popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2020-08-26 14:00:34

PE Imphash

b9494f92817e4dfbe294ad842e8f1988

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00015077 0x00015200 6.51189661284
.rdata 0x00017000 0x00004e7c 0x00005000 4.88003881829
.data 0x0001c000 0x0013edd0 0x0000a800 5.39582339439
.reloc 0x0015b000 0x000011e0 0x00001200 6.74084578612
.bss 0x0015d000 0x00001000 0x00000200 3.03299986945

Imports

Library bcrypt.dll:
0x417350 BCryptDecrypt
0x417354 BCryptSetProperty
Library ntdll.dll:
Library KERNEL32.dll:
0x417090 GetModuleHandleA
0x417094 GetCommandLineA
0x417098 GetStartupInfoA
0x41709c HeapFree
0x4170a0 VirtualAlloc
0x4170a4 HeapReAlloc
0x4170a8 VirtualQuery
0x4170ac TerminateThread
0x4170b0 CreateThread
0x4170b4 WriteProcessMemory
0x4170b8 GetCurrentProcess
0x4170bc OpenProcess
0x4170c4 VirtualProtectEx
0x4170c8 VirtualAllocEx
0x4170cc CreateRemoteThread
0x4170d0 CreateProcessA
0x4170d4 WriteFile
0x4170d8 CreateFileW
0x4170dc LoadLibraryW
0x4170e0 GetLocalTime
0x4170e4 GetCurrentThreadId
0x4170e8 GetCurrentProcessId
0x4170ec ReadFile
0x4170f0 FindFirstFileA
0x4170f4 GetBinaryTypeW
0x4170f8 FindNextFileA
0x4170fc GetFullPathNameA
0x417100 GetTempPathW
0x417108 CreateFileA
0x41710c GlobalAlloc
0x417118 GetFileSize
0x41711c FreeLibrary
0x417120 SetDllDirectoryW
0x417124 GetFileSizeEx
0x417128 LocalAlloc
0x41712c lstrcmpW
0x417130 WaitForSingleObject
0x417134 CreateProcessW
0x417138 VirtualProtect
0x41713c SetFilePointer
0x417140 ReadProcessMemory
0x417144 VirtualQueryEx
0x417148 GetModuleHandleW
0x41714c IsWow64Process
0x417154 CreatePipe
0x417158 PeekNamedPipe
0x41715c DuplicateHandle
0x417160 SetEvent
0x417164 ExitProcess
0x417168 GetModuleFileNameW
0x41716c LoadResource
0x417170 FindResourceW
0x417174 GetComputerNameW
0x41717c LoadLibraryExW
0x417180 FindFirstFileW
0x417184 FindNextFileW
0x41718c DeleteFileW
0x417190 CopyFileW
0x417194 GetDriveTypeW
0x41719c GetTickCount
0x4171a8 CreateMutexA
0x4171ac ReleaseMutex
0x4171b0 TerminateProcess
0x4171b8 Process32NextW
0x4171bc Process32FirstW
0x4171c0 WinExec
0x4171c8 GetSystemDirectoryW
0x4171d0 Process32First
0x4171d4 Process32Next
0x4171d8 SizeofResource
0x4171dc GetTempPathA
0x4171e0 LockResource
0x4171e4 lstrcpyW
0x4171e8 WideCharToMultiByte
0x4171ec lstrcpyA
0x4171f0 Sleep
0x4171f4 MultiByteToWideChar
0x4171f8 lstrcatA
0x4171fc lstrcmpA
0x417200 lstrlenA
0x417208 lstrlenW
0x41720c CloseHandle
0x417210 lstrcatW
0x417214 GetLastError
0x417218 VirtualFree
0x41721c SetLastError
0x417220 GetModuleFileNameA
0x417224 CreateDirectoryW
0x417228 GetProcAddress
0x41722c LoadLibraryA
0x417230 GetProcessHeap
0x417234 CreateEventA
0x417238 HeapAlloc
0x41723c LocalFree
Library USER32.dll:
0x4172ac CreateDesktopW
0x4172b0 CharLowerW
0x4172b4 GetKeyState
0x4172b8 GetMessageA
0x4172bc DispatchMessageA
0x4172c0 CreateWindowExW
0x4172c4 CallNextHookEx
0x4172c8 GetAsyncKeyState
0x4172cc RegisterClassW
0x4172d0 GetRawInputData
0x4172d4 MapVirtualKeyA
0x4172d8 DefWindowProcA
0x4172e0 TranslateMessage
0x4172e4 wsprintfA
0x4172e8 GetKeyNameTextW
0x4172ec PostQuitMessage
0x4172f0 MessageBoxA
0x4172f4 GetLastInputInfo
0x4172f8 GetForegroundWindow
0x4172fc GetWindowTextW
0x417300 ToUnicode
0x417304 wsprintfW
Library ADVAPI32.dll:
0x41700c OpenProcessToken
0x417010 FreeSid
0x417014 LookupAccountSidW
0x417018 GetTokenInformation
0x417024 RegDeleteKeyA
0x41702c RegCreateKeyExW
0x417030 RegSetValueExA
0x417034 RegDeleteValueW
0x417038 RegQueryValueExW
0x41703c RegOpenKeyExW
0x417040 RegOpenKeyExA
0x417044 RegEnumKeyExW
0x417048 RegQueryValueExA
0x41704c RegQueryInfoKeyW
0x417050 RegCloseKey
0x417054 OpenServiceW
0x41705c QueryServiceConfigW
0x417064 StartServiceW
0x417068 RegSetValueExW
0x41706c RegCreateKeyExA
0x417070 OpenSCManagerW
0x417074 CloseServiceHandle
0x417078 RegDeleteKeyW
Library SHELL32.dll:
0x417264 SHFileOperationW
0x417268 ShellExecuteExW
0x417274 ShellExecuteW
0x41727c ShellExecuteExA
0x417280 SHGetFolderPathW
Library urlmon.dll:
0x417388 URLDownloadToFileW
Library WS2_32.dll:
0x41730c getaddrinfo
0x417310 setsockopt
0x417314 freeaddrinfo
0x417318 htons
0x41731c recv
0x417320 connect
0x417324 socket
0x417328 send
0x41732c WSAStartup
0x417330 shutdown
0x417334 closesocket
0x417338 WSACleanup
0x41733c InetNtopW
0x417340 gethostbyname
0x417344 inet_addr
Library ole32.dll:
0x417370 CoInitialize
0x417374 CoUninitialize
0x417378 CoCreateInstance
0x417380 CoTaskMemFree
Library SHLWAPI.dll:
0x417288 PathFileExistsW
0x41728c PathFindExtensionW
0x417290 StrStrW
0x417294 PathRemoveFileSpecA
0x417298 StrStrA
0x41729c PathCombineA
0x4172a0 PathFindFileNameW
0x4172a4 AssocQueryStringW
Library NETAPI32.dll:
0x41724c NetUserAdd
Library OLEAUT32.dll:
0x417254 VariantInit
Library CRYPT32.dll:
0x417080 CryptUnprotectData
Library PSAPI.DLL:
!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
9w4tah
93tfVVVV
?vOj@_+
SVWj@R
PWWWWQ
;_,s8VPS
WWWSWWV
YPhtyA
t>htyA
PPPWPPV
tIhtyA
WWWWWW
SSSSSS
PVVVVV
:MjZXu
t VVSPj
u2Vj hh
*WWWWWWWj
G$;C,u;
D$(uBj
QQSVWh
t$`Wh8
t"j@Y;
90uV93t
!\$$h4
WWWWWWWWWW
PSSSSSSh
RWj hp
f93trS
tG;HtsB
f99t,+
QQSVWQ
TSVjD3
RSSSSSSQ
PSShpuA
w(9s t
9_Pt;Sh
PVWVVVSh
QQSVWj
SVWjD[S
PWWWWWW
PWWWWWW
PVVVVVV
PPPPPPPS
PWWWWWWWu
QQVPQQ
6Sh0vA
9\$lt
9\$Ht;
127.0.0.2
abcdefghijklmnopqrstuvwxyzABCDEFGHIJK...
