popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-03-08 08:44:25

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00011a24 0x00011c00 5.90208694641
.rsrc 0x00014000 0x000004b6 0x00000600 3.68198903067
.reloc 0x00016000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000140a0 0x0000022c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x000142cc 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
3b%(H
v4.0.30319
#Strings
P=]=j=u=
QKKxTOuzibX50
rQLqNloTq4qqF63gPCdHwFDdWah1Sq7QzBDmAUf5uw4UA2gLcaiTQRMSw8ghfD0
55DzK9ZQ68IO0
mx1Yz6KIxWCdeoFZ5dNjVP0
jUzYAns6iTPoAVg7RuLmpnOAMWVTMxpPn1izJHAdehgxjkynqRFrVxNdzbcsVSO5z8bpFJw4BfLtz6y3sgiavXYaxAXYRQ0
89DfxWaKEkDaPrLhEhb9OkAmV9R0
SCZyDL59qFESl23gWudXkwfGu2o3NjQf2wmre8baqCKJNYWcp6eXrDXD62UfIu0
R02kWKG9qv8v0
UIjePkGdDvFFfx5P7YoDEMCXvGad091
bqruxOAQE1yeFx2pLIysHD1
11ym8WwVsAYH1
inYszNWhC4pQcqg8eG7ODkWyWmI1
MaVYeasWtQg6iKlZb5Zv36pM7tK1
pdPXV0hZUyLN1
0QmFPmCfjfhBkJu75pVUwWKde9siqbYUKONLHJDNwkWkAm6Srhouc7VCLW3YtT1
_Closure$__1
IEnumerable`1
ThreadSafeObjectProvider`1
List`1
E6cql6vAw9m6JdXR2HFpVVdVnRPbgn1
d1FED9dGpQPuLCx76zGRY0x4eCXZSlI0yyqnpEWTHMTFecYCOmoBXGAFGI5gk4TLobInxGMNLpQpzghJSPCi4FrxNHYLln1
0GrDa7xlyy8r1
Npy8uxmmMvSz1
xB4rxYq5ugx02
ilJjXi2WtxX12
Microsoft.Win32
UInt32
ReadInt32
ToInt32
XGis0BaMgf4UR5nATBkkE6zp3pDZfD2
l8JQuaBzWQHE2
XA6EzdohVbH0iU60i0K6VBgGk41mIOY1pjDdRKcpD8u1viQr1GeUcLJawzddVgCT4S20PfmkULCqYjI2
tpU45oBbwHdfoItN8m5OiklWOdPYYR8O4xfzc00PB1EyxD0RQJHtRqrAvvdgqN2
Func`2
UrPnzAVRYxkOZQV4zwmNZPgPdko7KhXfklE5Ha6NdoDR2eQrYRZtYbpEFWm6Wh2
9OxeS6BNT19p2
Hhh95Q3LrniqkZ5uqkBL38zf4QP0EMs4l4qJAPpWVZ2h3CPa58qgMZPPW75XxrjIvcyr68y9mJ4vNvu2
7v8dNThK3zU23
ntkODJqsxIYc4ogADdtgsgrTZ8puD7HujZHeN1oTpiOdq0jGZBS5w4CSDpDeA63
JPUlCGtCUk373
L4y2VpHNAFtO3
Hiyo4uPHVknX3
R7RHVOUW69q2USyC5bMsNXrgjmCfbf3
EhvFza0ukCDm3
byDGqNrimemm3
lLI8CdKNkgEZuhX1D3jLT14
UInt64
3r9cjG4lmqQOYWeuojCFn9ic2spQR74
nr4HkARMQCEOgCVi4NWEMoREETDOvH0cwMizgl4AedaPI0thQEUaQWSUJiGVG8DolpSPL7FDpnD2mUt1THIMIboT0wrOJD4
LjcOFGTnun7O4
Y7JlJ6mum0ZNPwtxNZUNULkSynW4
lgruVrAMiOdZI6P4iDM2eYXUiQc4
nT7pGDSc1dOR9bi70cw846lNIIhHYRa3ekZ3YayPIHiYLoxSUPEGTu6CvmyRnvogazsnfSZ1pwWtNGg8Uq5FExi5CGXITf4
XtpQ3TfVzSgg4
3fqXoYLH8JWaDQZ2WwnJB3mowSh4
GZkqwtevK8NIMgm1667KUIaNIZuIgn25ReAWObk7LwMy4GbvJOIkKAqWlahS6oQVaUa1pBU95qQ7WZ1nsRtNaAuk3RBp8l4
sKS1ehrSLNpjx702umeo6iBBxmKVAxkfND2uC7KU3rGxguTxWQn1bDN3a8VMfm4
xKlzarMfUvSr4
eJrH3y32zUhJT8L45Ewms73t3PW7xs4
UxZkuA4Lhjwt4
IUAC2PPMGQMu4
fbwVRRvkGZKoRVHmzKhi5w9t4UFvA25
vBeil9bu3KY55
ryTOkrkdtcBD5
RK9SaHhy7UeJ5
5Ozq0IoLNpkK5
sHEnfOuXLFUM5
Pd29OlcFXGmN5
i6k4fGftVNsQ5
MHN3aF4XD0l6ChLnqPKqlmXbzof5
gjlmXmNeprtjvUcEL9IEyYAYjOgXgJNFpVOAm4Vk5GwTz98JqKArO43ifqSuA4mE3ydkyGGlO5w6k5fVIYupJkrDFMBGUp5
6VJBi2rxFXu8FK4RgiWEBNxyT8n18COyYPQwsksLArUr5
m124ZnpQutsr5
ybCJLhiFgZfvH6O1ird3sHiW5jvxwu5
OuXBISy7VdTcTK5EEfIN9PwH3b8CUv5
vSS7tfLG7OvpE0lkoxllrt9ClC3j5ctCGkD81OrUFjsOtgUD4jVtH5gxuNYH766
6P7pkZuopc6qYDejcnsYn50MngIos82nyQ2cxb19EJFeqHbRBfUHApcX7wOWsYdHTyw4VlZlL2ZFxpF6
G0qHAgaS1KYJ6
LGumJAlus6MoBSTfAuYNs2ryeCU6
lNBCesersKrduye0EvofB7Cgri8GcC2MSy0I24bH7bzSwcbCaCNn77FOosQJNor9BaYrs6HA1wV8KlZ6
6UDRjSyvZom6XFBH0DFBm6iAsaO3uk6
p6NqIBigNVsEpK2u84ff6XtL0aK1uR2i9pHEXjmru8qiCHIAX1uG3YV5rgjzbu6
3K2r6DwoWd7z6
a1XiU2Mq7DBd7
iFsIo2F6pfLq7
ZTLdsP2io0O15LjnCowDNrYVzddOQPSVXzYdXUUTvXA9EO7nE9z1HtTSEw06sMkYNWLqX3jwxXPf1tz7
GXlw3vl1q7F88
get_UTF8
5mG2ISGhmU1J8
_Lambda$__8
WstMGAuIaY2f8
UZTHgzFinDfn8
7W4JFBvBjLWhxzCZAQTqH5ODTD3uh29
bDXjsG08kqLWtGQjeOzRjdy71VFJwB9
CEMr2QY7u0CG9
p1wBv6wTeuLK9
WpmffwvuFRIvZde5109XrTk4CazXVqGwCPxMHWkYXWwkbrOO0nzHgnWMC4GsVjTSfQ4v3S1qsqaPoiL9
mqyMjDB0F58fkgFwqKgBZDhkvxAaEDZNdYg4D80YUBhenXgz8PUqT0A4shcLMN9
YSLkSq254df20eke4wOqoi4N9Pm9
zI0LBYwilRKn9
HvknGjMo4e4r9
<Module>
sjfJofylZnr7A
nEI8IcznKYoZIyyUOwP7WVwzVUdiYbqNZOLOSYtzlqiETfrYHMukAZZDIWD6eEA
G8WFJa446vNlNM5WhJ2l64R0ORgxsHztEp6R2XJOXfrrSsFw3A2PhfwVVHKgJzdpcq6ofuJpaCDtRlHA
jsYncsaFaNEgA
capGetDriverDescriptionA
capCreateCaptureWindowA
KMEwCDJ9x1H1B
7mhMiRHAa8UFB
RmO3DzQb9sSZYebMDWTrlSny5qQrVNAeUIt2U5c1LsI5lZUiq7ldLorSaTlXQKcV4T7BVRb6V9BXsGugOZR20lt2Y0Ib4GB
a8q059k8IrmFcM1XnujchXDipqfUSOmcn6yjLnHDtGuInaNGBUesK7DP70F46XB
0CljixXPdPumB
am93R9MlOfJrB
x2VhCmZGz8nc0CTgbqjyxTVcxHzfCtB
6ow1ly3xKmltB
2XYPQAyN5LvFsDi4Uo44N2K9nku9gRC
PNYvo0mVCnTTC
2s5DrrAyOh11tRPR8mU83w1VUwbjFaC
5aqHZIpPGr6dC
crybQNZPQS1mC
ynVh8KA8pfGcq1W8gqEEgtg0ybUIivC
75AvG5ZLDzhfXMlLYjttQ2KuPpiNytlPruNlkx9afyCRTxwvWyGZgfbGgFrDHJCwQhWBI9ohzninHLwC
