popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-03-27 23:20:31

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00011674 0x00011800 6.00464177296
.rsrc 0x00014000 0x0004259c 0x00042600 6.128418546
.reloc 0x00058000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00014130 0x00042028 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x00056158 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0005616c 0x00000244 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000563b0 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
3b%(<
v4.0.30319
#Strings
1?>?K?a?V?
5tDfYjmBcVP9EhedTlXp7cUjPDbm1IrdepZXra30pSVyWcA16iBWVoFXBmZgsWo2S3lPtGZkIIhz60xHVNyiK0SQex51mkhA0
9uPfOYmnOexnID2jH5mJ2aQ0
eL5EghUCagAwC9VUEJcXtHT0
kIsaRaTfVpj0OVJxuBTb0ph0
6vdmEIpXwg7niY6qjFXZtll0
mKmVZgtqBJkhwq6EL84qDY7kOeBs0
vrUyKyHXOGQ5eGC9f9bHXdobOYix0jYTxWSZcIzTpcijxt8gCNT8deebRgcMMTHqSx7Y31
VwEXXjgbhHGZT7KEavbmCQmv4ny31
94KSPhxMBGA1
1Quya8h6adUlu0drjlLCwxIjFPdtJsX2YNWChWQaB1
7fQXMHsqiUpOM90lFljyg2G0YjkVxzjrT7PQ4E1
RJNr7aTcWOCpFybtUpAGQikEwyBOF0nG0QeILit4H96m5JyPU9SaW8FZ1
_Closure$__1
IEnumerable`1
ThreadSafeObjectProvider`1
List`1
Upjr5cl3Yyt1
gtn1tFDXRgkMEx1
74Xu18OF4ZxCIOJ32
iErCHZlVwpGYcQP1yJhEu7IEqjc7MW35hK3rY32
Microsoft.Win32
UInt32
ReadInt32
ToInt32
PNOjedlzd1GiG1oGAaozvcVd3SN52
9uW7OQdnHmE6dh7RinBm4FuLomCN6F2yobVemYdNcXLXlhJeDVJxH5bez9qH0kRe32CuH2
cXdRr97ovtI2
BGIhVtZ99DJ2gGHq8UOCQo4qgYxSTZsywnLXp51pAnqxgiOc4XUIHsXK2
fC4rKJvKj6NcX12c8ztO00FAo5hI8h2s0KflmjJN7r2jb3IvacL2
1kLtODj78SKS0j38qLZUdWxb0LC5N2rZQwnWaz2TFLsCccrIEo7QPUX0tFEXgDVwYEkCIpVL1qQ7rp5pUumI5M2
dbCyzIwhfvxbSCkLEg2e4QP2
faJ0RnDhhgzrSAqR50C1l8TzlCukTWyhgzpfIWAYS2
7PmAygqSmNU2
Func`2
a4YNoeVuNeEQ43kfxmepnrONHVUSZKaacINAji2
lSI79nUKuNoBwaxr0m3aI25qsBsSwmmvKfIFkZH6ZG30yHRMoUDjXiq2vee8hbEUTKQEh1nDYKt5wv768qG0sKr08GWuJNFq2
ku2z9m2OmRtyuYQw91ffF1QkDwv40o1IiQ7XkfUkTmPi9aelbrgZGsgPv22yct5nWJY0r2
ZhfjXyfcXYpYzWq6hpqxCYum8gNt2
esxHcGg7ZZIC05RyZ1MPPRB3
eVtH8pSPDMD3
RdzB4xXhzzSViGAQU7p5ACbFhmpoGNxOY361BkVopzJ7K6eDPnd3IBpfVzbNRYoGblHifWCQE3
vABq8yI3ow2hRwmuG47MZwXU87NJ3
PzX9XHT0cQVwFL3
J5e2HP8q1k7ztOPkik7PWKDtsolT3
kFFSYO71LgxOA1Dc3
GyBXMcSPYcjD5uyQF1fwLPDH1RFi8po9elsn2i3
a0mHOznBejQbjEox7RfZ7yojyzmXlNidJXmtJLSywQwd4WAX8YLIZUtk3
7wgs04sjnS04
BnF6tz6kZWvgSI544
UInt64
8E36spaTxJ94
YnBg4BVDCC0znmrKZC2xdscd67NSMRRDyWkD4
slnef87x59Fq2qfrDcXkftB4WpXSoFLLg1gLuK4
OV0AbGCpsSn3yGHqmt9k3zv4
klPWxP1gj1TF5coB5
p63XWRzoElAEmS5
rUV3yVLXrWfqYbTwD1eJCcr8EEHJo3sC9d3d5
fWTuZ7Gditd5
X7fhKV25z6cdKKYDlGoR6POVLM76NgZ0dq0agn5
qC45hDPIUz6qynQoH3xseOF9T34xbS9vgKZO1rstL4J3o14qAHqWlWN2nFy7RUhc3q8zg8OSt1F7SKS991Z8er5
hDyyzy7WvNpb4U8yThzUhWY5kVpCYq2BP0qKpQ6bBMLDgWI6Lnw5
1VlaBsUUtg16
VyoYeTr9MK2R83bkrQpb0p46
UiSp6VMcFtqnXP3mf8cUuS8t6ExEGVH0pmAUbROovWALOb0dczOAwxa8USgenazoF0IkaNybi7ui24yET4PRIukWVn66
QqpiNZKEsJ96
iwxdnYzA0P96
jCZPWJHRsYEzeyetIQuNIm8GRRwV5UCbmKqvSCnF8acSo9TizF87PcRA6
70A1UkxXAZm3SnLF6
mPtY1x678prqqcON8dbTKipHNkyJO8NmewwMjxPnTNVPAfLhubPPhEajTyHJ1y4fTOzZLbuwe9eZTkY1uyUMBPGylf3EDuCc6
P1FR8T8Cxmj1u2BMaCJs0zQ8h0k4QyzJJINCWOeakg8rxjLJKCkf1Rxd6
zJOlsayAfArwvygHPfg1vnYqf6mfn2ZpwK5g6
Ia7OgkT0MuTD4Nj8nSegqdFXk68nXtmhiv9j6
HQRZhUKvYqn6
XZXmgnhEsQA3zqoo6
lDe6hyagZLPvkHPhMZ540r0EXUip6
N7w5CKrEzPqQlndAgEUtGzRbxYRc3CMIzvjy6
Ow279WqOMzWnoSFM1b5xbj77
LrJLTIT80LRf9IuH7
vsST3AiF50Gpry6RbYeH6hbwge4qG4THceJYFN7
SyGr7UPfS5ke6W7
qRkxwbmtGDa7
DYDfI9AYb5V7dORjfIWsold7
cuio7NiyawDhaIdv6dKOZtr7
qigFNJsyg6WMyG5SxG4VXvnZr7rkm4vg9omfKjC4TrMvMksnXcqwW4ah6O0eWsTyI6dWoD8EG6sSKuSvsPaF9F9nnvx7
FStzn2FGoMIrWG288
S76KUcGqBzlKsNr1l7K9iMMvTBxZAQjxBAmvVr9ND8
get_UTF8
7V1Tfe4I1QL8
_Lambda$__8
bwzvr8lDRW9TTapWY8VomDaJxpDRloIjYSqapb8
J9dELBuRWEdoKmuzmv5SnXg8
PlC7AdczH5wc5hJBqTjxMuQQ2zog8
RFLNfn3WlCW3jD9
sH8zijcPGAV6rEgE9
lRsGC0axc3K9
he5un5A9BTRfCjpOOLeDcmK9
4j2Z3hW3jKlLQb9
eallJVwQA4z4vRxeDyzpn1lEqGzN0dTVlLpw9
Sdczbn32Zq66ODe0XTWroYPYMh8sc2tBJktx9
<Module>
IfMCKp1zieKdLjqifw82jiK8opYPz5oMA44ADkgJvEOIabwNyqM2AzQ6Hk7sZyXIMrJTdorZEH6KAtgJYFMHQbNN4b2A
TOXJdYVCgA6wpgkQOm4ujjELL3rQA
