Static | ZeroBOX

PE Compile Time

2023-09-01 02:50:49

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0003aed4 0x0003b000 5.31095331838
.rsrc 0x0003e000 0x00000546 0x00000600 4.00600927913
.reloc 0x00040000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0003e0a0 0x000002bc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0003e35c 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
com.apple.Safari
Unable to resolve HTTP prox
b11x//x
__I^HHm
!6w+g})
DLHu++
EDSDWNBDs
O[ERRD
-KZ[Z[[Z[YD
,KB[ERRQ
<KP[E[ZK?%K
<CK[E^D
,[MR_X
LxI])? -*
YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
Q[Z%!>%
"?>8==83#45#>=#>&
092>>$<<0&?
S4!41%%4
.nXPRQh
,hVFPn
&."!>=,.
\USDROhZ
|EVOW|]_YhC
8[!ty\lnhYr
wpmjdlo
olknphep
iiplikmpimhk
rzg}vwvaP3wa|d``rC3qvD3`d|w}zD$
iv{snt
PEALAITNEDERc
ETACIFITREc
NIAMOd
SWODNIw$
X,FFFFFFFFFFFF[FFFF[FFFF[FFFF[FFFFFFFF
u<&-%-$
-+:=';-
Yobmqvli
VGpt%!928?
v$90v?$707
U\[@FA
;a816-+,pc
b"{runho
'*"?%./.9(
>o\}L[MIQL|
\ataD resU\resworBQQ\tnecneT
zELIFORp
+V]@HJ[NL
=+6.**8
=01&7:
QUGl}QVLWMAAc~
'w5#>&""0
``vawwR
i<Ijydo~N%
"D}vqT|vyuuw[Dyjw|m]Duuw{tymID}jyol~wK
gEQX_BBSe
obeb%xngbmdy{
fJOGkUQGJe
G0! $2?0
#!$"7~fkyUoykxbzyykzUxo~ykg$
OetrhsieegZ
ttbuccf
#"3$3.52%3.622 1
}OZOJ^^O
xkERD@XEuk\TX[qk
@]\]TZ@
h-0:0':p97801=
,;*?:.
t_tDfW*h
Hil4/.+f&'%-),
:-<),8
49:74?
m9>$?%))+
u/5.488:
Ruc~fbbpa
e-8-(<<-
[?^<(>72=4)+
NISHR^^\a
JMWLVZZXe
#796>?3
5"1'$6?
!:3,17-&
/3]TQ^WJHJ]KM
j[ECqgz[
?k&('/."o3$24!
I$4- 7n
f$, /3$2
f|$, /
&/(55$2nn!
zBmm{}}_>j{pl{jpW>{j
vOZOJr]]KMMo
ZK@\KZ@g
KZOXG\~r
VV@FFDQ@KW@QKL@QDSLWU
YXO\XOY^DOIOXvKFFCpOFClv
K9sthO(;
/7{lz\5
#nn|M!
*%)-?<+6:%
.)-?%<+8.-?6*
*9yq}RhosT
T?hahmB}aOgmhfqT
ZXB671,9;74X!=3X=,9.1*(#
R/,-*+(
G7r@hQ1l31cVClcrvblA`<0E~27E}
j,=j|ay}}o^.a@
c3&36""3+
TGPQ[TXXZvEAs
C37%?JU[
T^->!:
6c~r~$~ycfz~LVxondkggeI*Z^LV#<2r"*yofcL*gkxmexZV
EKXG\jCKZ]W}
obnb8be
zfbPJdsrxw{{yU6FBPJ? .n>6esz
P6{wdqydFJsdybEzwcbd
{Z oxnH&
8`u-bucE+
0'40'1~
6!26!7kx
=*9=*<s
>drowssap_resu_revres/<
miyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyiyi@
123<=>?89:;$%&' !"#,-./()*RS\]^_XYZ[F@
3<2%35?4.%225#?9%+(
tLWz_J_z
jjmj-{laojbN_
_!;cqy
]"ohkjkk
oimlmm
een9lllnlim
6221)(
.814;2/
08).$.?(
}:34:<..8
}.*2934
324./8
)38//(
}.*2934
);2.2/>4
8/<*);2
U()((_,\*./.._&&\-z///-/*.XX]+)-'Bm{rwxqlNBs{jmgm|kM>ypwy
mm{S>miqzpwIBjxqmql}wSB{l
ijxqMX
"4)155'
0\JWOKKYh
7knfjB
>*UPXT|
-]N-2-
'isex`ddvG7GCC_
?O?;"<
eC<&,)*
6+*,15 &=
! 15077*
<&$" )
I^MI^h
laLdh`mfV
Ko`2?%.&.'