warzoneTURBO
USER32.DLL
MessageBoxA
Assert
An assertion condition failed
PureCall
A pure virtual function was called. This is a fatal error, and indicates a serious error in the implementation of the application
XXXXXX
Injecting64
\System32\cmd.exe
GetRawInputData
ToUnicode
MapVirtualKeyA
c:\windows\system32\user32.dll
SetWindowsHookExA
select signon_realm, origin_url, username_value, password_value from wow_logins
select signon_realm, origin_url, username_value, password_value from logins
NSS_Init
PK11_GetInternalKeySlot
PK11_Authenticate
PK11SDR_Decrypt
NSSBase64_DecodeBuffer
PK11_CheckUserPassword
NSS_Shutdown
PK11_FreeSlot
PR_GetError
vaultcli.dll
VaultOpenVault
VaultCloseVault
VaultEnumerateItems
VaultGetItem
VaultFree
encryptedUsername
hostname
encryptedPassword
sqlite3_open
sqlite3_close
sqlite3_prepare_v2
sqlite3_column_text
sqlite3_step
sqlite3_exec
sqlite3_open_v2
sqlite3_column_blob
sqlite3_column_type
sqlite3_column_bytes
sqlite3_close_v2
sqlite3_finalize
Storage
Accounts\Account.rec0
software\Aerofox\FoxmailPreview
Executable
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
LdrGetProcedureAddress
RtlNtStatusToDosError
RtlSetLastWin32Error
NtAllocateVirtualMemory
NtProtectVirtualMemory
NtWriteVirtualMemory
LdrLoadDll
RtlCreateUserThread
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
ntdll.dll
RtlGetVersion
K.$RtlCreateUnicodeStringFromAsciiz
RtlInitAnsiString
IsWow64Process
kernel32
VirtualQuery
cmd.exe /c REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /f /v Load /t REG_SZ /d "
cmd.exe /C ping 1.2.3.4 -n 2 -w 1000 > Nul & Del /f /q
Software\Classes\Folder\shell\open\command
DelegateExecute
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
--no-sandbox --allow-no-sandbox-job --disable-3d-apis --disable-gpu --disable-d3d11 --user-data-dir="
--no-sandbox --allow-no-sandbox-job --disable-3d-apis --disable-gpu --disable-d3d11
-no-remote -profile "
user_pref("layers.acceleration.disabled", true);
makbrh51af81
?lst@@YAXHJH@Z
explorer.exe
powershell Add-MpPreference -ExclusionPath
find.exe
find.db
-w %ws -d C -f %s
Software\Microsoft\Windows\CurrentVersion\Internet Settings
MaxConnectionsPer1_0Server
MaxConnectionsPerServer
BQAaR$43!QAFff
?lst@@YAXHJ@Z
.text$di
.text$mn
.text$yd
.idata$5
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.CRT$XCA
.CRT$XCU
.CRT$XCZ
BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
bcrypt.dll
RtlEqualUnicodeString
NtQueryInformationProcess
RtlInitUnicodeString
ntdll.dll
CreateDirectoryW
GetModuleFileNameA
SetLastError
VirtualFree
GetLastError
lstrcatW
CloseHandle
lstrlenW
ExpandEnvironmentStringsW
lstrlenA
lstrcmpA
lstrcatA
MultiByteToWideChar
lstrcpyA
WideCharToMultiByte
lstrcpyW
GetTickCount
lstrcmpW
HeapAlloc
GetProcessHeap
LoadLibraryA
GetProcAddress
ExitProcess
GetModuleHandleA
GetCommandLineA
GetStartupInfoA
HeapFree
VirtualAlloc
HeapReAlloc
VirtualQuery
TerminateThread
CreateThread
WriteProcessMemory
GetCurrentProcess
OpenProcess
GetWindowsDirectoryA
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
CreateProcessA
WriteFile
CreateFileW
LoadLibraryW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
ReadFile
FindFirstFileA
GetBinaryTypeW
FindNextFileA
GetFullPathNameA
GetTempPathW
GetPrivateProfileStringW
CreateFileA
GlobalAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileSize
FreeLibrary
SetDllDirectoryW
GetFileSizeEx
LocalAlloc
LocalFree
WaitForSingleObject
CreateProcessW
VirtualProtect
SetFilePointer
ReadProcessMemory
VirtualQueryEx
GetModuleHandleW
IsWow64Process
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
DuplicateHandle
SetEvent
CreateEventA
GetModuleFileNameW
LoadResource
FindResourceW
GetComputerNameW
GlobalMemoryStatusEx
LoadLibraryExW
FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
DeleteFileW
CopyFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
TerminateProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
WinExec
Wow64DisableWow64FsRedirection
GetSystemDirectoryW
Wow64RevertWow64FsRedirection
Process32First
Process32Next
SizeofResource
GetTempPathA
LockResource
KERNEL32.dll
wsprintfW
wsprintfA
GetWindowTextW
GetForegroundWindow
GetLastInputInfo
MessageBoxA
PostQuitMessage
GetKeyNameTextW
ToUnicode
TranslateMessage
RegisterRawInputDevices
DefWindowProcA
MapVirtualKeyA