OZGMLzczHjXcIYqyXMUIAQqr2tgE6s98J5ORA
1dEXIMGIuB2FUuYRA
AhfWGSevSxUA
LuAfEfTgrrkcB7rmc1kWOLYA
cLRyTtbAaU4GLkvyLHDy5m6M4GVdrKanNxk7y8YpvLYC2LFzU9p0hrmlA
capGetDriverDescriptionA
ULjH3FtJpF3lQWiFwwE5tOS85LtbfLBE1C15ZUy6pA
zudgAxfM52LboQH3dXDpAcZmS0AbBDFaLuNYRPvHzxcdAJYCw6bfXyKpA
capCreateCaptureWindowA
F7t7HQv2xC3vinBph9QVxG4UqxeByo93kgggLzA
hwlLAiqxDkzA
eJHLa6eHlg0B
2l3dX2DwBM6B
AhsrdUwijzjMCmzmZdx2K3IB
AhanHyFQAjykyUB
kB0VnLJBh53rQ9smCG1hu8GwVEBPP1pyzmntfSENdB
Z91QDBRrJ8fB
x5s9Atr8DvBIU3KgB
zaxpWxfuphgB
4EE8Fd7duQ0C
QrvO1zJv5IHgW5Jejcdu5IIvK2J2efciY0xkuFC
TQhtDk9NA3QC
CMrJZudMSXWIpLZYC
stxYzORu5n5KwbtrIO07zfhBKHmXfxpKIl3cDaC
a0aE52ruOAr69VZlVJL8z33UPmehpMU1cHFZCfC
X0U8SlwKKxkC
RGp6jt4HCHXCipC
mf29ncrED45iqqC
Svmh2LChM5XDlQIo8yRlIXsC
36RPmVgMPbsC
Ee2QFJsn1H0j6IXqbXVZ0eITt5fj1P1DR0B1wKxXThuJNtwWpesjKRDcs4WCJBknGMrkLvZzXXpSbNIZz2ZSTRu3XmCD
QSYMrcXsEUDD
qw78T06B6XDD
ES_SYSTEM_REQUIRED
ES_DISPLAY_REQUIRED
aROshqGg5kLD
Xs4amflkLOIBar7rYOywLMFqPTC3rveiFozeD
WY5opeXFCs6rwHPSiWlox9ert1402IzDBgxF1vSI3OOKULG6Mcvpeiq34vIzmeskzstrJEq79SH2pelX4jeOmbDJtnc7Ih6nD
YfsU6dT03wv1pVgvgvssuZpD
UGSWQhRC7kGomAcrD
axwMKhayS1umhpGvD
qxabmlwy190E
T1KgTHAImitgxeoUG5ymbKvGyfuxk319ULw3E
ny3pNx0bZzOnDFKcs2B4pCAOBII4NhxOLnb6WitCA78W233cRitxZjUhsXUPzBgNK4jAaG7jr3AziSBzOPw5hJE
Y3vPPKJpo4bkZnVOE
vbTskHXZEsXRql1QE
430Xi15K6QKFo0552CSqruuZcSbOSE0Lz0e7iiPHF9PSsbkmWUswfGGQE
EXECUTION_STATE
thhSXfKfDIEzHijg0fAkC0024JXnieEH5vVzeLSrIt3oqWgd97DBKeqFU3IJiXgOUyZT0AjEKQ2vfDntAxFcWUE
ZK09ryMXGeVE
teb6csda0Z8N3CXgYsQwyq0KL5OStCUr8dSyclVBA1ChyK5y9SeCjHZ4tVAHI5i8LMpFoLWXWE
JCVmBcGoU0fUR5tah48l8DK8hjgXE
gX8sCeiYRaHzxmLYFfz5yRuAIeRV1djXnIiur65t2jlm50LCRDpnEKEdE
IiaAZ7ySV1kUkgE
mdJjfYyby8YooG0SbGGvQCs9L9A8dKdLEyNxJvZvhE
PjNyfNtCzXjE
Mg89G4kKVlnE
bJFf0lEGA4p84sgKFIlzfqoE
VqHSjA2yHnMDvL8XIDFbhsXW0tj1ii8Nik2vE
PATMoTNlPjDImcH06pjugAxE
Enz3yhXG628ozKbN31jyop6cxDM7F
4723FpqwVaDF
YsEBQhettpAhKPVZF
rgaQJisIggrB7x2lHdTPGC0BLZrRpMmSCDNsS5CJmjsPUF83506l1NL34almtOmy00z3u3AqRr0idiJLdZWrirh2vHLEW7utF
djI8ue1vaHUfB3korSOjbyKHEnMYG
XX3eMCn1TfHb97FbG
SbQTROax0pzqn58a0qdO736qQlpj5l0ZcLj4l27uSQuaoiiYTPJX3lQFyqpQzY9Q80uc8Dq79lMQyQYoGzSTkiG
vcFcHdVtKBSqenG
XVtHOF4OTXcsR14vG
W2tEflSXkxxG
Pa8ZYDKJqLFH
DgRp787xmQPoD4FafH2MzIZOEclyT1pgmVKBCjWkFH
b3dDH8Bgspj1qi2RH
0nQRKmtIdbyrMZ4fH
CGDBtT3ZauGsDwYbhY5m5s1t9pdOydpTfmQKCv5WxqVRTqASGgp9HZCEzWOP58PljAYXkJEXy99PO6DpzKs3WpL3YpBiMyJmH
DJbkgGASaD9cdknuobi6zDtH
aZ6QTXdgKFtH
6oVYK75IakwDw8nHLO8Uj8wH
dIuHxPRh2izjpmICI
K8IPMWrqzhuPbFI
get_ASCII
gSfO4lzOI31EhQ7IWzOgcoqCUjpxGf7uj7EnUJI
Uv1RslOAJMnI
UkaupzDZUrnI
IgvMfTThp8svV7KyI
AlI3ER6Xm3UFT6MuYBA6eJHuP5yzI
A4nTPYdnf04FpzvE5SeC5XKtaibkgy21NbY05mHMIJ
pWurgjHtNqXJ
0tNPq9J6YKl0O7gjraX21MOj7xMsxiTZE1RGgPheZCNcLSjxVbg0IssmhITc17HdYr1I8GM94ldmgCiTS236DeJ
9PM4Bf08ZRcBDoINKT1deu39oWKgeFRIjPFlJ
KRp8Dy6tn1yvwkYImpohmOv2NcKBGZjGu7FUf0FI70Jvl12xIDsJ
5qiskOGadlvJ
YWY7nUs0fUxCtr9CLZWCmEFhRiK8K
taFwwklXuVQco7eOK
7oJIuAgSk3TK
ixiRawsGKoVK
QxWIlvTz4PZSMkK
2VrrVY6bDsSPOOXklSooRrmODh6M7iXkj384ppEKoK
gcZbb6Rsx5oTJAzM6gSxB6lmkoTrbthEPF8mgSz778VKloAsa695PciEYVzf6VGj1uAfPB02jj2bdJTc9TshKuK
N8rqoRrMMbEI3e2D6fb1WDxiL24zK
oyIUD0MPhnPzzvh8uxx172UdvrI0L
mk4fBsfEPnBL
03V9ziNiJReH7zQbR4Pdi4eGHc2DL
Wswni0QbMhAGAwFAgs9gaaI1ORTJQGijRIPoHFeOSISp2N6zmtXrO7cWL
PB5IDGiIiV3qEzdpL
0IYb3g7HTtMOovXtL
okSthdPZYTPbbuL
P3KlKi87VbPVXoSrlizRk6fPwY1PM
n0mXHdYQHWSM
p93ylFzBvQn8K2xbSowSwU83vNN8f537ch3dRt9GkM
rqrpvlopS6uM
43pFahrlFYJy3p69N
hXKrmODURVCqw9TYwJy75SRbuBuGlkB9HHq3pHvi9N
w2Ku86eb5JU6dKKyGYFLvChlPdGMWBU1vsMCN
b4Bv0lKf1SwaORet3LPPJdWrbbsJMnzLP2n6IBBjmydjYv7XHgoaFjRena6i3e7ZWfPQhNAowGh4qdESviVxEKN
uoERlHaFgUKN
Dj2fJyix8yKN
ScpIjTG2yJHALvtbV2uQtqSN
rqa44T0Yj0TglCUQSvc0jQBKO5qdEvOGH3MPTVN
RfxGt91W7i6UtSnpAbbyMckl2SXjyJy2xvGe6K4isPGjDBaAOuI1kbay62WVcd2kZ7ZmRtTlv8c7MOII0F9eVZisRiZN
KPqoEQjnm6zFvwuLTJxyJB51xkKaN
UMZTS1w89m4CEW2YUkU8S4rkly1dN
iOdcaiGDs4Xbt6mdN
QmY57JXvuX8rJLpvN
lTRqCq5u6hsv1lOOM9UlPSFFtADFxsgI06AzmTAAD06bZqA7nSgAqgtAsvlPOMdnac3L8xgyvywbhfm4J3JGMwN