2?"?%./
@cnTb`fldfWw
)a,:'?;;)8+&1;
t18?91"#9:?7;
1ykgxk|^bgocvaHRvaha|kORk|oyzha]R\K][QZ@K\\[MQWKEF
E,3.KAqt|per[Aer{rox\Axo|ji{rNAOXNHBISXOOH^BDXVU
!#%6+0
j{~vzK{~vzoxQKdr{~Q7zvepxeGKrexcD{vbce~AK(
^^[S_n^[S_J]tn
_S@U]@bnW@]Fa^SGF@[dn.
i:<+w-7,6::
*-7,6::
J5f`w+qkpjffDYvqkpjffDY
g1"%x"8#955
+%Y>_XDc{
yW@SW@vBKLHJFKl
#\!QWMVL@@b
"3ZNNKCo
CPGRm
hly|6|vyoDtqyU8yj}hWDtqyU8yj}hWD
.;>t>4;-
BbCcEe
QPSRUTW
3yFCKGo
>9#8"..
cV"DB551A1218E4-984A-7FC4-DF4F-74C50927
hQGKVKVLGFkPGFLGq
"@G]F\PPr
!E,~ESNVRR@qEDUQXSBOd
zwoWPnezwoUX\ke\]Vw
NVne|kxnm
1&51&0 -5
pf{cgguD
b^U%(0
1:*4):
!<*7/++9
O{vnLP_Ql
NYJNYo`
rjHT[Uh`YN]KHZSo
>]KVNJJXi
b_&c!,4
J}hjKsamR`vkswweT
<2%62%
%2!74&/
E|jwokkyHtwjlvw[
_RJ]NHPI`
rj]NHPi`]^J^
E3gwd``rc
lFPY\sXTGRZGe
s;Woho(ehpgtrjsZEHPgtrjSZgdpd&ehpsZ
`TYAvec{B
PV@ILcHDWBJWu
MF{|{<q|ds`f~gNQ\Ds`f~GN
!IZ^^L]
=flD~sk\OIQh
s`u}`B
2-#c3h~wr]vzi|tiK
2?'0#%=$
L[Z_QRPIQzt
^JCDYYH~_HAAB_YCBnCBDYLNDYCHEYXl
CBDYLNDYCHEYXL
JCDAAB_YCBN
UR_JR_n<
~ZubcteZutcusZctieZuahorrcuYhikkieZAH&mjgrjgVZ(K(P(GZctgqr`iU
Wdqdauud
bcv }z`{ammoRkb~|{~ R
7~S0vcvsggv
RHSIEEG
DGKG\GZX
ft/'+$v
'p+#/ ar
&qb8.3+//=,`
1$!k61+0*&&$
)$'*)"
+$,)),7
0nL]]Y
^QY\\YBD
2!HZQ\WPY@]e^CAK
}'024;4
u'014:9;":
u!0;'0!;
yiIfqgzbfftEIgprt{tXqtzy{bzQIpgtbaszF
e)?".>$
WAEQGZVF\Q
8ukc`"&
-*$*1,
R7>lylI-cdjbAQ
su?%htz
<EFGFCF
@NNB@N
mk!<vjd
*>&+9g&+(%&-
%=0"|=03>=6
TIN@HK9
}[GFR\
'91=2(/34
qgzbfftEqpaelgv{p
A4.pf{cgguD
\TXWK\Jl
cLF'CY
sfsV2`waGN
8Et%]MJL
=s{!XHOI
gYbwbG#qfpV_bwfnlH
'<RGRw
AV@fo\TZ^r
G*scdb
^I_yp^I_[C^nXBIo
miepe@$vawQXpk`alG
=%$92"
h<:!':
Z>l{mKB{sqlv]B{sqlv].(-
NYOi`R]Ni`]UXYqFS
8/9=%8
j%+(/#
Z`>G(?)-5(
z).4?7?6
:8/0+
)h}hM){lz\U{lz~f{K)pjh
`{Y)j`yL
TXTTXt
*b:EG_CGEXBi
xjk{|z
hTBYRBUT^EXd
T;UEBD
6 !+"+
~,'706
ct]i~ozL
$;,!70,
lH_RDC_`l
%"!%"$$$
h<-$-#:-
][__n})<0/2;}8)4
W;QXVU@
~njrun
Ed]5R[\GAFAPAVZ
pGJB_ENONYH
RA ;`cg3:!
$35:2
mz]\Wu_VQVQYP{
9?()$;"?
m(;$9$ $?
m9+">"?.$
*@W[T[F\WV{
=snrrdbnsq^32ohv
mmmo698::l6h;#67k7#k><:#<om:#>7:6ml97
:rsjv1jf{j
1e@"(c`(08e(c8"}bqK}
g*a: ^Sn{whu\;
PPuDy-a+xp-`+p?$p<1%!5p$?>p#9p>?9#"5
L_`X\$[^/_/--%-0*$.$0_,-,0^$X/0(-(YY^(Yf
i<hM/%nm%=5h%n5/po|Fp`ytC
`&%qT6<wt<$,q<w,6ive_iamB
+1\7c/e6>c.e>qj>r
ko{>jqp>mw>{dwM{s
P>{vj>xq>{dwM
t~56~nt
XORInDIOXMROmYXGTQ\TOXn
s8;skc>s8cy&9*
@dJWL[]JQ\]jVYUVYtd][QN]|d
tHAori~xotyxOs|ps|QAx~tkxYA-
v0!a`f{nb}`iaf/jckang/bj{|v|/jyjf}{j}/`{/kjcfnI
1SPS*
KDBM(+
v4.0.30319
#Strings
 C\fnt~
? W w
"0"4"I"U"`"p"
=/m/W/J/
YGMtn42Pu20
db686948-f2a7-4c3d-b8fa-73a42b8f9b80
MOUq3xB0
lbEaFkX6mH0
IFnzJ0
fKdQO0
nFiaig0
PlT9cN2bi0
zun9Ffj0
RN7fr0
AWgtEfhu0
KggTPf7n91
HMACSHA1
CQEEgFYjC1
gczlD1
MZ2fSRDAG1
bLsK6KVH1
toOXL1
a3NmY1
yfN5hyZ1
IEnumerable`1
ICollection`1
IEnumerator`1
IList`1
cmBcgyua1
RN4W469c1
CS$<>9__CachedAnonymousMethodDelegate1
8ruSjo7pok1
b7TUaNUm1
get_Item1
HMACSHA512
nH48oY22
cFucjE32
Advapi32
kernel32
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
wGYLn3riJ2
s5c6jrJ2
dfgeds3zQ2
R37yIlR2
TsQ8X2
KeyValuePair`2
Dictionary`2
prsDn0AgWi2
mYeVFxDyl2
get_Item2
8LJGjvXy2
gHAm03
3lpV6r5pE43
CQXaB3
d04d0IQY4C3
3sVK78N3
7SCTNfKT3
5pELm96W3
3m5uEtW3
whpGX3
frBXjIZ3
Tuple`3
kucea3
zwN7k3
m1F0sQk3
get_Item3
z5rbHbGmo3
2D9EpMKu3
XSosjiZsxu3
aNQO14
Zltc34
ToUInt64
ReadInt64
ToInt64
Rb1XQCF4