GetRawInputData
RegisterClassW
GetAsyncKeyState
CallNextHookEx
CreateWindowExW
DispatchMessageA
GetMessageA
GetKeyState
CharLowerW
CreateDesktopW
USER32.dll
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
RegSetValueExW
RegCreateKeyExA
OpenSCManagerW
CloseServiceHandle
QueryServiceStatusEx
GetTokenInformation
LookupAccountSidW
FreeSid
OpenProcessToken
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegSetValueExA
RegCreateKeyExW
RegDeleteKeyW
InitializeSecurityDescriptor
RegDeleteKeyA
SetSecurityDescriptorDacl
ADVAPI32.dll
ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetKnownFolderPath
ShellExecuteExW
SHFileOperationW
ShellExecuteExA
SHELL32.dll
URLDownloadToFileW
urlmon.dll
getaddrinfo
freeaddrinfo
InetNtopW
WS2_32.dll
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoTaskMemFree
ole32.dll
PathFindExtensionW
PathFindFileNameW
PathCombineA
StrStrA
PathRemoveFileSpecA
StrStrW
PathFileExistsW
AssocQueryStringW
SHLWAPI.dll
NetLocalGroupAddMembers
NetUserAdd
NETAPI32.dll
OLEAUT32.dll
CryptStringToBinaryA
CryptUnprotectData
CryptStringToBinaryW
CRYPT32.dll
GetModuleFileNameExW
PSAPI.DLL
SUVWATAUAVAWH
})IcD$<A
xA_A^A]A\_^][
AXIc@<3
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
WATAUAVAWH
A_A^A]A\_
SUVWATAUAVAWH
A_A^A]A\_^][
NtQuerySystemInformation
NtQueryDirectoryFile
NtQueryValueKey
NtQueryKey
C:\Users\W7H64\source\repos\Ring3 CRAT x64\Ring3 CRAT x64\nope.pdb
.text$mn
.idata$5
.rdata
.rdata$zzzdbg
.xdata
.idata$2
.idata$3
.idata$4
.idata$6
.pdata
.rsrc$01
.rsrc$02
VirtualProtect
GetCurrentProcess
VirtualAlloc
LoadLibraryW
CreateThread
GetProcAddress
FlushInstructionCache
VirtualQuery
KERNEL32.dll
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ntdll.dll
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
ShEwb0P
D8x+L8
D$ t`j
'f;D$$u
!This program cannot be run in DOS mode.
RichEz
`.rdata
@.data
@.reloc
NtQuerySystemInformation
NtQueryDirectoryFile
NtQueryValueKey
NtQueryKey
.text$mn
.idata$5
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
ntdll.dll
VirtualProtect
GetCurrentProcess
VirtualAlloc
LoadLibraryW
CreateThread
GetProcAddress
FlushInstructionCache
KERNEL32.dll
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
2#282<2@2
3#3)3@3u3
4&4-4T4[4z4
5 5V5]5x5|5
6@6D6p6t6
8+8=8\8
959<9A9J9`9h9}9
!This program cannot be run in DOS mode.
`.rdata
@.pdata
@.rsrc
.text$mn
.idata$5
.rdata
.rdata$zzzdbg
.xdata
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.pdata
.rsrc$01
.rsrc$02
x64.dll
CloseDriver
winmmd.CloseDriver
DefDriverProc
winmmd.DefDriverProc
DriverCallback
winmmd.DriverCallback
DrvGetModuleHandle
winmmd.DrvGetModuleHandle
GetDriverModuleHandle
winmmd.GetDriverModuleHandle
OpenDriver
winmmd.OpenDriver
Ordinal2
winmmd.Ordinal2
PlaySound
winmmd.PlaySound
PlaySoundA
winmmd.PlaySoundA
PlaySoundW
winmmd.PlaySoundW
SendDriverMessage
winmmd.SendDriverMessage
WOWAppExit
winmmd.WOWAppExit
auxGetDevCapsA
winmmd.auxGetDevCapsA
auxGetDevCapsW
winmmd.auxGetDevCapsW
auxGetNumDevs
winmmd.auxGetNumDevs
auxGetVolume
winmmd.auxGetVolume
auxOutMessage
winmmd.auxOutMessage
auxSetVolume
winmmd.auxSetVolume
joyConfigChanged
winmmd.joyConfigChanged
joyGetDevCapsA
winmmd.joyGetDevCapsA
joyGetDevCapsW
winmmd.joyGetDevCapsW
joyGetNumDevs
winmmd.joyGetNumDevs
joyGetPos
winmmd.joyGetPos
joyGetPosEx
winmmd.joyGetPosEx
joyGetThreshold
winmmd.joyGetThreshold
joyReleaseCapture
winmmd.joyReleaseCapture
joySetCapture
winmmd.joySetCapture
joySetThreshold
winmmd.joySetThreshold
mciDriverNotify
winmmd.mciDriverNotify
mciDriverYield
winmmd.mciDriverYield
mciExecute
winmmd.mciExecute
mciFreeCommandResource
winmmd.mciFreeCommandResource
mciGetCreatorTask
winmmd.mciGetCreatorTask
mciGetDeviceIDA
winmmd.mciGetDeviceIDA
mciGetDeviceIDFromElementIDA
winmmd.mciGetDeviceIDFromElementIDA
mciGetDeviceIDFromElementIDW
winmmd.mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
winmmd.mciGetDeviceIDW
mciGetDriverData
winmmd.mciGetDriverData
mciGetErrorStringA
winmmd.mciGetErrorStringA
mciGetErrorStringW
winmmd.mciGetErrorStringW
mciGetYieldProc
winmmd.mciGetYieldProc
mciLoadCommandResource
winmmd.mciLoadCommandResource
mciSendCommandA
winmmd.mciSendCommandA
mciSendCommandW
winmmd.mciSendCommandW
mciSendStringA
winmmd.mciSendStringA
mciSendStringW
winmmd.mciSendStringW
mciSetDriverData
