popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-04-06 07:09:26

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0000fc94 0x0000fe00 6.00930726307
.rsrc 0x00012000 0x0000064e 0x00000800 3.58974871113
.reloc 0x00014000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000120a0 0x000003c4 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00012464 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
5CazcQzReAGrlIxZqedIfFZgyGfUoAS70
EGc3Gv4lXHDaGVJMw432KzqjEcQtuC2LsBoKOETYGFdoSQVwI0
chG105KbpBHfJVUujWqqvOfWsJr004gr5vA5wTPHNN7Dupc93GMrSlyLg0BBewxJv8qsNGeMxeCGPe4dH7XzLw7hZ0
07qydGqoyQupJBrJi0
bUvOqvuLiBGoQDX2s0
NF8G4WPqUlzhsToaZhkt1USm0nFva5SO1
OLLBrZ9JW8fVXocViNt7BHb0lpfJnwDS1
_Closure$__1
IEnumerable`1
ThreadSafeObjectProvider`1
List`1
qsKlc23w1N71QFcztka12RtpwDI518xo1
HG6DiUn2BWqivFzPAlATnst66D6rQ2M02
Microsoft.Win32
UInt32
ReadInt32
ToInt32
UIUJQHGs4dj3Q44w62
LlJkzIaQhIMarM8F92
UFK1lRf8Xven1ZvQ3DfZp9yF3r8rbgRD2
ahdZ63cHrfiajydUVuOpUhNUg3tizAQJ2
2qxjwsrCILKp32AjKZXHWy0AMDdw1n5gnbQA63XM850rbfMBylvEsVhdYDLLMZqLoWK2
Func`2
B5ngZ2qDivgtsskAg2
JUFEk7gM67peUO3nV0tcfkx9REnqgNAStVjZopMDeJvs4EXMIjXr03ahdPcg4nXRtnNJA2KR0oQJg8pPenclli4In2
FVqqO7DBv27p57MBr2
cK9JRUDeDjR64V2Zv2
5O45gMOWGbybTuZATEGU4Z6niDQZbDm63
MHT99Bwv0gmEdUbwdarBMSosHdqvDIHE3
Xehwc5NxPqwklzsLM3
UL3miiedHAzYnlGyoeYO0HNJCohP6GYh3
ABKsDs6dnEypwio0m3
acUxGkUmBfHYWoc2o3
tbEMcevZr3
UInt64
oh13h2HhJBt8hoZyB4
jrkCfsngiOWy8GjBl3fhbOUw74Jdp2Tl3erRMOw095HL7Ze8T4
VhbXDB5RHVjyolmgc4
U95fIQdOm4
mWLHTDXyp5yh3qJDxpacuyWiVItlGZdXU0wIlzqiphszaJhE5TFgazwWie6pzBWfOCmZhqDJhuj8h3ck2vEJpClNn4
xAL2IhBdrq6qymHGUKekVmfgiRYumhotMqBAiCY8A95547SBM9qrm3Luk7JlFnNwryo4
xlTGmlJgr4
maC2nToW65
UuWcNWcUI3O2bMkMppvX46WzmT7aPcpO5
ybrqn6rBmXzBU5f0ikXJyMt7CzxyzK4k5
VLLkbwtrZjduApnip5
Kes6K7RaZkphhfqlyylD3Bi0Ff96tGd26
ZXjzBn9Os267SLUyxifzFCOY3hnDshZ46
Iq6AQQ6rGyPd0lub56
Yxk5ERc0tUQCVnQ8QFdEHKg4CcQP2DY76
fZMvHaRRFGlqoc3VrsBoMZKYdUWg3mm1YBt5eHQOos33pt7yB6
nM2nOj08smFGkUSzC6
f9TxDwkKahFRUuJT67
l1qlEYpHoXiHjrLiteTALe0TTMWOgG1rm7nkMxlFD057bi8ltYmblUHlOgXNy7jHOWC7
lLqWNmGWyXwvNzz7P7
qSd95iK13UX75TlWW7
cu1sExTPCK4svSpoTagwj5FKEv7zfaFc7
YITvkOzDZ3VyU7urJFMco8zDQvXHCQ4yqPLmo5iDwA0CTtNCe7
nP8ok3fUWxbsZ0oXqofyTgXfjSJRSmMg7
F3KHnvDYg7
jGHRkTbip7J5Yc8198
get_UTF8
_Lambda$__8
47DQbPFwM0cgHFWw4A9nn15iUvnPr3dm8
R6kECeQB8mgVKLC4w8
05v26JgI49
XZ6I4NGU79
gGeBpCmIE9
mRZEorlNyNZdwRekEcCqXbVCen6BMLqJ9
s6VDaZLYN9
81QpDDQ8BqUkryPMicpTUt1hMBk1IaZN9
Z6OpOnFqauGGgMKh0YXh8ZAljmGXrZNOD6nslYQs2I6khncvr2x0IhRcjfPSqthTNVQKRa65Y2DpswCnwS9
CxQGzVNgKzMoIJD7k9
Rtrxy9ybKQeYxHBWAXI9cfcLW9ABGDdSsGIV9qCB7R8cwWpgHR6u9Z1ESP7tuOG6QbG9kvjhWDHAO6XBfm9
Z7TqBkfex9
<Module>
5VzTjbFLJybDFpSvQJlWJVkWWkQKUSh6A
ph5LGEf8lNE0xROQEA
zHzR90qBjUkPfrECFA
BJ3eRYh3xt7CEwitosgfaq641JgyUg6ssk3yypSDXId56ls6gLotNRpqtRU63eSYVtHA