JWcog7I4
2uvK8K4
PR2GCpBT9K4
67zBWFeFIN4
vVNcFO2TOQ4
Nj35xY4
6zqwGmbb4
yhMn9e4
im3Uo4
smVAkPIbo4
WKwikz4
l1aobQpz4
g7eGwqi05
od1QLtAi25
NgU7cc85
9yPFQcE5
y7bTF5
m9N4K63SOH5
iIC8LxMU5
fq99F4x2Z5
qM9gNobzZ5
X59NTb5
q4L0Ed5
MTqh7Flw8f5
sDaeAf5
Dltxh5
E8LLk5
18jPgivvwn5
ToUInt16
ReadInt16
ToInt16
Bj0rjy26
HMACSHA256
nRQ2Ke66
bgLTqY20VO6
vVepcR6
pnEWT6
lsoROenI6V6
8KVoWGgW6
tZdR6Dg6
y3NuFjdxK07
A8nfJOomR47
c8dSg6Ev687
AQGIPmsULE7
VaultGetItem_WIN7
YTVzS9V7
LNe7s4W7
W9CCNh7
WKp1m7
Q76c7Zg6BC8
get_UTF8
ReE1lZXwF8
mm6BLeFG8
YtkeH8
VaultGetItem_WIN8
RYHCdS8
BlaDxXsX8
683Enpa8
oeOtf8
2lQy2pmh8
e1XuwGKZq8
G7x0MUt8
41ZBz8
TKXTIdQUC9
bz4BIactWD9
swWUpK9
2oMZKT9TL9
hlLKdeQ5ZP9
f3W4WXR9
NUge6EBrdT9
BPapnfnKp9
ac6YEj7q9
fa6vgv9
GJDLy9
GpmKdCYVOz9
<Module>
DjrLTlci5A
HONQKk7A
kHoWaYtkFA
VjouSBHA
9z7zOA
F0iORA
Yh5t41YtTA
5xADmv9vhUA
wpJWcA
7JsHdhA
xmC7P7AqxA
yHhbyA
LhRaTY574FB
hltRtMLTKB
orwW3nX8NB
cNSbRaOwCTB
3ScZCgTjB
ESS9uB
dCOC153TQzB
rRCe3C
Yo3GD8C
N8hI9C
OZaX2oXAC
QLPsLC
HJWSUQGvLC
ma2lbcAPC
DS6mPC
KLpQqXC
spJID6CNvXC
VxvzCNBEfC
Mx7WiAi8akC
blBV9nC
NeuRJJnC
kGVspC
3Bnf7XRXrC
jorWwC
1zGX0D
BRCDIk79AD
get_ID
set_ID
fileHandleID
lpdwProcessID
processID
get_FormatID
set_FormatID
f0gciND
wOLHfD
5xzDC4iSqD
gSDyiF7NIuD
TZEvckxyD
5xhZdasu3E
Ro6gsnvI5E
urswyKBDPME
wpssWd7LNE
hHgJPTty7SE
c8ArlbJjE
Un5UOsE
XGVFxE
UnNYm4F
WG3fuQWLF
MdVqljNF
BGxiwymOF
YKkZjUF
geUbcRrAraF
eVWzlekEgF
aKxcwlvWhF
F9RTzWioUoF
ptxlJvF
QiKVFq30G
kuWV8mLHNG
934IARG
68bnOKEvVG
O0H6lG
VMSd1H
LqLY0YvZ3H
Ts3P9YH
TbrgfaH
Tbe1AuhH
ki5FMo9akH
WuPNS87sH
75NARuH
1xHoLgPTYvH
TVbA604I
i2z49I
GiS79I
A8OuhGCI
wfQ5FDoIDI
JpUmplnEI
get_ASCII
7vTk7MI
NmDlwZ7tVI
VlILtLJaI
R1yWvaI
YKloAxyqI
mHuMWnvyI
hfW52FJ
BM6YsHenOQJ
ibUWVQJ
ydmznDWJ
UEG2lZJ
87IgbbJ
HAYT2pzJfbJ
nxzPgJ
Z4UAmJ
aVlmIdqJ
oC33zJ
XxcGe3GJo6K
XrfMqP8K
uwYvvN8EBK
Wior7GK
6tg8awAHK
4fktMsLK
NcnyyLt52OK
IuymDczwlQK
l724Z7YFbK
7slJ9TMTiiK
JR2pBDpXuiK
DvCjOp3mK
Dw2KsmK
FgJfdxNnNuK
Ou1rtuK
YRTDFaP1s4L
U5NTGeN935L
ynCMpJ6PSAL
Dm8yAL
FB4FPIL
BLYCWBUrLL
SNAwuZoWL
AwRNAZL
ICeLRLV7dL
1gOxubogdL
KxDWzylgL
l1u8PmL
LUXUKwoL
3DT7pCS2M
TVGC85M
Ev9VkanDM
jhj87JM
luOKJM
8n4GlcJhJM
VY9WiOoKM
YmQ9ebbOM
J4VWrbWM
QwMJihM
gvGbCbxhM
JZjWU3lM
VHBbFF7FrM
vuRQyafExM
47365sWyO2N
9AkGmStsq2N
41oe6N
hkQTnrvAN
2hff2SzMN
380EabbN
rzF0d8JfN
42fzgkN
sToI6pN
4Q5EhJxN
GOAn3TAO
BU6mqKB29BO
System.IO
fVPOIO
GexmuoZO
nakFqeO
LbxCfO
7nc9bajPlfO
4CDthO
iua1BrHSoO
TWww26GaKxO
DLQ2iJW2P
vfe3EwwCP
7DakGPLP
qZzIN2PP
xOQJ9VP
wCaGcLVP
LP2z3LcP
tODAXcP
YMJxZXpidP
zqhUp5Jr4fP
rih1n1yiP
hbSxBjP
IRTpyPalP
jbIXsP
gFm2LwLi2Q
3VU0sTAQ
iY7ndKuoyGQ
0rtW0fxDfJQ
EQurRW7KQ
WarnzYoVnLQ
qaOxN0OQ
3roURQ
rzVIORwmRQ
rJMzRQ
ONOvpBUQ
RNL9BnQ
ng1RwQ
L6asAR
Ox829X1FR
JsxUZCXfLR
gpcNQf5MR
jrOt7aR
VeAi8yM0nR
dxSUqUsroR
sMFApR
0Nd3M50OFqR
kVxcirR
pgl3wAvR
lFbfrkn0OvR
jkS2c96S
Md477S
K6SlT1GS
P7ZKwGGS
dmuP0ACCHS
0ZFS1nHS
XqyiCnLLUS
lBrIaUGXXS
JzBU0cGArS
e6xTQVM6T
OXzaeJOH7T
QPX0BAJE4AT
cn0EIIT
dBHNOSlLT
GmcbFA7UT
MCLvB2V2aVT
QCToQcT
CzBScT
uVyShT
dfZHnDjT
IvMc8xhHukT
hPdhUAgt0mT
6fJfbeb1mT
qbtMsT
BOSRtuT
QZ3nbzT
dBM25U
asCi5U
fJ9kSDU
4ksXTHU
fRSpjIJU
hcCTrbU
QGe9mU
dv45SwPtU
Q0yw8XzU
oivkrWPn9V
get_IV
set_IV
dOuM5PV
5O2EEzkdjQV
8ybh4OFmTWV
A1QY9OE1wfV
X2MmRNUuugV
FmAVqVyhV
QbXYLvlV
1cSvdJOnGnV