b4Ge7fmUT8MQ3ZQ52mciazECBgBKd5D
ES_SYSTEM_REQUIRED
ES_DISPLAY_REQUIRED
3qHEH0A06bIMD
fQsoR7ZUG8TPD
CDKpwcdAHffipoL5yXqTNsNgbXF1YXD
ZPaFnqjI9Wq0FJlAZHRQE9qAFpSl3K8ujtVurKMu2KE2mIZspToUdZJQ4vGRUjD
9ov58TKMCMEVYp4HtMsP3tk8ABj05uD
wVDxOUQMuiu1E
Y55D2n7Y1GX4E
Zsce3z1wzTUYJ91bXDauL9z11GqHW8E
AO3c74ER61p9E
BXR31RD0Ys92p7fRZldzX7XiWDyR87xzmP2t6zFBNPRdO3X9N8eIu898ItCwW94vjqY5KGx8vF3vC5TE
EXECUTION_STATE
92VXzjJ4tF8OvUuggXqdXPDEZL0uMV5jXsHE2jsaqatwFxu7O7uVMOpixmcsybE
IwLUwNzvbDogE
aMsZwMFEUurjUZz4DYt2Qyzt6hJd6Xeao6pJ2ZidnPEdeEM9wWK97gKK0xqF6tE
2XyQvjEl4xPtE
X7xAzoiWyKKVVOPZgxX0LxE
WibexZQrLQQbAagOGWI7dGTpdNgdV7YASDodnpMP4t12LXWcXx45oAgS4M3Ng0Jyh1frqiehvceaY90F
yGM8XuReBye1F
S7tSY3HfmuAc0SDNZ6oceEaYysHF
rQW5vL0qY61OUKHMYv4LMjsT4pUEHLF
eqWny3ovJfDiObTx082vc3F3FjzjzZRMIrwWSg18nWaBTXovGMg7QKdMbNICfYH02uzoL4gIUAoGzlgF
b7Q0hQMYWiyyF
zF2wrDcv6l8NQ5nFyCeiK1cLt2h061G
vKT27CjcQLpAG
pMAnWkUt4CPt4HuStjzumu3pRtpoADG
pm7WfympOf21l7sPswnKVRwLywrCBTG5Xc59NiHtknnPE1VxowycIK4scuo3AfG
EPmRiW59bYUfG
YhZOpGsgzWvf8Sbwe9u1n2esPwA8TuI0zboO1i4HarOeyfMcxhlOCeILXnTtiBWJi6QsKIHALxvy90gG
w9feEE6VYoxDZb1tALzmqjHppKwN57TsHuj9UKYFOcAKOR6qOyviXl4SPhlY5KkotRmQ7D8gxfRxsbyG
PBOhH4vLkAb4H
9P1XJifuWs6WE1yzlo028lbWa9HST8H
hWeKZsIrPFm5kfIjaTkcQD4JZx55OIH
AojvNQNmUxHKH
0kaNWkWA2IDQH
CuoVPG3E2OVw2xKrqzHgFaH
p7N9OS9EJZo4fFaAazSADi1CSNFpUgH
vLSFDYU1tpMpFoSX0mmqv5wCz9tXFIOOWLB05mP2OW5zMo5p6bxBUStjFSmI0J5UyTvCa0UiFgQBhjl2I8Zsh2KK9PqAegH
h6jkT2dMFdRuH9jJwM0fzMQg9zfFDhFoWbRJh1sju2slkx2L0LJKsNxBI1tONgULfJC6Eo1Uoy4OmTCEy4Ahx2CEka6leiH
Ihy10mSzY6z0UTRjI2afoN25vQvEquH
fHUm7UYiiSJgUZ0WXKLJGEdN9aFCb7I
UrvEXtOmSCMLB5XGoLYgt8sMOgbdf8Zrkd5QOZNLrw8kRQ0fio0q93dZATvEYBI
Bx7tRw70W5NEZ7M1WEQYKfP59MPrkMhlrnijbZVHUYwttLfPfcDpIy2yl3iq0i20LfPolv3uDekkWtFI
get_ASCII
82UnzHqFqI9JI
dHtsonIB8abnI
VUHTIwoAcw3bwAEGNPLxDfZffxdTGmjXdES9lJ2EoKrf10B9AnZl0fHMGiGgTpFa8jzuWtMttfwF0nsI
tELA2hDJcGde3IcMZUZqgzMQLGaMn7uuqDlG2bnoTKE4W3h1QZ2f8eLKfUoJmvI
YAXqn5CJW0VZOtumceczgubL9dlVbG1OMqPuJuODi5neozyv9u0h2k7bI3qWO3TZrORMw6MZPMGWEn6J
T4g9CFAY2cuKO1DSu3z7SJo5eMRcBT0SOpBAeugLw8EyLJbwGRkkStVrDFVtAwmxegR97I30hOxcDf9J
UI3JES3EreZEoKGJ0to7DuEdeFLTu9J
za92rbzLHceAJ
VTn4dVXUte2DJ
WdMJUJjJiGlUXceif7ZR4KUvofjYOPP8g72sGwE2caQplbWFiMzTQhhEb7htW3uTQiUZS8bFKL118sEJ
jBtdXEXWAK7Ln7NcfnSIa5nWUkEoCK36pHG3opjoPm7OMOMC0haP5uk0aZ2ikTJ
HbspOqk8YOuPGdJ4SasQB7CY29JPyaVU7jCnpOhcNr46UgOPnmC0Jqkh5XsynmtKwjtnElma60Vz3HUJ
vWHM0BBYPe4hJ
7JoctcorFEOmJ
hKN1XZnhmQ9VJZCd30djVG7WEzRhMHraeHGgOc2VF31rQcH9kooyqGX0PO9gZfCpAuM9hrpO4eaGTXJ9loIzS1JrSr0e7oJ
h1ZBTnf5W9M3BmFQjDQllMkJ7RoJ
5TZ0oePCyTpaQ0lDRyDPQbrUhcRY9sJ
oWfuzFGSIL2TCSwsRYCqqZ3YH8LAi3JNgXevXBVd19lQlVQRK1loyjj9r14mooe1jbmeCuyX2z7AuONUbiW3qQTio2sTKxJ
4WZWAoe25qx3CsW56taVP6ehyCUa7yJ
RbGU0Pbo3rqWFWKpbVny3Ws0tA1z9wQGzR8KvUbOQeofL3A9BE81O0hSCBKAH0K
v2fA9Gfkgw921j9VWD48X9ZtyY49cVDiNCy7Gk2KDAz6F08m4y7flKYVHwJJd2K
qHQmSbWP5sfBK
EFh1HxGLfSFJK
JxTneRrj7pxmK
18odBTor9wWwK
G5Ps2wR1rZdxUxD6ohMklwGGUhsu6dvFS2h5P1G2pRwgUmhcDF78TBfiZfeOjTTNruby2emENaVinhwK
VZU19DJEc4uxK
SqgJapBlgJX3L
agxkWwKkoMc3L
8qUMqpzmwSf4L
9Z1BSkQ1a1D6L
cWbbc8xSnUGAL
vc8vYdbrj5lEL
ZsMkUsYXyRvOL
rgFcGKey53ebL
sJ1gMgHHUXacL
RXCelLoB2283M
4eeJu4HnnSZ4M
fSCqXolmpsWc8RtOYAHdBTZcsYVUO6M
xnijrwIXacEi5HMP8QwKz4hNwbEM
1ArkklFNcGs0L9hEVb5s2YkIELxeAQ7hBj6jd9uYoC1cM
BQysosxo66x6GwwElcs0rpBqomYmq9N
axJmFhfPBzjtwPEocrQZGDfGjVbDEOplfOv1dAt0SFcHN
Y1ZAX6ZNwDeLN
uGL226VgYEZyPhyIHCZzWaJzmpRBWeGqGmj2aPFIWRnAMw3xgMBasYiEMGksTQN
jF6OTJbZNmW8c84COOr06HcjsjloQSN
MiEPg3AvTJDVN
hVy9csKkrXKshU1FSnp9B4ZFXn3NyGTSY88spspguE9NrSfm4SmmjHeb4hWh3SHUZaOJoHI3bQjFATzbZhCgFM5MRPHZarN
ib8eoVF8MdigYSdP68UGpFrOsh5ABDO
LASTINPUTINFO
System.IO
GBIXa7WZ2jctwqI8fgeQ2l3E8zwrAYO
glA0GvWx8vgaO
6K8TfQfKm6LdQ4dNgLrhYBcz420ithO
SZSDN6oKvk43GNe2SlOGJnOfeX6FuiO
2EBtcuHKcxb1M88BrtpxXnnVk5uO
7k8ZwllalIy5P
kbrHiQVsZ5TCP
HTJ4e3xSlhBELnvYqhUxNLdBoTQ8JaLud3AOPzmJaqsFP
u1UMmiqvOuvekIUwHJkmbVzJkoObf1E5YEkQEPImTFHztJpH57aiKu1P1JzH0lUhyjCegru0lb7BfkOP
VAvl72sfgfK8ETEU7q8fHR85iKDJ44AGJHcq7QjQgF2aRQ5SpICC2u79cjGEk9y4UtGROELRGyiBwVmaUeHWckIJtLJDVXP
1bxVGG4KK5rxP
lmJDrqkTf0mFQ
44K7zBGTUV4JTva5sI6LXFRKJNAZQ4cPS3QcJrew6GdtQONQGoTpeASSXMXVfazUURXkWHgi6qYyponQ
kqrnU9RKOTTvGNVKD4YL9SfnnkkRcsQ
Za1TNftwG8zMo1i7tQuhaCZflZ6GVDfJuzOTwA1meEOpE0P1oxRcJMGunw3qMK7IQIn3VlsQa9KKTtSiVKVFUN2hm2ybMuQ
Ga2UrnyU33RDc7lZXMbHFxHU8ML5pzQ
YQmkpMWLYgqW9B9lmIUFV8NOgMYfbBgnqMkDaG0BclemqacUf5ko4scG1EXCyiR25UQXPFAIDsyaYzMNaB5Lax4K1SNU64R
AKeVv6kT99LDR
lwfjfkPbm5LHR
U9rDodMxzJlMR