eY1OsfV60IjGSldhgTAWP2aKuVm8q1P0qml6WW7O20zC5ZRWtYYCiI2115GnfoMN0C5D5MVcbgi1pdsRcKA
paiPi5sRSA
UnZY7rgdobRrAsePvgZNxsjN8aRQsCtbA
ck1JwQzQkA
capGetDriverDescriptionA
capCreateCaptureWindowA
WbiIbf2WdJu56cnqKy3abrcbOtn2DVibMxQPmMbnP2QumspmftwIhKMyjv0DvkGSKIt9Yz6DRPiJnWWX8Fvm6WvPUB
rM1qLdupYZGB5FZ5EcZPIayc1plN14Y5PEv7mF8Eu0otDpizdlXLC4H7sGYUk4T6LW1KfIUWSEteoBNuSAwZm94YWB
yRp7XLuBtrgP683eYB
5f0kdtnleBXR8FwZhypOrajTxb52MZJkEn9mQ5bxZw5NcZ2W8E3J4aXmjitfocSHwDwB
8brdSPtfqdLe9FTF9C
5rqBEPLnEcxEn1MXNuQeKn0rsV23FdNGwabdgh54x13kGcunjWXSiB4ylxGvKWZzXnaC
V6ejoraIHm9nKM3YKVAQb1lIrRSscsoFbSVnLF9WbNEiF77DbC
vTBtJRkz16NfUPXqIlOrSugYCbGA0tS8D
TBGQzBbWZ2lgbMfIDD
ES_SYSTEM_REQUIRED
ES_DISPLAY_REQUIRED
BA7U2zt9wvslekDKKfiOVCPzUq9AaC4WgnmWbVevBHTGCj1nzjTwPGgw2Q3hLh3UG4OD
BhWmVBdsBLmBX3bWucLiSYTKyOhHLdcTfFud78oZmVVdHD2l9i57QpiyWJUYVUTgRcOGiJP03CqezgAx1PD
4ze1GimicWkZvnxUG9bgVde7dzELzoxBl5fxbW24gZ3mfbPK47eN1JCTbKllUTJ4bfVHHvOmwfDJdXS76XD
fb7WXV9RtCQf5Ro8XG77jTsJFNGBzcbQYE6Rs7FooLF22zaMKvauwW0dvEg5TDay5LSZVnDNav88MxkNGN6zlAL2cD
jTQKH2PAmD
2o8ivgNGrtrOz65QWpJa1qXuAfSHPD8QwXAVJzSJSOw54hVotD
mTprAnu0vD
Hhk6NN06vyoeOiONDetswgIwvyFbdRL6vJNa5XSu6Mh1KY8p6a60Sh14HYwxUiez3S6E
dLXwWHA0M02eYXH59E
LPoxEdNpyP09jaCegNhJdQ6DC49A1xdt2Br8tOuOtmu9MLE7FE
CYHz3XPi1m4pauQjk1fdgx08UCFQFAuGE
WbbGtX8yRIkzaiZwEookzBxiSwCLFoKMAfuy9Rx1bc6Rgo0mqDBQLqhkq43tGnQrUOSE
EXECUTION_STATE
GEQYhFCgTE
HRKYYI7XaE
UJ33sDik2P9yTY4XrhhmxVSijVDJYRfFCMUdgSqNvLwo8zAHDJmc8qtRELf1O3Pp3wbE
UC7Qgzw2cE
FEEAMalHHGXNTDoHHnDmO2PGCp3SFAZeE
3PxMi9D22F
19gS2br4vmz8AVcf2F
GPrr38lv0MBsvL2eGpITr7glKho7CLtQF
SfYdpREBaF
9RWjKbiegF
xaC26xjRiF
JjLC5P2sPIYNjkoUJrYMnZzcB4T3C2czF
sbrscDdmjKfSBhxzZG
KRbAzyAteEp5p8cw4lHpZZndawfMTRmfG
wKX4QY9FdyZvJ9Wjg3vBAB3G3Pj3w0NjuTIVXE45VEsvukuHxG
8auJmoWHwqsVwgp4AH
qQ6zprROmrtVsgUM8cSIS9Vj2oUK7hkDwG4XY1pRuGOGABtTksmI3tr78kTtr65IVnjI9UsrnEP0UO7mLSH
9JEjChCTi9cxOPxeonkxqEdr9qWU6yYc4wLOUHcpwDshrBZ081O9naFLWyAoeT7oq1UH
ePz21uESGRqYZOJTkH
GsQzKKyX0s3FsXDKXDOtJ9LHPMAowE75RrOvxHBv7wd3aQnzoH
ywbsk47V40qM5VvPqH
pWCdViSsuH
ew7re8L1iMoZntxHCoeNM7bTNjk3rXU6I
ghgITAmHIMr7vE3iMT2rGsops2XZ9ff8I
opJWsFWxFI
get_ASCII
5LRsdMOAtqlXkeOk4mE4OXwfwZS1LTwsI
B6xeYFkfm45kqL49vI
fZP5wfFVvRSerF1RHJ
OYDX0waxyoDoe55OIJ
AK4uRk84kWwsK0GhRJ
WrVbX0pAjrAyGtcuZqRQYE0EHoMcJfG62b0evFPDaWIwQciapJ
3rlLaPIaJ4Ef2BF6UvEYZkyC8C1p8iH8K
IEwB3xlNCUJN51gISE4JAAigUsqjxyaG8dzZKYvELe5WhSMxUxbxZYzqPQRzCCIUIS9CFKihzfrAdJW9jLK
GfSjNhRIfODZ7bkgNwuptz3hihywO6pKOftxXCHzz1CcOdyRTK
7ate4EmnR4x72eaPwd9LzLlUom30uqhnglbGu4PUsTntpWokTK
GiaSTMPsVK
fXynicK6a44wGEtMIFia1vcRnOJRuCjUgzOalacpCPNwIHTYcK
R78mMPfU0L
XXp4rbwt3L
a5P202ZE2jQaPCzqLTpVseGrQcXlPqQ4L
XN0mXeRaCL
T5QqZsWCRL4RSHm9Q7SxcnvvLik7WyvkD07Dc2JGgVqGQUeeDH47x72ivDEUoJRL88FL
3leB5I52NOg4bug9hL
fTCUQH4R0fWnC6VqiL
WiR2AJykeJUncrCFeTrbwgtZ7IGADB66FhwuOpEPvtoQz0xmCM