plgxugm9W
VZA6EW
sF56yGRZIW
ap3G98KxIW
URvKvHCMW
X5bxRW
eKOSeqpyjdW
EvaDceW
G0NxPPByviW
9ZeMrW
w0iTvW
ZFMAzW
7YBqagzW
WML1Qt6nqBX
MBavEX
XcbHksFX
BN1r2o8uOX
F3kiBcdbeRX
682tuWuTX
tIXVpGQAiYX
HJkWWUmrhgX
fFMaWxFXqX
oWZxRCtX
teewupkJKvX
proEm13qxCY
6U4mbBEVSGY
HIfLUGY
Nv4i78HKKY
skFImBjUNY
0s3hLlEQY
E0sqgTgmlUY
Yt3Kw8X2bY
2AWVwY
lbba0ebPyY
fU5Y0Z
oYdlc76Z
LVpp9AJU1FZ
Lx7tahYhSZ
cVU4dDsUZ
EoewjVZ
71uHDyUnVZ
9spRF4abqlZ
ObKggMIt7oZ
ElmqHdGzJoZ
3RqjmfVmAyZ
yKwVSvUoX7a
G77DrCMdBCa
fKU2EDKa
oPysy89f0Pa
WzkNEaa
l4RvMc1ba
ldRRLmpkba
faRCca
rLV2ha
get_Data
set_Data
ProtectedData
PropertyData
nM2Zn6wa
wh963ya
jCCTso87b
qd1iCl8b
qSuj1Cb
tkbpC7wLb
gPoejpF5Sb
mscorlib
DMy6YpvdNob
67f0HAzrb
pFdF3uub
aRPV1c
Li95luCg3c
BSZOx7c
cOxpix7c
5Krf9c
r7dTRaEc
WFLo9bxPSGc
CEEqWGc
NvpPzPbGOc
kdknOc
xg5SZc
FggLu3Lb7cc
bEBtLlcQBdc
2AKLc9ec
System.Collections.Generic
Microsoft.VisualBasic
WndProc
HookProc
yxVyPjHLpc
UrwOcpc
FromFileTimeUtc
oI73B44d
eNn26Ad
get_Id
schemaId
pszAlgId
GetWindowThreadProcessId
processId
VOSpalQd
17S7Vd
OzhdYd
OpenRead
lpcbNeeded
SHA1Managed
RijndaelManaged
add_Changed
remove_Changed
get_LastModified
set_LastModified
_lastModified
Interlocked
set_Enabled
get_IsEnabled
set_IsEnabled
_enabled
lpOverlapped
samDesired
add_Elapsed
get_LastAccessed
set_LastAccessed
_lastAccessed
get_Reserved
reserved
t891d5mEgd
pPackageSid
get_IsInvalid
get_Guid
vaultGuid
DSjt0jfkd
<ID>k__BackingField
<FormatID>k__BackingField
<Data>k__BackingField
<LastModified>k__BackingField
<IsEnabled>k__BackingField
<LastAccessed>k__BackingField
<Password>k__BackingField
<password>k__BackingField
<PropertyStorage>k__BackingField
<Name>k__BackingField
<FileName>k__BackingField
<ApplicationName>k__BackingField
<Username>k__BackingField
<username>k__BackingField
<Type>k__BackingField
<type>k__BackingField
<TypedPropertyValue>k__BackingField
<Size>k__BackingField
<IsRunning>k__BackingField
<Path>k__BackingField
<hostmask>k__BackingField
<Version>k__BackingField
<Application>k__BackingField
<Description>k__BackingField
<user>k__BackingField
<hoster>k__BackingField
<Tasks>k__BackingField
<objects>k__BackingField
<Accounts>k__BackingField
<Keys>k__BackingField
<Lenght>k__BackingField
<Host>k__BackingField
<GuidMasterKey>k__BackingField
GetField
lsD26qNFmd
TrimEnd
ReadToEnd
Append
get_Millisecond
GetUpperBound
GetLowerBound
set_Method
method
VIcQJ6rd
Clipboard
get_Password
set_Password
get_password
set_password
Ph7AQZ1Ptd
TKeYE3e
zII03Iyiw6e
Z7gqI7e
dXdJdFEw18e
6iEbRJe
rjNxrTe
lM5s6J3Q2Ue
v8LsrWe
Replace
QueryDosDevice
hInstance
IdentityReference
crfMcuce
wNvxZde
wScanCode
keyCode
set_Mode
FileMode
ShareMode
PaddingMode
CryptoStreamMode
CipherMode
SelectSingleNode
XmlNode
get_Unicode
get_BigEndianUnicode
IsTextUnicode
UlVP7RAeYee
FromImage
get_PropertyStorage
set_PropertyStorage
SerializedPropertyStorage
SendMessage
MailMessage
AddRange
CompareExchange
CredentialCache
EndInvoke
BeginInvoke
GetEnvironmentVariable
SetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
hSourceHandle
SafeHandle
GetModuleHandle
RuntimeTypeHandle
ReleaseHandle
CloseHandle
DuplicateHandle
CreateHandle
GetTypeFromHandle
hSourceProcessHandle
hTargetProcessHandle
lpTargetHandle
