popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-10-06 15:08:39

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0003bbf4 0x0003bc00 5.024150028
.rsrc 0x0003e000 0x00000546 0x00000600 4.00774882803
.reloc 0x00040000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0003e0a0 0x000002bc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0003e35c 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
com.apple.Safari
Unable to resolve HTTP prox
1SPS*
KDBM(0
v4.0.30319
#Strings
&Fo
* ? b u
!5!X!p!
".#@#D#Y#e#p#
8flOKqpfII0
X9p3xN0
SHf0Q0
jp1BcIurdS0
6Yn2cqOU0
pT3GB0Y0
g6uBna0
psLde0
5Hzfm0
sTSvHq0
d0St2y0
$$method0x6000100-1
$$method0x6000120-1
$$method0x6000140-1
$$method0x6000121-1
$$method0x6000192-1
$$method0x6000275-1
$$method0x6000106-1
$$method0x6000116-1
$$method0x600011b-1
$$method0x600008d-1
$$method0x600007e-1
iSpaAF21
HMACSHA1
PXKmB1
VT_UI1
okmq7ZuS1
bKrAX1
IEnumerable`1
ICollection`1
IEnumerator`1
IList`1
yEWqc1
CS$<>9__CachedAnonymousMethodDelegate1
7Sl8ml1
get_Item1
PXsVFTKkmt1
NpVE2Uv1
$$method0x6000100-2
$$method0x6000275-2
$$method0x6000116-2
HMACSHA512
Advapi32
kernel32
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
QAGATZdZE2
3J5H0bH2
VT_UI2
KeyValuePair`2
Dictionary`2
get_Item2
1HPqvCts2
WWwuAiZ7Ez2
9VW613
0iqwb6r53
4Yp7Eug63
h4dNb7D3
oYiON3
Tuple`3
pQ3pa3
aXzTh9Yxb3
get_Item3
2YtI4u3
Q5TTX7ftu3
CG5tw3
Edy5n7t34
ToUInt64
ReadInt64
ToInt64
xbYALeBt74
ixnKzmdB4
EVoIEm3orE4
VT_UI4
u5tbtwhL4
bURfnT4
s0zbVVKvXd4
TUvPqj4
0zMNTrZn4
ZBAco4
oM8LUkx4
J6z6owb35
2K81zGA65
5ZnBCNPeg65
dEp9tq16sC5
JDdN3gEE5
y68udQIHkR5
hYbpZ5
4tir8E4b5
OwZhQXSrmm5
4Q2bh6KD8t5
NUX87y5
IS_TEXT_UNICODE_ASCII16
IS_TEXT_UNICODE_REVERSE_ASCII16
ToUInt16
ReadInt16
ToInt16
HMACSHA256
t5Y2nid0A6
Ob4N2r6bHD6
r5ehQS6
gw2piT6
u2URRdjX6
UC5fcc6
kpDEbdI27
52de3d87-2bb8-4042-9840-cacd9d29a637
0xZUF7
VaultGetItem_WIN7
sc1GAGO7
QJDrMeLw7S7
irW2m7
GhnrmsiIt7
Yb12y7
get_UTF8
WVd0KrqLG8
VT_UI8
VaultGetItem_WIN8
koxMLDQ8
TssReZlS8
kxSKY8
fyFIjcQaoa8
6yXGj8
QST9lj8
BLOnlS9k8
GAmpt8
ftyK3yqt8
Dqcu8x8
g8KeHW9G729
MYIKzYXC9
5sWFR9
rin0pelgY9
y7rDvpzzt9
4aSACqOgw9
<Module>
kkeaBA
RunrlW3eIA
icvyBNAy6aA
gvTIcZYX0cA
LqMMJi7L7dA
d0YMdA
6SBy60oA
zNsY9B
e2CrGAB
DUxSWCB
POjCbFB
BCRYPT_KEY_DATA_BLOB
VT_BLOB
Zy7BTB
7AEprT1YB
EzWNmFcB
9cQP6k01YgB
cpjKUanB
JRBlWU6lBqB
qxIjkjUtrB
91RuedhhxB
fvPNAhyec5C
OCZqCwp9C
BCRYPT_KEY_DATA_BLOB_MAGIC
RU8lNEp5SC
a5Wli0Yz9D
LLKHF_EXTENDED
LLKHF_INJECTED
YmfT2wEXdED
3IVnz2FD
VT_CLSID
get_ID
set_ID
FileHandleID
fileHandleID
lpdwProcessID
processID
get_FormatID
set_FormatID
jcQ13NebJD
aHPZ4uNPD
V7QUzlfD
IBm05nD
DUPLICATE_CLOSE_SOURCE
BCRYPT_CHAINING_MODE
VT_STORAGE
cp87Q7LE
INVALID_HANDLE
VT_FILETIME
IS_TEXT_UNICODE_SIGNATURE
IS_TEXT_UNICODE_REVERSE_SIGNATURE
VT_DATE
IS_TEXT_UNICODE_DBCS_LEADBYTE
FMkQF27fE
7caOjBGZsfE
nRaW2frE
klxz8F
dD32YUKF
MKitrmLthF
8V3pgDTwF
23byUWxF
BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
yiLLdrCKG
IicScPhBvUG
trRkisxPaG
kDIBz6UVcG
MYXck8wG
kdDqmdDP3H
635Afp4H
BDD5CH
STATUS_AUTH_TAG_MISMATCH
STATUS_INFO_LENGTH_MISMATCH
OCjvC8AiLH
wmSxgkgNH
Z8eZFTH
IS_TEXT_UNICODE_ODD_LENGTH
BCRYPT_AUTH_TAG_LENGTH
BCRYPT_OBJECT_LENGTH
ZIuSYFUYbH
f2JJDDfH
HdtXpH
afLq5KDfx1I
kvpgT1XHJ4I
W7omEf6I
A8brBI
get_ASCII
xBiX3dgkaI
dQc5oZoi2J
c55CSBjm9J
LJdyCJ
nqHHzMkkDJ
4RkuFu5MJJ
MNJw1XQfJ
weBlgJ
g0d2X3iJ
W0Hc7tlJ
rD4xwBQZnJ
Tot13wFenJ
zQdqROsGWQK
IS_TEXT_UNICODE_UNICODE_MASK
IS_TEXT_UNICODE_NOT_UNICODE_MASK
IS_TEXT_UNICODE_REVERSE_MASK
IS_TEXT_UNICODE_NOT_ASCII_MASK
teI93TyZK
tsvZcEDrK
CfDWld7quuK
YKSOznutxK
J52GzK
VT_DECIMAL
UkTxREL
VT_NULL
WH_KEYBOARD_LL
a2fewL2FOL
VT_BOOL
SmtpSSL
JCFFgrD3rqL
N8DtVXTyL
estCxi1M
VT_VERSIONED_STREAM
VT_STREAM
BCRYPT_CHAIN_MODE_GCM
BCRYPT_AES_ALGORITHM
Vic3b1CTPM
G34OVMSM
csDwiaFnM
tdKAQFnc3N
nfnsqrB7N
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
HC_ACTION
FkrBuMI3fQN
LLKHF_ALTDOWN
WM_SYSKEYDOWN
WM_KEYDOWN
BvXumYN