eH23buw0IqFLwtFkcM
aR9hlWqDDc6N6XAv47790kBDmS3Qz3yhM
o4VvyGQOh3tBOOOyKMNWBsbGs9L8i7WE9nuMtlgM1YgoEHSBjM
9IaPFzs9g4Bwtxl4FFxmcBvn9SdGeMloM
ilAZIiNnoM
MMmuiNZZHM0njy6dIN
d9zaLtfuxZ9nVlrRON
KecupQVQLaAhVnY84N9tdZbJxLmez20YN
S2hs3KvuZN
nY9wyrfyeN
7fU6wSMQ5WLBGctgDvwl6k4kVfySgoNiN
Kpray9OoppwSNxyNnEIo7RgO0I1od7hFWAB3M9ZcHQFbbPx8ytsoD7VfknyAXrzZ7IXHs6kTuQPUFP5A4qeeppseyN
8QjKCMNdkWdrgFF38O
n5kb1MraEO
LASTINPUTINFO
System.IO
MhAQZBA1NDJ3sSml9lIFJTTDyW5eFnKFXcvhylLhxjpuwdTC65sWi4rNRTnahAoQLE0fNzoXnWAkevv7vy2kbJloXO
NqE42sU9eO
EsDClsu8nacP8OcsiVI3swwTvBNd2AAjvKl3TdkBJxPlPgCHBC8eFZb8FSnGsNBgLbfO
3UUcOypaCLkjOOiB2LP2M2OD3c5kUeWJSnmy3qHszDK8VFlLeSalwWoMriXXuF1fneaScE4QmtwFFNCTL986fqIggO
wvhhWbQF4ZBzoBg0FvWqF1GiWb2UXjDKnujg5GeadhN6dwo6lO
3X3LZxvrsYzE9Lyv4P
Lwmqp7TIZCW1xYgT357WXMDNDPEMNV29P
vbCCDASASpworzoUYXE7fGe4FyYVWxTU3BM9E7s6UThAOdt4BZdu84NtgPpz0q52tGEP
ZcF3Rf10K1FVStS62FtjC9r25fJqtttKP
u2MLJEnKRWOgADmlybs6stGCo7JcLAJLP
VTXAItYt6cOM5xgRvYxXtKZPuMgVJ5s1vGTGSdjtNXkkZTIBYtGDlDxFqA44zegha9O2rACLXLIpIGDIOnP
vi93EIzL0knCwYXqGewH71OYfdwHG5YGYbntRJM3sNtvIVIQoP
XDYvlqQ8bWeRfRfyoDuPn1DxcOQigi25Q
Vfvi4bGsf9Qtump9i16FVb71GcczZUVDQ
ZermVIcxgruynKMHonnC9HxtXYzvSY8USYpuBf4bZjWNuqhu1MQ1FnpS23x6OgZS11YhpVefYWvuip6Z3FQ
ylGHJEiCXRchxgIKMQ
ufnKgB7m2X7G985wOQ
3Y076LqA5oVabPbY9KOq7coGnZGHOQxUnZUv6NOjCLeVtDsPy4bwyX8mQMptT6fyfeQQ
yzbGrW5tUiEw2mwVec3HmvC6wQWuGrDCyMNoF6OV6j9YzRrWVQ
5Dd0jpKz6TxUeKOzVQ
6tQ75zZkeYmoEyTbuPSUwVu0fA6ZpMdKY29IymLPV3EFJnItfQ
eCwmM9iOBSVuMfGUiQ
wCGgyN63YC8oxMgOQQXtyZugc0ZXzKZZ7IMYuZ38yulksW66r9JDUg3MRzmqIN446nBvHl0h0VA8q2C2tyfbBEWqxQ
TlTcIhPkW8AeUOGi1R
4v6fZtFbdiYP1WupOP5u8jQN2ugKqHfAXnp5HXXMB0DIY97Om7GSb1LySaXsxWcixoGTALATlfFwYjqhCDR
rCXwvVGosTxn90e8SR
w4CqS0ob3H7lZTmB2rn7bfFByE4uuLQprg475vvFKvsd67901qhJGIgWltzOuX5avA14vfCXqLJeEd9nsXR
Yplvk6jw45kFJHNbada4CONcCXAoKb6aR
SLLUnL3XiH60qhSehQT1E3L6H6hWTPxKR55TY0csXcjYXTOZV5GO3cbPTh8UJ2FosNPTD8IdwpM0wiRRSaR
7Hlv6UsyN8cVlLxPKIFMK485eeB5WM7ZnPzWtjV6lBHwY50alR
lbo9lMCCYO7UzdxUSKghBh2vL42XSCGnR
dIOg6VSs1Hk1UbPU7yS0i5Nb7eGW028YTgkLF2r9scAW1CwYZ3LHOo7Elg3JZQoICTitgbSKsPYOU3pY9rR
bjH3GcEGoOCK5KQNvR
bCyfGAo47S
nCXrlnsfBPlu1NnsLS
YiDzdS5kZ2B97PZfMS
ES_CONTINUOUS
uETbXUtgPiqdpSB9WyRNeDZTD8oX1eOZS
WPuTvX1wH3Q1XnNEpfEZ0bFoJ7qdpdn3hnqwGCvmG9Yk3P1lUg1je0tO12d2siwQhJruk84C4MEkPhvRElS
mR0IblvVZeCnjwAYiKrDoh0mbkeYSYuQJeuSJwbCuyorYQTUY1vhbn1fZn31oDIrXtAT
zTJiImmDZnGsdGhJFT
CnLNJbTkMT
GBATWAj9hUlIjc0IUT
Zk6CMq5VEqKKhYHyTeTKPnJqP5AZ3oqmkJuR9nP6sPwpKUIthT
E0d7Nhzh2lfcr5prfRsnkr7whJtwAnEhami2NaEMNKODjgApduPYsx0bvbrrh6kSjWlT
f3VuijHcl8kQe88EVwvAYK7bcPoHFDEovJQna0G98sewYyRB9RNBMPObinEVycIEOahpEErAaC1ia4weIG6Lh2CHGU
G1hFBY5hJU
wqdMi3W2pJztIauzBS1uxCMgU3G0ECrdNuLaGHBBdQpE0ocIY9GfQOhmQ5tFO6vwxsZU
IbMzR8b8lU
TjZkaHut9CFe551tokq9kFjCKa3D4sPqU
jXqigweIJNIzbW5NBV
LKEUPgzmUpj1LZSDMV