DMYABfrtczH8SZNsGI2BEQoTJal9Y7hubeG6DgCbJUMpqF6T51xB5PRpYcQbhPR
9kjs3C7OcBcTR
biWNnNECflP0tg0eNX0S1PrtpeDNHXR
RJSeJnXfgs1hR
ldb5qWtS7H12S
oUp5JerZoDL6S
Rc5DsJgMTB83KpLrddAFGyDdXzyiiN7sxL4QuTx4FcOAxj0jmBhQpoR4JUSvpfhV0yRbBpoFnNyJGHJS
PpMkZw5vjL7b7zCgGYTbOyJmQhyyz8Kjh8RMBx1sRiykeDlpDeu1o8pLLZsETMS
ES_CONTINUOUS
Ms3lGsMfDuGTgfUS6P5TkYS
R4cv1qVF73j31q0o6bjtzhSJaYgmfxS
q7Bgk951PnHmCH9JoRngJMQ2SWDU3Yoio3Y32DxfM2ReKAebNRGaikunUAzCUizC1K4pyoCZ55NgzdxOb1OhkDy7ldR3n0T
emNm7uajFSJ8T
GDtrr2DJybAGeBNyW5DDbsptnTKPzGT
aULBnN9jFdBbtrqOsp6A8cMyxcoZlOT
4xN4CInwOQDm0ULX6Wj11EPG9vEeqjsrDxYQf6g9fUCeQ0k3RJMiEkuTZgLCT3aRnBIZyIrkh3waILt2qNcs7ibBKqCSnaT
9HnESfBFUKynT
tV3nBN8Po5DaPPietN4pkgFZXEz1ewT
XPTOVhPAFgSWSUsOFncRfprkNZSs4pJMNZRe6hI4y6lhN4iMxv1NsqFWldOCf6FAwvpAVlVNtQs5CNJ1BEKfWb56lo9M8yT
Zyhf6mcbDINBZpN7KnqSyw5nqmi8VJ1ehY7vFiY0midd2c1KNkkHkReKK35kHzT
d4z5LYg36T1E6FjiVRRBY6KZauO1w1U
L2r2d3SioZlwWsad5I2MNNCH5xHU
agKM3tzY4ZCy4olnkKoCd0JQdMM9ScU
yIbSOMVSNCoRT0wtKe1Tlwb7v104qpU
CwFzCQL3H4iqU
rtLrvJ5UHDFzU
3eEW4rj4E000V
VXSWLgjB37lBV
HPbZUyRbju41W
SEypvXjloPxTW
C3ToZUVWgM8aW
XcwvngfRW5Y5ww1XihWmIulyvjh7MK8JszufExoX3gUCvZ49IEm2Zy8ilOU3P9iMIYPZMfMbqRaqybcW
xdjZJpx3TFXFp7NongSZRi7xCTN8OkodEll7X8IA8MBG3yQG7DrI2wg7DEmiqnW
QRAobnMxWht4C8bEGp1D5xaQrlDezoW
flQ4dv4IRKB9FVqTp5UQlt6ijl2X
bnu19c5XrRtm5kwwWPmWrGzcp5UjjflKNwAaM5zpzoZ2sllizfG2kxHmqxoV5HCVJdS3K4EntJ0zjweGpPMYH5GKJxdgN8X
bIyUx5VpVHwGF6VtOcX7Y7VhKHJL0J3uT8gDWMS5RUzWQtnjv3B0Bw3Qv9QJshX
BuefIPEawmElX
6d30xSCqLWpmX
JjV4xBEJv0wyX
LDeG1EkkgDlGY
etmgxikuodhUMWefiG3lYKethDmdCHY
LCHsYqWeQOgPY
93WDXRY17DRZY
TY9HTOqVcTWZY
Q38WoAxiicQcY
yVQOnp0t3x7sU7XLNMnWDS7QR1Joi2BENBihveAoDwkhMf4rl03NNv3ezJMUOrY
NjAnVjjjTNKvY
WyKS701c63MSTZvkUvgObvmN0UaQaxY
2QusDPeob3pzY
hCxVr7wbxoVY2FtsRXopM8JTF3hJk2UMpELXBHhOBOwaWWWKa6x1QgnCZfvtC9Z
olFQVWSS8xaFZ
ltnfEF1uNAFHZ
EkFYtXzBc75WZ
POx6kS3XH4mXZ
VJX9PEIlpXMhZ
r2IBaehnlPcmoYNiCZYE0CpcIwZvMrl9aXjfA5Zj3NSvA0kgcSFbUb9D59vrgbR2LYFzydQ39DIWHF02JVe2MFxZaEtOHjZ
V4EMvJCx5XipZ
Dispose__Instance__
Create__Instance__
value__
bxcwvIHUxdQRi7jPmgucwrd2LKotI0a
cYKUBxEzmtVFvDyaQJrXmNAw35NOecH4MTZ8cFwmdOd4a
hTWcBhqj3ZuAa
GIhRPzPzBzNZa
7SAcogB6OGt5TQ1pK3hXq9dadPfa
dSC5NeKsa0SXPu6JWTEegKOUry7u8oa
ProjectData
UZYN9nuQg2iva
kmQzwWyfZmW4b
GAEQejMEsRPgis0pAbsD6fww6s2l9Tb
WsQDc8EIc95Wb
XG9t9OEPOupwNUHx2Cm9xayII59p1bb
mscorlib
KepzZg910yhjb
5ZFcRoz3Ij4lb
ecXfxqOKqEGob
C9eI78FWZ0bsb
upGaWV88wEGzMGKvLmNuteoDZ1uANvb
R4E1SNtiEVv4c
JUaXEVXp4jpBc
plqVLbaEzxtMc
Oemct0FgxSYQc
VUKSDdMJnVGfc
System.Collections.Generic
Microsoft.VisualBasic
LowLevelKeyboardProc
qcxwdDn7Mqh0T6hUfe7GkFVWqvEzeqc
WoExQV2KL3KpxHFNypdwXD3FIeF8vyKYCeOZWK7P3nX4RN1ylcx12qyUNlJK3nwKXJf0RRcLKNgCkjP1Ee5o2PjHUekvdHd
GetWindowThreadProcessId
GetProcessById
Dnnp8DGfJNZ41tbltVyIEeF1tn4kFutBfRtyCeu7RrNbwmBRF0iJgTKCYYG1VdmCDPKSG7EBwvNgIfFbP8PNnZkkEGrMBMd
LAUozHxJszfPd
Tq42y6Xgy2rYd
Thread
B89VQe25z6K2oPFM4ri3SvC87MgVVpOmM0GKSDIIuWj9Ni2iFuSRkfzua9vxQbd
RijndaelManaged
get_Elapsed
EndSend
BeginSend
Append
RegistryValueKind
pimBSN5gdQDqCkbyw4bMPod
set_Method
CompareMethod
TargetMethod
4sbv5PZCj9LHgtaGv0WUNLdlkLzFutDCvvmRufNjqADYID5FAQ5RzsLK9NIQaqd
wyQEOi2oY5Usd
rsgh5uV3k9p4e
sO7gUIm7Yr59e
u1RrvX5fvp4Ie
fpGQ6Aq9AOcLe
jQKBZB7xKV3Ve
Replace
IsNullOrWhiteSpace
CreateInstance
get_GetInstance
instance
GetHashCode
set_Mode
FileMode
EnterDebugMode
CompressionMode
CipherMode
SelectMode
R8sGE3Ju6L9tNGkRBVUFqfTQEqWrkPprzbf70jxJAg9RVoscNXkEIP4OQhmJjqaB5kxnJvuDRqqC0NOFfUzb8ZFCAgZopee
FromImage
DrawImage
get_Message
EndInvoke
BeginInvoke
IEnumerable
IDisposable
Double
get_Handle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
EventWaitHandle
Rectangle
DownloadFile
IsInRole
WindowsBuiltInRole
get_MainWindowTitle
get_MainModule
ProcessModule
AppWinStyle
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_ModuleName
get_MachineName
get_OSFullName
get_FullName
get_UserName
get_ProcessName
CheckHostName
DateTime
get_LastWriteTime
dwTime
WaitOne
WriteLine
get_NewLine
Combine
ChangeType
UriHostNameType
CheckForSyncLockOnValueType
SecurityProtocolType
GetType
SocketType
System.Core
MethodBase
ApplicationBase
HttpWebResponse
GetResponse
Dispose
Create
MulticastDelegate
DelegateAsyncState
GetKeyboardState
EditorBrowsableState
SetThreadExecutionState
GetKeyState
Delete
ThreadStaticAttribute
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
HelpKeywordAttribute
GeneratedCodeAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
StandardModuleAttribute