lSajM2xymfN
Db9WRPiN
jXZZHn7YlN
dXZzcqN
s3O4wtN
llovQp9O
C4teljtGO
System.IO
NGlwB9MQ3PO
w2kZ26DTO
oM66JfdUO
MQJMrO
gg71YFuO
zZk14P
BCRYPT_PAD_OAEP
EZOPVNP
UYutCYDyxOP
WM_SYSKEYUP
WM_KEYUP
LLKHF_UP
1SaUrnbKhbP
UaJvtlP
NmORCnX2nP
bn785vF8Q
Izn6x29DQ
Ss863kIFQ
aLcfu94VQMQ
MDZQipeOQ
CLBRaQ
kSTBhQ
NUTRKcVjQ
96kdH4JqQ
1a5nS0K0R
MS_PRIMITIVE_PROVIDER
f3iokZLxSER
VT_ERROR
VT_VECTOR
iVgOWQR
mY9SvSR
VT_BSTR
VT_LPSTR
VT_LPWSTR
Cs3KHkR
6Rr2nlR
vd6gvR
oedkvwR
TzOU2S
IS_TEXT_UNICODE_STATISTICS
IS_TEXT_UNICODE_REVERSE_STATISTICS
IS_TEXT_UNICODE_NULL_BYTES
cltDIS
IS_TEXT_UNICODE_CONTROLS
IS_TEXT_UNICODE_REVERSE_CONTROLS
u21weJFnLS
WgwbjtJ3rMS
IS_TEXT_UNICODE_ILLEGAL_CHARS
DUPLICATE_SAME_ACCESS
ERROR_SUCCESS
STATUS_SUCCESS
BCRYPT_PAD_PSS
sP8jxjnFpS
Q9dc0T
IPV43ILHi2T
jgF8hC8BT
oU5sTXKCT
RujBTCs3DT
9UsLQ1zET
VT_UINT
VT_INT
NJqHRT
JYIK6vRT
v0OI5tdT
4D6YrM7qeT
7G0gsA3WnT
wMESmkNhtnT
y6z5pT
qeQidauT
kk29yT
iMOjnmrS4U
8bnV6U
KZpHTD8za7U
EOtSuDU
5GWpa1NPU
ucxgDVVU
avoP4rPWU
qEdC8XU
cK0o2cDXU
KL569F10eU
eVzwWp3BgU
uLw458V
AoL2cSmNEV
get_IV
set_IV
H64da2jtTV
qnzrVamV
iQZzERtV
KDgOouNz1W
jugWNLk9W
e5TGgjBwDW
STATUS_BUFFER_OVERFLOW
zYwyh3rRNTW
pv8JbW
xGqArm1jW
GLDFYJX
7b9q0rNX
Vl8q0RsvSX
3MG6RfChX
wU9r4vwoHnX
GdY6lcoX
SbYURWqX
ThRfVsX
bD3N7a6IttX
4WcexX
VT_ARRAY
Tzo8DchHY
KI9czlqtQY
A2S440PRY
UOSURY
VT_EMPTY
xD9ggPjWpUY
cmShpM3Z
kwS6Yif7Z
ASAbqAB8Z
aoKlrpJAZ
sXaqUTBZ
QmLcxjDVZ
tuZVCRfZ
VhhYMov5lZ
ahBtrxZ
value__
K7M20a
spqqNa
toyrMrXOa
H6hyOa
s8rB7PVPa
r8fsEMLaa
WTZdS9xda
og3uIOja
VfthpTmqka
w5G29rna
VqV2auQmcoa
get_Data
set_Data
cbData
ProtectedData
cbAuthData
pbAuthData
PropertyData
SetQuota
ALfS9b
fnfdnMb
PublicIpAddressGrab
mscorlib
YxZnZqtWqb
WBlZGoZTrb
bnaQZOKZwb
CHTz5E07c
C2iwCc
NomEs5Hc
7qZO2GpgcJc
yADXQc
U22vSc
WFyKWc
qivpRplHZic
System.Collections.Generic
Microsoft.VisualBasic
WG0FWohlc
WndProc
HookProc
FromFileTimeUtc
HvX2Bd
get_Id
SchemaId
schemaId
pszAlgId
HookId
eQP0lovmId
GetWindowThreadProcessId
processId
SchemaElementId
yJVpQd
kYI7wtFqNUd
PageExecuteRead
OpenRead
FileMapRead
VirtualMemoryRead
CreateThread
lpcbNeeded
DomainExtended
SHA1Managed
RijndaelManaged
add_Changed
remove_Changed
get_LastModified
set_LastModified
_lastModified
Interlocked
set_Enabled
get_IsEnabled
set_IsEnabled
_enabled
Undefined
lpOverlapped
samDesired
add_Elapsed
get_LastAccessed
set_LastAccessed
_lastAccessed
get_Reserved
reserved
dO84ghd
TorPid
activeWindowPid
pPackageSid
row_id
get_IsInvalid
get_Guid
vaultGuid
PcHwid
<ID>k__BackingField
<FormatID>k__BackingField
<Data>k__BackingField
<LastModified>k__BackingField
<IsEnabled>k__BackingField
<LastAccessed>k__BackingField
<Password>k__BackingField
<password>k__BackingField
<PropertyStorage>k__BackingField
<Name>k__BackingField
<FileName>k__BackingField
<ApplicationName>k__BackingField
<name>k__BackingField
<Username>k__BackingField
<username>k__BackingField
<Type>k__BackingField
<type>k__BackingField
<secure>k__BackingField
<expirationDate>k__BackingField
<sameSite>k__BackingField
<TypedPropertyValue>k__BackingField
<value>k__BackingField
<Size>k__BackingField
<IsRunning>k__BackingField
<Path>k__BackingField
<path>k__BackingField
<hostmask>k__BackingField
<domain>k__BackingField
<Version>k__BackingField
<Application>k__BackingField
<Description>k__BackingField
<user>k__BackingField
<hoster>k__BackingField
<Tasks>k__BackingField
<objects>k__BackingField
<Accounts>k__BackingField
<Keys>k__BackingField
<Lenght>k__BackingField
<JsonResult>k__BackingField
<Host>k__BackingField
<GuidMasterKey>k__BackingField
<httpOnly>k__BackingField
GetField
TrimEnd
ReadToEnd
AppEnd
Append
get_Millisecond
GetUpperBound
GetLowerBound
set_Method
method
Clipboard
get_Password
set_Password
DomainPassword
SmtpPassword
get_password
set_password
Kl09vd
AJ3u4kxMOe
oXvkQe
sO96kWwcbe
WRkRSce
Replace
IsNullOrWhiteSpace
DeleteBackspace
QueryDosDevice
hInstance
IdentityReference
Sequence
cbNonce
