popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2038-11-07 00:43:12

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00052c74 0x00052e00 5.65152184817
.rsrc 0x00056000 0x00000612 0x00000800 3.54518494002
.reloc 0x00058000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000560a0 0x00000388 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00056428 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
Xa r3j
X yPQw
_cI @g
Xa 'w&3
?\ hw
I L_n\a u
Xa Dh9{
X i_tv 9
X [Tt #=
Xa g"C
X _'f% DS
X ]&Yj
Xa n]Y^
X +8N)
X (LG?
X >KE/
X NPH$
a y,`F@
yTa 0{;#@
JT[b x
a eSUY@
Le{O
ha P( |@
Oj7Pa 3
H1Va 6
8I-| W
1<rB
X !YTB
Xa q!Q
X epI
C0A# Y
;a Kmss@
Xa M6`| ^Y
X y\A] K
zI:4a
#i9 'h
b&m;a
sl3a *
_#cX (
s*+a T
MJ^?
;ipa (
73^O
a a0W7@
X ].B4
EYa xP
Qa 4y
~?2a \!OT@
a N9{Y@
ga 2cMv@
cTa *n
VX9a s
Xa i\Cd
HeB J@
Xa j+1
< A#^!a
[GYB
* 0JzUa
C*wJ d
F?a ''1u@
+a HoLl@
/&t [1A
3 "8Cya $
vcyra ]Q
gCR (R
+a 15]y@
Xa <[F&
8%1 FK
X .'BB
tf q`
vhka 8
/XXw 7fA[a
gp. o
}a U#O7@
5w,a @t
Xa &y'
X bB~B
)*~ `Y
X @b"0
X 6T/L (*
Xa }[>=
X {S^4
r{m ^G
Xa ub=Q '
Xa IT-
X Se}g
Xa /1zb
X c6.T
u,H SV
X y*&i {
Xa um+
X +ef8
m6: Q
X ,[=] 7s
>a G}(
da pv2%@
\b\ XL
Ba d"_
)NqQ
sG o
|i[) Y
'^^a )
"66R
]/ka #
Xa Z<.
O,| 2s
Xa 0D~
X %.Ib
Xa p'"r
qAn [s
X 'w#I ;
X Tey{
X ,Bs8
Z`a T
${|9
?(Ea .
Y@Va [f{c@
GZ}a 4
`Y%/
Xa KCXR =
X i?g} ;b
X VD<8
8Pma b
? ^#1Ga
E .JgKa
~C2 XL
]~Pa o
8a 6L~m@
Xa |d}p
UNu v6
X POtx
Xa [stF -
Xa vE:Y M'
X _aNX *B
Xa "Fb_ B
Xa (ucB
X 1/G:
Jv5 ^/
qUu fa
9o me
R*uQ M*
kH#\ !g
~a J/:"@
[f~~ A
j>H!
b5 R/G
nGN# g
#m/C p
X Sx;_
{rj ER
X CHDr
X CIfh
X O}^
Xa '5?n
Xa vexL
X R_&>
Xa 2z"c Z7
X h?sp N
X d>K,
X Qs3: ]
<\y ^z
X Xi/W
X CMDI
X +1:*
X *|`h 4K
lU\ 0F
X MDC
X }SJ5
X i^+" $
Xa o*0r
c /_j;a b
g=up
Xa mgxl
X 2pTg
X Lp/w
Xa GR*} D&
Xa {45
X MNmW M3
OjM DL
X f/!w
X ,xgm #<
Q/o kz
X !s9p
X xhEd
X 1LB%
X z:)F
Xa z+V
Xa WiG
Xa .Mp: Q~
Xa .*2v
Xa Y4Z> t
Xa ;t8Y %
Xa ]Tod
Xa c(X #
Xa oQ!
qMh n6
X o%?*
X zni;
Xa Ret4
Xa MY( m4
X kk|O
Xa [+i4
X !Z;p
X %'mi
X Z/YT
Xa C68
X pnY!
X e=mK k
X {=<:
Xa GeoN -s
X hcI|
Xa ms],
*j{ 3b
Dl1 _X
X XSBv JS
zZ3 XX
X ;BEO
Xa o|g
Xa {k}x
C| j?
"TF O|
Xa 2yU< t]
~uS 7b
X q,hz
Xa 4Rhb
X +c*
Xa ]G
Xa 5*q#
Xa ,uPk
X @y~> _
X ~g/R
X "}?s
Xa FO"L
X ei6m
X ^>JS
X G,;\ g
Ghw 5v
Xa FE{}
Xa M,.] >
X T[L&
Xa ]G>a OW
X ~M8l u
X x#Yo 6
Xa $:{C b
qp` 4!
buH mG
k4F)
$a Neiu@
m?a 8RC
Da ~sEZ@
uO6la w+
Ia {&mN@
"w\!