HideModuleNameAttribute
DebuggerStepThroughAttribute
AssemblyTrademarkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
MyGroupCollectionAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
DebuggerDisplayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
WriteByte
m_ThreadStaticValue
DeleteValue
GetObjectValue
GetValue
SetValue
set_Expect100Continue
EndReceive
BeginReceive
Remove
cbSize
get_TotalSize
set_SendBufferSize
set_ReceiveBufferSize
hsQ1NSbbMX1KHbthWD5wuGibAS9X84f
SizeOf
6NrDyqo9A8aff
phzJDTHrX81zIK6tVrA0BxJPBEVlcmUDMjYWJtVCt2DwJHoIFGflXG9Qa6gtpOjb7xkRQPPxKkNn32CJ2zIWfuh8eEs1Fkf
UJSZhW5MUb8FZrT5M3oB8CVxu0vf
GnDpRhCJUjykHbg2lwLQEzoIY5afBRocCX3fZxdXRaTsrvjbREmDJATJLWWn38pOJzdjmwz9TXkoZpSb0sBTnpZjcXLZ91g
oIZJ3NFB38hAYziZTy38Au7ETyky2l0jiTxc57puOIRqdxrxYnyvFKckhLUl3Cg
get_Jpeg
System.Threading
add_SessionEnding
NewLateBinding
Encoding
System.Drawing.Imaging
FromBase64String
ToBase64String
DownloadString
CompareString
ToString
GetString
Substring
System.Drawing
ToLong
set_ErrorDialog
v5h0XmS2loczg
RCkA50g9kFS30HuCIVMLT8G5fXLiDBh
upLFoQ5ZPso1MvpE89UZ0er34yDumLh
pJLNo2vxsmFYh
Stopwatch
6I1vMkTRb2thh
zLRIDNwC85hbVVrdK4shVeArh6ih
ecea2OJfqFbIi9NacXiiJKYYdgFJcyiCoZhDLFLGuhEgVEOtsgAkA682dFx8yqh
ComputeHash
Xh5iRdg0WHzsh
get_ExecutablePath
GetTempPath
get_StartupPath
GetFolderPath
get_Width
get_Length
EndsWith
StartsWith
Tb2Z1ukbjdkuh
8tvuok0JJ5Nxh
Ai7fp2LLl7Jzh
pdkuMKe02oJrUhNZxhTONPMGumwAG1i
kCPAnV823dVQoQdOtApVNkrWtkHau7i
THLD5LQKMYUEi
nqhHy2CDi3s0MRAuv0rwyMegcK1mPDS0dQba1dabmgAV9yyjfcKHbC8bY1zrLQi
HZFcAnJTL8XTi
io3f1GaCuVQUi
JRrUEMzwJGF7XrBAzNxqbwWcs0Qb9nQqbTLhsQz69yNsJ0J4JjaCsvn3BTPKbSZIlhXi
zRuNIqajUZ7si
blXu2LXTC6cti
nXyqLoIdkJVtoVNH0z0CslhDkDvi
qZW7X2CuAEk4j
bklLpP2g3wrHj
6H1Q7rJ4RYmjEEhVXPJBN4IdXitNZIj
tIS1KiiGcvzbj
4Go885mTPZecj
n9sAEnJxR7eLgsNqBM9ASJq5icib28sKoon6Dh7Zvb5Su5V2w5PqZK1eVI7FerNlFwLWjeSJbB84DXij
mykFS6FOidvpdFdQwEfYjYR92uvC1kj
cqIuC7uAta0uX801nm9Npx6sSxgoCoj
69iESbR0MLBQI4oClgwDNcW0Obuj
7DkEGSCFJNUE1ovYHFrBCEjHIo9kc1d3zWLr8GxhdPFyYawPZzedY0EKDLSGI5k
aBg5Sii4cTUQk
taxT3xuVSQ3oub12Rpl6vpNAExNaEhYTLzdIkDz1gz66dKX0lPwRfmIj0xY2ySk
AIQQf9iX7exUk
MGlT5T6xNVBUtpaNfGDAENjvN6WRwkpj9u86HTnlGB9JeS8OLTVZJbGzH1F1JtAVGyoUpe2g3RQlh6pXD17yB7gMHTLACck
get_ServicePack
AsyncCallback
DelegateCallback
TimerCallback
RegistryKeyPermissionCheck
TransformFinalBlock
GHKagzhiyZnjk
4yt2vEccAoCmk
6jsfjmkND8EWIpiShrE5uMsR3PlKmkDvuv7Q83UCWqGRCgSHmQTcyh0AG4OMiLmvOOSQNIh0P4WHkiuk
iCcg1rCbPXU3pYiDrYU7QZ5xHf8WWrsEo16X1SvxvIUQzHDRzpJXtmk6dsJGVGP6j29kYujtEkeo9Xwk
W3hH16UiycYA5RdmlFfz0f3VhhaIJ8l
SkIAmTFtdMyAl
YEbgE2Q8kOvCl
0rZrLJY2qGhJl
4svPcacgWscaEusqWXfcK95IhddP2aPSnjpBhoe7bCwJl
kCNaLimXqKQPl
ewQammtmssiPl
aol8ZotsDRoXl
RtlSetProcessIsCritical
Marshal
System.Security.Principal
WindowsPrincipal
ConditionalCompareObjectEqual
vjlGpLbbpXfbl
System.ComponentModel
LateCall
kernel32.dll
avicap32.dll
user32.dll
NTdll.dll
xcpL7N0vUP37kbcwcbl6Ef5AUCGlY2dT088hmvTu8P0SHEEcxk4SHed6ALSgoll
set_SecurityProtocol
ObjectFlowControl
dNus7uI9JUCphRNMR36Y3HcbTQuUs5m
ZjbSKC6Vg5OCTkma342IhOUSS4Gz63XsqieaM2o3WCU7Wrh0czEd73vlgqOVsPpLmQOB7qLBwlCjvU7m
iYFecfzKgkXMm
3yaYnttPWG7pA6Za2koawlZaDNkLjNm
QVJ6nDpWKSHam
FileStream
GZipStream
MemoryStream
lParam
wParam
get_Item
get_Is64BitOperatingSystem
wtPvORzPBuxem
SymmetricAlgorithm
HashAlgorithm
0Q4TxrjZcMkR6x2HZq7KRAk7U2im
Random
mJOAzqO7t5a3qDklk4ppT4hcl5jWmom
ICryptoTransform
i3fyRgTOzn96n
4EbXnqawR9hum4D1t3KyBEbn1lLdb7n
waExbyK3RDRUiNYKyitVeEilfCIIrAzcZ4UMIR1WJyy9n
crJEgBRtcsbaUSjZayPSrVk0s9Fn
KD6Zf1fOUc2GW3MrJHCuK2ZfsByE03oTeg1MhKJtgO3b67X5ueS0TxS3BL4sAKIIptOgYdSLNjlTYIZykBtsOpntoI9f0Mn
9ZFBsbbueExTn
ql7tq0VKgMRUn
DKniGrKcLwhuc3UAVj6td9SJIzi67PKHScT9LnrLSpzCdo4inWFrnGKLfRxIBZn
ToBoolean
op_GreaterThan
TimeSpan
CopyFromScreen
get_PrimaryScreen
System.ComponentModel.Design
AppDomain
get_CurrentDomain
qRvsi3Apf9vin
NDLsOv5Nclxjn
fCzWFhiNP6Yjb2QU6LFxYf16D4hK4e5Oel9GJJqQh9mitxtZ8vCDiMdkvQYyd22Ej7lmDQGXv0muRKmn
WF13Pm70DH1Yg9x35vC2lClnesNbfon
GetFileNameWithoutExtension
get_OSVersion
Conversion
System.IO.Compression
Application
CopyPixelOperation
Interaction
System.Reflection
ManagementObjectCollection
Exception
Environ
iKcWq5GW1zlqn
SocketShutdown
MlTfX4myWE3xn
biJ7SfyHYuvm1mTI7WxNegR5c2bXCU6nM3xzNnmoHIzZdZ40n602zEGvCI8v63o
jqMepygWmdL3ei95SV3nKHfCeE4jQ9o
axnTu3OuNkWCo
deN4GMSO8JzGKDG0lb2eT7VvJ0u67Go
0kE69ymVRgRQo
get_Info
MethodInfo
FileInfo
DriveInfo
FileSystemInfo
MemberInfo