pbNonce
Resource
vkCode
wScanCode
scanCode
keyCode
set_Mode
FileMode
ShareMode
PaddingMode
CryptoStreamMode
CipherMode
SelectSingleNode
XmlNode
get_Unicode
get_BigEndianUnicode
IsTextUnicode
FromImage
SectionImage
get_PropertyStorage
set_PropertyStorage
SerializedPropertyStorage
SendMessage
MailMessage
AddRange
CompareExchange
CredentialCache
SectionNoCache
EndInvoke
BeginInvoke
GetEnvironmentVariable
SetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
hSourceHandle
SafeHandle
GetModuleHandle
RuntimeTypeHandle
ReleaseHandle
CloseHandle
DuplicateHandle
CreateHandle
GetTypeFromHandle
hSourceProcessHandle
hTargetProcessHandle
lpTargetHandle
bInheritHandle
vaultHandle
activeWindowHandle
handle
Rectangle
ToSingle
CreateFile
hTemplateFile
DeleteFile
WriteFile
MoveFile
MapViewOfFile
UnmapViewOfFile
lastTitle
activeWindowTitle
lphModule
get_MainModule
ProcessModule
get_Name
set_Name
lpDeviceName
get_FileName
set_FileName
GetModuleFileName
lpExistingFileName
lpFileName
GetFileName
lpNewFileName
_fileName
get_ModuleName
lpModuleName
lpBaseName
baseName
lpValueName
StartupRegName
rootPathName
get_OSFullName
get_FullName
OperatingSystemName
get_ApplicationName
set_ApplicationName
StartupInstallationName
lpName
lpAppName
get_UserName
get_ComputerName
ThisComputerName
ProcessorName
get_ProcessName
processName
StartupEnvName
GetProcessesByName
lpKeyName
pszCredentialFriendlyName
StartupDirectoryName
GetDirectoryName
astable_name
item_name
get_name
set_name
Filename
filename
get_Username
set_Username
get_username
set_username
System.Net.Mime
DateTime
GetLastAccessTime
dwTime
AppendLine
get_NewLine
Combine
LocalMachine
Escape
Unescape
DataProtectionScope
get_Type
set_Type
set_MediaType
pszBlobType
GetFileType
MimeType
ValueType
LogType
SecurityProtocolType
GetType
ContentType
item_type
get_type
set_type
P27TuRre
FileShare
Compare
System.Core
get_secure
set_secure
PtrToStructure
get_InvariantCulture
Capture
StHp8Tqkse
HttpWebResponse
GetResponse
Dispose
Reverse
get_expirationDate
set_expirationDate
X509Certificate
GenericCertificate
DomainCertificate
Create
KBDLLHookProcDelegate
MulticastDelegate
Terminate
PcState
GetKeyboardState
lpKeyState
GetKeyState
Delete
get_sameSite
set_sameSite
PageReadWrite
PageExecuteReadWrite
nNumberOfBytesToWrite
FileMapWrite
VirtualMemoryWrite
Remote
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
SecuritySafeCriticalAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
FlagsAttribute
CompilationRelaxationsAttribute
ReliabilityContractAttribute
ParamArrayAttribute
RuntimeCompatibilityAttribute
SuppressUnmanagedCodeSecurityAttribute
set_UseShellExecute
FileMapExecute
ReadByte
ToByte
get_Value
HandleValue
TryGetValue
get_TypedPropertyValue
set_TypedPropertyValue
GetPropertyValue
get_value
set_value
set_KeepAlive
Remove
SectionReserve
get_Size
set_Size
dataSize
cbSize
get_StorageSize
lpFileSize
get_NameSize
volumeNameSize
nFileSystemNameSize
SQLDataTypeSize
get_StoreSize
get_ValueSize
get_HashSize
set_BlockSize
chunkSize
get_KeySize
Serialize
Deserialize
Initialize
Finalize
Synchronize
page_size
Resize
Tq8zfrq5f
OCGeEWefAf
OPO9VCDf
SizeOf
get_ItemOf
LastIndexOf
EnKfQf
8EyYbbUf
gdZTmPXf
cchBuff
iAv1eu3jf
5JGqolf
lastInputInf
F6JMfsf
M7jdDU4n4g
2dJmJ5g
DO6DAg
WApjAg
IveknUkBg
oH693OIIGFg
ffEyXGg
noGt9Xg
get_Jpeg
HmxDfNQrXig
rEscnX6mg
System.Threading
get_Padding
set_Padding
UTF8Encoding
encoding
System.Drawing.Imaging
get_IsRunning
set_IsRunning
CreateFileMapping
FromBase64String
ToBase64String
EscapeDataString
UnescapeDataString
lpReturnedString
GetPrivateProfileString
ToString
GetString
OctetString
BitString
Substring
System.Drawing
P9lH7B4Qcrg
wc8dVrzdrg
get_Msg
zQFY1puy1h
6nhK5ZM7h
YEFPFRGh
mGo0uauKh
BtD2t5Och
SmtpAttach
dwMaximumSizeHigh
dwFileOffsetHigh
ComputeHash
get_Path
set_Path
SystemAppdataPath
get_ExecutablePath
AsmFilePath
AppStartupFullPath