XasSVrphsLZz0iCMgrQ4hruKP2piG0ewRJRNdgVi1O
InBsWszTjBGV6M9NYs28JCULiJ5xaji0HNbfrtXDuZdrkoLpqzn7BZcmBjo9FngiyRo7QJSYUSd0N0dD253hB5O
LASTINPUTINFO
System.IO
4aBWVmtKc78mmpO
tUkWkgcSIoJJnH1ktziqRGshL3XUMgxcOpnxO
tFBgfLRxdicBrAocaIkuvvyO
gq7IROn8QEAP
XTWELmkXrgJcBldhogSQXybd4WI660jlHs0nsV0aALHnogYKaOpOzokAP
S58JMoeUSvRP
7pWzSrzEnYdP
HgsbbI9FfRfP
vIjdLlW2eWghLO7tP
jM7CpLycr2dx1jiA5LhCDd5Q
GYKGmLorMTHMOfAe9jDCTnL8Iyfm9NCaXhCKqP3J578OJWzfClDHZ5uS8rAc8zadRuavib9No2hl5dINH9Sh7AQ
269wc1zPxCeadw55AqxcCHN6Muz6MKkeoSe3vKQ
iGF2ORNRnyeKH6yOFwCI31ADRsq2n3Lr3iqIUcQ
jILrL3HZFmkFLN2uEgZ5YrCwHjlsvkn9fqAiQ
7ji6rFWpCkpQ
sWaRBN1eEdCrY3EuQ
15ruT9lAvP0R
lNz3IdPWqvkttJ59rzT90fEQtdGS4LX90y8YJdc7C1mwq2R
xApO4oDioCpbO5pGty0WKPDAi4F1M3RPnady2G37p6vCjTYntRIWXT0IEmMVzeZT1pGb4etG8R
t8NpksSO0hlHXJfqqSbXDMAj675AQV9qVePL8Lkn9R
xJZHuDcw3BlEvP9VOROmuChrlIhDPUC2FtFzz6zQnY64Gd5gN8PR
Q71TMasRvtAJQPQmWCBV1L49DpWzXo1imfCSEfiLjySfWd7XEJbnibAfLVsBtK0OHGzaWR
7caBm0csEgtnNyKEm0lJWseR
Z75RrxUbfiFy3jvIripBTssR
8BsepJ5ZPevYbeevR
eOA32okh0dHnu4j6S
pA39eo9oVpOYZjjbKk3hK19t573dBgwQuGrTILS
f4NXDak4gYpEJuwLS
ES_CONTINUOUS
NfU1pzKKMQmS
NwAbVvM6bjNP6vS
gItgl2I0Hy133ZAiv0505anMcqFcwVGLDejP9ON21T
YhoYs8RWpV1T
rj3zEywoSbAT
UPE2cn3RIXUDBCu0YcOgcJf6Mj8ihaakGjqVwfNCGT
Jk45kNdUlCMNb4iIoFMGlLTArI3HT
HrPycUw9PDJT
90Z1kutHAewsuLT
et3pdBUma6aCy08ST
62SCA9JTxWUT
0AoyXPQfVOcqDWT
VvArsq2Z6l1Ca8aZZRueQVdzMKCFB8TLDFYnT
wn4C1kqpWESmRmFRwstQTs80MbJlFYXbNeKqT
5IcTVEaPVzvT
lxwTBZTHhyxqavBE5khfu4tnJo34SOzatWGIBYQc3U
Ogi3VpsD6h9U
9NAIl2vsY46XQrMDVKV42IEGbbc8OAqIXNFGU
epojqs1A92HU
xpd3DOzPDnTyROU
YKBS0ZTevWkvnATnRXh4M5CTlX4LWWxmVDAv5eDxcU
xhwoEbuBGglU
q4a611VShNSmHAErcteikNvU
JKqyLbFIqNU2ikqb6bG4YhL1io68btbzJ4oqc2V
EyOaixxgGNph29oIt8DDN0OP1SSAVJ970f9G4yENYHRYsKx5l7Ih2j75sfl0VAzlNT86RiaDZzvip0a0z2JEF6V
MSyi4WxLMcwyecznK6oCLw75rlT7V
AotQzLUuo39V
dbE1gCERXABV
94ybMhPmlpgcijyBV
YdTCN9qtIKymSFaksM9aySdRhYnpLJhmTYCaNJBXbFSNw54nXhLS5NzcbN3bueL9hekyCV
cgJteW8MnraoDBPihYGypFQDyVD2IQZ9dKKVH6RPajD3KPW8jx3cpQjY6WNueSfITWwxRKG2EV
Czr3dwuLyOLftwK8IhPHnHvck74bzrOJRZ2AqLoFGV
h4BYOn6ztp4W40bF6jkmS5ABpKpKV
hYF5cfRpe9RJtPqjKS6F5LjIN6eOHC7ptT80GZemOV
LcH255qdlpXRdWL8Sb6BYAUmfd3bE3SpSPMxPJxG6WChFJVIGiH0MChSxiJdxFUX1GoBCsMK0W
jShlFcEaj12nqBW
dnq8DUhOTxJW
JYVLjWLSzMX94cwHhvkWEo97zd5nSmvPC0oQlCt12PCgFy2RES52bEqYVbPqpvFP4ODUOW
BXr8G3u5EX0auvCQW
w6Zy9PvtPqoDAWPnQMgW
GqXGaubYHdgKli1MKS7eA6FKSWgA0P5BmTB0lO2hiW
GtLVdqjJXxqJpnpBX
TRk3hEH7dSr3d02GCuXf3PcAcAMbUjxKayK34vLi6rvcuOtWr1IG7FXe1tAGk57BLEk0EsWqCX
dsDuampc0FGX
hojNHMPkPFRX
E50oVMd1BbSX
Sf9h8R8N94B7jXLN1mEJ88TYoQh0vG0EIouAMUjRyqEeFweTeTWcvogIDLCWEyOq7cPdgLSyoX
cpdiyL01I6L7IP4rX
X3c2Qd5rcbEZ2c2rgb9haORMW7JSjSU6jiPnisX
y4KJFHUUDWhlyEcHM0zPvgYTPFTwX
jMlHZbbOaK5Y
qRA5bvsCLgGY
QbsR21z4CK9JIpNwbQOe5cRY
EZczZfDiFVzCQokW6sRGQ587P989xVpERajeDsf7Rm80dC7nm4ifF95jEtDzyei6H6T6Ag01ZSxp1aZcCq8gtRY
fyhow2gsrFNjuSwZY
8fkpuqsBLwLQkdY
WQG7sRlVsifoXZglY
RuotuX1tRdIxSrY
lNcs7pb1P7qYHdbfR3g6A5h891AvY
ZPteXIw4aELhL99wY
AELulZMWMCyY
HLrRpJg9ms2Z
7BxxSDXlZQo5t3P9Y7Pul9CcEBuAZ
4bm5h98Z6w3gOqoBZ
DVYNU47A3UMZ
cqlCwDEC8hUq5rtQZ
RcFTUOrEjCE2MzcXZ
aOBk6gww6mMdkiDmZ
tTAFbUcR3y0bmyZ
4Tmy6LLHPEpkHD5GbjXIXH95QKCUaCO0a1ExKzZ
Dispose__Instance__
Create__Instance__
value__
xNTvzwt5tFyX2YEj104xCQ3a
hbU0EETl7aQmsLL8a
TGbZGbgDg4Moo75rZpbaITJ4gMU9a
5fhIDooJAOdj1WcCa
RKGQdBsM3GMp4UcHgeSsrCgjpeLeeyNzhCJp7cnceprZeJQIPLQ8n2sKa
6Mqg46KtzAIztPa
Q2PLClgbFoynGoa
L85NISmnmfH5W6Ovx54Ssyy8dwZrUkvyq4KSVIUxsa
ProjectData
9XBchzrOxoOzclQ1LLyhE75b
qRWXErGnWiLNxKHFb
OztqvpPJGwnmAnvIxzAfAajNbedkjoqs9n4bFz23cYpoTDul9oAohh0PeOSOgLuFMJqmNb
xOd57HjCI7Qb
l8ehiVa6Vp4zyLW04YezCcZfTIFhHQmBhtf8hOOMmJj7f4mcGbuKC2sliSGNCUYMWUix6bqWuIdLYeqDkLcvtQb
gUzVhmIeDyCZNR4NW1KlPJSb
ZwzeP2pmAWW2W00UiRh2ToabqCOSb
JXJ4BQb9nHlmkJBbb
Xaad9y7NIZj4p1zqGEnaX3WSecqlGNPbWJP3Pfb
mscorlib
QtNynFDxUmzb
bCxztKjPBSJCE3c
V73uZFT4RBI66oT0ULNCoN48RaAe7FzBwSfCXs2eRtHX5AYtwfV7kDp6c
0YzoM8LqDZ6j9LRnFt1qFGzu3GtCc
rpGFUROito3ZhzsGc6vpjLNwvNkGc
iUhSzSfuMhbc
uemO6I9ON1dc
u85RaXHNrz5pKGx3tdcuxnQbGKiDMom1HSrr5yF2ejeprAeP2mzOBqqXuoQR2fniPJintg8ionFPF7TirYQFlaqwE1fc