ParameterInfo
ComputerInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
f9L91XZhgwuuXCgb0cE05FoCmUDtEmo
hfFLFmfZ2EuyYUjkYdFOLGQD1AI3EZ5tmVGhqFPGzHAso
67NaxgTJy22rYpg2XKOkk2PZR8AGKrdFQK2mF84bWkXHsh4yztNnBqOF3sg9jwCU6KNHwH9Rm4Y8Kdxo
MXXZUjSEr8Rzo
zjUhidJWbzjyqthkKZlDf6i8goaJzwaQcoaP5lrY13KaWFvK57ZR6zwqaqbF605Y7vY9xrV4EtMERk0p
NBHr0FUn8dI9h27M1S7UrzdXsv536Bp
SlhN61qZRq32HZSwlu5hZtBANiYOCBf6uYBmQQYnltT3qtHmxvFIAUfUVbfxv4etyAMo9hBlvkSkaitkHCrRqu38ljd6UCp
BoMwpQk0xUbDoS28TbulaBscaCPg3azjtEWC85kJh5Xu2cBWU1aub5rgmPY3EzTSuPpgEyiMNFXMVHom0elnTAZ7Wwe3FDp
t8YwJ67J4YYFp
qODrPEDILZ85wuvMwVOWi2SknD4bnspz6L8xdeT99PZNAqMj7RDeUC5gc42zZuqM9SLprjaWqECpiFHp
qYeRgwI7E0mKp
FoEUzGLrX8NOp
Bitmap
SERqIEiRUkCbp
B24ld4O4THakp
0JHdZZkCqkWZGzW0B0UImfdtGnEKjlp
LNzedtVolNREq
MvYVKm2BO9wtIeiIzMJGSa56FTJOGbXkfMWPYerGxK5UbgBqqWPVjHNx5NNJo5vh6xwGdNkwdSPI2gd5i3Cl17Kt8z97hIq
L27rqeE9j4faeyfFJuMVif1JzrTq
TbZKy2kJwL2FEuaLLkMtMD5ktNmNn1KfiNj9c2jGS0DpuMrmDcwFMYMUjESuGXfKBjuaZYqGwM28Lzdq
LaRqoAGM1OA1fqYoaXYk5exxiq8pohq
System.Linq
MTc38a18Z6RdVSX0wBbVOjOCYL5EYrq
q6rjo7f7ZpDtq
GE2GhaLteRS8kJ9tpdVZUU5Ed0S9tvq
P2dxax6bPLCzq
cAu74MRiIwxdkKGtTYQG5bUzT2YqNlVMMgOgrWheeAfVdM08ZsYbA9lWadxkr34LeGn5WQRtcG7EWGxBWiOWjTGiocjXZOr
3JDcgHJHxpfydHjlYonY3IpYfUWr
6km3N59ZbnxkIKOuxQQKamJR3hFjrXr
MD5CryptoServiceProvider
StringBuilder
SpecialFolder
ServicePointManager
ToUInteger
ToInteger
ManagementObjectSearcher
SessionEndingEventHandler
System.CodeDom.Compiler
ToUpper
get_CurrentUser
StreamWriter
TextWriter
BitConverter
ServerComputer
ToLower
ClearProjectError
SetProjectError
IEnumerator
ManagementObjectEnumerator
GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
k21FA7lgtKEqr
IntPtr
Fdtjz4no2FWVBbwSeBhsXWpfyPW3a9xc2wcjj1XVZwWM5OLaaHusY76Go7O8uUqRlWW9mHKCgeRoP6buUDCBGU14UsXOBFs
hvjxFCMEyjkXkZYqAgLRTrmKxv2OPFs
SvSEVSgB8bWIs
nLL0MrjhULHVAE85qU4FHJs
3fZiUZnEfSLXSX8QZWmWVvRuOpsuhqs2x2oPNOypEPapV2nAISeigtGiFcZkGpPwnPJQIIzkyWMGuSJs
Graphics
System.Diagnostics
FromSeconds
get_Bounds
GetMethods
Microsoft.VisualBasic.Devices
MyWebServices
Microsoft.VisualBasic.ApplicationServices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
Microsoft.VisualBasic.MyServices
ExpandEnvironmentVariables
GetTypes
GetProcesses
ReadAllBytes
WriteAllBytes
GetBytes
l5cn04Ti3DwhHz26W3QlXDqVsUTf8ovc7UvUiztngEkgiSR8GEDtC68naG9pefs
SocketFlags
Strings
SessionEndingEventArgs
Equals
System.Windows.Forms
Contains
Conversions
System.Collections
get_Chars
RuntimeHelpers
GetParameters
Operators
GetCurrentProcess
4ETbVFzsgByss
System.Net.Sockets
set_Arguments
SystemEvents
i1UJiCTrHzrts
Exists
d46oWdm9Zkzws3n60eBf6XX1bhNt
KTcdAz3zOzRUHMvhVd3GHv0LU6hPCQt
fdtiXLC7CZLAwzfZ6mjMMpbXJsRt
R0Jd9DTGlfaTt
Kw7NuVyCKf1Zt
Concat
ImageFormat
PixelFormat
AddObject
ManagementBaseObject
CreateObject
ConcatenateObject
SubtractObject
TargetObject
ManagementObject
Collect
Connect
set_AllowAutoRedirect
LateGet
LateIndexGet
System.Net
Socket
get_Height
op_Explicit
set_DefaultConnectionLimit
GraphicsUnit
WaitForExit
IAsyncResult
DelegateAsyncResult
ToUpperInvariant
set_UserAgent
WebClient
System.Management
Environment
get_Current
GetCurrent
CheckRemoteDebuggerPresent
ManualResetEvent
get_EntryPoint
get_TickCount
get_ProcessorCount
GetPathRoot
ParameterizedThreadStart
Restart
Convert
$VB$Local_Port
FailFast
HttpWebRequest
$VB$Local_Host
uFh4YaAZvp1tt
set_Timeout
GetKeyboardLayout
MoveNext
System.Text
ReadAllText
WriteAllText
GetWindowText
1fykdSjJFr1yt
dmgdGkZ1FdJJu
c0IMPt5xBHAMu
dcmy3BDX8L72ohyxaTeh60hpvjX2Wdu
O2QV55erPiz5hodjvca4bQ84kYBJVZWxkdwvG7PvzJ0LmqotWfxMZJU5wkBVImu
riasn876t8smu
ZSjZZcZI3Fgzu
aQswxcit7Tb1v
YS4LTeT1h0OGv
txk1G6w2j9SIv
1duxF8K0uKWqtdj3Y9STsLZcr9jBcBdwnTytoFYQnFbP3N3YXHuMfzyQBsjq0uTTvoRMNpEyBKzcNfJv
RHjNZ1p5ZvrWmKbRe8RC0uELiQYtlGTKDKEG5XIufiIDsI0YTzzJDotIQvBJTL6nrpyGVN6AqTD9xsxi9rzuk6FBmyRTXOv
R5c9eOILFucav
gMay0E5gH5F76MEwXH41ZRcKFtzsQev
cFCA8ZFgxkfX0y7HWlpStsWWgDhtcKTQ7aCZt631ia3N0c08wglNFY95XFUI0SlGUrSqu530q5GT6uGVSc62LhHuvEQqHrv
G8Gw3Jdm9du0QDQ8vXxvDFxl4SguxJCow1co9CqN48zC7hmB2iCr7320o71NX37DU6LBrFxouIbwCfYR69CPoxaxvAUVw2w
8Os0z2uL5O4ga5dbmldtXI9lXhzbcZq9NIUagszl9kDYnbpSC2sZCUaD5t4hNfXC4qzviKvqJy0KiSXReMLui5yw3ffV57w
M7M6DvDiByfPsGAaiQLGBR2lTU3kW8w
e3HWCwgkR5t9rFkYRUX9RMj5x7mA9Q0mr41r6Ktj1TcIeoiwVlofr9JnrPm6TrjTDq1G88OUIxHGxGM5VXb8tKcYcylAIIw
ae9tHfGTmIDI2Uknttl6C8lFQ3oC2Ww
CAQRVm8RrhXaw
SsMF5RtvlQiaw
v3rW6HVvbWGkw
GetForegroundWindow
set_CreateNoWindow
sy3G1cZrTs1qw