GetTempPath
GetFolderPath
lpTargetPath
StartupDirectoryPath
get_path
set_path
get_Width
get_Length
MaximumLength
dwMinLength
SystemInformationLength
ObjectInformationLength
set_MaxJsonLength
ReturnLength
maximumComponentLength
GetWindowTextLength
dwMaxLength
EndsWith
StartsWith
kmj6efbhHAi
L5k7AMFi
81bupKi
5vdLRi
lIFlfoZEUi
UZ0CYi
PtrToStringUni
StringToHGlobalUni
rcjRi79pi
zHxvJyBf9wi
vnS3F30j
3tMix2j
cwcwAj
HA6EPj
ckbBTj
egON7xiYZj
objrij
gDuazJDASsj
kDN5P0xxj
mFBZTHr2k
I5gbpk9th9k
DSEBIpkaIk
qbJ8KZk
qqJPbk
QhGD6ONcbk
AsyncCallback
RemoteCertificateValidationCallback
get_ServerCertificateValidationCallback
set_ServerCertificateValidationCallback
callback
get_CapsLock
TransformFinalBlock
TransformBlock
IANngk
QUphY3ik
PCJ1kk
idHook
_clipboardHook
_keyboardHook
osdAbjxxok
get_hostmask
set_hostmask
FeAPE1dt54l
saWgtZZ9l
WchswLAl
WvcqZoFl
AllocHGlobal
FreeHGlobal
Illegal
Marshal
NetworkCredential
Decimal
System.Security.Principal
set_Interval
ScreenInterval
KeyloggerInterval
7okbzbl
Rijndael
cbLabel
pbLabel
System.Collections.ObjectModel
System.ComponentModel
EnableTorPanel
System.Net.Mail
Kernel32.dll
kernel32.dll
User32.dll
user32.dll
vaultcli.dll
psapi.dll
ntdll.dll
bcrypt.dll
System.Xml
set_IsBodyHtml
set_SecurityProtocol
Control
set_EnableSsl
fvQEQRRtl
NwDrxwl
gH27fyb5m
wGOLZm1eICm
eSctI8xqLm
92aaxQm
rZqdR5Wm
AT5AIxTZm
FileStream
get_BaseStream
GetResponseStream
CryptoStream
MemoryStream
get_LParam
get_WParam
get_Param
lParam
wParam
D6JrUcJem
get_Item
set_Item
VaultGetItem
vaultItem
OperatingSystem
r8d54EKphm
HmacAlgorithm
SymmetricAlgorithm
phAlgorithm
KeyedHashAlgorithm
algorithm
KRmK2B7gkm
jCWoN9zEmm
Random
ICryptoTransform
Maximum
root_num
HqBgwhu84n
5g7YNn
A7JvpXnNcTn
qNCVWIIjWn
ToBoolean
IsLittleEndian
flx4Upxdn
rfCFJIen
CopyFromScreen
get_PrimaryScreen
lpNumberOfBytesWritten
sRDfhn
X509Chain
ChangeClipboardChain
get_domain
set_domain
Extension
get_OSVersion
get_Version
set_Version
dwInfoVersion
get_Application
set_Application
get_Location
ObjectDataInformation
SystemRegistryQuotaInformation
SystemBasicInformation
ObjectBasicInformation
QueryLimitedInformation
SystemPerformanceInformation
SystemProcessorPerformanceInformation
SystemLookasideInformation
SystemHandleInformation
ObjectNameInformation
GetVolumeInformation
ObjectTypeInformation
ObjectAllInformation
NtQuerySystemInformation
SystemExceptionInformation
SystemProcessInformation
ObjectInformation
SetInformation
SystemInterruptInformation
SystemTimeOfDayInformation
QueryInformation
VirtualMemoryOperation
pszImplementation
System.Globalization
System.Web.Script.Serialization
System.Reflection
PropertyDataCollection
ValueCollection
MatchCollection
GroupCollection
ManagementObjectCollection
AttachmentCollection
KeyCollection
set_Position
CreationDisposition
get_ContentDisposition
SearchOption
Win32Exception
CryptographicException
ArgumentOutOfRangeException
ArgumentException
get_Description
set_Description
get_StatusDescription
_description
System.Runtime.ConstrainedExecution
StringComparison
Htdgasn
add_KeyDown
remove_KeyDown
get_CtrlKeyDown
get_ShiftKeyDown
get_AltKeyDown
Unknown
XQhxpbyn
CduLz3S8o
9UYJVcAo
yXgEiAU2MOo
CompareTo
CopyTo
XsE4BcZVUo
vYc7fT1eo
lastInPutNfo
dwExtraInfo
ImageCodecInfo
FieldInfo
FileInfo
CultureInfo
pPaddingInfo
FileSystemInfo
MemberInfo
ComputerInfo
get_StartInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
OPgyPnEko
3Q609bxo
yXwyuM7u6Fp
BLoVyY1C0Lp
5IHlSyj7Sp
add_KeyUp
remove_KeyUp
dwNumberOfBytesToMap
Bitmap
yoH7RBfp
TimeStamp
LocalApp
yObeoqCOpp
b2jJ9Wsp
oZxJup
AppAddStartup
HideFileStartup
Xg9nzp
LxonX7E6q
yFuv7q
W4jZgIWN9q
bLriMDtm5Eq
ZkTaEq
C4KYrPq
System.Linq
FMnvJr
ToChar
lpChar
DirectorySeparatorChar
ObjectTypeNumber
volumeSerialNumber
StreamReader
TextReader
BinaryReader
SHA1CryptoServiceProvider
MD5CryptoServiceProvider
RNGCryptoServiceProvider