E5Db k
sa <5n8@
l]d C<
0K~ #G
X q62j
@{a @<
&4#
WnCj
<8 W7^a
Xa i&v5 @
Xa cyVc
P%a R*
ItNv
~mna *
`dG 9,
X 2>[n u~
X \8ob
Xa b/Z#
Xa x#wB vh
Xa JY*>
Xa Wp*u _
X ^!mC
Xa k}@Q PQ
7"\ mf
X @uLm
X `Rzg
X meJ1
v4.0.30319
#Strings
* 3 J S |
"$"6"H"["q"
$[$d$k$
%4%?%x%
(*(I(S(e(
)$),)R)f)
*'*C*t*
+=+K+_+
+h,s,|,
- -*-I-`-o-
&(&u'|(
)D,U,_,
<>9__1_10
<Create>b__1_10
<vaultItemCount>5__10
<EnumerateCredentials>d__10
<EnumerateBrowsers>d__10
reN340
vDZDC0
<EnumerateCredentials>g__GetVaultElementValue|10_0
<>9__0_0
<EnumerateCredentials>b__0_0
<>c__DisplayClass21_0
<>9__1_0
<Create>b__1_0
<Collect>b__1_0
<>c__DisplayClass1_0
<>9__12_0
<.ctor>b__12_0
<>9__2_0
<Collect>b__2_0
<>9__13_0
<MatchFiles>b__13_0
<>c__DisplayClass13_0
<EnumerateFiles>b__14_0
<>9__0
<Remove>b__0
<EnumerateExtensionFiles>b__0
<EnumerateCredentials>d__0
<ExtractItems>d__0
nwhqs0
wsMqy0
<structAddress>5__11
<EnumerateProfiles>d__11
qK6uA1
l27nO1
uv8uT1
<>9__1_1
<Create>b__1_1
<>9__2_1
<Collect>b__2_1
<MatchFiles>b__13_1
<>9__14_1
<EnumerateFiles>b__14_1
o2nN_1
<>8__1
<EnumerateExtensionFiles>d__1
<EnumerateCredentials>d__1
<ExtractFolders>d__1
Nullable`1
IEnumerable`1
Stack`1
Action`1
IEnumerator`1
List`1
okNNh1
m935k1
<>7__wrap1
gT5lr1
<>m__Finally1
HMACSHA512
__StaticArrayInitTypeSize=12
<j>5__12
__StaticArrayInitTypeSize=32
advapi32
Microsoft.Win32
ReadUInt32
ToUInt32
ReadInt32
ToInt32
<get_Children>d__42
sRwb42
kIFg42
w4B352
m1jCE2
skDGF2
<>9__1_2
<Create>b__1_2
<decryptedPassword>5__2
<rkPath>5__2
<rk>5__2
<OSMajor>5__2
<count>5__2
<MatchFiles>b__2
<EnumerateCredentials>d__2
Func`2
KeyValuePair`2
Dictionary`2
qn5ok2
cxMhl2
jHasn2
<>7__wrap2
lYQWr2
zP7Cu2
<>m__Finally2
xrxQ13
<MatchFiles>d__13
zEYr13
s7pE23
<get_Children>d__23
q7MtO3
<>9__1_3
<Create>b__1_3
<rkWinSCP>5__3
<rk>5__3
<OSMinor>5__3
<pCredentials>5__3
<EnumerateCredentials>d__3
uyxpe3
dG37i3
<>7__wrap3
<>m__Finally3
<get_DeepChildren>d__44
FromBase64
ToBase64
UInt64
ReadInt64
ToInt64
cBmbQ4
lL9oY4
<>9__1_4
<Create>b__1_4
<VAULT_ITEM>5__4
<browserName>5__4
<n>5__4
<rkApp>5__4
<fs>5__4
evAti4
<>7__wrap4
qPKh05
dlaR25
voFgF5
eQMLM5
bqk5V5
i_y_Y5
<>9__1_5
<Create>b__1_5
<roamingDataPath>5__5
<rk>5__5
<vaultCount>5__5
fA3La5
ahPgb5
b8Fni5
hV3Kk5
mBtZm5
<>7__wrap5
xyURv5
ReadUInt16
ToUInt16
ReadInt16
<get_Children>d__26
__StaticArrayInitTypeSize=6
qn6cI6
s0mzW6
vWtPX6
<>9__1_6
<Create>b__1_6
pwQY_6
<rkSession>5__6
<guidAddress>5__6
lEGEe6
<>7__wrap6
rCjAw6
VAULT_ITEM_WIN7
VaultGetItem_WIN7
<>9__1_7
<Create>b__1_7
<vaultSchema>5__7
qV2lb7
<>7__wrap7
x6TBx7
ls8sx7
l6DDz7
<EnumerateBrowsers>d__18
njoh48
tBaVB8
get_UTF8
EncodeUTF8
VAULT_ITEM_WIN8
VaultGetItem_WIN8
crhYU8
aGeVV8
f18VZ8
<>9__1_8
<Create>b__1_8
<i>5__8
<key>5__8
va_Sc8
eeXch8
a2mai8
l6Cvi8
k8zQp8
lM8qt8
<EnumerateProfiles>d__19
e7UaD9
v6ZkO9
ncIkZ9
<>9__1_9
<Create>b__1_9
<vaultHandle>5__9
jKb4h9
yB62q9
kYh7z9
jyPr0A
l9oS2A
zzoNLA
q6ZzXA
oEDbfA
bXCghA
mzvt6B
icdZaB
daGaaB
yH3mrB
nulm2C
bDfVIC
k_jxKC
ryehLC
xFl_YC
jAVPdC
iyVIjC
lWIEnC
d7TwpC
of_rvC
dXziAD
eRlQED
slkfFD
VAULT_SCHEMA_ELEMENT_ID
xCHZSD
oQifZD
oMk1mD
mQuOxD
a0gG0E
lgq43E
pswo3E
d4w16E
VAULT_ELEMENT_TYPE
tkUjVE
ikpsuF
rC6j0G
uQyr1G
d9rZDG
eX5rRG
oHqTpG
h62qqG
f7_H4H
uBU35H
dHb8AH
x3RFSH
pDv3VH
wnvPhH
kUubjH
gYi8sH
jxP24I
buHn5I
nQG18I
get_ASCII
je19LI
f004XI
vT5RXI
iwtNcI
jyuWoI
aPZfxI
jYBIyI
eLnw3K
wdDHXK
jZQhZK
zng8fK
kbpphK
wlTGjK
lbiLwK
mq5iAL
kEF5ML
eX3RdL
qUIttL
mguh3M
mPic6M
dkzhAM
z_TzKM
vGFWMM
fLMzMM
vGzwjM
nXULlM
hIY6uM
k5R13N
fRCmAN
cq9YMN
xn4zRN
olfheN
on6wiN
ypbO4O
rswx6O
xsfUAO
System.IO
aaXeQO
jjioWO
yMl0cO
qzjYeO
nYz9fO
nImMyO
ru0MIP
h9wmbP
k5IMlP
fT9RqP
bGttqP
gMLXuP
tgQDIQ
lSlyQQ
qu6VXQ
qs2reQ
ccyKiQ
lDeCkQ
kkO28R
l746FR
rvoKPR
rKXDRR
zzNjSR
fnyflR
u15bpR
klkDxR
erXyxR
eEU85S
yZqGIS
w_rkrS
xzkMAT
VAULT_ITEM_ELEMENT
zIINZT
oOSFjU
r_xkjU
de2GBV
get_IV
GenerateIV
yie_XV
kWNr_V
dBwmiV
oF1QsV
wBpsBW
mvizoW
scGaIX
ofAwPX
vgxfVX
ovdRgX
g5ojgX
aSB1lX
zXxpsX
mFqVwX
tpQi2Y
fGx77Y
ishnIY
sAU6PY
gK9yUY
t6R7VY
lTSe2Z
n_ZSNZ
xwDTRZ
jnQwXZ
ws9hYZ
am_OmZ
xWyqmZ
mrZWnZ
ns5xrZ
sdep9_