winmmd.mciSetDriverData
mciSetYieldProc
winmmd.mciSetYieldProc
midiConnect
winmmd.midiConnect
midiDisconnect
winmmd.midiDisconnect
midiInAddBuffer
winmmd.midiInAddBuffer
midiInClose
winmmd.midiInClose
midiInGetDevCapsA
winmmd.midiInGetDevCapsA
midiInGetDevCapsW
winmmd.midiInGetDevCapsW
midiInGetErrorTextA
winmmd.midiInGetErrorTextA
midiInGetErrorTextW
winmmd.midiInGetErrorTextW
midiInGetID
winmmd.midiInGetID
midiInGetNumDevs
winmmd.midiInGetNumDevs
midiInMessage
winmmd.midiInMessage
midiInOpen
winmmd.midiInOpen
midiInPrepareHeader
winmmd.midiInPrepareHeader
midiInReset
winmmd.midiInReset
midiInStart
winmmd.midiInStart
midiInStop
winmmd.midiInStop
midiInUnprepareHeader
winmmd.midiInUnprepareHeader
midiOutCacheDrumPatches
winmmd.midiOutCacheDrumPatches
midiOutCachePatches
winmmd.midiOutCachePatches
midiOutClose
winmmd.midiOutClose
midiOutGetDevCapsA
winmmd.midiOutGetDevCapsA
midiOutGetDevCapsW
winmmd.midiOutGetDevCapsW
midiOutGetErrorTextA
winmmd.midiOutGetErrorTextA
midiOutGetErrorTextW
winmmd.midiOutGetErrorTextW
midiOutGetID
winmmd.midiOutGetID
midiOutGetNumDevs
winmmd.midiOutGetNumDevs
midiOutGetVolume
winmmd.midiOutGetVolume
midiOutLongMsg
winmmd.midiOutLongMsg
midiOutMessage
winmmd.midiOutMessage
midiOutOpen
winmmd.midiOutOpen
midiOutPrepareHeader
winmmd.midiOutPrepareHeader
midiOutReset
winmmd.midiOutReset
midiOutSetVolume
winmmd.midiOutSetVolume
midiOutShortMsg
winmmd.midiOutShortMsg
midiOutUnprepareHeader
winmmd.midiOutUnprepareHeader
midiStreamClose
winmmd.midiStreamClose
midiStreamOpen
winmmd.midiStreamOpen
midiStreamOut
winmmd.midiStreamOut
midiStreamPause
winmmd.midiStreamPause
midiStreamPosition
winmmd.midiStreamPosition
midiStreamProperty
winmmd.midiStreamProperty
midiStreamRestart
winmmd.midiStreamRestart
midiStreamStop
winmmd.midiStreamStop
mixerClose
winmmd.mixerClose
mixerGetControlDetailsA
winmmd.mixerGetControlDetailsA
mixerGetControlDetailsW
winmmd.mixerGetControlDetailsW
mixerGetDevCapsA
winmmd.mixerGetDevCapsA
mixerGetDevCapsW
winmmd.mixerGetDevCapsW
mixerGetID
winmmd.mixerGetID
mixerGetLineControlsA
winmmd.mixerGetLineControlsA
mixerGetLineControlsW
winmmd.mixerGetLineControlsW
mixerGetLineInfoA
winmmd.mixerGetLineInfoA
mixerGetLineInfoW
winmmd.mixerGetLineInfoW
mixerGetNumDevs
winmmd.mixerGetNumDevs
mixerMessage
winmmd.mixerMessage
mixerOpen
winmmd.mixerOpen
mixerSetControlDetails
winmmd.mixerSetControlDetails
mmDrvInstall
winmmd.mmDrvInstall
mmGetCurrentTask
winmmd.mmGetCurrentTask
mmTaskBlock
winmmd.mmTaskBlock
mmTaskCreate
winmmd.mmTaskCreate
mmTaskSignal
winmmd.mmTaskSignal
mmTaskYield
winmmd.mmTaskYield
mmioAdvance
winmmd.mmioAdvance
mmioAscend
winmmd.mmioAscend
mmioClose
winmmd.mmioClose
mmioCreateChunk
winmmd.mmioCreateChunk
mmioDescend
winmmd.mmioDescend
mmioFlush
winmmd.mmioFlush
mmioGetInfo
winmmd.mmioGetInfo
mmioInstallIOProcA
winmmd.mmioInstallIOProcA
mmioInstallIOProcW
winmmd.mmioInstallIOProcW
mmioOpenA
winmmd.mmioOpenA
mmioOpenW
winmmd.mmioOpenW
mmioRead
winmmd.mmioRead
mmioRenameA
winmmd.mmioRenameA
mmioRenameW
winmmd.mmioRenameW
mmioSeek
winmmd.mmioSeek
mmioSendMessage
winmmd.mmioSendMessage
mmioSetBuffer
winmmd.mmioSetBuffer
mmioSetInfo
winmmd.mmioSetInfo
mmioStringToFOURCCA
winmmd.mmioStringToFOURCCA
mmioStringToFOURCCW
winmmd.mmioStringToFOURCCW
mmioWrite
winmmd.mmioWrite
mmsystemGetVersion
winmmd.mmsystemGetVersion
sndPlaySoundA
winmmd.sndPlaySoundA
sndPlaySoundW
winmmd.sndPlaySoundW
timeBeginPeriod
winmmd.timeBeginPeriod
timeEndPeriod
winmmd.timeEndPeriod
timeGetDevCaps
winmmd.timeGetDevCaps
timeGetSystemTime
winmmd.timeGetSystemTime
timeGetTime
winmmd.timeGetTime
timeKillEvent
winmmd.timeKillEvent
timeSetEvent
winmmd.timeSetEvent
waveInAddBuffer
winmmd.waveInAddBuffer
waveInClose
winmmd.waveInClose
waveInGetDevCapsA
winmmd.waveInGetDevCapsA
waveInGetDevCapsW
winmmd.waveInGetDevCapsW
waveInGetErrorTextA
winmmd.waveInGetErrorTextA
waveInGetErrorTextW
winmmd.waveInGetErrorTextW
waveInGetID
winmmd.waveInGetID
waveInGetNumDevs
winmmd.waveInGetNumDevs
waveInGetPosition
winmmd.waveInGetPosition
waveInMessage
winmmd.waveInMessage
waveInOpen
winmmd.waveInOpen
waveInPrepareHeader
winmmd.waveInPrepareHeader
waveInReset
winmmd.waveInReset
waveInStart
winmmd.waveInStart
waveInStop
winmmd.waveInStop
waveInUnprepareHeader
winmmd.waveInUnprepareHeader