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
IFormatProvider
StringBuilder
SpecialFolder
SmtpSender
sender
Encoder
volumeNameBuffer
fileSystemNameBuffer
buffer
ServicePointManager
Integer
EnableClipboardLogger
EnableScreenLogger
_screenLogger
_keyLogger
EnableKeylogger
ManagementObjectSearcher
ObjectIdentifier
SecurityIdentifier
ElapsedEventHandler
LogTimer
ToUpper
CurrentUser
get_user
set_user
EncoderParameter
Object_Pointer
BitConverter
get_hoster
set_hoster
BinaryFormatter
SmtpReceiver
SmtpServer
SetClipboardViewer
ToLower
JavaScriptSerializer
Nt52Ljr
get_Major
get_Minor
GetLastWin32Error
GetLastError
Authenticator
IEnumerator
ManagementObjectEnumerator
GetEnumerator
RandomNumberGenerator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
aSEcRu8Qqqr
passwordVaultPtr
ReadIntPtr
rqJjus4s
gcTJfaoK6s
qvtLxgLMCs
ykuePdrGs
d452JKs
ouKEYs
Graphics
System.Diagnostics
get_Bounds
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetInstances
get_ChildNodes
Matches
EnableCookies
GetDirectories
master_table_entries
get_Properties
ExpandEnvironmentVariables
GetFiles
EnumProcessModules
NumberStyles
GetSubKeyNames
field_names
ReadAllLines
GetProcesses
System.Security.Cryptography.X509Certificates
FlagsAndAttributes
lpFileMappingAttributes
SecurityAttributes
FileBytes
Rfc2898DeriveBytes
ReadAllBytes
BufferBytes
GetBytes
db_bytes
get_Values
GetLogicalDrives
fileSystemFlags
dwFlags
ElapsedEventArgs
1jwN8Qsp0hs
get_Tasks
set_Tasks
ICredentials
set_Credentials
get_DefaultCredentials
set_UseDefaultCredentials
Equals
CreateParams
VaultEnumerateItems
System.Windows.Forms
Contains
System.Web.Extensions
System.Text.RegularExpressions
iterations
System.Collections
set_MaximumAutomaticRedirections
StringSplitOptions
RegexOptions
options
sh97ps
get_Groups
zhPaqs
get_Chars
GetImageEncoders
System.Timers
RuntimeHelpers
EncoderParameters
SslPolicyErrors
SystemInformationClass
ObjectInformationClass
ManagementClass
dwDesiredAccess
GrantedAccess
FileAccess
FileMapAllAccess
processAccess
get_Success
CreateProcess
hProcess
OpenProcess
GetCurrentProcess
lpBaseAddress
MailAddress
PublicIpAddress
get_objects
set_objects
VaultEnumerateVaults
pPropertyElements
get_Attachments
set_Arguments
get_Accounts
set_Accounts
get_Exists
yrHJHuts
dV5ntPF7Uws
PofaFPxs
get_Keys
set_Keys
get_ModifierKeys
0ZGB0g33t
UBCvTrXt
qojDYkx4lYt
Concat
AppendFormat
ImageFormat
Subtract
VT_BLOB_Object
VT_STREAMED_Object
VT_STORED_Object
ManagementBaseObject
hFileMappingObject
hObject
ManagementObject
cbKeyObject
pbKeyObject
NtQueryObject
object
set_Subject
Collect
set_AllowAutoRedirect
flProtect
Unprotect
System.Net
P6FqQEo1Set
offset
get_Height
get_Lenght
set_Lenght
VEMmht
op_Explicit
SectionCommit
WaitForExit
cbSalt
VaultOpenVault
get_Default
lpDefault
pcbResult
IAsyncResult
CookieResult
phkResult
get_JsonResult
set_JsonResult
result
UnsignedInt
jsfzRnt
set_UserAgent
PublicUserAgent
SmtpClient
System.Management
pResourceElement
XmlElement
pAuthenticatorElement
pIdentityElement
dwIncrement
sql_statement
Attachment
Environment
XmlDocument
get_Parent
GetParent
get_Current
content
get_Count
get_HandleCount
get_TickCount
vaultItemCount
set_IterationCount
dwPropertiesCount
vaultCount
BCryptDecrypt
BCryptEncrypt
TrimStart
AppStart
Convert
set_Port
SmtpPort
UnsignedShort
HttpWebRequest
XmlNodeList
ToList
MozillaBrowserList
ChromiumBrowserList
get_Host
set_Host
ICredentialsByHost
set_Timeout
GetKeyboardLayout
dwLayout
cbInput
pbInput
cbOutput
pbOutput
get_StandardOutput
set_RedirectStandardOutput
qazSEwgvt
MoveNext
System.Text
LastCopiedText
KeylogText
ReadAllText
AppendAllText
get_InnerText
GetText
GetWindowText
Log_text
cbMacContext
pbMacContext
UBtljztP7u
fhuf3Cu
lyhlEq70Hu
xWdFSLu
uTfiFDKTu
SqfJRdSWu
4NBi0hu
1qs1vLvImiu
KXba8Ttu
ooGmwZeNo0v
zqfY1QlFv
KUMW53hXv
fnR3fv
joOAZB4w
d4veP5w
Ak5aBlJw
dwMaximumSizeLow
dwFileOffsetLow
get_Now
GetForegroundWindow