Jc3IYThVfLfaQA7oVQJt72JSFQdD0dxD8l3mte6vmKsE2tmsZnhE1lZO7NTCHXowtVPrjHBR76rFLkvi12WQUrKI23a40Ax
ToUnicodeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
Ma7Sqy0FvPJOx
OTXITuhZOy5Px
LateSetComplex
TVOAN7P1Pn6myObvxqdpsmDzYRWJdlx
GOK7dFtVP5pqx
MKUMh0C183pUrUMsBKv2AhMTU69mVzx
jeZAYuo4Sa84y
AcibyrgUJoGEy
A8n47t1d5p5Fy
animvXcP8X6Fy
DD7ZU1XCky40R6w6D2x4xGuc6EMy
78vV14OkdO9UeVwdkZSoOYfmuJCM6NYdcOBMjF9ImVVaQvM87EmHTC69GOlWfM0XZt4FBy9QVbXnPeTy
OveUy0mJwCvYy
ToArray
set_Key
CreateSubKey
DeleteSubKey
OpenSubKey
MapVirtualKey
RegistryKey
System.Security.Cryptography
PTmwrQ8SQGBiy
IDHSwlT5VP1yy2h9wzCYMHnp0M9ayZ46sCUU4BMax92vaURRloFf2AI1B3BfP09YzEHPcpSlkULUiIa3xqlGJuJsGdGfZjy
PpfExOj3KtoHRuo9uTgejyqWPsPy5ky
Assembly
AddressFamily
ObjectQuery
get_TotalPhysicalMemory
get_Directory
CreateDirectory
get_SystemDirectory
get_Registry
zvHQyKSCmbusy
op_Equality
WindowsIdentity
IsNullOrEmpty
FiYDVn1NwsaqMkGw8TFFrOS4xqoKmuy
RegistryProxy
OSdXqrbwVIOmnuAGso4nVSnCG9qgZ0z
UPvZgDIWoQeMDRtePc8G3IMLMPzwjG7ClbZfNgP7Pdnnn6eNPounB3VRPbewEOeVdgoo3OHSovnzlA7z
OMn7Hsb9ktx7z
mVvk3kwOkstZgQ1GpUfIhl7V3Xci87nJMBlCyJsdHM1s5roMm1M79H6ygqjBsLDxCDV3KeJJaT6VHMsXtgL8EXVydXCFQGz
J1fmC07UHh2wT5sSZc3uY2zNUiYMEw3WTbvphKTJteBPcFaIRuJ52YUqw0S1Y5ydCsXaMKAqnP5Fl0wcf0y6mBXhSPNqhJz
Wk9qzHwT7eFNz
5epH8gApp1gRz
mB9Kb8iPBKBk5gXpHqcUbafrtSi7JF74vtM1vQvTgtRdzOKObMy1RIPoobhuBYQ1acHanNGnvu4ceBVz
Ki2YHlTZAU6xAiu3Mdb52W7unH3kGUXDjwPEOBiSrUHGNGRcFfkERwapoTw0mHSIgd8pENFnAWvhorvVIlZUWW7UTtPVyjz
v7djWJ7GdBdGuav7lzR51p85zWni61bUEHVLg7wJAclpE5mxOHH6PSH2Yp9sqnz
ostPZgPjM8Koz
QNS4BkbRZdTeDVkXQbpGrrlezw4C5qz
WrapNonExceptionThrows
$b0baa1ef-5f7d-4931-8246-678d1a6b7abf
1.0.0.0
MyTemplate
14.0.0.0
My.Computer
My.Application
My.User
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
<generated method>
<generated method>
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Du2xzxrleWrnU
3QyGPc4josRU3UnbyGkgQMcqJ0GzJNcrvdZLmxCakjKlq
I1vuAaQBlqCpdHGSuRLe6DgajNJgUzJgr6Vd6TsECTEHo
uNR3fmrJ1IDbVnrEBPM25hppPVeOwZ9BiRvuBOTyLIDyB
xz8VRxrYzkhIxdX674PxNW6515mQFg2
YYockrtv7pY7tXO13mUmPAlT0UaJ5jM
0VBBMAEPEvWPk4v8pO8O8Ec0C6wr75w
nagwC+RDscqOllf4exf25RTdend6TnD/1KjaW4D3+iGE8Sfjv/RWt/zrsNDaljWd
TlWB5DsIWdzINiiQoDoy/w==
WklsF4ydFbNScxQV7GB20g==
++MyqGzevwaHvOu3hDROIg==
hNGmRP3Q7LM/7SZeY6s08Q==
Nftei7lFmOjq+A1eW4vh7A==
KKSNPBKu5HN+IMRM+BB2IA==
XUiMnOaeNSBy1jcP
\Log.tmp
nhoKzVpcs66FHLSEWU3qdqsDH9f618I
DBOdTdXErFh1csHHQ14yPGOaGixBzde
schtasks.exe
/create /f /RL HIGHEST /sc minute /mo 1 /tn "
" /tr "
/create /f /sc minute /mo 1 /tn "
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WScript.Shell
CreateShortcut
TargetPath
WorkingDirectory
powershell.exe
-ExecutionPolicy Bypass Add-MpPreference -ExclusionPath '
-ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '
http://ip-api.com/line/?fields=hosting
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
31mqXyGjCrxOLd3GdYG1Ct4ha8Tfkek
GCmWsudS8dooh009hGE5FedQH6winbS
8EENfQ1CBjUf5H3vBacrB4QyKl7C734
FHNhdDrrWJsyNd20FSFRodyZdae6YqS
IKTCv4R6x4Q6ebpYJNIQHvXPuAUZM7y
NQyL5dj48BCf0oAMkjdjL4dJaw2qgfX
rB4MPA9UA02kdmlZQUZFU11pVoJ6Hlb
r6dO2l7Rkgv3hRVDykMlP0QUjOPfSGb
3jsJHxi1U0vDgRiqFBSJxvxmevNE57S
sUMdsMEN240KbQJBiUxRIrWAEu2r8T8
G5eGpUwNR5T1fPJKWp3EX6wYpiRjSqm
Xu6JrY1phbWGML5WX9PrLm88CfsQkqw
cDaIPvRHtbONYzt50wGkLyqI5v6pvMn
A2QcZk9ahYEGU14R4UqLu7Uc6ydEifo
K9E88ZFAAxZ1m1y9YC1YsglVKZgyQUM
Microsoft
Service Pack
dd/MM/yyy
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
SELECT * FROM Win32_VideoController
Win32_Processor.deviceid="CPU0"
Core(TM)
qjh8TdO2a2KGCkJ3Zx7Tq7lQ7mw7khc
H6Lt2FUmOSja31kxmaWEngVIVR6XMbF
gvE1gmk7Qk0xj2wEovTxHcwU8xcAjvO
QT2qRSE9fiE5yNDEu1HatbsS1fkLAlN
MczvaAEB6VKkrwPy6c5oMnzdZWYpaLP
5Xgj5ce3xw3Ybs4cfLEG1mjEcFQH7Fb
gv1JsL3m1eUCLqveaiatsGhMP7N7QEp
2SrPQebFPzBjU7Mrg6lvJWnPyMhJpMa
ruYCHV02Y77OUXnJCirpOBVqSw7K4wy
NUH3n5efeCFycJMi1bkYKe3g3cdMAJD
kf1gYWcixGZMsbwr8YAWGvli8MjtUXO
DFpKa12HbPL8HFYoMfdAJixUkYBiGJC
WXE4fJJeiIjbkBdPL7bqKhCkiSMLWlc
KRaqe8fLl72X8rXCV5oORmVz2Xzdq1O
rQSAlXvfw5Djww3mu3vvfxwWH4pbxCd
3m83e1hc4swWs3Wh0GKzxDhMOIMTKNp
nuFyHHBXQciUeeZ2HTsdHa7yTQxABZr
SWD1h7E6wTt9HbMA6m5ruRtym4FO5B1
PpjYyKLt9Jx6qOPt6stnwz6CehzKkGw
Rw8sc2twlQer3WNHhpKRaE4RS2xF6K1
h0uHgHgDha3Rk2xGTPhbW6eiSDNUBPX
uninstall
update
Urlopen
Urlhide
PCShutdown
shutdown.exe /f /s /t 0
PCRestart
shutdown.exe /f /r /t 0
PCLogoff
shutdown.exe -L
RunShell
StartDDos
StopDDos
StartReport
StopReport
\drivers\etc\hosts
Shosts
HostsMSG
Modified successfully!