rhcKB_
tnA1F_
gXjfU_
value__
ez3Tf_
x4xUq_
xGs7s_
v6K9x_
x9FFCa
dNdBba
Ikfpxplwxmmkdkldouzsca
gN4Gfa
gscXta
DownloadData
UploadData
ProtectedData
EncryptData
Iuublnnjccgpoclniyblya
g6Y8Cb
eLaDZb
v0z0ab
rQsTbb
gun5db
qDhcib
mscorlib
CredentialBlob
dyR7ub
IsNumeric
System.Collections.Generic
Microsoft.VisualBasic
aIndentInc
ExtractFileAsync
AddStreamAsync
qbSizc
heUj0d
jq1k3d
bw6pAd
rLjHEd
kvfWId
get_Id
set_Id
SchemaId
schemaId
get_CurrentManagedThreadId
<>l__initialThreadId
SchemaElementId
pGWlSd
y52lUd
jFLXVd
h1nmVd
Thread
Download
torUpload
RijndaelManaged
LastModified
IsInstalled
Undefined
get_HasExited
pPackageSid
get_IsValid
vaultGuid
NewGuid
GetField
ePSqld
TrimEnd
ReadToEnd
AppEnd
ExecuteCommand
Append
get_Second
Method
iqgHqd
WriteEndRecord
WriteCentralDirRecord
get_Password
set_Password
DecryptOutlookPassword
GetNetworkPassword
qt9uyd
rGSzYe
Replace
IdentityReference
Resource
GetHashCode
set_Mode
FileMode
PaddingMode
CryptoStreamMode
CompressionMode
CipherMode
m_Node
SelectSingleNode
XmlNode
FromImage
get_Message
get_UILanguage
InputLanguage
j2AMie
GetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_AsDouble
set_AsDouble
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
vaultHandle
StopBundle
Rectangle
Single
AddFile
ParseFile
ExtractFile
get_Profile
set_Profile
<>3__profile
IsInRole
WindowsBuiltInRole
Console
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_OSName
get_CPUName
get_GPUName
get_Name
set_Name
get_TwoLetterISOLanguageName
get_FileName
set_FileName
GetTempFileName
GetFileName
get_profileName
set_profileName
get_MachineName
GetElementsByTagName
get_FullName
get_WindowsVersionName
get_UserName
get_BrowserName
set_BrowserName
GetName
TargetName
GetProcessesByName
AssemblyName
pszCredentialFriendlyName
get_DirectoryName
GetDirectoryName
NormalizedFilename
get_Username
set_Username
get_Hostname
set_Hostname
FromFileTime
ToFileTime
DosTimeToDateTime
GetLastWriteTime
SetLastWriteTime
SetCreationTime
DateTimeToDosTime
SetLastAccessTime
ModifyTime
yQBpme
ReadLine
AppendLine
WriteLine
get_NewLine
Combine
LocalMachine
get_Inline
set_Inline
Escape
DataProtectionScope
ValueType
get_DriveType
SecurityProtocolType
GetType
SocketType
System.Core
PtrToStructure
get_InstalledUICulture
get_Culture
get_InvariantCulture
Capture
ReadOnlyCollectionBase
System.IDisposable.Dispose
TryParse
Reverse
Geolocate
Create
Deflate
CredEnumerate
get_LocalState
set_LocalState
<>1__state
Delete
get_CanWrite
ThreadStaticAttribute
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
IteratorStateMachineAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ParamArrayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
get_Minute
ReadByte
ToByte
yT94ue
get_Value
set_Value
get_HasValue
TryGetValue
set_Expect100Continue
Receive
Remove
get_Size
CredentialBlobSize
CompressedSize
FileSize
get_HashSize
set_BlockSize
chunkSize
get_DiskSize
get_MaximumSize
set_MaximumSize
HeaderSize
get32bitSize
set_KeySize
SuppressFinalize
Resize
uHMZMf
PadToMultipleOf
SizeOf
get_ItemOf
LastIndexOf
fTFRXf
eqXPbf
tQ0Ezf
q46xAg
gNfHPg
ail9Wg
get_Tag
get_Jpeg
qGUPng
System.Threading
set_Padding
GetEncoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
EscapeDataString
DownloadString
EnumerateToString
get_IsString
GetString
Substring
System.Drawing
get_AsLong
set_AsLong
nkhNwg
cPR95h
eQZMCh
nwmS_h
ForEach
IsMatch
yanHjh
oIK6mh
mH1Omh
lppbrh
gBqirh
dhWLsh
ComputeHash
ProcessExecutablePath
CreateFilePath
CreateGrabberZipPath
GetTempPath
GetFolderPath
get_Width
get_Length
set_Length
SetLength
EndsWith
StartsWith
get_Month
eQkXGi
v4KMQi
rOgRWi
cpG3Xi
mopGYi
u3dkfi
PtrToStringUni
hN1gpi
yPDKyi
p5vp6j
rzaVAj
kcz4Fj
hKa9Fj
k5GSFj
zI9iIj
fBYNUj
krmNWj
zaDXoj
l08axj
h2tI8k
iCDcHk
oegbZk
vZ0B_k
FlushFinalBlock
TransformFinalBlock
get_CanSeek
qRvUgk
menwpk
kN82wk
yqVPHl
wtkXKl
m6PAal
Illegal
Marshal
ReadCredential
NativeCredential
Decimal
System.Security.Principal
WindowsPrincipal
get_Model
i5Cdgl
vaultcli.dll
get_IsNull
System.Xml
get_InnerXml
set_SecurityProtocol