LNRqq6yCz18yNOEOr4UDq2sLqvVJREs0R2cNN10f59FWN657RV
JyviwmBzaV
B81XyQ5kaUSTi1Dsei5YkyfkvoHJurflV
wEgClvBjVT5YwxYcpV
QyL8Ktv4BrbnGhbi1d6FejvJCQAzBXQtV
NP00w9BI3W
vjf6oYHkJfmt336A5W
WwdDTGXmFH2E3IeuGlHfXwMqLz0eqwE5W
oNqaftobvmVFZEBplqoNSs6YYP0EZSz5W
AeKA9W05PMqtGJAECW
qiuuhH6aIW
SkVTBcSXfxYaVEMq63LoWA7LUoLqscqs0ev3zGX1LD44KbnkDBqHy9e5eM6DzB7hcmdW
NCxd9WxCtfYvRDoqGLFtqboLrVMbLL5gW
KKf479rM0gMdlMDzVykruAJc2TLGBTJ4cJ2B6LaOPnXQkEtPRoFekyyEZGzqMtO9tneLrvAB6zdmESNPtmW
FOtOTMqPZI0MlWW5ctnLQHO3Srxvg81rW
UavsrB5SUj8vW63YGHCPLYMAiIu2wuatW
385xCz56AlTC1AIiMZ8t5rAyPAhmwz1czZavlWxZJvsOvaWqjbaMcvNFQ3jUReuofcyQikut1M7HZgLHUwW
JV0FJdr8QE9A4kvWXuVQroNHdncLLukpx5QwrhoqNPBSTPZlUO8drURvd3KhTbR35JdgXunHrlMRnH7Ga4X
oz2OrlNV4mJqwPlRCX
MYnWgKmWnjdIjL3QBHX6WdxouUqNhtm41ilvwDsE48PuufqjrNPFBikGJ5WzrI8Fhyh9E0ZZYXh58eQwcDX
zqkhmn6Q9RtoTJ5mcX
8kEVb9uStOs6A8EY2uN9MKxemMydpXlfX
jAgjdsYmgmpSD01qWaHILJhFPfcOQADrBKcREokURbZ8fL0hhX
BsmwsmvJkX
N1upxRsxlX
agFzjOMf4Y
l9XLOsxjY9SbXpbVcQg9VIiuJ9rcpra4r3LT8efl835vLsjYK0w1kB6siPk1Zgy9ru5Y
B4LgTYHgDcato8znyPpTHt4pY8roMiKXnxzg6t0mgWuwECmIqL5JTHn1gAp3NdYRyTAopcxAG0otASNeaKY
RF3FRBro4VI3k7O6ZFc0wQtkgxapdOZkxpvDBgOXK3Y8GUiSPzrKiz9t9Vj83bauESXez3P4RzpzPAzssMY
UPLLoJv8aY
8PeenLRCKeiFA2QigsTTEj9FH5xw9ZeUMTXY6GPkmIGUhGOgu8ITUM2b3ivKibvm8P0WbbicivKx7YDjsnY
Tqd2thkAN0QnmZTXZZ
4XeNTLmCfY039XKAYnYCNk9G4ViZdJ5OLJxwbZxmnijwcIdsHKN9vpNS4DguwQ9AHaiZ
zGlzsMDpNHoRLcp9vZ
Dispose__Instance__
Create__Instance__
value__
ea9XYGDK1a
LD2Fa5zlgVChOdjWaUTYiQeAZyN4HkK3a
JNzD7h6FzkLQZlBO9a
UhMQqtRBDlM1UECIKa
42FEthRBRuMNCuubPa
cBTatu5eUa
Y9LOw3c7McgYsQF2z0W4iLm1q8VjKMfPYTefabWG4sbkk7gYx1MNuUe17qiIuTNi6AMqx4DqorMuwDVz2LoygiMtVa
3ACjpt7WbkFzw9Gr7HlA73Iib3VC67jIMMQrSjzjmIekFrk9wpaBIyaYyg8lo0c9yT1e7S17yfRA2n6aqoa
ProjectData
roOCOTmRTbRImJIwPOFr3SyiaAGaiv2u9a7DaUt1efLjGByzwa
XWPfthWPH1yUTN2eJDAegFfzDCVRWqulFuSkxXbjJm2ztt0Z2b
m5poXUYSOfIWZoIX4b
fLr6smitEb
NiVbQfYnLr0CNvbGIb
dQW8VEUpXrMID7i8ZNhBTlhtz2abJ9ticu14XWfhFBllZ0VL8875z8aC21CttGK7RvwjEPMecGePg0IpTxEeHEcaVb
0C2FiiwR67zWudf5D28I8F1dwWldcjvvo2eIqpf3iGDE7YZuRqDtEVgr98cFazGHE2WWcc66hs0Jn9RNjWb
CxJ6ziMQUUAR1XHzYb
E3rfLMp3ZkANgO06yNvkT9HVHPCUGDsrIXlI1vlFqHgT7hrScb
Nv16AXNeyYiur6pc97mfcGZgLYHL6ijib
mscorlib
fvfRcR8tn36QWaaZhavoxWlvKDhXMxHnb
R2vQQyZQ8sfqJ6Rqnb
thASYgLBLdlMAnMKwb
E4yuzM2azKxFVvNYxb
9Sg9Ocqlk96j6XcD3c
tSDnlg0UAU2y4L5fJmLKxRkPOKJScZlec
System.Collections.Generic
Microsoft.VisualBasic
vY6HykkKO1j5TmEQmc
LowLevelKeyboardProc
vlBhy2iJp1ktaQ87RMGVP7q4SMMbt3fu7PGz39xySS6dahz3clcx6SjJtz0xMYr96Yxc
vxuPxMlIQTf66uzV7d
plun17znasyK5z6zjQegEa5UzP0mrUMYdgVqlCf5vGJqJ5nDkJbjPbl8UB0RkiRLHy42PiuBuWu4cF0aJ7N8XQA3Gd
GetWindowThreadProcessId
GetProcessById
hJ0VcKPZIVouPVVvdOgLY8LNH0sAaADOd
kpYdgBs01QVmtgBkxpfyXhWhOl594696A5QKx4NWOsLKAN2lPd
WJvq2LCJNQqp8TZlWMmz3EKtx7CohYg2LtsvXYHfnzj10oSjQd