waveOutBreakLoop
winmmd.waveOutBreakLoop
waveOutClose
winmmd.waveOutClose
waveOutGetDevCapsA
winmmd.waveOutGetDevCapsA
waveOutGetDevCapsW
winmmd.waveOutGetDevCapsW
waveOutGetErrorTextA
winmmd.waveOutGetErrorTextA
waveOutGetErrorTextW
winmmd.waveOutGetErrorTextW
waveOutGetID
winmmd.waveOutGetID
waveOutGetNumDevs
winmmd.waveOutGetNumDevs
waveOutGetPitch
winmmd.waveOutGetPitch
waveOutGetPlaybackRate
winmmd.waveOutGetPlaybackRate
waveOutGetPosition
winmmd.waveOutGetPosition
waveOutGetVolume
winmmd.waveOutGetVolume
waveOutMessage
winmmd.waveOutMessage
waveOutOpen
winmmd.waveOutOpen
waveOutPause
winmmd.waveOutPause
waveOutPrepareHeader
winmmd.waveOutPrepareHeader
waveOutReset
winmmd.waveOutReset
waveOutRestart
winmmd.waveOutRestart
waveOutSetPitch
winmmd.waveOutSetPitch
waveOutSetPlaybackRate
winmmd.waveOutSetPlaybackRate
waveOutSetVolume
winmmd.waveOutSetVolume
waveOutUnprepareHeader
winmmd.waveOutUnprepareHeader
waveOutWrite
winmmd.waveOutWrite
ExitProcess
CreateProcessW
GlobalAlloc
GlobalFree
lstrlenW
KERNEL32.dll
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ADVAPI32.dll
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
</assembly>
!This program cannot be run in DOS mode.
`.rdata
@.reloc
PQQQh0
x86.dll
CloseDriver
winmmd.CloseDriver
DefDriverProc
winmmd.DefDriverProc
DriverCallback
winmmd.DriverCallback
DrvGetModuleHandle
winmmd.DrvGetModuleHandle
GetDriverModuleHandle
winmmd.GetDriverModuleHandle
OpenDriver
winmmd.OpenDriver
Ordinal2
winmmd.Ordinal2
PlaySound
winmmd.PlaySound
PlaySoundA
winmmd.PlaySoundA
PlaySoundW
winmmd.PlaySoundW
SendDriverMessage
winmmd.SendDriverMessage
WOWAppExit
winmmd.WOWAppExit
auxGetDevCapsA
winmmd.auxGetDevCapsA
auxGetDevCapsW
winmmd.auxGetDevCapsW
auxGetNumDevs
winmmd.auxGetNumDevs
auxGetVolume
winmmd.auxGetVolume
auxOutMessage
winmmd.auxOutMessage
auxSetVolume
winmmd.auxSetVolume
joyConfigChanged
winmmd.joyConfigChanged
joyGetDevCapsA
winmmd.joyGetDevCapsA
joyGetDevCapsW
winmmd.joyGetDevCapsW
joyGetNumDevs
winmmd.joyGetNumDevs
joyGetPos
winmmd.joyGetPos
joyGetPosEx
winmmd.joyGetPosEx
joyGetThreshold
winmmd.joyGetThreshold
joyReleaseCapture
winmmd.joyReleaseCapture
joySetCapture
winmmd.joySetCapture
joySetThreshold
winmmd.joySetThreshold
mciDriverNotify
winmmd.mciDriverNotify
mciDriverYield
winmmd.mciDriverYield
mciExecute
winmmd.mciExecute
mciFreeCommandResource
winmmd.mciFreeCommandResource
mciGetCreatorTask
winmmd.mciGetCreatorTask
mciGetDeviceIDA
winmmd.mciGetDeviceIDA
mciGetDeviceIDFromElementIDA
winmmd.mciGetDeviceIDFromElementIDA
mciGetDeviceIDFromElementIDW
winmmd.mciGetDeviceIDFromElementIDW
mciGetDeviceIDW
winmmd.mciGetDeviceIDW
mciGetDriverData
winmmd.mciGetDriverData
mciGetErrorStringA
winmmd.mciGetErrorStringA
mciGetErrorStringW
winmmd.mciGetErrorStringW
mciGetYieldProc
winmmd.mciGetYieldProc
mciLoadCommandResource
winmmd.mciLoadCommandResource
mciSendCommandA
winmmd.mciSendCommandA
mciSendCommandW
winmmd.mciSendCommandW
mciSendStringA
winmmd.mciSendStringA
mciSendStringW
winmmd.mciSendStringW
mciSetDriverData
winmmd.mciSetDriverData
mciSetYieldProc
winmmd.mciSetYieldProc
midiConnect
winmmd.midiConnect
midiDisconnect
winmmd.midiDisconnect
midiInAddBuffer
winmmd.midiInAddBuffer
midiInClose
winmmd.midiInClose
midiInGetDevCapsA
winmmd.midiInGetDevCapsA
midiInGetDevCapsW
winmmd.midiInGetDevCapsW
midiInGetErrorTextA
winmmd.midiInGetErrorTextA
midiInGetErrorTextW
winmmd.midiInGetErrorTextW
midiInGetID
winmmd.midiInGetID
midiInGetNumDevs
winmmd.midiInGetNumDevs
midiInMessage
winmmd.midiInMessage
midiInOpen
winmmd.midiInOpen
midiInPrepareHeader
winmmd.midiInPrepareHeader
midiInReset
winmmd.midiInReset
midiInStart
winmmd.midiInStart
midiInStop
winmmd.midiInStop
midiInUnprepareHeader
winmmd.midiInUnprepareHeader
midiOutCacheDrumPatches
winmmd.midiOutCacheDrumPatches
midiOutCachePatches
winmmd.midiOutCachePatches
midiOutClose
winmmd.midiOutClose
midiOutGetDevCapsA
winmmd.midiOutGetDevCapsA
midiOutGetDevCapsW
winmmd.midiOutGetDevCapsW
midiOutGetErrorTextA
winmmd.midiOutGetErrorTextA
midiOutGetErrorTextW
winmmd.midiOutGetErrorTextW
midiOutGetID
winmmd.midiOutGetID
midiOutGetNumDevs
winmmd.midiOutGetNumDevs
midiOutGetVolume
winmmd.midiOutGetVolume
midiOutLongMsg
winmmd.midiOutLongMsg
midiOutMessage
winmmd.midiOutMessage
midiOutOpen
winmmd.midiOutOpen