System.Collections.Generic
Microsoft.VisualBasic
0VWOItQZZg3XF1Ijc
LowLevelKeyboardProc
8E2AbJ3FOp6RAlMg7E0slKpm698aSdefIEp6fTFipc
KZnnsWVafLaRxVKpiIhVfP9mvz9Dd
GetWindowThreadProcessId
GetProcessById
xnWIeidg0j5b161fZ9aoj8BG8ihswaEXYIy9dI8m4zEylo1qsNd7tKNEwtyUr7GyyWlC1H4M5GGdrbfHsVv813oyhfPd
Thread
RijndaelManaged
get_Elapsed
1WqeErSMT0fd
UScEVNFmic5pJ0gTq5lNaSewSdXMBlQrvXGnd
EndSend
BeginSend
Append
RegistryValueKind
9KZ1JSXR4tnd
UBound
set_Method
CompareMethod
TargetMethod
rplJrA8e8Xyd
yloKMYce3W13XtLrBBRtIDeDnvQmgrgFbbuXBRo5afLB5H9DRG8eCOgzd
btVQ73PSfX22YXwW2Qo6wIrLWEu5e
0E1ntjQuRyPAUuNv36Dwu8bQdcdGe
Z9dlcLccWTVe
uO3dMTe4XvJMRcRdMWj3g3nO5Ghbe
Replace
IsNullOrWhiteSpace
CreateInstance
get_GetInstance
instance
GetHashCode
set_Mode
FileMode
EnterDebugMode
CompressionMode
CipherMode
SelectMode
FromImage
DrawImage
get_Message
EndInvoke
BeginInvoke
IEnumerable
IDisposable
Double
get_Handle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
EventWaitHandle
Rectangle
DownloadFile
IsInRole
WindowsBuiltInRole
get_MainWindowTitle
get_MainModule
ProcessModule
AppWinStyle
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_ModuleName
get_MachineName
get_OSFullName
get_FullName
get_UserName
get_ProcessName
CheckHostName
DateTime
get_LastWriteTime
dwTime
WaitOne
WriteLine
get_NewLine
Combine
Ot2vgz9wXROs9DApe
ChangeType
UriHostNameType
CheckForSyncLockOnValueType
get_DriveType
SecurityProtocolType
GetType
SocketType
6TDEs9pS5eGIem3hRpmtaHVzzFHqe
System.Core
MethodBase
ApplicationBase
HttpWebResponse
GetResponse
Dispose
Create
MulticastDelegate
DelegateAsyncState
GetKeyboardState
EditorBrowsableState
SetThreadExecutionState
GetKeyState
Delete
ThreadStaticAttribute
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
HelpKeywordAttribute
GeneratedCodeAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
StandardModuleAttribute
HideModuleNameAttribute
DebuggerStepThroughAttribute
AssemblyTrademarkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
MyGroupCollectionAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
DebuggerDisplayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
WriteByte
m_ThreadStaticValue
GetObjectValue
GetValue
SetValue
set_Expect100Continue
u4EeKaFJC65Q7ve
EndReceive
BeginReceive
Remove
XClient.exe
cbSize
get_TotalSize
set_SendBufferSize
set_ReceiveBufferSize
NnnjdzE2ym4OaoYcJ5Ragz5669YZWhMsbvUyH4f
iqCxQpUfItYcOZOXDLrQPT5UDngN0dRqY24K5cfjBM0qhEQeG3VLlG7fQVYazL4oXqN9Cf
gpZh9j27YyZ13rc2X58gu4hpQ2fCe8NEeEmkSk16DkpvQwJBSCUXu26RTOwk7dTwUzZSIDAORKiuW1zendiJPLf
SizeOf
5BTNF9bRvD5IfYzfoJg4eCPBxocRf
odKqwSPRVXDOzFvyF5bf
BOULbd6uwrlgkEzx5CdkwCiqluWTJ6OTgQdQlf6u3m6oDXX4c50EPtccgiJPgTTtUBcVqVBgHQJqZChQoqn4Vpf
AuWkVqXjmdTFQDr9iaCmJwZ6zkCvf
rS9Q2clJWpG8Ke4uFHMwaMR5NQhp2XgvJj4OO9g
4KJ6tHbyaR70XaHDBl7Vhl997n9b61R34z8BhxBNAg
CQWbmGec54fssqUTf1WcPMOfc0dvpbIC8OWLepaecOMc8NXHIibsNPbHtH4zUvJM9MRiEwvUAd5JXieU3kgo8Cg
f2Dr6GF315pXVB5Yg
get_Jpeg
System.Threading
add_SessionEnding
NewLateBinding
Encoding
System.Drawing.Imaging
FromBase64String
ToBase64String
DownloadString
CompareString
ToString
GetString
Substring
System.Drawing
ToLong
set_ErrorDialog
H8j7avJFT8DlJNL4I0sIB1BIdIAELfCEflMWUTFFeulRUWDmcx78r0VXrxYGjXkgWkvr46FUppZu5jU3OSRLBsg
ItflbZYiEYhbVy8g0UFoxJCvs64Ew7XV8knis4cb6h
xgVQlsHsa2Xh
Stopwatch
gC58upPNuzzOQhrnh
ComputeHash
get_ExecutablePath
GetTempPath
get_StartupPath
GetFolderPath
get_Width
get_Length
EndsWith
StartsWith
ftI2AC3FKEUNLKQfeF8nND52Qfd3cgr77rCzok4HNZB72RJE78jj9tmucXdUC73STEFWmemvWqHZFGnqkkDzw2M0HW3i
ijczngqePBLPjLw7i
gRInpTru8OEi
ykEWmOkaP9EIchn7q4VlRd7nLC2bDjJkZq3XdGmmh4CO870tAY9rgrXACQcPe3VmFb5mCctnEi
5Aj6oQgb0koJKvVPi
t3SQS4wER9s6vq3lnf1BmBLrxiUPQQuzg6b4Y1GZAsSBFiTL5tXOkbVRi
vvqLLT3F4nMpuk5aCW7Odf6DpY3nOyorjFjVi
1ugUGzdU4ZJCJzshm7FCFtJteJw8l0ivWVPbqCcPfL8EquEQsisV5ssgexMJUWIHW8wF2zrBai
t7OqE162JiGvppdQ2q2twg5rrwMGNb8QP4OXq9v0CnEogqbt2zxaKyNci
tJJT9tIzyqii
VCXJj7uqqrqi
fLFwHsvy5XNksMN4j