VOvFjJhKpBf3u67BC2c51RZGBw3SVDZbb3NRSQdMvvkPybzRSVa1aSKhM27cUrdFqwSd
tzzxWFj3Td
Thread
RijndaelManaged
get_Elapsed
EndSend
BeginSend
Append
RegistryValueKind
set_Method
CompareMethod
TargetMethod
FyoBfVjkFc7AsI5qFoJXa3oloucFAZh0e
fYi51JzUGXi5SfZNqefsn2paSBI7rRiSmjadUQhxL0XHwXZWRHErwM9Th5cxL0R3zKA09GmUxJA9Bpy807e
VvEcgVycO6djAZCIuWGCg6tJCeKZTgZ9e
f1X6ZaQmGe
xvtqx7Bp1ZWNgDKAKe
gvEbENONHxCU3Wzz6BOVuUZUWMZXakhArFVKmCdS06CdcgbtPe
bC5KuD4aGZ55SXJSRY6ibJfwh5Q3MeuDlq3gZNkTdOcmdwndnLIj8TUy4jQyXmAPZYZe
Replace
IsNullOrWhiteSpace
CreateInstance
get_GetInstance
instance
GetHashCode
set_Mode
EnterDebugMode
CompressionMode
CipherMode
SelectMode
ne1vAUZ3KsMCmXhC727VWWyBLwe0qK7mX9JBQpAhpXg3ReDOee
FromImage
DrawImage
get_Message
EndInvoke
BeginInvoke
Enumerable
IDisposable
Double
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
EventWaitHandle
Rectangle
DownloadFile
IsInRole
WindowsBuiltInRole
get_MainWindowTitle
get_MainModule
ProcessModule
AppWinStyle
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
get_ProcessName
CheckHostName
DateTime
get_LastWriteTime
dwTime
WaitOne
uf0aMspsozI0sFXJFdDpinWpSQvQPL0VtzhYDa0yBoWIiD3CemtLlhuED3HTRl22VRne
WriteLine
get_NewLine
Combine
ChangeType
UriHostNameType
CheckForSyncLockOnValueType
SecurityProtocolType
GetType
SocketType
UxWsT3JNb8eA0XX4qe
System.Core
MethodBase
ApplicationBase
HttpWebResponse
GetResponse
Dispose
Create
MulticastDelegate
DelegateAsyncState
GetKeyboardState
EditorBrowsableState
SetThreadExecutionState
GetKeyState
Delete
ThreadStaticAttribute
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
HelpKeywordAttribute
GeneratedCodeAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
StandardModuleAttribute
HideModuleNameAttribute
DebuggerStepThroughAttribute
AssemblyTrademarkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
MyGroupCollectionAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
DebuggerDisplayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
WriteByte
m_ThreadStaticValue
GetObjectValue
GetValue
SetValue
set_Expect100Continue
TZ4w0VeUAod7NMdtKxjP4pnQCcL9NJLZdXDFE6vQmXTXaTlUve
EndReceive
BeginReceive
Remove
svchost.exe
cbSize
get_TotalSize
set_SendBufferSize
set_ReceiveBufferSize
ppaNyyuyga9CY9v99f
FQVuodAAvXUty85DIf
SizeOf
ixX6Azy6UGEqIrfXwdDZJfJVLSvGQQrQf
5yMuYUkdXeW2EtQ4Yf
QMzZxyAw1JUnVMATnf
zpb5KRjH6g
m6vRFtCSd9tSfPlgSg
oUyaX2c0nyGRc76lxTPkWPHwlTzfJRBiXXm5mgrCq0aUywMAiZgo2R7advFj3UqWuV2w9L0exukv6DamG24JzAJhTg
3Dn3OFGsT9ROxIbkXg
get_Jpeg
VqqfV4e7gg
09oOIoHH8lLJZPhtgg
pvuLQmwuxRmgJC1UOlFMvKx6gGVpDTlhg
tA9hQhleLx1cn5PXEN45Jcyfi4ggLgt5qJVTuknrrNvdEYCi5RkeZnNuBE3rGieSr2Ud19IX58yxNKCuz9V8NGtbkg
bIBN28Welg
System.Threading
add_SessionEnding
NewLateBinding
Encoding
System.Drawing.Imaging
FromBase64String