midiOutPrepareHeader
winmmd.midiOutPrepareHeader
midiOutReset
winmmd.midiOutReset
midiOutSetVolume
winmmd.midiOutSetVolume
midiOutShortMsg
winmmd.midiOutShortMsg
midiOutUnprepareHeader
winmmd.midiOutUnprepareHeader
midiStreamClose
winmmd.midiStreamClose
midiStreamOpen
winmmd.midiStreamOpen
midiStreamOut
winmmd.midiStreamOut
midiStreamPause
winmmd.midiStreamPause
midiStreamPosition
winmmd.midiStreamPosition
midiStreamProperty
winmmd.midiStreamProperty
midiStreamRestart
winmmd.midiStreamRestart
midiStreamStop
winmmd.midiStreamStop
mixerClose
winmmd.mixerClose
mixerGetControlDetailsA
winmmd.mixerGetControlDetailsA
mixerGetControlDetailsW
winmmd.mixerGetControlDetailsW
mixerGetDevCapsA
winmmd.mixerGetDevCapsA
mixerGetDevCapsW
winmmd.mixerGetDevCapsW
mixerGetID
winmmd.mixerGetID
mixerGetLineControlsA
winmmd.mixerGetLineControlsA
mixerGetLineControlsW
winmmd.mixerGetLineControlsW
mixerGetLineInfoA
winmmd.mixerGetLineInfoA
mixerGetLineInfoW
winmmd.mixerGetLineInfoW
mixerGetNumDevs
winmmd.mixerGetNumDevs
mixerMessage
winmmd.mixerMessage
mixerOpen
winmmd.mixerOpen
mixerSetControlDetails
winmmd.mixerSetControlDetails
mmDrvInstall
winmmd.mmDrvInstall
mmGetCurrentTask
winmmd.mmGetCurrentTask
mmTaskBlock
winmmd.mmTaskBlock
mmTaskCreate
winmmd.mmTaskCreate
mmTaskSignal
winmmd.mmTaskSignal
mmTaskYield
winmmd.mmTaskYield
mmioAdvance
winmmd.mmioAdvance
mmioAscend
winmmd.mmioAscend
mmioClose
winmmd.mmioClose
mmioCreateChunk
winmmd.mmioCreateChunk
mmioDescend
winmmd.mmioDescend
mmioFlush
winmmd.mmioFlush
mmioGetInfo
winmmd.mmioGetInfo
mmioInstallIOProcA
winmmd.mmioInstallIOProcA
mmioInstallIOProcW
winmmd.mmioInstallIOProcW
mmioOpenA
winmmd.mmioOpenA
mmioOpenW
winmmd.mmioOpenW
mmioRead
winmmd.mmioRead
mmioRenameA
winmmd.mmioRenameA
mmioRenameW
winmmd.mmioRenameW
mmioSeek
winmmd.mmioSeek
mmioSendMessage
winmmd.mmioSendMessage
mmioSetBuffer
winmmd.mmioSetBuffer
mmioSetInfo
winmmd.mmioSetInfo
mmioStringToFOURCCA
winmmd.mmioStringToFOURCCA
mmioStringToFOURCCW
winmmd.mmioStringToFOURCCW
mmioWrite
winmmd.mmioWrite
mmsystemGetVersion
winmmd.mmsystemGetVersion
sndPlaySoundA
winmmd.sndPlaySoundA
sndPlaySoundW
winmmd.sndPlaySoundW
timeBeginPeriod
winmmd.timeBeginPeriod
timeEndPeriod
winmmd.timeEndPeriod
timeGetDevCaps
winmmd.timeGetDevCaps
timeGetSystemTime
winmmd.timeGetSystemTime
timeGetTime
winmmd.timeGetTime
timeKillEvent
winmmd.timeKillEvent
timeSetEvent
winmmd.timeSetEvent
waveInAddBuffer
winmmd.waveInAddBuffer
waveInClose
winmmd.waveInClose
waveInGetDevCapsA
winmmd.waveInGetDevCapsA
waveInGetDevCapsW
winmmd.waveInGetDevCapsW
waveInGetErrorTextA
winmmd.waveInGetErrorTextA
waveInGetErrorTextW
winmmd.waveInGetErrorTextW
waveInGetID
winmmd.waveInGetID
waveInGetNumDevs
winmmd.waveInGetNumDevs
waveInGetPosition
winmmd.waveInGetPosition
waveInMessage
winmmd.waveInMessage
waveInOpen
winmmd.waveInOpen
waveInPrepareHeader
winmmd.waveInPrepareHeader
waveInReset
winmmd.waveInReset
waveInStart
winmmd.waveInStart
waveInStop
winmmd.waveInStop
waveInUnprepareHeader
winmmd.waveInUnprepareHeader
waveOutBreakLoop
winmmd.waveOutBreakLoop
waveOutClose
winmmd.waveOutClose
waveOutGetDevCapsA
winmmd.waveOutGetDevCapsA
waveOutGetDevCapsW
winmmd.waveOutGetDevCapsW
waveOutGetErrorTextA
winmmd.waveOutGetErrorTextA
waveOutGetErrorTextW
winmmd.waveOutGetErrorTextW
waveOutGetID
winmmd.waveOutGetID
waveOutGetNumDevs
winmmd.waveOutGetNumDevs
waveOutGetPitch
winmmd.waveOutGetPitch
waveOutGetPlaybackRate
winmmd.waveOutGetPlaybackRate
waveOutGetPosition
winmmd.waveOutGetPosition
waveOutGetVolume
winmmd.waveOutGetVolume
waveOutMessage
winmmd.waveOutMessage
waveOutOpen
winmmd.waveOutOpen
waveOutPause
winmmd.waveOutPause
waveOutPrepareHeader
winmmd.waveOutPrepareHeader
waveOutReset
winmmd.waveOutReset
waveOutRestart
winmmd.waveOutRestart
waveOutSetPitch
winmmd.waveOutSetPitch
waveOutSetPlaybackRate
winmmd.waveOutSetPlaybackRate
waveOutSetVolume
winmmd.waveOutSetVolume
waveOutUnprepareHeader
winmmd.waveOutUnprepareHeader
waveOutWrite
winmmd.waveOutWrite
.text$mn
.idata$5
.rdata
.edata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
lstrlenW
GlobalAlloc
GlobalFree
ExitProcess
CreateProcessW
KERNEL32.dll
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
0$030E0M0X0`0
PPPPPPPS
PPPPPPPS
PPPPPPPS
2%242C2R2a2l2r2y2
< <+<6<O<Z<y<
66;6H6}6
?!?.?<?N?