bInheritHandle
vaultHandle
handle
Rectangle
ToSingle
CreateFile
hTemplateFile
DeleteFile
WriteFile
MoveFile
MapViewOfFile
UnmapViewOfFile
lphModule
get_MainModule
ProcessModule
get_Name
set_Name
lpDeviceName
get_FileName
set_FileName
GetModuleFileName
lpExistingFileName
lpFileName
GetFileName
lpNewFileName
_fileName
get_ModuleName
lpModuleName
lpBaseName
baseName
lpValueName
rootPathName
get_OSFullName
get_FullName
get_ApplicationName
set_ApplicationName
lpName
lpAppName
get_UserName
get_ComputerName
get_ProcessName
processName
GetProcessesByName
lpKeyName
GetDirectoryName
filename
get_Username
set_Username
get_username
set_username
System.Net.Mime
DateTime
GetLastAccessTime
c5VrTGR6ne
AppendLine
get_NewLine
Combine
LocalMachine
fSdqVRjakne
Escape
Unescape
DataProtectionScope
get_Type
set_Type
set_MediaType
pszBlobType
GetFileType
ValueType
SecurityProtocolType
GetType
ContentType
get_type
set_type
FileShare
Compare
System.Core
PtrToStructure
get_InvariantCulture
Capture
HttpWebResponse
GetResponse
Dispose
Reverse
X509Certificate
Create
MulticastDelegate
GetKeyboardState
lpKeyState
GetKeyState
Delete
nNumberOfBytesToWrite
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
SecuritySafeCriticalAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
FlagsAttribute
CompilationRelaxationsAttribute
ReliabilityContractAttribute
ParamArrayAttribute
RuntimeCompatibilityAttribute
SuppressUnmanagedCodeSecurityAttribute
set_UseShellExecute
ReadByte
ToByte
get_Value
TryGetValue
get_TypedPropertyValue
set_TypedPropertyValue
GetPropertyValue
set_KeepAlive
Remove
jZiM8Iwe
hiv2hkwe
get_Size
set_Size
dataSize
get_StorageSize
lpFileSize
get_NameSize
volumeNameSize
nFileSystemNameSize
get_StoreSize
get_ValueSize
get_HashSize
set_BlockSize
chunkSize
get_KeySize
Serialize
Deserialize
Initialize
Finalize
Resize
o8Z17vi3f
Ld7IfFf
lsxtsGB2Lf
SizeOf
get_ItemOf
LastIndexOf
H0MY50gbf
beWSvb8cf
Xosjdf
cchBuff
hK4J3nf
IE8pAxf
8cmEiH4Dzf
k7bL5g
OBQAhGg
Pa5FyTouOg
xs4tQg
mJoJpCDZg
NjmDrle3ag
get_Jpeg
oKZiRbkg
System.Threading
get_Padding
set_Padding
UTF8Encoding
System.Drawing.Imaging
get_IsRunning
set_IsRunning
CreateFileMapping
FromBase64String
ToBase64String
EscapeDataString
UnescapeDataString
lpReturnedString
GetPrivateProfileString
ToString
GetString
Substring
System.Drawing
get_Msg
v7y6tw7yg
R2dxRo4a70h
0P92xRK0h
fQXbNdVo2h
0MOZDh
gArLEdD2Ph
jS4atFuPh
cgo1hs34Zh
GxWebh
dwMaximumSizeHigh
dwFileOffsetHigh
7Mp7I2hh
z5Ayxhh
vtkpih
guFeH5roh
ComputeHash
get_Path
set_Path
get_ExecutablePath
GetTempPath
GetFolderPath
lpTargetPath
get_Width
get_Length
SystemInformationLength
ObjectInformationLength
set_MaxJsonLength
ReturnLength
maximumComponentLength
GetWindowTextLength
EndsWith
StartsWith
SUZHtlEsLvh
Ox1164ZW1i
EUTjLt1N2i
kIcCeB7i
Oo87b8i
PqVerYwFi
y5voSi
6pJLoWHhZi
WLMSSPei
d9xbOmi
PtrToStringUni
StringToHGlobalUni
R2qHTeOfwi
foAPUI2Hyi
bhBt8F2j
d9p9pWb5j
gHGmEj
L3JONj
AU135Oj
bbAMaOj
r7N2qzSAFXj
YAyFAZj
MHdhJaj
gzEXFX2Gubj
hltWqhj
4WsOzeGnqj
kwfEwQSZrj
uDx0Vhhrj
rWGTMtj
QP46Lk
e1EOGlJRk
wJ6vSk
AsyncCallback
RemoteCertificateValidationCallback
get_ServerCertificateValidationCallback
set_ServerCertificateValidationCallback
callback
get_CapsLock