HostsErr
plugin
sendPlugin
savePlugin
RemovePlugins
Plugins Removed!
OfflineGet
Plugin
Invoke
RunRecovery
Recovery
RunOptions
injRun
UACFunc
ngrok+
Plugin Error!
ToLower
Open [
-ExecutionPolicy Bypass -File "
TsfN9VhWgOXTs3uI1t3xp9Y5FMYyvHR
RuVMl1G4pFBrvV1SqqzL8BXNcXHeAX8
3OGD0l8MgTP2hflKNEc3iG1Fvq4lCl1
rJbgtawhneJTXdbRIZqYXuiPKzFRZMo
EhmFlA2hoAocGE5JMRodRJN6obmLfHe
IEqm8mj6iuED28ZJnczRElL1UVfy4hs
uceEzIfnaV1mcavIMkqOSxAULexVEoOTxHUzu2a0GCFlrKiXXkxK5WC37Nfz8ai
rrxURBNaqYMODRGluSs5RBnHnkjZ1ecB3qpvIbpjNVJSGzbsupFdqPiTP29gNaS
Nuy7dyUEPKJqAQDb44egYrrMZiFDxmv0fVhOkZ7U0zeRb0wEAcHXK4Ap1cp3KDD
YcOdcCyJt4dXtjaXeHUzscFgKl9zSZIJmVS552RoDnznnWJ4iimEa3jSVDeSRRV
fNRTzTDXIPiWYqJfXsBKLC4hTHfb6tVWnhV1dBJI7i6vPhbejl9jFyNhvXJH12R
ZlaZbb8u6czk5ZYjYonYOOCQdfKMPwEv6wpFmkHorB4Li4wK9V48BmAcWt7GtoW
hJC6yQQITPFn0hlhEAAOe2GM6unssm4rLX8yzZwxh3Fes9luKXRvNHDIT1biICl
TarDLTi9fHfbw7ImRRI0vSzO5nU4TfVuYc29sYTZT1SvMZq81ozIZrr15F2WbJv
eE1VMjVrd8viFhgH5G1jila4tD8Au3YMi0Eq2JJdAT3bVe06r77n3EIZSrN7xid
dz47z0zhxg4h3He3uAwFQk6s4FK59mNbkUA4Zws0k5kE5d25GgUbKD2XJWO5cpO
POST / HTTP/1.1
Host:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
User-Agent:
Content-length: 5235
schtasks
/delete /f /tn "
@echo off
timeout 3 > NUL
" /f /q
09sgqtXAwlde5tVJvFLSInNmxqOgGd9Z5i3XU2S7cQD7t9IrqaboWwnoYALcx5s
ZJSFUhs6y2gopZX0GnywtzQzhXx3LUQ0Cz0jLolb5VAekk6ZvaciavDwfRFh6qT
ToUpper
[SPACE]
Return
[ENTER]
Escape
LControlKey
[CTRL]
RControlKey
RShiftKey
[Shift]
LShiftKey
[Back]
Capital
[CAPSLOCK: OFF]
[CAPSLOCK: ON]
MainWindowTitle
ProcessName
JXWnkBkX6N4279nWSOXfdJBjp58eB4bjMIPSmNemGdsIgLfkRvgku2UjSg4NdSG
4GQRAICJFw7rwSQCzdURGMZfUG5yFI32ffP6hUJseTZhbEvhWLe2iroy3HQPFnq
VFENCWNlYMYLE5dhehFEK0u60Rt1lx6TYDivKy0Spc1rH88DvapVw1EMZJUNdVo
57Dazn3esyNrFPT9bwv9x4phN6UGnLIsRyPn70RooID7k5khXhYYEVKSbIx2fbk
Nw4Vwtus6QZxy85B9ihTVqiJ7yTWCRPuGhs1t0m9JHENtAbHkW3l3NiMoj9LyO5
3BG4BNilXoHMCYPC7spDPPVhMCGEY5W2uIillQWJRvLAC6gMzkxxXQynErxGKjI
Y6nZhdjhkjrG0o5lHpzB7mGb8gMtMIDUnfLb6IEIOtvVx5z9yGJ2za8dTOlgzFR
bjLSeNRQyHom1tZheENiFNuhUhA6CBBY5ojzaLpGW7eNi1g7a8ZPV6aj7ejPMjV
Dz4se7MlD8DUASdcVbeVUMbANKlrMDuMaEecdaVia5vdNzLsA1orx1HBmkpVdjdjCPmgulgMGLK8c8RM9mXKEDLq9pgQlEu
01unhy62jzdDfdmMPU7tndYP1lvZ9OboS8rzcLtQPdY9t3fcf9q3yw88NyTqyyk97Iixj8YVSAVBjYQXbJ7Yyg7p7jnWs9d
Q4x3Ut2g8DCBwr1gaZCuedsns93YQoy64onrSL3mLfkY72RLdFXUxmIdp0KaThuJO9XxA0q1KOIkRjJC1L3WFwdR3XMyyWZ
HYpv7yZXioMtoK2n8ZEMiYtvhXQak3DzId6sXFZsq9Ey6CQ81ZhvDt5LWemHWMqmdpzD10Wz3J6YkKQrGVHd6BNSbWKlX3s
Bb0t8G49f3drX21A4hacKKSJ2REa1SBX4MZJsDYAFjqaqMKN5HxqiEXXY7SiKSIQNkgPcpNC2ZFaX01IVbGwF2qmlwWs87C
gfS1qzM8kgt9d6RDxabwFha8esZuD81NDMZU953szBoFWsXKGqzhqkHvmYy6FVRVeDEcsKJ2yMGrdVvpGvUccMgraZyqxS1
7t29WAJuTcRTIBvUlDjEKiuSB3AI7B9ml0HrhPNVWlor7zEb0quP7GMy6j1P7fKvnRmSzrRnj2MR1Kre3NUTr5JMFwmKoGt
QLpcqqGrYh6oiUrNN1Op7nq6Ke8s11xyFPu2rMWuAs1OA7VTr6JptiGDBYW6fiTSPFiTUa9UujfXvjCiSp7vpRMjZcCYeFB
GcmV99KAd17eZGN2W3NUr7zOl6GsXByBzXeAP0IfMSyaoKR0C9466UABaQgMSo9ZF7ChPUFZ9an9DKEH6VXIiiqIwr3q7A9
hvu7nrk6IjMbutWCkZOhaEJ8RtIPi8g6ZOPyI3qTtMBPzKwZttFDxrRKaoRqJRDS8VZhJ7b5nCH1Ja4wmgY3TDabiCpWffA
lDvtQOpoRx04CD28lJXpExKTRyccRI5xFWXFo8ogLE9IPvL3SUARnDqGrCvkgw2154yiaJSEHLIVL4PGsIptIH7Acnw8IxU
H9oSR1nQtaugcxk5Fvp1VBWUtECrEdPGG5iu2G6qGT3GeK1pV4WwOvNNh29rAeMUkLok8HHD8eemQTNKrmgzkhfDXiYEgS4
TC51pMFqZHgFfekvGfQyT9WYIYhBsx9G9KBGlt69zJ5ziK5U6xYTrVsjInkofjITio2RK2yr0lfHW1hYMcs9MdFMwKUNfXt
tpa1dHiwHjO6Sa2R3oKo0V1ZPGEFlnAf8j8Pg9XSbIj105Or2pv3N21b5tgQl8Wi5qhda2wsuQxQPStvJW7hCUT9MGlF46u
ES9jt6ZMNJxmQpnCnbsO9ALcltzxccLCuk0YxfksJrhVy6b7ruDQIvOXhMdYnOiZgCf4VVuQpMUnk7WvGHelXgVHtf3rEv4
b8ZZbOSEoLNLMMX5GnDDUMP3TIdsQJiJ5cJjBsqUiuGXeZ2PkmhpQEHd3I0BGSEmP7MzIpotAXvE13HEexPSwNDKCNJyBMk
W5ylZ8n15PeBGLuUoZUgNmqUTqXRM1LSfMgHnj9pkaUjIpgHXq4qteoGjbz7Q5EIxQRWADRLdMmlYvUV1I8mFYjL5YjKIGL
Software\
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
abcdefghijklmnopqrstuvwxyz
Err HWID
ToArray
Bp5r67urWYX0Q91tblPTIq9sJVa1YdSAamzoHLOoFiUFbslDTI9NnALlkZ3FeXAlAYTHc2zN4tWq8eDe1R7hyXqEbv4EycE
v3wbguFmo0E0q7qWkDYipt9G0v12vTqqBDUtCWy4XO4RSDSPFXQAtS1peOCCSj7DwxlddeGCIzCqnQxNJ2no1Pw6QK9lkmj