9Y9m9}9
9#:3:=:D:
;#;D;^;h;t;{;
<1=?=P=
>>+>2>
>'?.?5?>?
0%0,050
8X9_9S:
2<2V2s2
4"4H4O4i4
?"?,?<?C?_?x?
0(0/090@0J0Q0
5J6'7y7
;6;J;[;o;
<D<r<w<
='=2=L=f=~=
>=>U>o>
0I0P0]0i0z0
2(2F2M2
3 3*343>3[3e3o3y3
4-42474>4K4P4U4
5*5/545A5F5K5X5]5g5y5
6!6:6S6`6f6u6
7/7:7?7N7Z7n7y7
8>8[8l8
8#9=9U9_9
:$:>:I:N:Z:`:k:w:}:
<#=V=i=
=!>L>m>
?&?0?H?]?{?
0#0+02080@0K0Q0V0[0g0}0
11$1*141:1?1M1R1Y1_1e1l1y1~1
1c2p2w2
505:5C5N5v5~5
6Z7i7y7
9O9`9u9
4,4E4R4
4 585a5{5
:M:5;h;m<
>!>:>S>l>
0*0@0S0f0y0
1G3e3k3v3
666O6p6
8 838F8e8
9,9W9d9
:%:*:5:@:E:P:[:`:k:v:{:
;4;N;[;g;~;
X0c0h0r0}0
1'1/161=1D1K1R1~1
3C3Y3t3
4-484D4I4Q4f4}4
;);W;x;
<'<M<{<
<7=K=q=
>^>u>/?<?
2R2\2q2
3D3M3b3o3
484B4[4h4w4
5!5.5x5
2$2*252;2F2L2W2]2h2n2x2~2
333L3l3
44Q4n4
525O5T5Z5f5p5u5
6 6*6/6<6T6{6
7*7J7S7
0!0(0P0y0
2"2<2F2P2V2]2d2i2o2u2|2
2C5I5[5a5r528'9
= =4=C=I=
$0b0p0
091>1E1J1S1Y1^1
3%3+31383<3X3^3y3
43494L4S4_4y4
5*6=6G6^6t6
:F:V:_:f:
; ;e;v;
;0<F<h<
=F=M=]=e=k=
>g>Q?k?{?
/161T1i1}1
7b7j7r7}7
1?2T2l2w2
6H6c6Y7
8)868;8
:":5:W:
>'>6>H>S>^>v>
?!?.?I?u?{?
0-050=0E0Q0Z0~0
1(1/1U1[1j1q1
262@2X2]2h2o2*3y3
7$71787I7P7]7r7
7!8)8.8;8W8
;&;B;};
<$<U<d<k<r<
=+=H=M=S=g=
> >S>Z>`>i>n>y>~>
0Q0X0p0
3#333:3@3I3T3]3
747e7m7
8&9C9P9g9
:-:::B:U:t:
<&=/=5=F=T=n=
2A2S2Z2
253:3G3
:&:0:::
;,;G;Q;`;f;u;
<"<,<7<=<I<d<n<y<
>,>K>_>y>
0!0,020<0G0M0X0d0n0
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
t;x;|;
7h7l7p7t7x7
8(8,80848
0 0$0(0,0`1d1x1
6064686
\Microsoft Vision\
User32.dll
ExplorerIdentifier
%02d-%02d-%02d_%02d.%02d.%02d
Unknow
{Unknown}
[ENTER]
[BKSP]
[CTRL]
[CAPS]
[INSERT]
\Google\Chrome\User Data\Local State
\Google\Chrome\User Data\Default\Login Data
\Epic Privacy Browser\User Data\Local State
\Epic Privacy Browser\User Data\Default\Login Data
\Microsoft\Edge\User Data\Local State
\Microsoft\Edge\User Data\Default\Login Data
\UCBrowser\User Data_i18n\Local State
\UCBrowser\User Data_i18n\Default\UC Login Data.17
\Tencent\QQBrowser\User Data\Local State
\Tencent\QQBrowser\User Data\Default\Login Data
\Opera Software\Opera Stable\Local State
\Opera Software\Opera Stable\Login Data
\Blisk\User Data\Local State
\Blisk\User Data\Default\Login Data
\Chromium\User Data\Local State
\Chromium\User Data\Default\Login Data
\BraveSoftware\Brave-Browser\User Data\Local State
\BraveSoftware\Brave-Browser\User Data\Default\Login Data
\Vivaldi\User Data\Local State
\Vivaldi\User Data\Default\Login Data
\Comodo\Dragon\User Data\Local State
\Comodo\Dragon\User Data\Default\Login Data
\Torch\User Data\Local State
\Torch\User Data\Default\Login Data
\Slimjet\User Data\Local State
\Slimjet\User Data\Default\Login Data
\CentBrowser\User Data\Local State
\CentBrowser\User Data\Default\Login Data
Software\Microsoft\Windows\CurrentVersion\App Paths\
softokn3.dll
msvcp140.dll
mozglue.dll
vcruntime140.dll
freebl3.dll
nss3.dll
msvcr120.dll
msvcp120.dll
Internet Explorer
Profile
firefox.exe
\firefox.exe
\Mozilla\Firefox\
profiles.ini
\logins.json
thunderbird.exe
\Thunderbird\
Could not decrypt
Account Name
POP3 Server
POP3 User
SMTP Server
POP3 Password
SMTP Password
HTTP Password
IMAP Password
Software\Microsoft\Office\15.0Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
ChainingModeGCM
ChainingMode
"os_crypt":{"encrypted_key":"
\ICACLS.exe
\xcopy.exe
" /GRANT:r *S-1-1-0:(OI)(CI)F /T
\AppData\Local\Google
\AppData\Local\Google\
xcopy.exe /Y /E /C
\AppData\Roaming\Mozilla
\AppData\Roaming\Mozilla\
\AppData\Roaming\Microsoft
\AppData\Roaming\Microsoft\
\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe
\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\
TermService
%ProgramFiles%
%windir%\System32
%ProgramW6432%
\Microsoft DN1
\rfxvmt.dll
\rdpwrap.ini
\sqlmap.dll
SeDebugPrivilege
SYSTEM\CurrentControlSet\Services\TermService\Parameters
ServiceDll
SYSTEM\CurrentControlSet\Services\TermService
ImagePath
svchost.exe
svchost.exe -k
CertPropSvc
SessionEnv
ServicesActive
SYSTEM\CurrentControlSet\Control\Terminal Server
SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns
SYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip Redirector
SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VC
fDenyTSConnections
EnableConcurrentSessions
AllowMultipleTSSessions
RDPClip
multirdp
[experimental] patch Terminal Server service to allow multiples users
termsrv.dll
explorer.exe
TASKmgr.exe
ProcessHacker.exe
regedit.exe
ntdll.dll
@\cmd.exe
ASOFTWARE\Microsoft\Cryptography
MachineGuid
root\CIMV2
SELECT Name FROM Win32_VideoController
Ave_Maria Stealer OpenSource github Link: https://github.com/syohex/java-simple-mine-sweeper
C:\Users\Vitali Kremez\Documents\MidgetPorn\workspace\MsgBox.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\
InitWindows
Software\Microsoft\Windows NT\CurrentVersion\Windows
\programs.bat
for /F "usebackq tokens=*" %%A in ("
:start
") do %%A
:ApplicationData
wmic process call create '"
:Zone.Identifier
\winSAT.exe
\winmm.dll
\\?\C:\Windows \
\\?\C:\Windows \System32
\\?\C:\Windows \System32\winSAT.exe
\\?\C:\Windows \System32\winmmd.dll
SOFTWARE\Microsoft\Control Panel\
Virtual Machine Platform
\\?\C:\Windows \System32\WINMM.dll
C:\Windows \System32\winSAT.exe
formal
e\sdclt.exe
chrome.exe
\AppData\Local\Google\Chrome\User Data
\AppData\Local\GoogleBackup
xcopy.exe /H /Y /E /C
\AppData\Roaming\Mozilla\Firefox\
\AppData\Roaming\FirefoxBackup
Profile0
\prefs.js
iexplore.exe
ADescription
FriendlyName
Source
Grabber
Asend.db
\Microsoft\Windows NT\CurrentVersion\Windows
ntdll.dll
kernel32.dll
\Microsoft\Windows NT\CurrentVersion\Windows
ntdll.dll
kernel32.dll
Virtual Machine Platform
SOFTWARE\Microsoft\Control Panel\
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Virtual Machine Platform
SOFTWARE\Microsoft\Control Panel\
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
Antivirus Signature
Bkav W32.MakyJonteH.Trojan
Lionic Trojan.Win32.Agent.Y!c
tehtris Generic.Malware
DrWeb Trojan.Packed2.42633
MicroWorld-eScan Generic.ShellCode.RDI.Marte.1.519A884E
ClamAV Win.Malware.AveMaria-8799014-1
FireEye Generic.mg.66552aa98285ba1c
CAT-QuickHeal Trojan.Remcos
McAfee GenericRXNI-EF!66552AA98285
Malwarebytes Backdoor.AveMaria
Zillya Trojan.Agent.Win32.1416121
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0019d9b81 )
BitDefender Generic.ShellCode.RDI.Marte.1.519A884E
K7GW Trojan ( 0019d9b81 )
Cybereason malicious.98285b
BitDefenderTheta Gen:NN.ZexaF.36270.juW@aC!YjWh
VirIT Trojan.Win32.Genus.LQW
Cyren W32/Agent.FYQ.gen!Eldorado
Symantec Downloader!gm
Elastic Windows.Trojan.AveMaria
ESET-NOD32 a variant of Win32/Warzone.A
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Agent.gen
Alibaba Trojan:Win32/Remcos.cb601851
NANO-Antivirus Trojan.Win32.Ric.htnucw
ViRobot Trojan.Win.Z.Agent.156160.AX
Rising Stealer.AveMaria!1.E64D (CLASSIC)
Sophos Troj/Mocrt-A
F-Secure Trojan.TR/Crypt.XPACK.Gen2
Baidu Clean
VIPRE Generic.ShellCode.RDI.Marte.1.519A884E
TrendMicro Backdoor.Win32.WARZONE.YXDF4Z
McAfee-GW-Edition BehavesLike.Win32.Backdoor.ch
Trapmine malicious.high.ml.score
CMC Clean
Emsisoft Generic.ShellCode.RDI.Marte.1.519A884E (B)
SentinelOne Static AI - Malicious PE
GData Win32.Trojan.PSE.1A57F96
Jiangmin Trojan.Agentb.eab
Webroot W32.Trojan.Gen
Avira TR/Crypt.XPACK.Gen2
MAX malware (ai score=85)
Antiy-AVL Trojan/Win32.Agent
Gridinsoft Trojan.Win32.Downloader.oa!s1
Xcitium TrojWare.Win32.AntiAV.VA@81mmki
Arcabit Generic.ShellCode.RDI.Marte.1.519A884E
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.Win32.Agent.gen
Microsoft Trojan:Win32/Remcos!ic
Google Detected
AhnLab-V3 Trojan/Win.Generic.R373692
Acronis suspicious
VBA32 Trojan.Packed
ALYac Generic.ShellCode.RDI.Marte.1.519A884E
TACHYON Clean
DeepInstinct MALICIOUS
Cylance unsafe
Panda Trj/Genetic.gen
Zoner Trojan.Win32.133042
TrendMicro-HouseCall Backdoor.Win32.WARZONE.YXDF4Z
Tencent Trojan.Win32.Agent.ybq
Yandex Clean
Ikarus Trojan-Spy.AveMaria
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Agent.TJS!tr
AVG Win64:Trojan-gen
Avast Win64:Trojan-gen
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.