TransformFinalBlock
TransformBlock
IA6Wh9ek
2gfNVtEfk
idHook
get_hostmask
set_hostmask
9l0Paxk
tn0JkpKBp1l
NxAzACAFl
lUfGCCKl
KNtpcg9KLl
ONiHNl
AllocHGlobal
FreeHGlobal
Marshal
NetworkCredential
Decimal
System.Security.Principal
set_Interval
cZrlbl
6ZWtERcl
duRrTQvcl
Rijndael
System.Collections.ObjectModel
System.ComponentModel
System.Net.Mail
4mTUjl
Kernel32.dll
kernel32.dll
User32.dll
user32.dll
vaultcli.dll
psapi.dll
ntdll.dll
bcrypt.dll
System.Xml
set_IsBodyHtml
set_SecurityProtocol
Control
6wBZpl
set_EnableSsl
kabk5LFtl
o2PzVk2m
iEMrLw634m
Z1GdcqD4m
uXY7uFl7j7m
m6iJbbU8m
r4BtFm
FileStream
get_BaseStream
GetResponseStream
CryptoStream
MemoryStream
get_LParam
get_WParam
get_Param
lParam
wParam
get_Item
set_Item
VaultGetItem
vaultItem
OperatingSystem
d2YN6YW1shm
SymmetricAlgorithm
phAlgorithm
KeyedHashAlgorithm
algorithm
Random
ICryptoTransform
biFFFQ1AGzm
Reds3fqFhDn
VCpy0ddN4Fn
bgM9UIn
ToBoolean
IsLittleEndian
CopyFromScreen
get_PrimaryScreen
lpNumberOfBytesWritten
X509Chain
ChangeClipboardChain
get_OSVersion
get_Version
set_Version
get_Application
set_Application
get_Location
GetVolumeInformation
NtQuerySystemInformation
ObjectInformation
pszImplementation
System.Globalization
System.Web.Script.Serialization
System.Reflection
PropertyDataCollection
ValueCollection
MatchCollection
GroupCollection
ManagementObjectCollection
AttachmentCollection
KeyCollection
set_Position
CreationDisposition
get_ContentDisposition
SearchOption
Win32Exception
CryptographicException
ArgumentOutOfRangeException
ArgumentException
get_Description
set_Description
get_StatusDescription
_description
System.Runtime.ConstrainedExecution
StringComparison
Intern
add_KeyDown
remove_KeyDown
get_CtrlKeyDown
get_ShiftKeyDown
get_AltKeyDown
TOp0H6lnjAo
qaq6MdBo
TdJnHo
LHQo8CsvHo
CompareTo
CopyTo
ImageCodecInfo
FieldInfo
FileInfo
CultureInfo
pPaddingInfo
FileSystemInfo
MemberInfo
ComputerInfo
get_StartInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
GqEwEpjo
6i4STJruo
0xJyzFyvo
WAZHp0p
MKT1wbmHH2p
wkK33p
MXZr7p
UlK5Bp
B3A6Cp
VC7RnWX3sKp
jmBMmvEwKp
OFqNMp
jDdHRp
EPLKN2a2uUp
add_KeyUp
remove_KeyUp
IN3WY9iPQXp
dwNumberOfBytesToMap
Bitmap
Cu4Tnp
sMOvyqp
YkEEy5ks6q
xXtvhv6q
749D069q
9EYWslbO9q
tsRSY1z0Kq
bPKTfeb0Mq
SX56HNQOq
6DYGdGVQq
EuZzsXq
fETYZebq
e9vJ8cq
MAEyfXUhq
6PH6rkq
wX1GUURvRmq
CCjaCumq
System.Linq
N6x1Q75sq
aslttq
YCjUK7r
thBLDr
ekTjz2KRxDr
6HOc9aqUr
ToChar
lpChar
DirectorySeparatorChar
Cutuqcr
g0fa8er
volumeSerialNumber
StreamReader
TextReader
BinaryReader
SHA1CryptoServiceProvider
MD5CryptoServiceProvider
RNGCryptoServiceProvider
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
IFormatProvider
StringBuilder
SpecialFolder
sender
Encoder
volumeNameBuffer
fileSystemNameBuffer
buffer
ServicePointManager
ManagementObjectSearcher
SecurityIdentifier
ElapsedEventHandler
ToUpper
CurrentUser
get_user
set_user
EncoderParameter
BitConverter
get_hoster
set_hoster
BinaryFormatter
SetClipboardViewer
ToLower
JavaScriptSerializer
srYuIYU1fr
15RXpHjr
j1lajr
kdQ29Dmr
get_Major
get_Minor
GetLastWin32Error
GetLastError
IEnumerator
ManagementObjectEnumerator
GetEnumerator
RandomNumberGenerator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