ToBase64String
CompareString
ToString
GetString
Substring
System.Drawing
ToLong
set_ErrorDialog
zlqKE0QzRvrDgpV9Dh
iruDO6lvK5jHV4HMi8YD1aqylb1Mb0BLh
ujiWeXiK5zZyj1wzhgQS7mev4rBlnrbQh
CZTgj29xZMc1vejgtSXbOWYwfz2NESJUh
sCmJGBjmaDejxzoaah
Stopwatch
7cLJ7gfQ7tPtOTccTE7algpBQQDfBy2dh
8ShV0zHMvj56nDRFmfApe0LxDAQgMo8z33IhdZLXHBIBTeiykljAeK6sUtlaA9KflreHLBeblDgy4iJ8w2xPq2idhh
ComputeHash
get_ExecutablePath
GetTempPath
get_StartupPath
GetFolderPath
get_Width
get_Length
EndsWith
StartsWith
OnJmHNGk4TQHDLs65i
GcHD6VBOJi
pzd9444D4sjOoBGJaNztvppd3oRVDpLscSCqf3pYRB9OIpKBUi
vk5bZCItw4ziiFHKHHAkop6Ox9IfMuKGCn2xhs2v9TVJ0NS2fbYB2e7fHY0Bul4jIYWi
DQLtT6TOy8p9C0W2rAwDHEorpa5uuPHrmWDAHC5EjpKlnqjHYBqYRkQbX0ml7ZQNcZWi
SZMeFnUpHgZ4FasR1aBTVvupo1tCSjrXi
jkHyMoY2TWk65gsXbi
Ba8UoK9ojCb4lI0GCQTLkDDtNElqVpkhi
aP6tJnQ5EeYqCVZxR2uwtikTXOwBC06ki
O91Velgf8rlXtWLDjjHjKQBnhZAX6U3mi
EzGtO9aDMoZYZscVpqP37YcLERgtXcZEj
5ygmUT7CoZpfn6Yiwimg0TApxG6oIAPsuDws5PezPgJlJ9pJrbZFxYmrQUHmwrfyugJw5DZQ2zcxBgxNAFNqqUvDRj
XF6iecWchOIBrMZaej
acQGKGw9w150smyrxj
AnzJD533055yNk25Gk
0jSPqd7QglgAXHPzKk
HhwJEY9rxNRkrkkvkHig8FzWRS7xIdHqxXmugAiemYJrF5pMOjXZaH5iXnGf3gahFYMk
VaB0D3lzOk
FmGVlqEveTPvNz8FcgF5Vf9c3BJhJ3rSk
gcHGhhMbb22ksI7SDRh4KXdlshHFHIZzUI2rUosKUOme76oWuvkXGac2eNNWfu2f4tUk
WlHb4seUP1Ua0AIFXk
VqqWwDVbWZTnzA7Rt0xSDgzFAGgOLlQWo6AQtqJ7Gb5gQEqkAQ7x6iu0mR8m6TWlhObk
get_ServicePack
AsyncCallback
DelegateCallback
TimerCallback
RegistryKeyPermissionCheck
TransformFinalBlock
Ed69cj41kGg4w9WFdk
IiMTyLoEAn9eDMrVwcQWtmaVGvdAzn2mk
xPYK4r9hmfWfIwWqzIeLtjlRPCnFalcKyS68UXPdryXx2w3XZP00TTIV4ctrb0VfFbyEoaTjrk3WJA9qYqk
C5I6VhJI588GLRyU0xlKIGoziN1qD2qRuRvUi1Kcp4PoMaB6GSfc3udxNWVPQdCmeFvDwI34MoNDIhx96rk
k0llYGcCx5I47xgF1bhHl1rPXs7wteZuREoJA4wobcDz4jYRA6pXHmazOU4AZ9pX2jRNWsWMSDasKBeWDxk
CMc3K2WhAUuWJno3sU5SNLl15puOh8emTPZ7N4s2rBvWhgYM66CdIMofmvHF3ek6oeBl
DNlq3wFlWPSIPrkqHufuyFSEUwM2WGoCl
DQ8UtUcfiHLIk7vBVln4nDSVHoiVmDYU87SEMJeNvSLJYHOlOl
8CtbA0vqc4KfLtMhPl
xcu39GqMSlpfqvn8Sl
71ZSwLMTSl
bZssVwADKyJBZs2n4PMRUsWRQNS7cE4Wl
qWxtkjKQJAVxudVqlJBX4jRyltebdC0WugBKuO1cjYzaXxjqWl
GHdI2DlFYl
RtlSetProcessIsCritical
Marshal
System.Security.Principal
WindowsPrincipal
ConditionalCompareObjectEqual
System.ComponentModel
LateCall
kernel32.dll
avicap32.dll
user32.dll
NTdll.dll
set_SecurityProtocol
ObjectFlowControl
FHSU752scUVGYbrw2m
WG83xv29XNlSzp2js5CL078Dhxe80reiPOfx1YCgI3J2H1077m
yno2sCU5Gm
lSaVQNprGm
V8s6JLwCKm
F4H62GknuddvldvmNm
mH3Uk5zZA4T279s9Qm
kAMYE5t54YCb8HPFXm
GZipStream
MemoryStream
lParam
wParam
Syquh4TAnrQMFwrLUYPMsvb6eKnoJHVcm
get_Item
get_Is64BitOperatingSystem
c6EcVO9fmRKGg9rGyjNcjXkYKvXzTeSqKSmwJyDqQ2eUo3R7hm
SymmetricAlgorithm
HashAlgorithm
856WWl8PBF050g53AiQRCW6tTMZme6Knm
Random
3vfJTos10nRIoAbopm
OgBh1jDVB7CbPAERxvtZuUSkgEW8T2kmI7AKyOxscbAbsMForqb6My8PDtJPdWBHtkuTWYAmcWUQ3h2vMqm