NativeWindow
set_CreateNoWindow
zGCTyF7uw
Z5mJxW71exw
SjVOyw
4iiFjAzw
5ig25MdP0x
PWUhdEx
ToUnicodeEx
GetModuleFileNameEx
RegQueryValueEx
GetFileSizeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
MaximumEx
RegOpenKeyEx
hguobfdNx
ucchMax
tPhTjSBuhdx
BufferEndIndex
BlockIndex
BufferStartIndex
vUAc80y
x4w7pkJ5y
19WoONuEy
nycd2CwEHy
ProtectedArray
ToByteArray
InitializeArray
ToArray
ToCharArray
Consistency
set_Body
get_Key
set_Key
OpenSubKey
subKey
RegCloseKey
get_GuidMasterKey
set_GuidMasterKey
_guidMasterKey
ContainsKey
wVirtKey
hImportKey
BCryptImportKey
BCryptDestroyKey
RegistryKey
_wsftpkey
xKV9ykfy
System.Security.Cryptography
r20huRly
GetExecutingAssembly
kWgjly
get_httpOnly
set_httpOnly
PageReadonly
Multiply
PageWriteCopy
BlockCopy
FileMapCopy
System.Runtime.Serialization.Formatters.Binary
AmountOfMemory
get_TotalPhysicalMemory
Directory
Registry
get_Capacity
Quality
op_Equality
op_Inequality
System.Security
System.Net.Security
Identity
IsNullOrEmpty
BCryptSetAlgorithmProperty
BCryptGetProperty
BCryptSetProperty
pszProperty
er109rcvy
qkAxEPyy
OdDsOZoyy
SfV0JBKW6Gz
yfZZdktgz
rSiohz
Wn36HmRiEiz
E5HNamQpOqz
J5Ip0uz
60HU852qfyz
$1a20baca-08f2-457b-809b-2460b0ded72e
WrapNonExceptionThrows
1.0.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
pp p!p"p#p$p%p&p'p(p)p*p+p,p-p.p/p0p1p2p3p4p5p6p7p8p9p:p;p<p=p>p?p@pApDpEpFpGpHpKpiy
k#n+n9
45 6!7"8#9$:%;&<'=(>)?*@+A,B-C0D4E5F6G7H8I9K:N;O=QATDZF[N`PfTxZy^z`{c|g}j
BACAIHJHQPVUWUXUZY_^fehgigjgkglgmgpo
image/jpg
yyyy_MM_dd_HH_mm_ss
/log.tmp
yyyy-MM-dd HH:mm:ss
text/plain
<br>OSFullName:
<br>User Name:
MM/dd/yyyy HH:mm:ss
IP Address:
<br>CPU:
Time:
<br>RAM:
<br>Computer Name:
Recovered!
Time:
OSFullName:
User Name:
https://api.ipify.org
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
mail.egyptscientific.com
ibrahim@egyptscientific.com
@unclep3490
lxaXp.exe
]</b> (
{PageDown}
{ALT+F4}
{CTRL}
{Insert}
{ENTER}
{KEYLEFT}
control
{ALT+TAB}
{KEYUP}
{NumLock}
{CAPSLOCK}
{HOME}
{KEYDOWN}
{BACK}
{KEYRIGHT}
{PageUp}
&quot;
<br><hr>Copied Text: <br>
logins
IE/Edge
2F1A6504-0641-44CF-8BB5-3612D865F2E5
Windows Secure Note
3CCD5499-87A8-4B10-A215-608888DD3B55
Windows Web Password Credential
154E23D0-C644-4E6F-8CE6-5069272F999F
Windows Credential Picker Protector
4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Web Credentials
77BC582B-F0A6-4E15-4E80-61736B6F3B29
Windows Credentials
E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Windows Domain Certificate Credential
3E0E35BE-1B77-43E7-B873-AED901B6275B
Windows Domain Password Credential
3C886FF3-2669-4AA2-A8FB-3F6759A77548
Windows Extended Credential
00000000-0000-0000-0000-000000000000
SchemaId
pResourceElement
pIdentityElement
pPackageSid
pAuthenticatorElement
UC Browser
UCBrowser\
Login Data
journal
wow_logins
Safari for Windows
\Common Files\Apple\Apple Application Support\plutil.exe
\Apple Computer\Preferences\keychain.plist
<array>
<dict>
<string>
</string>
<data>
</data>
-convert xml1 -s -o "
\fixed_keychain.xml"
\Microsoft\Credentials\
\Microsoft\Protect\
credential
QQ Browser
Tencent\QQBrowser\User Data
\EncryptedStorage
\Default\EncryptedStorage
Profile
entries
category
Password
password_value
IncrediMail
SmtpPassword
PopPassword
Software\IncrediMail\Identities\
\Accounts_New
SmtpServer
EmailAddress
Eudora
Software\Qualcomm\Eudora\CommandLine\
current
Settings
SavePasswordText
ReturnAddress
Falkon Browser
startProfile=([A-z0-9\/\.\"]+)
profiles.ini
\browsedata.db
autofill
\falkon\profiles\
ClawsMail
\Claws-mail
\clawsrc
passkey0
master_passphrase_salt=(.+)
master_passphrase_pbkdf2_rounds=(.+)
\accountrc
smtp_server
address
account
\passwordstorerc
{(.*),(.*)}(.*)
Flock Browser
APPDATA
\Flock\Browser\
signons3.txt
DynDns
username=
password=
https://account.dyn.com/
ALLUSERSPROFILE
Dyn\Updater\config.dyndns
t6KzXhCh
Dyn\Updater\daemon.cfg
global
accounts
account.