get_AsBool
set_AsBool
y9NF5m
u5vBAm
zzzTEm
ebnPGm
bDkNUm
hyjfYm
AddStream
FileStream
DeflateStream
get_EndOfStream
CryptoStream
MemoryStream
get_Item
set_Item
VaultGetItem
vaultItem
OperatingSystem
get_Algorithm
set_Algorithm
SymmetricAlgorithm
KeyedHashAlgorithm
hkFIlm
ICryptoTransform
aDictEnum
aArrayEnum
pdsQDn
fhGpNn
eLThOn
vD57Rn
get_IsBoolean
IsLittleEndian
fYFoan
stWgcn
hueXen
CopyFromScreen
get_Children
get_DeepChildren
LastWritten
SeekOrigin
get_Extension
localExtension
get_OSVersion
get_Version
get_BitVersion
System.IO.Compression
get_Application
set_Application
get_Location
get_UserInformation
System.Globalization
System.Reflection
InputLanguageCollection
MatchCollection
GroupCollection
ManagementObjectCollection
get_Position
set_Position
SearchOption
IOException
InvalidDataException
NotSupportedException
ArgumentNullException
ApplicationException
InvalidOperationException
FormatException
ArgumentException
get_ScreenResolution
StringComparison
<>3__json
zRUltn
SocketShutdown
kp5vLo
mZTXTo
c68wTo
CopyTo
ReadExtraInfo
CreateExtraInfo
FieldInfo
ReadFileInfo
CultureInfo
DriveInfo
FileSystemInfo
set_StartInfo
ProcessStartInfo
DirectoryInfo
fWjfho
cu3AIp
vqBIOp
tmP2Qp
we5DRp
qlVFZp
xrIUZp
Bitmap
FilenameInZip
vA9ckp
get_Bmp
TimeStamp
xd4xtp
kteWFq
a8DETq
rON9jq
System.Linq
get_Linq
bWFL1r
m5Mz1r
nbdcAr
z0eqSr
get_Year
ToChar
DirectorySeparatorChar
DecodeNextChar
get_IsNumber
WriteLocalHeader
StreamReader
TextReader
BinaryReader
AesCryptoServiceProvider
IFormatProvider
get_EscapeBuilder
WriteToStringBuilder
SpecialFolder
Buffer
ServicePointManager
ManagementObjectSearcher
SecurityIdentifier
ToUpper
IsUpper
get_Manufacturer
CurrentUser
get_chromeBrowser
set_chromeBrowser
get_firefoxBrowser
set_firefoxBrowser
BinaryWriter
filter
BitConverter
ToLower
ReadCentralDir
ntpUmr
get_Major
get_Minor
set_RedirectStandardError
Authenticator
IEnumerator
m_Enumerator
aEnumerator
ValueEnumerator
LinqEnumerator
ManagementObjectEnumerator
System.Collections.Generic.IEnumerable<System.Text.Json.JSONNode>.GetEnumerator
System.Collections.Generic.IEnumerable<Death13.Recovery.Browsers.Chrome.ChromeProfile>.GetEnumerator
System.Collections.Generic.IEnumerable<Death13.Recovery.Browsers.Firefox.FirefoxProfile>.GetEnumerator
System.Collections.Generic.IEnumerable<Death13.Utils.Models.Extension>.GetEnumerator
System.Collections.Generic.IEnumerable<System.IO.FileInfo>.GetEnumerator
System.Collections.Generic.IEnumerable<Death13.Recovery.Browsers.Chrome.ChromeBrowser>.GetEnumerator
System.Collections.Generic.IEnumerable<Death13.Recovery.Browsers.Firefox.FirefoxBrowser>.GetEnumerator
System.Collections.Generic.IEnumerable<Death13.Utils.Models.Account>.GetEnumerator
System.Collections.IEnumerable.GetEnumerator
KeyEnumerator
.cctor
CreateDecryptor
CreateEncryptor
clFsqr
sY9irr
passwordVaultPtr
ReadIntPtr
gUQitr
get_Hour
dMIrzr
uHuWKs
tRNGNs
bFieVs
d_SmZs
TargetAlias
Graphics
System.Diagnostics
GetBounds
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
DebuggingModes
get_ChildNodes
get_InstalledInputLanguages
Matches
GetDirectories
FetchProxies
EnumerateFiles
MatchFiles
EnumerateExtensionFiles
GetFiles
EnumerateProfiles
NumberStyles
GetNetworkNames
GetSubKeyNames
get_Databases
set_Databases
GetHostAddresses
Attributes
ReadBytes
ReadAllBytes
WriteAllBytes
ToBytes
GetAddressBytes
GetBytes
get_Values
GetDrives
UpdateCrcAndSizes
SocketFlags
dwFlags
ProcessCommandLineArgs
<>4__this
m8dEjs
r1_Tks
EnumerateCredentials
pCredentials
Equals
VaultEnumerateItems
ExtractItems
System.Windows.Forms
Contains
Conversions
System.Text.RegularExpressions
get_Locations
set_Locations
System.Collections
StringSplitOptions
RegexOptions
get_Patterns
set_Patterns
get_Groups
get_Chars
ExtractFolders
RuntimeHelpers
EnumerateBrowsers
FileAccess
get_Success
Process
get_torprocess
set_torprocess
IPAddress
get_IpAddress
set_IpAddress
System.Net.Sockets
VaultEnumerateVaults
pPropertyElements
set_Arguments
get_Exists
vFhSus
get_Keys
nLCk8t
RemoveAt
ElementAt
dwmSEt
s8doLt