4Itm3sFOW047LHPAj
uLd7sm1XYEIj
t9g0Vwawv3sCPluIj
3FW7il6xoYJj
ruh8BgpFHtC91m4k86daVn69brrVWCfK4fl81e25CgbP9AF86TCbQ3BxAB91u3Vui0pDDFC0ch9OOOZmNTacCWj
ikPcLxCtTKZj
IqlXVqp543cj
vaThM58o8k8bhyNazw99Lgij
XJ46uM2yg9ulX2TO4XVtNL9foEuRQazWaKuZxlj
CdgUpshm2EuYI9KZvhjI6kdX6UGAA5nOJZQfRv3a3k
fJS6Ny3r0THk
eXfrjW2ypz0ogWXOFhRVKfR87bBGpSeDY8CUvzK4WWndgzHHTWuaL15CWb29wEhxN6CP8lHoNk
get_ServicePack
AsyncCallback
DelegateCallback
TimerCallback
RegistryKeyPermissionCheck
TransformFinalBlock
bZ3DGNHtX3g2Gv6xHT402OejwppgDgnT5hz5Iyis8cLu6yg7pfAxSNYiabuEDNpfUPvGGTjjdk
Xdrz62pHiJZBEEX5KdcHAyik
A9r6QHpdLsLn0jutzYXzTVxk
2Mmy5FTN5tL1BCl
yLhlQCwydoKcAMl
9GqCtHo1xztcV96NhIczZQqm8hZKJ28fYUDGReedQuWhWPdgH5QfxPGOl
RtlSetProcessIsCritical
Marshal
System.Security.Principal
WindowsPrincipal
ConditionalCompareObjectEqual
System.ComponentModel
LateCall
kernel32.dll
avicap32.dll
user32.dll
SHCore.dll
NTdll.dll
wIhgFiPbpaP6jhxDdDg39V9AsrFppU0eYt8ml
set_SecurityProtocol
ObjectFlowControl
WPe4NSeiGCql
G7gldtImTOsJE7x8m
xCsCvBuwSJ3TO34bZkTdLPdaDUZorGFXmE4pMEXCSuUGmZooq7YYfjSgieEwkKsHYzblvw6Tyr11avkGbgvlsdT0OCNzJwSDm
7NIEe1GImCoOufrN2MbEu8UBl3v1fyPZSecWTaiT7AzTk2P7kAPUOQPYMZ5c9BgDeXIlHm
FileStream
GZipStream
MemoryStream
lParam
wParam
jySaDHzDEtMm3BIgRDkzaPLRl06c7knt5FU4WC0bxFUN2tWIMKluIPWZ8czOnkrtFu3yRtv2bm
get_Item
get_Is64BitOperatingSystem
SymmetricAlgorithm
HashAlgorithm
dUZQBUIYHyXbTjmjm
Random
1zEZoHc0G3AeKepvx9Q6l1XXrVCnZ2aItN02OtUZHJdlWckLxN51FlRjkLBYlNqyXQXW4CZMhsJxtfMs0wVqIqm
ICryptoTransform
8NQgp7Ck7fh9PhIkcMxQPbtm
ru03cG23eMsuREIUOG97c0fjMHxutp6WxoZKgeZTTXknB4VQ7mUpIQS51l43Fq37HjJWi7aQ5n
5BLDHltMTtEn
CDxDELDfc6Rv3ggLprvBjeFn
QCqM0uOMXaIuHOn
tidcjMOKWeDWOXn
ToBoolean
op_GreaterThan
TimeSpan
AUWVeNf4B6WnGyg3Fn3P4Cbn
CopyFromScreen
get_PrimaryScreen
NIR3SdWTkUyEid3fn
System.ComponentModel.Design
AppDomain
get_CurrentDomain
QNp2yBlKMmUXkuuomfjEdXnn
vJVBGfyoIJ2qWA6l3aJ7EChOFKPon
GetExtension
GetFileNameWithoutExtension
get_OSVersion
Conversion
System.IO.Compression
Application
Information
CopyPixelOperation
Interaction
System.Reflection
ManagementObjectCollection
Exception
Environ
SocketShutdown
6siJ2hc9ZbkQ44NsqqWDfZZ5Hqd1o
UTeC5bOqWgUrM7woHGvYjr1o
C1OWtU0htpIuJtN1SefbYn6o
SEnj4tW9DLmi51liSVhj7fWzVrORbTFW3Vu03EVCgta9JdDkxMZUmij7o
S5PHFLheoKkIeVFpbHUxjDNbqRDHo
OWaxc2IaOoWtDZNLfy6KsXufCvSWd9liWa3p8HM1UYOA5SlbzvWjacpv9FDhwo6W5aNwrN7NOo
2e2xmpHYWWrRsSo
get_Info
MethodInfo
FileInfo
DriveInfo
FileSystemInfo
MemberInfo
ParameterInfo
ComputerInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
NwO6iPmsAIVSpTaFaCBlrsho
R9zp08hhH9mo
ijWOOXidRAD6mGUxIa7JjlCF9CwK5OwkrG0krFPquo
E69eJIqhshwo
H93bB19jHmxo
ALpV4F2XgYNlqR7eu74sFvAp
iOGMX7NXRX2V5amJp
NsKql0W10ax6n2cOp
Bitmap
MUwgQ0sMHm7q
SbdmAz6acj4M9l3Fq
pSLJio4ZMGoNP8jGSJBdnEeXYPdLq
vTOrWg3TOSsSeD7T23g2IdHrkIzpuA2BqpjgKaMoOG31z5nuupbNObHXPHblNpB7XWF40GI13vsVDxWlpqTshRAYgJVq
st1wnQFcZHQyntmCGdk6DIJr1kPaq
dExcGTALG4cq
dCiEpBAk0MGs22xnBZKsBth8N9vs9fLZI8Y91IkyyxhA0gLaLjbcQ8W8uYdGMBEbaaLH1aq4sN2c5IB9k3Jezcq
System.Linq
x1UbXqQ7gWyoCuLg5swokRgyTnnrmmUyEB3KMxq
DRHtjYgngaHed52Fo7dkC7H37T2pgi808XPzq
CkfgSzn9Hj2DM55hB6LYXMGpsCdGeZaEAqCUtzq
2zDPP6ZLur2r
TYJbuIFF8Mymo153cKejyQN8py7WMGeUk0jnIbd0rLO2IQ2vlNViopCCvziI7ZzAiJJZZaoHqCqIjEf4Xcju16r
j2OKAmbQLB9r
GVQxMrqXTvgRMOsOOyzs7y6ypjQlYJGPGZS9r
vveZ4638FlYr
MD5CryptoServiceProvider
StringBuilder
SpecialFolder
ServicePointManager
ToUInteger
ToInteger
ManagementObjectSearcher
SessionEndingEventHandler
System.CodeDom.Compiler
ToUpper
get_CurrentUser
StreamWriter
TextWriter
BitConverter
ServerComputer
ToLower
HAHw6cArqhhr
CreateProjectError
ClearProjectError
SetProjectError
IEnumerator
ManagementObjectEnumerator
GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
IntPtr
WsifnBZcnjNi26bj0GkR74hj4Vp1gioGdq3zr
0LHPug277PVWV79QwwChvldEcR0017bY5S1PJIOvjDMwpDnxgraWtpOJzm81wrPm2GvJD3yI5s
YFNPUqGKvc3VCGkPEEp1b8RVlsdEs
8qdsRKluoDHs
ZCf0bJHTKIvs1OrIs
Graphics
System.Diagnostics
FromSeconds
get_Bounds
GetMethods