username
password
Psi/Psi+
\Psi\profiles
\accounts.xml
\Psi+\profiles
OpenVPN
Software\OpenVPN-GUI\configs
Software\OpenVPN-GUI\configs\
auth-data
entropy
USERPROFILE
\OpenVPN\config\
remote
NordVPN
NordVpn.exe*
user.config
//setting[@name='Username']/value
//setting[@name='Password']/value
Private Internet Access
ProgramFiles(x86)
\Private Internet Access\data
\account.json
.*"username":"(.*?)"
.*"password":"(.*?)"
privateinternetaccess.com
%ProgramW6432%
Private Internet Access\data
FileZilla
\FileZilla\recentservers.xml
<Server>
<Host>
</Host>
<Port>
</Port>
<User>
</User>
<Pass encoding="base64">
</Pass>
<Pass>
CoreFTP
SOFTWARE\FTPWare\COREFTP\Sites
hdfzpysvpzimorhk
WinSCP
SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
HostName
UserName
PublicKeyFile
PortNumber
[PRIVATE KEY LOCATION: "{0}"]
ABCDEF
Flash FXP
quick.dat
\FlashFXP\
Sites.dat
yA36zA48dEhfrvghGRg57h5UlDv3
FTP Navigator
SystemDrive
\FTP Navigator\Ftplist.txt
No Password
Server
SmartFTP
SmartFTP\Client 2.0\Favorites\Quick Connect
WS_FTP
appdata
Ipswitch\WS_FTP\Sites\ws_ftp.ini
FtpCommander
;Port=
;Password=
\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
\Program Files (x86)\FTP Commander\Ftplist.txt
\cftp\Ftplist.txt
;User=
;Server=
\VirtualStore\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
;Anonymous=
\VirtualStore\Program Files (x86)\FTP Commander\Ftplist.txt
FTPGetter
\FTPGetter\servers.xml
<server>
<server_ip>
</server_ip>
<server_port>
</server_port>
<server_user_name>
</server_user_name>
<server_user_password>
</server_user_password>
The Bat!
\The Bat!
\Account.CFN
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
Becky!
HKEY_CURRENT_USER\Software\RimArts\B2\Settings
DataDir
Folder.lst
\Mailbox.ini
Account
PassWd
SMTPServer
MailAddress
Outlook
9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\11.0\Outlook\Profiles
Software\Microsoft\Office\12.0\Outlook\Profiles
Software\Microsoft\Office\14.0\Outlook\Profiles
Software\Microsoft\Office\15.0\Outlook\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles
IMAP Password
POP3 Password
HTTP Password
SMTP Password
Server
Windows Mail App
Software\Microsoft\ActiveSync\Partners
syncpassword
mailoutgoing
COMPlus_legacyCorruptedStateExceptionsPolicy
FoxMail
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
Executable
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
FoxmailPath
\Storage\
\VirtualStore\Program Files\Foxmail\mail
\VirtualStore\Program Files (x86)\Foxmail\mail
\Accounts\Account.rec0
\Account.stg
POP3Host
SMTPHost
IncomingServer
POP3Password
Opera Mail
\Opera Mail\Opera Mail\wand.dat
opera:
ijklmno
vwxyz1234567890_-.~!@#$%^&*()[{]}\|';:,<>/?+=
PocoMail
\Pocomail\accounts.ini
POPPass
SMTPPass
eM Client
eM Client\accounts.dat
Accounts
"Username":"
"Secret":"
72905C47-F4FD-4CF7-A489-4E8121A155BD
"ProviderName":"
o6806642kbM7c5
Mailbird
SenderIdentities
\Mailbird\Store\Store.db
Server_Host
Username
EncryptedPassword
TigerVNC
Software\TigerVNC\Server
RealVNC 3.x
SOFTWARE\RealVNC\vncserver
Software\ORL\WinVNC3
RealVNC 4.x
SOFTWARE\Wow6432Node\RealVNC\WinVNC4
TightVNC
Software\TightVNC\Server
TightVNC ControlPassword
ControlPassword
SOFTWARE\RealVNC\WinVNC4
PasswordViewOnly
UltraVNC
\uvnc bvba\UltraVNC\ultravnc.ini
passwd
passwd2
ProgramFiles
\UltraVNC\ultravnc.ini
JDownloader 2.0
JDownloader 2.0\cfg
org.jdownloader.settings.AccountSettings.accounts.ejs
jd.controlling.authentication.AuthenticationControllerSettings.list.ejs
Paltalk
Software\A.V.M.\Paltalk NG\common_settings\core\users\creds\
nickname
paltalk.com
Pidgin
\.purple\accounts.xml
<account>
<protocol>
</protocol>
<name>
</name>
<password>
</password>
Trillian
\Trillian\users\global\accounts.dat
trillian.im
MysqlWorkbench
\MySQL\Workbench\workbench_user_data.dat
Internet Downloader Manager
Software\DownloadManager\Passwords\
EncPassword
Discord
discord.com
Discord Token
[\w-]{24}\.[\w-]{6}\.[\w-]{27}
mfa\.[\w-]{84}
discordptb
discordcanary
Local Storage\leveldb
origin_url
username_value
Opera Stable
\Local State
"encrypted_key":"(.*?)"
\Login Data
\Default\Login Data
key4.db
metaData
nssPrivate
2a864886f70d0209
2a864886f70d010c050103
key3.db
global-salt
Version
password-check
Path=([A-z0-9\/\.\-]+)
\"(hostname|encryptedPassword|encryptedUsername)":"(.*?)"