Concat
AppendFormat
ImageFormat
get_AsFloat
set_AsFloat
d6Zdbt
m_Object
ManagementBaseObject
get_AsObject
get_IsObject
ManagementObject
Select
Collect
Connect
Unprotect
CreateOrGet
System.Net
Socket
System.Collections.IEnumerator.Reset
GetFileOffset
HeaderOffset
offset
get_Height
op_Implicit
op_Explicit
set_DefaultConnectionLimit
WaitForExit
l9XRkt
get_Salt
set_Salt
VaultOpenVault
get_Default
SingleOrDefault
GetValueOrDefault
UnsignedInt
GetBytesFromInt
get_AsInt
set_AsInt
aIndent
WebClient
System.Management
pResourceElement
ParseElement
XmlElement
pAuthenticatorElement
get_DocumentElement
pIdentityElement
Comment
Environment
XmlDocument
get_Parent
System.Collections.Generic.IEnumerator<System.Text.Json.JSONNode>.Current
System.Collections.Generic.IEnumerator<Death13.Recovery.Browsers.Chrome.ChromeProfile>.Current
System.Collections.Generic.IEnumerator<Death13.Recovery.Browsers.Firefox.FirefoxProfile>.Current
System.Collections.Generic.IEnumerator<Death13.Utils.Models.Extension>.Current
System.Collections.Generic.IEnumerator<System.IO.FileInfo>.Current
System.Collections.Generic.IEnumerator<Death13.Recovery.Browsers.Chrome.ChromeBrowser>.Current
System.Collections.Generic.IEnumerator<Death13.Recovery.Browsers.Firefox.FirefoxBrowser>.Current
System.Collections.Generic.IEnumerator<Death13.Utils.Models.Account>.Current
System.Collections.IEnumerator.Current
System.Collections.Generic.IEnumerator<System.Text.Json.JSONNode>.get_Current
System.Collections.Generic.IEnumerator<Death13.Recovery.Browsers.Chrome.ChromeProfile>.get_Current
System.Collections.Generic.IEnumerator<Death13.Recovery.Browsers.Firefox.FirefoxProfile>.get_Current
System.Collections.Generic.IEnumerator<Death13.Utils.Models.Extension>.get_Current
System.Collections.Generic.IEnumerator<System.IO.FileInfo>.get_Current
System.Collections.Generic.IEnumerator<Death13.Recovery.Browsers.Chrome.ChromeBrowser>.get_Current
System.Collections.Generic.IEnumerator<Death13.Recovery.Browsers.Firefox.FirefoxBrowser>.get_Current
System.Collections.Generic.IEnumerator<Death13.Utils.Models.Account>.get_Current
System.Collections.IEnumerator.get_Current
GetCurrent
<>2__current
IPEndPoint
get_Count
AttributeCount
vaultItemCount
get_IterationCount
set_IterationCount
dwPropertiesCount
vaultCount
get_RAMAmount
MakeScreenshot
GetPathRoot
Decrypt
ThreadStart
TrimStart
AppStart
Convert
UnsignedShort
XmlNodeList
Persist
get_Host
jWhVtt
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
ToUTF8Text
ReadText
WriteAllText
get_InnerText
Iyiewxzzejhznejyoreazt
cWi5Bu
owEqqu
dtqY1v
y3orOv
uD_aVv
pvNdWv
jt3Uov
nASfov
nEOnsv
cYlAuv
v3Tvuv
nFTA4w
gayWYw
Iozvlxctegiuwkyopjfiaw
o2NZdw
jYLLgw
ymsejw
get_Now
set_CreateNoWindow
qdEy1x
tcY73x
rrGgBx
q_vzCx
wlE7Hx
iiWsLx
hWtASx
ild1zx
n6zL3y
ysZQEy
l3_2Vy
get_Day
m_Array
ProtectedArray
ConvertHexStringToByteArray
InitializeArray
ToArray
ToCharArray
get_AsArray
get_IsArray
get_IsReady
get_bundleIsReady
get_Key
set_Key
OpenSubKey
get_MasterKey
set_MasterKey
GetMasterKey
HasKey
ContainsKey
RegistryKey
System.Security.Cryptography
GetExecutingAssembly
get_AddressFamily
yCZImy
BlockCopy
get_PathAndQuery
get_Directory
get_UserDataDirectory
set_UserDataDirectory
GetTdataDirectory
AddDirectory
get_profileDirectory
set_profileDirectory
CreateDirectory
GetFoxMailDirectory
GetSteamDirectory
get_SystemDirectory
get_ProfilesDirectory
set_ProfilesDirectory
get_RootDirectory
ZipFileEntry
get_Country
set_Country
Registry
get_City
set_City
get_Capacity
set_Capacity
op_Equality
op_Inequality
System.Security
WindowsIdentity
IsNullOrEmpty
ConnectToSocks5Proxy
yrOp8z
gurwKz
zGk0Yz
qxNjdz
nvk6oz
nBiitz
WrapNonExceptionThrows
asdsdfw3423
asdfsfw3er234
asdf234asdf
fsad234sdaf3
SFw345w5t 2222
$d23bc401-1c9d-42d8-a1e7-6af7b7b18d19
234.234.4322.1234
.NETFramework,Version=v4.7.2
FrameworkDisplayName
.NET Framework 4.7.2