g0TO5aDOutUyDwxgtmUdsX4erR0WTsDDbZHMKdNe0vhejqulVX7VALZ8LYkulwxXNAfMJDKdBrAYMIpwO2lUsztaXSes
Microsoft.VisualBasic.Devices
MyWebServices
Microsoft.VisualBasic.ApplicationServices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
Microsoft.VisualBasic.MyServices
GetDirectories
ExpandEnvironmentVariables
GetFiles
GetTypes
GetProcesses
GetHostAddresses
FileAttributes
SetAttributes
ReadAllBytes
WriteAllBytes
GetBytes
GetDrives
tuiRm1l3FBfs
SocketFlags
Strings
SessionEndingEventArgs
Equals
System.Windows.Forms
Contains
Conversions
System.Collections
get_Chars
RuntimeHelpers
GetParameters
Operators
GetCurrentProcess
SetProcessDpiAwareness
IPAddress
System.Net.Sockets
set_Arguments
SystemEvents
Exists
QCTMjbV49qMep0k2wHYU5YsyvHJ5dWgwzsUbNB39y62PoYBZAKnBym7xs
EfHaOSvQpb3tQXMULwIEXg9dbLL7t
nlPBBrcexd8iql378YjIH6AGxhYEt
YudOU9QT1gOiCaq7iV6D6pMCegN9pyq8iimBYtlovEqtErsykBfb6qtEt
Bxw35fjPDBNt
3H4eg9vIA6e2Mat
Concat
ImageFormat
PixelFormat
AddObject
ManagementBaseObject
CreateObject
ConcatenateObject
SubtractObject
TargetObject
ManagementObject
NotObject
Collect
Connect
set_AllowAutoRedirect
LateGet
LateIndexGet
System.Net
Socket
get_Height
op_Explicit
set_DefaultConnectionLimit
GraphicsUnit
WaitForExit
IAsyncResult
DelegateAsyncResult
ToUpperInvariant
set_UserAgent
XClient
WebClient
System.Management
Environment
get_Current
GetCurrent
CheckRemoteDebuggerPresent
ManualResetEvent
get_EntryPoint
get_TickCount
get_ProcessorCount
GetPathRoot
ParameterizedThreadStart
Restart
Convert
$VB$Local_Port
FailFast
HttpWebRequest
$VB$Local_Host
set_Timeout
GetKeyboardLayout
MoveNext
System.Text
ReadAllText
WriteAllText
GetWindowText
7P9hcQRRCHBu
eUenRitRU6a3mGXBu
dlsb2Bc1ePvl9IpCE56lpavmguPvMbgrGS54Ca5LtxkJxt8R1x36C9O18dlmfMOl9i6SqWLGEu
DnDsH2deEKnn5VpygBX2dUgQdmE3EqBYE9V5LuOMKhG4YUPHCM9nJ9zMelMln1OQ393GtQl3Ku
R0aqGAGzipRu
10bHDQHv26Ezsy23znXtHq1hCnabu
vb1hOi7jqWwy25xXCdKc5IxWmVQ2j9Aku9QhTv5LOWCpKrElkx82GewhYv4uSgrZLXx01zNmcu
WeuaDGJoPtfTvvYDWVNWUvKOVselA0U6oYnccfu
z5JCMoJzlGqu
ij2Lr3abNR39hifAMtH35n0v
scQkQ0hFVfLv
3fS7vEgWKhczvaUWy40O7P1Mt033VnIsS2qklD7svVqHj6lMNyU2Rgg8cJDtRnW2i1rIT9RlxViZGquNocaXJAosaKVTVeTZv
UQ7DkSwCatdaoh9UoABZqGkZ5jUss6icmSijv
lR6hFSyrpRBOJVCWpJ5vonNLIjylv
gH428IFLEwhJZ8DZ1JQw7h1w
5Nl8glMeSdhe7bxLRjxefU6w
ZU1kz6stoSjbPWYJw
SAMhYKNkayNw
h5XsspfNQVxuV7BzbXzcNdL1ZQ3Rw
QCD0kumZZPYbjCarG8jlZOUw
J0Tx4hhrnkECY7NjejCCNGUjKaxji0wVZ55gF90kWw
1LpXhbbUQ7sAboGPwzNYNLdw
GetForegroundWindow
set_CreateNoWindow
UuXUu5o2t1Nwz4x
ToUnicodeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
18oAhBvxWwEx
BIaJZk3RcnLx
bq0rMvfyBdroO3hS8ECaglOx
QpLYLJeE4PVgroAMxVz4d8f36kEax
LateSetComplex
101CYFb8zyex
1LCF6AvMmJWBBgpp427wYCfx
3uLClUSCmer7oCLcw3skc3sGLABKKRmE99pzynx
9Bh8uuS6WyCNOLPiMNn83GTpx
osaf0SRXdWfde52FRJMnXRAADmsqx
Y1hfQHmNIQXZrqR4y
i0fl4dp7fMEy
6czwwFVWjoEy
CaMbbHvbY3Osw0IuCbsHTJxyI36J31qMg8myvAo4Ny
ToArray
XqxrfJyvnPoL7PkVJ2ZbPy97SCXV2t28pQcrdEvSr7iiYZs0n7mJSSHKODhaOkQ6BCFYby
T6T1joWKMVcy
get_IsReady
set_Key
CreateSubKey
DeleteSubKey
OpenSubKey
MapVirtualKey
RegistryKey
System.Security.Cryptography
Assembly
AddressFamily
ulZCET0kapny
ObjectQuery
get_TotalPhysicalMemory
get_Directory
CreateDirectory
get_SystemDirectory
get_Registry
op_Equality
WindowsIdentity
IsNullOrEmpty
RegistryProxy
IW4r7LUeUkZ7ouxwCTFx25IMyiP8RmhuetVWU7i2zqFsEG9fCpJY8BByy
x2mq91ixN3qryTIwmT3xRLSvU860uy29H8Dzy
YDB8evbD0sMu9Yk2z
WWNLuXR1Tp2slgCPYbJUJPKz
J6DA5IM0SXlUFSdLz
Ks9cfFkpq6Jf6DKTja0q8HI0TPPYrGqNIdJbuGHhSvhMauVlW4ZqV3w0nvloiE4SKZRtGOdoLz
CaFiKKmFHSCjOcefA0ABOPE8FWUMz
NFAUBf6HAc9ecr3DLoWLcGcF4CACg82rptx6vdz
cMUwj0sZpNQytxfzz
WrapNonExceptionThrows
$26b12380-2891-4b9e-bcd7-19083328ddc0
1.0.0.0
MyTemplate
14.0.0.0
My.Computer
My.Application
My.User
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
<generated method>
<generated method>
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
kygmE0hUzFzmSLGRK8QBecKArX6iB4lTASqHBHWQrJbuBXJ
BGlq1KoeNud9qphidyv37LRjv4b1SXGVurgDf4EweenJDcXSj5AsFxmfiZsjeYfsWa0GPKdvqMFNfHGZA5kmZphwslQemce7N
