknown Version
SELESystem.ManagementCT * FRSystem.ManagementOM WiSystem.Managementn32_DisSystem.ManagementkDrivSystem.Managemente
System.Management
SerialNumber
SELSystem.Text.RegularExpressionsECT * FRSystem.Text.RegularExpressionsOM Win32_PSystem.Text.RegularExpressionsrocess WSystem.Text.RegularExpressionshere SessSystem.Text.RegularExpressionsionId='
System.Text.RegularExpressions
FileSystem
SSystem.ELECT * FRSystem.OM WiSystem.n32_ProcSystem.ess WherSystem.e SessiSystem.onId='
System.
ExecutablePath
Concat0 MConcatb oConcatr Concat0
Concat
SELEMemoryCT * FMemoryROM WiMemoryn32_OperMemoryatingSMemoryystem
Memory
{0}{1}{2}
SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
CSDVersion
Unknown
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Helps boost CPU
CompanyName
FileDescription
Nirtro CPU
FileVersion
15.9.1.22
InternalName
Pumiced.exe
LegalCopyright
NireoNO1 Corporation Copyright
2021
LegalTrademarks
OriginalFilename
Pumiced.exe
ProductName
Nitro NO2
ProductVersion
15.9.1.22
Assembly Version
1.9.2.1440
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Stealer.12!c
tehtris Generic.Malware
DrWeb Trojan.PWS.StealerNET.125
MicroWorld-eScan IL:Trojan.MSILZilla.24965
CMC Clean
CAT-QuickHeal Trojan.GenericFC.S30114712
McAfee Trojan-FRAX!3B505E72FE4F
Malwarebytes Generic.Malware.AI.DDS
VIPRE IL:Trojan.MSILZilla.24965
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Spyware ( 005690661 )
BitDefender IL:Trojan.MSILZilla.24965
K7GW Spyware ( 005690661 )
Cybereason Clean
BitDefenderTheta Gen:NN.ZemsilCO.36250.jm0@aaOy22o
VirIT Trojan.Win32.MSIL_Heur.A
Cyren W32/MSIL_Troj.CNJ.gen!Eldorado
Symantec Trojan.Whispergate
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Spy.RedLine.A
APEX Malicious
Paloalto Clean
ClamAV Win.Trojan.Redline-9938775-1
Kaspersky HEUR:Trojan-Spy.MSIL.Stealer.gen
Alibaba TrojanSpy:MSIL/Stealer.a837ce9c
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Redline.148480.BF
Sophos Mal/Reline-B
F-Secure Heuristic.HEUR/AGEN.1307453
Baidu Clean
Zillya Clean
TrendMicro TrojanSpy.Win32.REDLINE.YXDE4Z
McAfee-GW-Edition BehavesLike.Win32.AgentTesla.cm
Trapmine Clean
FireEye Generic.mg.3b505e72fe4fa501
Emsisoft IL:Trojan.MSILZilla.24965 (B)
Ikarus Trojan.MSIL.RedLine
GData MSIL.Trojan-Stealer.Redline.G
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1307453
MAX malware (ai score=80)
Antiy-AVL Trojan[Spy]/MSIL.RedLine
Gridinsoft Malware.Win32.RedLine.bot
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D6185
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-Spy.MSIL.Stealer.gen
Microsoft Trojan:MSIL/RedLineStealer.EH!MTB
Cynet Malicious (score: 99)
AhnLab-V3 Trojan/Win.FRAX.C5368383
Acronis suspicious
VBA32 Trojan.MSIL.InfoStealer.gen.U
ALYac IL:Trojan.MSILZilla.24965
TACHYON Clean
DeepInstinct MALICIOUS
Cylance unsafe
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TrojanSpy.Win32.REDLINE.YXDE4Z
Rising Stealer.Agent!1.DC63 (CLASSIC)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Agent.DFY!tr
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.