Death13.Recovery.Emails.FoxMail+<EnumerateCredentials>d__0, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.Emails.Outlook+<EnumerateCredentials>d__3, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.Windows.Networks+<EnumerateCredentials>d__2, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.Windows.CredentialManager+<EnumerateCredentials>d__3, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.Windows.VaultCli+<EnumerateCredentials>d__10, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
yDeath13.Recovery.FTP.Snowflake+<ExtractItems>d__0, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
{Death13.Recovery.FTP.Snowflake+<ExtractFolders>d__1, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.FTP.Snowflake+<EnumerateCredentials>d__2, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.FTP.CoreFTP+<EnumerateCredentials>d__0, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.FTP.FileZilla+<EnumerateCredentials>d__0, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
~Death13.Recovery.FTP.WinSCP+<EnumerateCredentials>d__0, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.VPN.AzireVPN+<EnumerateCredentials>d__1, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.VPN.WindscribeVPN+<EnumerateCredentials>d__0, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.VPN.EarthVPN+<EnumerateCredentials>d__0, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.VPN.NordVPN+<EnumerateCredentials>d__1, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.Messengers.Pidgin+<EnumerateCredentials>d__1, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.Browsers.Firefox.FirefoxBrowser+<EnumerateBrowsers>d__10, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.Browsers.Firefox.FirefoxBrowser+<EnumerateProfiles>d__11, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.Browsers.Chrome.ChromeBrowser+<EnumerateBrowsers>d__18, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.Browsers.Chrome.ChromeBrowser+<EnumerateProfiles>d__19, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
Death13.Recovery.Browsers.Chrome.ChromeExtensions+<EnumerateExtensionFiles>d__1, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
uDeath13.Grabber.FileGrabber+<MatchFiles>d__13, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
uSystem.Text.Json.JSONNode+<get_Children>d__42, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
ySystem.Text.Json.JSONNode+<get_DeepChildren>d__44, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
vSystem.Text.Json.JSONArray+<get_Children>d__23, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
wSystem.Text.Json.JSONObject+<get_Children>d__26, vjejp, Version=1234.231.123.1234, Culture=neutral, PublicKeyToken=null
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
S"S5S9W
W&W*W5W9X
X.X2X5X9]
]5]6]9]:i5l
l5l9l>lBn5x
x5x9xFxJy
( ;">$@&B(M*Q,R.S0T2V5W9X;Y=]@bBdDeKgLiPlSsUtnvpwqxrytzv{x|
!"$#&%(',+;:=<><@?BAJIMLRQSQUTWVXVZY\[][jikilionpntsutvswsxsyszs|{~}
B+=*'`(
fclfc5
^%+:,Q-'(!2
4'((-:
qtyVAF
9 9<:{5(&)
blnxj0
;`!.84g&=R+
I<4,-I
y/9f}!F
.Bj{\Edr
G{/9uI
ymrbLV
0?+<S0'
TBOb&<*
9:Q+9&
wnrrR4
HTx#)=>"
jPMWgF
Q_57 <$02
Q_6*2+#"$
b9ny72
&v"i7l0S
{7G'AN1
wHsZcr
s0XfW1
GV;2- ;?!
yx_39Q
/8ef51z
!d?|8w
!;8=*!3
7"<*!84
System
Credman.txt
[Credman] {0}
Networks.txt
[Networks] {0}
Screenshot.png
[Screenshot] {0}
[Steam] {0}
[Twitch] {0}
[OBS] {0}
FileZilla
Servers.txt
[FileZilla] {0}
WinSCP
[WinSCP] {0}
CoreFTP
[CoreFTP] {0}
Snowflake
[Snowflake] {0}
NordVPN
Account.txt
[NordVPN] {0}
EarthVPN
[EarthVPN] {0}
WindscribeVPN
[WindscribeVPN] {0}
AzireVPN
[AzireVPN] {0}
Browsers
key.dat
Wallets
{0}_{1}_{2}
[Chrome Extensions] {0}
[Telegram] {0}
Messengers
Discord
[Discord] {0}
Pidgin
Accounts.txt
[Pidgin] {0}
Outlook
[OulLook] {0}
FoxMail
[FoxMail] {0}
[Viber] {0}
[WhatsApp] {0}
[Signal] {0}
[RamBox] {0}
[Binance] {0}
[MoneroCore] {0}
[BitcoinCore] {0}
[DashcoinCore] {0}
[DogecoinCore] {0}
[LitecoinCore] {0}
[Electrum] {0}
[Exodus] {0}
[Atomic] {0}
[TonWallet] {0}
[Jaxx] {0}
[Coinomi] {0}
[Daedalus] {0}
[Zcash] {0}
[Guarda] {0}
[Wasabi] {0}
[BitWarden] {0}
[KeePass] {0}
[NordPass] {0}
[1Password] {0}
[RoboForm] {0}
[Grabber] {0} - {0}
[{0}] Thread finished!