Zo1tEKb62Yxl74dd5LVb9Es3lGrun6gTq2yMUw8ZCyhqI4iI0LexYsrf6rVFPA2GBkw3NkzFI2JfHF7vNZqm9AU7vfrwx61HE
duRXnuD09kU3CWa4MF0V3CW4m8sMZn4LjhHKRC5HUTV8m3q2ASl35gAp7gB4MgBgkAPJXY6RQscdY9VQNyp62ZyRigKBcPgjl
dbcc0pTaOL5oURNzS1V3qXdrmax3jf6Xgbeo0wxBceaVlB87NOV8swtbJoAfo0IiuFmuTgLbZvhp263PbYuYbtCYBCIMZsV6W
Qka77SX0k1pHotbxBeU4YNbDRj5J86FwPPImJnq
nlt5riP5CJiaEtenevcghGbW4abWMUXIyBatH1W
RhWHHHPeTQCaUvIGOOXbhA==
l5F4gmocS3TqPuT3jsb9Cg==
jt/CI4OuK3mbeIGVSsGyow==
TiQsxD7P2CT7uZ9pY2+CLA==
vh04Czbuke3i5Bg2S+PQLQ==
WZFzA6OjkrFT8NoBXFx6Uw==
0wUJnDUrfN3xQ/yI+UImJA==
ZQqdlYNIcbd0tF9UxOQVVA==
r8YLWC6nkfRVw22k
\Log.tmp
9irg41m2RhlVUjNuLgpqhKspvovMbM0XwulMepI
DcdX59Rp9gKX5pFzBtZR7QiiQtxMKDrkbqbi1NI
WScript.Shell
CreateShortcut
TargetPath
WorkingDirectory
powershell.exe
-ExecutionPolicy Bypass Add-MpPreference -ExclusionPath '
-ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '
http://ip-api.com/line/?fields=hosting
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
V8ucbAH6bEXwgwsvplTeSt8Of3FCgNXEKpTomxz
WqLFi4wcl8WjatWcIHG0GMWDsMrC1NILKVRpdEc
f6ufL59gW1V19fkIhPfBlvmzSa58mfWNgE0Mflu
2LMddAhdbfiuLZt4XcXJ3mtXJ9Q9gH1tX9GDWo2
QZfPxO8T0WduGEUkC2DaN6bCD7Jt6lWOSzCryaE
QNbppFLC5dqoNJYXSiDHUoQVbSdXI0RmApdKqiG
OIB19g30PcZoQzuLWqT3SbnxSoPxXgK51y63bNW
6atA7QGF5tBcNCXHQymfzEyC7ILX26jcqrUIky1
AQgUGsb0qurZATfqKj6BomfmrjkmrGuVzu5z92F
GME86gExxkZRimIfFBsq2c64SsIgBjAIdQqxsfT
IeBnBvsOjKJ8L4UGtY0MPK02Z62RY2xfFYZxgux
B3aZz5z8xenuBFa4jrACnduX
nVexQlVLjZoQPJf2r7yj8vCb
Ab9aBzHVuSdca98oSzTDdzEi
Microsoft
Service Pack
dd/MM/yyy
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
SELECT * FROM Win32_VideoController
Win32_Processor.deviceid="CPU0"
Core(TM)
Gmb5uj8tquTfHI3QjW0sZB38
nJLj7RpAzWnxQm7Si8143F1a
qfh6aGyznHBM5nCgJ2CuN8wb
7wNd7Ppp6IHnm4Su6EovnOei
Rgf60kUjVVrE0szKSpD9Gr0N
rgT06BPNydXOpsCEyv8GLkJa
4nl7Jybl1w2NUcjO0p3gzoJF
Ron2dO9lIYqRBnks8k4kkifd
RNYx4ZweBCybSkRxnndyRlJT
s57RyUFI2ORNGhqKSNO3Oauz
cFvYEO84Rh0Ykr9FczoqAniZ
AyEIBaRVDHhaIbpm4kNkPyVQ
hVJq2fVsK5dskcNPb8NXydVb
GVazggPLQ1Xh03lP9zPeStfi
DymUKVXnrhT0E6G8lFVmmsNB
c4sVc0gck7CYaGdLlQooqt52
vKJnSVY3WitQHPaY9vpErSVZ
b0HDlioYKRbRM5tmXC6BBNVk
sr6jeQcunSbjXJMaNc9KYthY
xcu67xkqV1cIERFAh8j4mfEN
pliF5RyzR7VCcM2QcXeTC0EN
uninstall
update
Urlopen
Urlhide
PCShutdown
shutdown.exe /f /s /t 0
PCRestart
shutdown.exe /f /r /t 0
PCLogoff
shutdown.exe -L
RunShell
StartDDos
StopDDos
StartReport
StopReport
\drivers\etc\hosts
Shosts
HostsMSG
Modified successfully!
HostsErr
plugin
sendPlugin
savePlugin
RemovePlugins
Plugins Removed!
OfflineGet
Plugin
Invoke
RunRecovery
Recovery
RunOptions
injRun
UACFunc
ngrok+
Plugin Error!
ToLower
Open [
-ExecutionPolicy Bypass -File "
qR4zXWjUrPkPZy8GA8tPRxXg
bTsgwCPL35HyM12W3CXYS4UUM4pmNUFC801PG5TzFH6lMekPYTSqAyjMy
bam6JS8Ts7Jdno8sy6KRaoPr3icw8EI1htiPM76YYrqynAJtMCiTrdGwX
QZ184IFkmGt4dcunoscd7RWvO8skWDcnIyrV37bYIRe3H2sK6mapmKPpO
RTVWBNXl2xFr2zByBKYS0ECqHQu4iNcOLExtTJj0McEnEX8MlORHriTdZ
8imt9Jd1BP0aIx0KDhCXAHTFr5Yhs8ZiHQbGD0UVSznn9SihQtVwvA6Gw
xYaemyIEzkgBSiGikLkGy15NWr99mcIaAJm6LmJ0n01HrenWc6u9ZhVhY
IZY6wNFSzHUODR1mWJtqsyzTQypLtfTpSYgF57aJOzDJUQBG8ZduUlR7O
oxUiyjsf8Npcigox0AvyYHsaHbiHhxdbK9nnGsKR8o1hxJJ8HX6IicfDy
Pk2ycobhhIq5WWMjf6acuXgYcqZ1qWDd69JM7tFirmFp0lLtE0ZmRyj8j
5VqhwLczL0qTXcaL1FyDe3GeCRgrY3gR0x0ueoRHc3butQGidf3RsrGb3
YMyYei6KZsVLV8kCfijuitCsSJAoBWftf6B92Ut2rd
E53VzFDzKfCjzt3rCq0v9RyJZrwdtqrBdUD7XebczG
PAvHdLIUJblo933tMeRGWwlImpc2ewX7eb4Trdp2IJ
gKM7kZbLWKA63pBTGvIa0fBk922RnDSum5vOFFagDL
LM0e65h7sBE07O9igXWrApwrVcONMp2AdLlxcw9Zg3
POST / HTTP/1.1
Host:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
User-Agent:
Content-length: 5235
attrib -h -s
*.* /s /d
@echo off
timeout 3 > NUL
" /f /q
JztyGldC3PnaLt1bI4sT5VHy22zOdncInF0PA3DNxe
QjADtQDhljwWHNdP4chmYfCLfzexsecBauuw4viv0d
wscript.shell
Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
windowstyle
cmd.exe
Arguments
/c start
&start
& exit
regread
HKEY_LOCAL_MACHINE\software\classes\
HKEY_LOCAL_MACHINE\software\classes\.