0YJYO1UG4ZnZdSscH5AdlMzkQw26Oxj6ofq5WK2iBMOqcCSMrm
ICryptoTransform
4ADBha1Y7n
2zzUyzEDhkld1wAULn
PFEvOQOBokwo1ddfejLBT5qcN29EKSRNn
LB0LpKRVOn
ToBoolean
op_GreaterThan
TimeSpan
CopyFromScreen
get_PrimaryScreen
AuUvjfkvoOmNXM87fn
rGw062f0gn
System.ComponentModel.Design
AppDomain
get_CurrentDomain
GetFileNameWithoutExtension
get_OSVersion
Conversion
System.IO.Compression
Application
CopyPixelOperation
Interaction
System.Reflection
ManagementObjectCollection
Exception
Environ
jMTBMN1AGLvMRV4rqn
c4bwbgl7dOpfbVsYsn
SocketShutdown
TRRIoUNB4o
XHYJb6Wz2MUq3n2W4o
SRoAHVaEXy6b0qqw8o
fCVL2ZBvVn5DoVLZLo
get_Info
MethodInfo
FileInfo
DriveInfo
FileSystemInfo
MemberInfo
ParameterInfo
ComputerInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
7JFveeIz61nW8AeNso
awqMhVs7Tkh4sug0wo
7840PfeP7u8wkfvuwo
VASp3xhqGlGHDgnWlRjnxoUH7wxjqOVCp
Cn1KZqJt99aSUPhdFSLSDUfgRirXRy6QXzoNmE0X3GlRNjW55f2AdlNx22XSXmu1wtFp
rvZgI4yErzMMMOJcJp
2pS8zupdMp
JMpKblHjHychSFR7UoV4WGWWd3XV4hcYnezCEQwch5a7JdZKe88pSic4JYCn3tOaP3K8lxJS8vIfx3C57LssABkWNp
lsl5J41HNaLEeqPQzldO2JUY58gvoNaQp
phLWDnS3wOXW1hpbwDqQ4b9VnVjgaFtYDlwStpvHzv0to3nwCmlPXl6d5JOlCRxAbD0p7zXTuo8Klv2mV85lSQPYSp
egLPYjFFTp
nwWVRFNbVoBL0HQGUp
Bitmap
IN8codfvjNolNM4Tjp
SQ8nzYszrq4wz1c3WPcoF21vVoEyFPyup
CmCmW9EfFccvYLhcBVExEn571Mh0VzjYxtRmqIvXUwoYgBLnG9YiikICnMaXzY6XVRFq
doO0jMD4XDUzjZcUHq
bGlO6F7tYTMRxHZFjvk6gheq3YDu46USq
RCl4Z8pr36NEpwFVLovPuq3Bo6jRbtsMniFwoVFUEDzOJTENrYD4svIQdwSqCjc0ToOlssTZ3BgZbF8gjUq
LqwIHRXDBRXRYtcNZq
5QhmSiOsquwHA48DI8cV1ykjHx9K4zLmq
rYid6MvuSx59vmhuUaxByBq8uZNunuL3DZFRm2ox351azbBMQ2igrrEQXF8Kk7uk6Fnq
System.Linq
G71ap9RVOu4o6rvkYcHSj2vlE4aAE8Nqwo5gYJe99NZeEzkVo09AJVi81GkpUXE6xp3r
S4VEAMN5nz9nyrMVVShullatNZgQZosMr
MD5CryptoServiceProvider
StringBuilder
SpecialFolder
ServicePointManager
ToUInteger
ToInteger
ManagementObjectSearcher
SessionEndingEventHandler
System.CodeDom.Compiler
ToUpper
get_CurrentUser
StreamWriter
TextWriter
BitConverter
ServerComputer
ToLower
CT7bVpHHsFVRd7EOor
ClearProjectError
SetProjectError
ManagementObjectEnumerator
GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
wgcIrsHshSqQZceSobxaxkiaIULTQYjrr
IntPtr
pbDYzR5hQ2f9aHZAvr
oJlNKExINIxrGr7hJU4CeKndjEdrtWU5s
lmKS8MGlstKYFX997n8xpyi7ZwfCdwHfaYOe3Ajw5XxupH6MPs
6MxWEcH7HIPD5w9GJ1q7IcVPmBWG48popmxwwJYKa0ralWNi38ugZBRSdfdovtVfyhi0BMnQ2r7egh1DWQs
OLTdLmnJdllARmIDz1AFkrTN2IqnwqZEUyI5ujBMIHU1aAjmSz3rNhcUnClpddKmfRDyJtl5Qvx2bewczi9ToBHXZs
Graphics
System.Diagnostics
FromSeconds
get_Bounds
GetMethods
Microsoft.VisualBasic.Devices
MyWebServices
Microsoft.VisualBasic.ApplicationServices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
Microsoft.VisualBasic.MyServices
ExpandEnvironmentVariables
GetTypes
GetProcesses
GetHostAddresses
ReadAllBytes
WriteAllBytes
GetBytes