passwordVaultPtr
ReadIntPtr
QzTOgt6s
pz0PbvwBs
WZA68kGs
x1QgRuIALKs
8gq3BsXs
Graphics
System.Diagnostics
get_Bounds
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetInstances
get_ChildNodes
Matches
GetDirectories
get_Properties
ExpandEnvironmentVariables
GetFiles
EnumProcessModules
NumberStyles
GetSubKeyNames
ReadAllLines
GetProcesses
System.Security.Cryptography.X509Certificates
FlagsAndAttributes
lpFileMappingAttributes
SecurityAttributes
Rfc2898DeriveBytes
ReadAllBytes
GetBytes
get_Values
GetLogicalDrives
fileSystemFlags
dwFlags
P8kdbgs
ElapsedEventArgs
get_Tasks
set_Tasks
ICredentials
set_Credentials
get_DefaultCredentials
set_UseDefaultCredentials
Equals
CreateParams
VaultEnumerateItems
System.Windows.Forms
Contains
System.Web.Extensions
System.Text.RegularExpressions
iterations
System.Collections
set_MaximumAutomaticRedirections
StringSplitOptions
RegexOptions
options
get_Groups
kZvj7rEwqs
get_Chars
GetImageEncoders
System.Timers
RuntimeHelpers
EncoderParameters
SslPolicyErrors
SystemInformationClass
ObjectInformationClass
ManagementClass
dwDesiredAccess
FileAccess
processAccess
get_Success
hProcess
OpenProcess
GetCurrentProcess
lpBaseAddress
MailAddress
get_objects
set_objects
VaultEnumerateVaults
get_Attachments
set_Arguments
get_Accounts
set_Accounts
get_Exists
get_Keys
set_Keys
get_ModifierKeys
ZkKt1t
gUTg24t
RKBh0ajCt
Rrw3uTKt
9p16H0Tt
kb3EjqTUt
Concat
AppendFormat
ImageFormat
Subtract
ManagementBaseObject
hFileMappingObject
hObject
ManagementObject
cbKeyObject
pbKeyObject
NtQueryObject
object
set_Subject
Collect
set_AllowAutoRedirect
flProtect
Unprotect
q9bQwH3et
System.Net
offset
get_Height
get_Lenght
set_Lenght
op_Explicit
WaitForExit
pnEnb8Wjt
cbSalt
VaultOpenVault
get_Default
lpDefault
pcbResult
IAsyncResult
phkResult
result
KsyPmt
mqz2TO8nt
set_UserAgent
SmtpClient
System.Management
pResourceElement
XmlElement
pIdentityElement
Attachment
Environment
XmlDocument
get_Parent
GetParent
get_Current
get_Count
get_HandleCount
get_TickCount
vaultItemCount
set_IterationCount
vaultCount
BCryptDecrypt
BCryptEncrypt
OrFOs2nCqt
TrimStart
Convert
set_Port
HttpWebRequest
XmlNodeList
ToList
get_Host
set_Host
ICredentialsByHost
set_Timeout
GetKeyboardLayout
dwLayout
cbInput
pbInput
cbOutput
pbOutput
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
ReadAllText
AppendAllText
get_InnerText
GetText
GetWindowText
0Jyh5u
zXY5m7Iu
vfAHV0vDNu
sbX3Qu
Rmog9hu
kFsJtJBiu
Gnl0mu
wpVcYyu
w7ctEQ5v
fbVgof8v
truLqGeGpGv
PqOqvnWv
zXWmPiiNXv
Mkm5rmav
C8i7gv
qThrNRiv
84k67Wvnv
iZS8Jhxxnv
ObqLlsv
b2FP0gPBZtv
JN4X0w
FQzY2bXuEHw
HRFKSgKMw
zJzYSO3M2aw
1VzCSFcTAgw
dwMaximumSizeLow
dwFileOffsetLow
get_Now
GetForegroundWindow
NativeWindow
set_CreateNoWindow
Ledjpw
gYmWVYmd1x
hZ8Z8Q8x
ToUnicodeEx
GetModuleFileNameEx
RegQueryValueEx
GetFileSizeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
RegOpenKeyEx
5pVsrPFx
IYsXIh8K9Hx
aPnU5waOpHx
cQSgrVx
ucchMax
m7XjlNax
e4WZBuRWufx
MhO45xx
AmS0HhkS9y
sOcO9AU3Jy
2h39MwI7cMy
moZbg7hrOy
AEVTxRiQy
fIkPPd1Eay
ToByteArray
InitializeArray
ToArray
ToCharArray
Consistency
set_Body
get_Key
set_Key
OpenSubKey
subKey
RegCloseKey
get_GuidMasterKey
set_GuidMasterKey
_guidMasterKey
ContainsKey
wVirtKey
hImportKey