[^\u0020-\u007F]
logins.json
signons.sqlite
moz_logins
hostname
encryptedUsername
encryptedPassword
Application:
Username:
Password:
Host:
<br>Username:
<br>Password:
<br>Application:
<br><hr>
IceDragon
\Comodo\IceDragon\
CentBrowser
CentBrowser\User Data
Coowon
Coowon\Coowon\User Data
Elements Browser
Elements Browser\User Data
Citrio
CatalinaGroup\Citrio\User Data
Chromium
Chromium\User Data
Orbitum
Orbitum\User Data
Comodo Dragon
Comodo\Dragon\User Data
Edge Chromium
Microsoft\Edge\User Data
CyberFox
\8pecxstudios\Cyberfox\
Iridium Browser
Iridium\User Data
Sputnik
Sputnik\Sputnik\User Data
Kometa
Kometa\User Data
Amigo\User Data
BraveSoftware\Brave-Browser\User Data
Cool Novo
MapleStudio\ChromePlus\User Data
K-Meleon
\K-Meleon\
Chedot
Chedot\User Data
QIP Surf
QIP Surf\User Data
Epic Privacy
Epic Privacy Browser\User Data
Yandex Browser
Yandex\YandexBrowser\User Data
IceCat
\Mozilla\icecat\
Coccoc
CocCoc\Browser\User Data
Postbox
\Postbox\
SeaMonkey
\Mozilla\SeaMonkey\
360 Browser
360Chrome\Chrome\User Data
PaleMoon
\Moonchild Productions\Pale Moon\
WaterFox
\Waterfox\
Thunderbird
\Thunderbird\
BlackHawk
\NETGATE Technologies\BlackHawk\
Chrome
Google\Chrome\User Data
Firefox
\Mozilla\Firefox\
7Star\7Star\User Data
Vivaldi
Vivaldi\User Data
Opera Browser
Opera Software\Opera Stable
uCozMedia\Uran\User Data
Liebao Browser
liebao\User Data
Sleipnir 6
Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
Torch Browser
Torch\User Data
00061561
Berkelet DB
00000002
1.85 (Hash, version 2, native byte-order)
Unknow database format
SQLite format 3
UNIQUE
Cookies
Network\Cookies
cookies
host_key
expires_utc
is_httponly
is_secure
samesite
encrypted_value
cookies.sqlite
moz_cookies
expiry
isHttpOnly
isSecure
sameSite
\Default\
{0:X2}
OBJECTIDENTIFIER
OCTETSTRING
SEQUENCE {
INTEGER
Windows Credential
policy
{{{0}}}
chrome
sha512
ObjectLength
ChainingModeGCM
AuthTagLength
ChainingMode
KeyDataBlob
Microsoft Primitive Provider
:Zone.Identifier
SELECT * FROM Win32_Processor
win32_processor
processorID
d8f14bb6-7c44-494c-9481-da505490361b
Win32_NetworkAdapterConfiguration
IPEnabled
MacAddress
533ddd33-42d9-495c-b7de-4abbaea469d7
Win32_BaseBoard
SerialNumber
24edfebd-d184-4d90-81e7-5542cac7c7b5
text/html
Version: 0x{0:X}
FormatID: {0}
StorageSize: {0} (0x{0:X})
Size of the SerializedPropertyStorage is less than 28 ({0})
Version is not equal to {0} ({1})
{D5CDD505-2E9C-101B-9397-08002B2CF9AE}
Size of the SerializedPropertyStore is less than {0} ({1})
Value: {0}
Type: {0}
NameSize: {0} (0x{0:X})
ValueSize: {0} (0x{0:X})
Antivirus Signature
Bkav Clean
Lionic Clean
tehtris Clean
MicroWorld-eScan Generic.MSIL.PasswordStealerA.0637617A
FireEye Generic.mg.00b28f548f14de4f
CAT-QuickHeal Clean
ALYac Generic.MSIL.PasswordStealerA.0637617A
Malwarebytes Spyware.AgentTesla.Generic
VIPRE Generic.MSIL.PasswordStealerA.0637617A
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Generic.MSIL.PasswordStealerA.0637617A
K7GW Clean
CrowdStrike win/malicious_confidence_100% (D)
Arcabit Generic.MSIL.PasswordStealerA.D9BAB1A
BitDefenderTheta Gen:NN.ZemsilF.36738.pm0@aeTjstc
VirIT Trojan.Win32.MSIL_Heur.A
Cyren W32/Azorult.D.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Spy.AgentTesla.F
APEX Malicious
Paloalto Clean
ClamAV Win.Packed.Msilperseus-9956591-0
Kaspersky HEUR:Trojan-PSW.MSIL.Agensla.a
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
TACHYON Clean
Sophos Troj/Tesla-CNT
Baidu Clean
F-Secure Trojan.TR/Spy.Gen8
DrWeb BackDoor.SpyBotNET.62
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.dm
Trapmine malicious.moderate.ml.score
CMC Clean
Emsisoft Generic.MSIL.PasswordStealerA.0637617A (B)
Ikarus Trojan-Spy.MSIL.Redline
Jiangmin Clean
Webroot Clean
Google Detected
Avira TR/Spy.Gen8
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Xcitium Clean
Microsoft Trojan:Win32/AgentTesla!ml
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-PSW.MSIL.Agensla.a
GData Generic.MSIL.PasswordStealerA.0637617A
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.C5498285
Acronis Clean
McAfee Clean
MAX malware (ai score=81)
DeepInstinct MALICIOUS
VBA32 Trojan.MSIL.InfoStealer.gen.D
Cylance unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Spyware.AgentTesla!8.10E35 (TFE:dGZlOg384LsNDDpzmQ)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet MSIL/Agent.F!tr.spy
AVG Win32:PWSX-gen [Trj]
Cybereason malicious.93b68b
Avast Win32:PWSX-gen [Trj]
No IRMA results available.