\defaulticon\
IconLocation
iconlocation
arguments
&start explorer
HKEY_LOCAL_MACHINE\software\classes\folder\defaulticon\
qvVapkp9nt29qPWkRr5WM1AWJhU7I9966In4qaDpQC
OGnjAhqFJHLcbHW82hXWxY3gLSObFqmyiqqfzxRq3C
WfprQ0PGKslymIGFTpOcnYpiTnUm0yvHIZELBNFEZ8
2S17mtybwJAYUdcadCV1CKG4MijH75pNfwuImUBW4B
ToUpper
[SPACE]
Return
[ENTER]
Escape
LControlKey
[CTRL]
RControlKey
RShiftKey
[Shift]
LShiftKey
[Back]
Capital
[CAPSLOCK: OFF]
[CAPSLOCK: ON]
MainWindowTitle
ProcessName
QDB4OeXygelJ7hwVvV8UcDUuZhjNM3KJP2D5tVE4KN
1jGnSAUYIQy7qsmtCLFGPcCSe5XedKeQkWPcWJkw1v
bfrvHO7ixgeBa4g3kIw0LlgkP8QKUdlM5pzvn9iQrc
newkpvfvXXYQAocoNGyn6uB7ZGuhz4lBdGWkHb5VSw5QuDnUaoJkK2o4NkOIfqobGMCexmWLIG
XLpcOMu4smoy5Ua4AicTyXZp6mUUPhcGBTGJsj460TnvKRSWLomLxhemTEGB6vO0QdyQdpq1SZ
Wsh0Nu3jSYdcRjbyblLjjnAY9JUq8lerHMpspmBqqarSxqFvyqoGoJGwQvgGV6YjZjdE5VU3TK
zrJOnvQIp2p0DEBzjw12SZFHfGOl2ilsTxD8g173IY0qCk5LdrsRgQl2wp2i8wfbrpWrME5Ppg
EyHt4NKeSdnyS1hhgDfJpV0uF6Ws4NmSj6IpGT9jC2xRZk8sMKMS8HdiyBe1j8NU1Ea8lQXDVj
Eh908vCaNVq0BU9bukTbeuGRiV72IDgsjqwDs0w0lAp4OBpqfYwIaAQgHcwFZ4ycFazqx6JwW9
u3xiIzuOkpbnMRb6gd68sGXBHFw4uw3gUAqeeBytPp0VrCJDCLdoZcXrSYDJ7jFXfwrRgy7gxz
S2uxJIRrBH99Q2LNlvFKBqKM6f46OFC6fsqFWGCRLXzMvAwFXnRaICt1fnGFMq9NrhT0PCuY54
g9mZZb6MSB3FMtDyeYI3c58FVl6EyKDxxxQcJcqMTXPYtCIDX6auDKwZwvXr0U5t0CNHblhN7n
8zzf2CJwHglTa9viE
Ulx8YW4yy2KH64Wun
WaO4VVkR3pKGnW5ie
peg6iOparMYmv1Nza
HCLAWYMMi7aRrPAQX
gCCROe6u0DxC2UXcP
07hn3Kf8cgfaJvHr5
vmp1CJg4LsYVQLr1j
eenpp13XnekRqfasL
CGW7JHupsF98AhuFs
QbDRP6ZE4aJ6IYkZk
AwfLMubU3lT4lnsQw
a5pLvdtIQFPMTOPet
Software\
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
abcdefghijklmnopqrstuvwxyz
Err HWID
ToArray
Ti3J9385kHLvesklJ
Iv2cjUxkCZp3Lr1VU
vNY7N9MvVIhQDbApv
EcWYDOuTAlQyvZcvW
m74zJyJrlGKrcqRn9
1IXsTDHcfvTMYHCbX
xCTGwV4zCUQsEUdT5
pLg8i2ovIUkZpIYUy
L083AG6GggqXooz3E
z9nt1bR0Z8XnzvdvV
EezXbxLjfBCNTkGve
SLIVVjCRp5gEvJvn0
8jZVfUKh3Y88w606B
VqZQW38pPSLDzHOoY
rnRrZcq1KxjX7TdIp
uJGBN9guOuOfwRwwr
c07Pjl4S0IT4CUPWq
z1UWMZQ8Lmnq8J03o
mUapHasUKSdt9iRXO
0dZkv4mwuLP8jdym5
sVHlx82is8TlN8hY1
hqyyW8JN7I68PCkLX
vebBuIKlRXK6V0MYH
Gr1tBKBw30e0nHxI7VDFeex2YdHCcvgi3MKKA4gJdlffL5lE4gIvN8OmtPameYqnSweVwIv2E0gFbU7lywNiamsvyYjI
kI54uxzQnfNAkZGXqLh5U2elkGUIo92NQj04s1OfVM4vzJ54eOBwhIHx60XzFp7CBMNxi3RgXIERecL5Fzz07vJwadg5
OxBhl6O3XjVolRLYjz1OEpAOuMnLQaqXIsp2tSOPw1FIWWO0JvAhgUaASrDaMNwF0NFeb6Q8umHZQVDEFPjI3iAP1NGQ
RXvE1raNKap8o5X3nmhyVuifxOLChG3gXAtPoFDOWbYNOImyo16uanEe9vEa9k1UCzRy8GMITv6OHbI5vNpq3NiHuhnU
WJ0KWk7oIcMYjk8x02eNK2jMC7SkdzfAv7KQCUuGifaAAojStG9Pv0v3vN2VjZ4HtlLZqq0b1tfjyD7LvMOyUdiykFqv
abcdefghijklmnopqrstuvwxyz
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
XClient.exe
LegalCopyright
OriginalFilename
XClient.exe
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.XWorm.m!c
tehtris Clean
ClamAV Win.Packed.njRAT-10002074-1
CMC Clean
CAT-QuickHeal Trojan.GenericFC.S29961068
Skyhigh BehavesLike.Win32.Infected.fh
ALYac IL:Trojan.MSILZilla.25346
Cylance unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 005aa5f01 )
Alibaba Backdoor:MSIL/AsyncRAT.98d65635
K7GW Trojan ( 00592e8b1 )
Cybereason malicious.5b3987
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.B
Paloalto Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Agent.DWN
APEX Malicious
Avast Win32:RATX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Backdoor.MSIL.XWorm.gen
BitDefender IL:Trojan.MSILZilla.25346
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Agent.344576.BN
MicroWorld-eScan IL:Trojan.MSILZilla.25346
Tencent Malware.Win32.Gencirc.140742c6
TACHYON Clean
Sophos Troj/RAT-FJ
F-Secure Trojan.TR/Spy.Gen
DrWeb BackDoor.BladabindiNET.30
VIPRE IL:Trojan.MSILZilla.25346
TrendMicro Backdoor.Win32.XWORM.YXEDAZ
Trapmine malicious.moderate.ml.score
FireEye Generic.mg.8df47fa5b39878fb
Emsisoft IL:Trojan.MSILZilla.25346 (B)
SentinelOne Static AI - Malicious PE
GData MSIL.Backdoor.XWormRAT.A
Jiangmin Clean
Varist W32/MSIL_Agent.BUD.gen!Eldorado
Avira TR/Spy.Gen
Antiy-AVL Clean
Kingsoft MSIL.Backdoor.XWorm.gen
Gridinsoft Malware.Win32.XWorm.tr
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D6302
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Backdoor.MSIL.XWorm.gen
Microsoft Trojan:MSIL/AsyncRAT.R!MTB
Google Detected
AhnLab-V3 Trojan/Win.AntiVm.C5374869
Acronis Clean
McAfee Trojan-FVYT!8DF47FA5B398
MAX malware (ai score=85)
VBA32 Backdoor.MSIL.XWorm.gen
Malwarebytes Backdoor.XWorm
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Backdoor.Win32.XWORM.YXEDAZ
Rising Trojan.AntiVM!1.CF63 (CLASSIC)
Yandex Clean
Ikarus Trojan.MSIL.Agent
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Conwise.RCE!tr
BitDefenderTheta Gen:NN.ZemsilF.36802.vm0@aiAGjMd
AVG Win32:RATX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Trojan[dropper]:MSIL/Bladabindi.AZ
No IRMA results available.