3MYobVnVdtpmnHRdATwylpR0em2pJyit9O01mR2naPlQ3epodHOqlYfkXtVQcRnyLDKiarIjKivbOsJ2OivbrViXRXdD5Mg
l3mH9qZZtiFxdtFy4kTTiATPL90Q3dpGg1GTP0EgfE4vXMvbrXhPLKKKFyP1plL0jAGm2E3P5iZYD6FQMOt13j1CJEWQGid
tH8mLRUGomhnqjwdD8GWXeBT0spwXiCnLHokmbDEWKgI122QSQeJYFSwR32324Kz9YcSHbFDo84xMaIy
31rD4wRnP4JYtIkKaLfPGcmJtmVCxknPnzeMQNc1tLBAPgy2PKTsj7tLhctfU0wU07cQOMA6GzhxrZvp
gI1yMJtmzzvn3ezyIKwXhzWKjUUMKw3RJMkUse77kTlTDaDskoOkLPcwDYUSsgNkxlcwktYPPBUn6b5r
kQUTUrb6E4mp7MiTkUZmgPrVIVwBL1c4C8apPM2U8eaBBVZT9QMLcqYTuj9wPLvViaXkUwjaR3UAwOWV
iu51zdRIiNdeVonDShcJAj3YROfV2qbgrfRBXOALUjIbCjVBtL7Gi2pTx80nC1VIFC0zCWDgevkm0OED
h8ukx0uMTGqWHRSyBUCXaGXREVMJ0HMv5nbxFb35u4UHKJ5BrTeIxj8N3aELdepwOF1HfUxi8gnWyGOA
Dq4B5NIToy1nnd1kzOcGlksG3n0Rh4xpjs5VDrySwiQl0B85uE9qLUSCKTbucs6geAiu1A2Ica4T2Ieq
Vbshk61N4yGe9pAHtoJ5Gi5zsksVIIAbUgQxuRyryxnVQQuXenTsf8WQUqq6vRdX5yFHEJmyvb5bRMLu
RAMGarGJJN6cADCWzDxWBidQz5vwCtLYuBTP3isZfYSkpnwBno6RiloXgXFperuyydXAkqMfwKKJV0GJ
4PF5PhZAvoPbKxVpTfl88h64vBMK9xXHsf1g70bAvcGdjln0FMdafR28nRmbLV72VsG5JZ71Q4qqKGd9
LOm6xScxvMD0ceRTbj6drBZUCN0xFidUWFv7lIT8lhJdvozOKTDTQ9EMobsPbZZglIC0PpXSXdrRj2Eq
j1Lsayh2VNn53WOA8IIveBxO96c2FsfUOMO5alI1h8u3aDEOyBAkVG7vCqwxcDmfSTO4FDt8fihmOCZm
JsNCKRya1IVikZzcqzZuvusEsLUXEf0FHexgFYASzb96wBuaTGCwKzlmUQY0thV7Sr8MGtZIRQC4u0jL
Y2TzQeAXPvNKF7OMFYWFE50JWkIiG5fXmWIv5UcPIxlfmarTf3nR1CV7GEoOeN3m1kaZqXeIplxwb4jp
ZSOznw8Vi9liWoohSLv8vly4E2Fp0oPLxsH1B2i1DFz8Sv64VDtaRAzy9E861MjtWIw4u0v600rkBJKt
r08jEi7gIMKprJbmzTCg1rr3HeJaNopWDgnDTflDovp1ymi2TkqGxTXzf5MBSN3C0YtodSVVedEImHiO
Y7cbEeZgMX7KDq923hL7Bsju2OlG2jW1vdcAjI6yDL3t62VaclnZWbLlGLxO0pksNh0d3bz3YZ8o4mer
uZXlF2IMIf7kjpdsqfO4xu1XNJCq7E44tCQiaHdH0hQCIorDpV4zNcBe2iHYQczbJifVLVKimd4gW9Dw
MXI3JHgOr46fiXRLxyW7SVTeRlDf3Eug6wAyCcPBm2ghKJ3rpbYlCk9F9xkYcW0TzJsKC1mIVkY5Uta6
o5uF8h2raJKFzApbNcoeCyL
ScOF7Yui83Vp2sRDiopWtZ5
mkZR43wNtMYLYzNkbjnlgKL
J8lPUDGIUMX4GoIkytS5zEh
abcdefghijklmnopqrstuvwxyz
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
LegalCopyright
OriginalFilename
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.DeepScan.m!c
tehtris Clean
ClamAV Win.Packed.njRAT-10002074-1
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win32.Trojan.lm
ALYac DeepScan:Generic.Malware.SFL.58D9FED0
Cylance unsafe
Zillya Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005aa5f01 )
Alibaba Clean
K7GW Trojan ( 005aa5f01 )
Cybereason malicious.aa9e86
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.B
Paloalto Clean
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Agent.DWN
APEX Malicious
Avast Win32:RATX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Backdoor.MSIL.XWorm.gen
BitDefender DeepScan:Generic.Malware.SFL.58D9FED0
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan DeepScan:Generic.Malware.SFL.58D9FED0
Tencent Trojan.MSIL.Agent.16000605
TACHYON Clean
Sophos Troj/RAT-FJ
F-Secure Trojan.TR/Spy.Gen
DrWeb BackDoor.SpyBotNET.67
VIPRE DeepScan:Generic.Malware.SFL.58D9FED0
TrendMicro Clean
Trapmine malicious.high.ml.score
FireEye Generic.mg.47e5cc1aa9e86b82
Emsisoft DeepScan:Generic.Malware.SFL.58D9FED0 (B)
SentinelOne Static AI - Malicious PE
GData MSIL.Backdoor.XWormRAT.A
Jiangmin Clean
Varist W32/MSIL_Agent.BUD.gen!Eldorado
Avira TR/Spy.Gen
Antiy-AVL Clean
Kingsoft malware.kb.c.1000
Gridinsoft Malware.Win32.XWorm.tr
Xcitium Clean
Arcabit DeepScan:Generic.Malware.SFL.58D9FED0
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Backdoor.MSIL.XWorm.gen
Microsoft Trojan:MSIL/AsyncRAT.R!MTB
Google Detected
AhnLab-V3 Backdoor/Win.AsyncRat.C5360693
Acronis Clean
McAfee Trojan-FVYT!47E5CC1AA9E8
MAX malware (ai score=80)
VBA32 Backdoor.MSIL.XWorm.gen
Malwarebytes Backdoor.XWorm.Generic
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.AntiVM!1.CF63 (CLASSIC)
Yandex Clean
Ikarus Trojan.MSIL.Agent
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Conwise.RCE!tr
BitDefenderTheta Gen:NN.ZemsilF.36802.em0@aWM!L4e
AVG Win32:RATX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Rat:Win/AsyncRAT.Stub
No IRMA results available.