uQ5IdR
f9NpCP
81:"0';*
tfgc2N
6+<***<
)%<26"2?26
g0FF2w
lfvifI
efTPzK
'{&`?u
[~0b:o
p6ssZY
W'b8:2t"
yVi_wr
*4=0 ""
Accounts
Account.rec0
Account
POP3Account
Password
POP3Password
/e",\F
w8VzA1
.wo7u2c{
Th6'[dm
TnPzT\a
V_`Uuo1
Mq\j3^Dx
lC_#]hLXL
;; :fmEUD
mwK8_u
IMAP Password
POP3 Password
HTTP Password
SMTP Password
SMTP Server
Nothing
W&>%w#E>:
Network
gd13u5
Utk^?*
hCR6IN
[ERROR] Unable to enumerate vaults. Error (0x
2F1A6504-0641-44CF-8BB5-3612D865F2E5
Windows Secure Note
3CCD5499-87A8-4B10-A215-608888DD3B55
Windows Web Password Credential
154E23D0-C644-4E6F-8CE6-5069272F999F
Windows Credential Picker Protector
4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Web Credentials
77BC582B-F0A6-4E15-4E80-61736B6F3B29
Windows Credentials
E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Windows Domain Certificate Credential
3E0E35BE-1B77-43E7-B873-AED901B6275B
Windows Domain Password Credential
3C886FF3-2669-4AA2-A8FB-3F6759A77548
Windows Extended Credential
00000000-0000-0000-0000-000000000000
Unable to open the following vault:
. Error: 0x
[ERROR] Unable to enumerate vault items from the following vault:
. Error 0x
SchemaId
pResourceElement
pIdentityElement
LastModified
pPackageSid
Error occured while retrieving vault item. Error: 0x
pAuthenticatorElement
snowflake-ssh
session-store.json
folder
{0}:{1}
password
folders
AT6>(!(.A 2J7/''48A.%9A8 J$0 "A>283+&J8/.J8< 8(,A/)
Software\FTPWare\CoreFTP\Sites
hdfzpysvpzimorhk
recentservers.xml
sitemanager.xml
Server
encoding="base64"
fUxymK
wL25lB
jsDCGw
Software\Martin Prikryl\WinSCP 2\Sessions
HostName
UserName
wAHdGv
<;~#9.
0g&&v/&V
sHYn1l
zRUiQ4
?>!68#
wm_tKM
oUbNKX
1-%-16
#?5>?>5E#?->9>-%(EQ
yCl5n7
<,!"'9
yE1nDg
#48*<0
dnLpZG
!5qW(p) |"^
tLIWfo
p_Nxvw
1 ;$!?"
F$"%,3 %
*9?81.=8
mpS3P1
2)!}q=B
dv9QyG
N8d'+|
;!q<;r
jAwXov
$'+{!!(
kKRBWw
r1twqP
>t/w"Y
4p:!h-
kZl0YW
bo9xgB
4,yB1x<9t7G
dWK2Af
#4;?4*
nRvgVC
%5%<-)
:e4!}0
npur3p
13#+*&
Windscribe
Software\Windscribe
userId
authHash
Software\EarthVPN
SavePass
Username
user.config
//setting[@name='Username']/value
//setting[@name='Password']/value
eytHID
m3gkFy
82&/*6*
'2<?83*
sA4eQy
yvg43N
%k49z=3V7"h*%l0
uGwj79
&o{&o{
;jw'{~-Wt<ii;ms
C98094+
K7f%C)x
?8's3(%=/
rjjAtt
1f#}'z'[ f5m1a'D
?d*k.g<BL
wAWPno
*(/5J011*(?
m7lg5A
hhTACZ
6d)*`)6e)
>>9?,Y$/.
yi0nHv
f64UfZ+Y24f-
f64UfZ+Y24f-
6UfZ+Y24f-
49!#$%C
accounts.xml
Pidgin / {0}
eAeLy3
+*$s!?
m3SwQU
?4;rq+
>8,!d~*?$9vl9*4
o~8*#:yh
izl19l
81 h>=
bcjtls
egFfNg
ghhcbT
iehdD7
"a>#o|:H
q2Zu88
hZZuuV
1j$<h1
5d!d*1r
0&!2:8'#
aKkI2m
Profiles
key?.db
9=9=B99'%&
zZpIQ1
&m,vkx
w9HDSM
ifNzM9
suNdrH
'g&54;'R
b5keqc
$?m'
4d&.$]
a4chm9
-),7(:
yazvNs
>49*=!
S76/%'!
o/x$$2%
uzLz4q
dbSgsI
Mg 8J7<v-&~'
=$(34#
!55!0)#
u*gDKre.c@7ve*hg!`DKre.c@
=5 +,
=5 +,
< $4>!
qSa4Oz
%90=?4
&/`+9a
rxHV3M
89e-3~
*User Data*
Local State
profile
info_cache
Default
'u?8#c
>:b"#+:g"#0C
2 6TI33
eNQtyg
cO9lVV
/%!3>;!$0:!/
ojVnCm
,)-s%+
f1XDqZ
"a?3&#!GY
e4mipu
8"{;;}.:y";a&>r :y$9}"&s!3
fqXKLT
jtbsAI
ljvDG6
9=v2<t53x61v:>u 4a?3x??}87a5(w26
iMfIah
##1$e4'0"r/#=;f5;<&d+-8;r6!%&y4.
=2X0(f1(P
uY0tqZ
?l5;b7
er2LHM
%?72/%.0$8*11=$%0'*#2$*:/?0078(:
3'-:P-<
;75<=?8295!5:0#7#14(567*!)=7!*6>
56\x#!b
0 p(G6g
-$/$8. /6*/%-&- :%/&#'""'$+*&( /
.<=='3
Q>.&-/"3
Q ++?.