BCryptImportKey
BCryptDestroyKey
RegistryKey
System.Security.Cryptography
GetExecutingAssembly
Multiply
BlockCopy
System.Runtime.Serialization.Formatters.Binary
get_TotalPhysicalMemory
Directory
Registry
get_Capacity
Quality
op_Equality
op_Inequality
System.Security
System.Net.Security
IsNullOrEmpty
BCryptSetAlgorithmProperty
BCryptGetProperty
BCryptSetProperty
pszProperty
huAahX1z
wcbOeY1z
cQO9b9Fz
hcQsyasypHz
Alb1rzkJz
TcD2Kz
fWHVdPz
BTjQcvQz
CgoATz
Pxp7Uz
onhafgJVz
AijMmFAFhXz
Ju4pkz
Fzq9Whmz
NT9UNR9nz
LJvBoz
PTyK56P6sz
o2ksY0Jiwz
R6nSmX2Nxz
uLC9Wcyz
WrapNonExceptionThrows
1.0.0.0
$5bd0f8b4-5d6f-41a2-832d-01c6fed654ce
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
pp p!p"p#p$p%p&p'p(p)p*p+p,p-p.p/p0p1p2p3p4p5p6p7p8p9p:p;p<p=p>p?p@pApDpEpFpGpHpKpfy|y
k#n+n9
45 6!7"8#9$:%;&<'=(>)?*@+A,B-C0D4E5F6G7H8I9K:N;O=QATD]FcJuPvTwVxYy]z`
BACAIHJHQPVUWUXU\[cbedfdgdhdidjdml
Accounts
logins
sha512
credential
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
db686948-f2a7-4c3d-b8fa-73a42b8f9b80.exe
LegalCopyright
OriginalFilename
db686948-f2a7-4c3d-b8fa-73a42b8f9b80.exe
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.Common.6BCF16AE
Lionic Trojan.Win32.Stealer.12!c
tehtris Clean
DrWeb BackDoor.SpyBotNET.62
MicroWorld-eScan Gen:Variant.Lazy.364860
FireEye Generic.mg.eae04e28d3216279
CAT-QuickHeal Clean
McAfee Artemis!EAE04E28D321
Malwarebytes Spyware.AgentTesla.Generic
VIPRE Gen:Variant.Lazy.364860
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Spyware ( 0059d6731 )
BitDefender Gen:Variant.Lazy.364860
K7GW Spyware ( 0059d6731 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.Lazy.D5913C
BitDefenderTheta Gen:NN.ZemsilF.36722.om0@aSYAl3m
VirIT Trojan.Win32.GenusT.DQSZ
Cyren W32/MSIL_Kryptik.JRO.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Spy.AgentTesla.F
APEX Malicious
Paloalto Clean
ClamAV Win.Packed.Generic-10003641-0
Kaspersky HEUR:Trojan-PSW.MSIL.Stealer.gen
Alibaba TrojanPSW:MSIL/Stealer.a70d1e84
NANO-Antivirus Clean
ViRobot Clean
Tencent Malware.Win32.Gencirc.13ee0f40
TACHYON Clean
Sophos Troj/Tesla-CNT
F-Secure Trojan.TR/Spy.Gen8
Baidu Clean
Zillya Trojan.RedLine.Win32.8179
TrendMicro TrojanSpy.Win32.NEGASTEAL.YXDIAZ
McAfee-GW-Edition BehavesLike.Win32.Generic.dm
Trapmine suspicious.low.ml.score
CMC Clean
Emsisoft Gen:Variant.Lazy.364860 (B)
Ikarus Trojan-Spy.MSIL.AgentTesla
Jiangmin Trojan.PSW.MSIL.epqy
Webroot Clean
Google Detected
Avira TR/Spy.Gen8
Antiy-AVL Trojan[Spy]/MSIL.AgentTesla
Gridinsoft Ransom.Win32.Wacatac.sa
Xcitium Clean
Microsoft Trojan:Win32/Znyonm
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-PSW.MSIL.Stealer.gen
GData Gen:Variant.Lazy.364860
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win.Generic.C5459834
Acronis Clean
VBA32 Clean
ALYac Gen:Variant.Lazy.364860
MAX malware (ai score=87)
DeepInstinct MALICIOUS
Cylance unsafe
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TrojanSpy.Win32.NEGASTEAL.YXDIAZ
Rising Spyware.AgentTesla!8.10E35 (CLOUD)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.74396735.susgen
Fortinet MSIL/Agent.F!tr.spy
AVG Win32:PWSX-gen [Trj]
Cybereason malicious.a0ba68
Avast Win32:PWSX-gen [Trj]
No IRMA results available.