878-% &72+?,<+8)05%+<,2)<(=*$7&*
%.=|>2'b
!0=`;, a
6!*<*=6*0()=%'2)$!6#1)2&'>/#1).%
rwx93H
+%)"5"4.3%6%48)<+9,;/ 7"69)&6'6-
+)$}0*%~=0>s4+)`4/!
31<s4,<f+'>f
#&e !
i2NKeh
24/-!=4."$
shhjTt
50w-&L
.+J:!?
rb8IFR
jEWfoP
tbBxbE
+~)x5p4p.r*
*f.x)p(}4|)r(}.}*}5f
yHgKAc
v9WTO7
'2)<)9+2?8"5=#(5###5&;'8#2>5(9?:
hVOKGT
s5jEwE
pAvyRR
(:q 7v$?d'8r-<}"<~:;|.:d:6v
rwnVtE
=*2#/3),/> )%/(* ,&*-=4*'12$,*#-
8;!4(U8#4
1 2">8756!(!3<7<>;690=7 4"7;7"?>
fN6d5M
N84'-!;0)
w8thB_
d9ZbFp
4=74>2>5 66<9=4>9><=527!3!;34372
K;/*4*"!
=6 .*:.3/<1."1$=?.!*!)28%1"%6!?2
30"v=8:?}&?""r"<=?y ="0s*=85~":1
rosgBN
uOffrA
oyoKf_
Local Extension Settings
iuQCIz
c# ?od):>
exYP4Z
8:8$|"
opr_Ta
mshC3w
gpm0yH
Kn=cKd+rJg5s1m/p,
E~_hZjJ`%
.+6oy'=
lY\hoy=)
f$}>IV
f$|>IV
xE25Cn
U?)(!O
6 iq0b.>|`7
7!fAEtW^xj,
(0bn5b5<T
3?j`(4:
aFel18
A}Z~F}SzA
E/*$6)17
pGzdqx
78=>t<Z'
&%{+]#
gL6#(Y
mpXWrf
omdULm
3v$)`>1a;
V(?)<
J#3=#'<
cA4vOA
cC#'0I
lIkWvs
ep&7gx#
G.|NR/fe4@ep 7cr1&`y1
23?s"'
zgwNY0
:)2?;L$7%>9>
QKiL7g
N}5d'i
RLQLbK
x2c0Kj
rytpOP
yT7FUI
Ifj:hw*=
U6|S;0
=;?0s!;52Gfl
UO+$>-.=( :
nZ!1+''!",58
nPrgb5
)j6v<#}
mrOq_P
<1#># 81.
nWu3O9
qb9VgZ
1w&m7h5v
@DH%kA6hj
iup/_Uh
29B* J.
?q5cRb#x<u7
=u5d&C
#2>(+5 Y3(5Y26G056361
-+%7'#:L6!L%2"? )Q,/618
ocXelh
L#/|=<I
892+LV"
zQ3nSQ
xU0dvH
!/42.0,-
:9f*-f;8
9375CFF0413111d3B88A00104B2A6676
hdfzpysvpzimorhk
127.0.0.1:9050
https://github.com/L1ghtM4n/TorProxy/blob/main/LIB/Tor.zip?raw=true
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
asdfsfw3er234
CompanyName
asdf234asdf
FileDescription
asdsdfw3423
FileVersion
234.234.4322.1234
InternalName
Death13.exe
LegalCopyright
SFw345w5t 2222
LegalTrademarks
OriginalFilename
Death13.exe
ProductName
fsad234sdaf3
ProductVersion
234.234.4322.1234
Assembly Version
1234.231.123.1234
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Witch.4!c
Elastic malicious (high confidence)
ClamAV Clean
FireEye Generic.mg.242c47b16c8755e7
CAT-QuickHeal Clean
McAfee GenericRXVT-LE!242C47B16C87
Malwarebytes Spyware.PasswordStealer
VIPRE IL:Trojan.MSILZilla.25090
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender IL:Trojan.MSILZilla.25090
K7GW Clean
Cybereason Clean
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.A
Cyren W32/MSIL_Agent.GGY.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/Spy.Agent.EBS
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.MSIL.Witch.gen
Alibaba Trojan:MSIL/AgentTesla.1cb24440
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Agent.342528.BR
MicroWorld-eScan IL:Trojan.MSILZilla.25090
Rising Stealer.Agent!1.E5EF (CLASSIC)
Sophos Mal/Generic-S
F-Secure Clean
DrWeb BackDoor.SpyBotNET.74
Zillya Clean
TrendMicro TROJ_GEN.R06CC0DJ623
McAfee-GW-Edition BehavesLike.Win32.Downloader.fm
Trapmine Clean
CMC Clean
Emsisoft IL:Trojan.MSILZilla.25090 (B)
SentinelOne Static AI - Malicious PE
GData IL:Trojan.MSILZilla.25090
Jiangmin Trojan.MSIL.aoucl
Webroot Clean
Avira Clean
MAX malware (ai score=85)
Antiy-AVL Clean
Kingsoft malware.kb.c.977
Gridinsoft Clean
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D6202
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan.MSIL.Witch.gen
Microsoft Trojan:MSIL/AgentTesla.ESL!MTB
Google Detected
AhnLab-V3 Trojan/Win.AgentTesla.R596119
Acronis Clean
BitDefenderTheta Gen:NN.ZemsilF.36738.um0@aWOK76f
ALYac IL:Trojan.MSILZilla.25090
TACHYON Clean
DeepInstinct MALICIOUS
VBA32 Clean
Cylance unsafe
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R06CC0DJ623
Tencent Clean
Yandex Clean
Ikarus Trojan-Spy.MSIL.Agent
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Agent.EBS!tr.spy
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.