SocketFlags
Strings
SessionEndingEventArgs
y1ViRGbrD9UTB9nlp92p5J2walyWWHRAVmBLTxyTH3E1YSpmjs
UVKSuJAL9ZaKNXLeiaXsvlUJDJuq1hWJEed74tgl3SaumrHRks
Equals
System.Windows.Forms
Contains
Conversions
get_Chars
RuntimeHelpers
GetParameters
Operators
GetCurrentProcess
IPAddress
System.Net.Sockets
set_Arguments
SystemEvents
Exists
cJG8zmwC34o3P5Ng647M44WgWlJaTWLt4G8colHPaeS1HnDN2t
0889JgVhgq0I7EIizCD3HnKR2QQghun3t
RBKSD2d9FYEGq00nMt
zye81jwrGrWdZXC0Pt
BQVZOZ0pOD8E552iPMPItdn2EHTkn6LXt
W5p7C5iktzrGAiZLdcRrAhzvfnY2sjFYt
Concat
ImageFormat
PixelFormat
AddObject
ManagementBaseObject
ConcatenateObject
SubtractObject
TargetObject
ManagementObject
Collect
Connect
set_AllowAutoRedirect
LateGet
System.Net
Socket
4RVUYWBccFW5Ux11ht
get_Height
op_Explicit
set_DefaultConnectionLimit
GraphicsUnit
WaitForExit
IAsyncResult
DelegateAsyncResult
set_UserAgent
WebClient
System.Management
Environment
get_Current
GetCurrent
ManualResetEvent
get_EntryPoint
get_TickCount
get_ProcessorCount
GetPathRoot
ParameterizedThreadStart
Restart
Convert
$VB$Local_Port
HttpWebRequest
$VB$Local_Host
svchost
set_Timeout
GetKeyboardLayout
DBhHSGKfR8xXMI0f8zhFRZZmPq9BbDswQkhoLn3pdxESArsbFB7e6wDsb3JyRmyH81xt
MoveNext
System.Text
ReadAllText
WriteAllText
GetWindowText
wLGu5D7gAJnfOk7P0u
t54qnFWmExEXKMLc0u
LTByAw23itG5B9V6dKwZjTA66vInWUl8FgLUGCvwGXO4fNB95u
G3S9NKlB6sJYX2zXs8MLaouu3hxsJM7AtIRm35UyhoULX43ruMbcMHILNlYgDFU9B22PUsd7lCEME2AWP8u
FzHMYI3Du9R48kjGrU9lZe7Zq7jJXkJ59PkyXnORfKOOT5jb8u
MjhQedW5E8u6rnhayiGFvoAIfxJCwQtLhxuOEEnZJyWOSu649u
atEpi9TqSf31HjrypgWTZtCjcuBwDx4du
XQ1iPI6dnu
cqbDkSZrP2STsVKVFIqhPrue14nm2ClYKNJrNJPLBRz8IKI9ou
gcXh1Acy8vpDsy6VBd4Br4J0WH63ITmou
rcw42m3xhrHUcdFWVzOOad3xk9poZ3L6yWG3mE4yPXv8r0wSTKCQKWsl8PdDYarXIn3v
gHL4AbFQeQLwpo7M95RCpEdraVLEvY9nxoZnMCEFwM68U4PXtnpi4fDyf4MHdduNxrIFwqGaRXm83mLitIXiGIsbBv
J1vtrFr8I6ke7sdnNYzCMnQJj72ySjWDv
olPrKrdYcijoSKxdBbWUTqclBkYzNuILv
1JezzQDlz4O8VazzAhcmiXnlouN6s2GSnIP6FqGhx3UUWUC871vR0s9HZc0kbVIFfzPv
fu67gMu7Uv
crGBSBx5ZK6h4A9g7d1rziRYFASEeSQyv
opqLsv5ocIMs8r6zie7D5AgHBvMBs2HOlG2DdEUxLuGJZU2H9LOtCq4NiJA38qLKDPzv
zDvDkkZqhKEnnurg4w
SrcicYVoQjykbQPxIw
C2chOe55derq3G7DenWqKjASgTPoQtTVw
uV7i0bI4Jeku3aSWk528hsFYuFgGTqbcw
GetForegroundWindow
set_CreateNoWindow
YeiPhuI4MwrsJD3R3CDNnOtsQq3e0Do6x
rVaP6JGkFJsoTknf7x
VotCFf9glDJv68Vlgn8pdJt5hDQnxqMvvgfDcTDpOOB1r1SO21zc5eJqo3zBTW540g7x
Yh1xtqmIv1BJedjlub97g1TVMcTigbNtNiWUXHg7p8ivGZGCXJmsK70bClwdny1uNmjWrqw906lrdErPumuxXab4Dx
ToUnicodeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
m0WSMlBWoXx9LAR0Jx
gmWC0OUO0cbOnLIbsjI7K2xzXYNN642FGEWhU10BYq9dl07yOx
F28cAFnHJth1wJVW3EzuKoNrGWSKGmC9me1yrbQDa8c71f0O6ySX75RKcGt7etfVD6Xx
2ZiQjCV4ix
NyC9LqbCLHkC35REpx
9oMLv8wo4H9E7YbYqfwLTGLGWwBrnf5qx
a8VXjVTWtx
mOK7HzkSCmMUCtXKzx
jlv4lC3RCiLHp7ecqZZNR4LGxwB3j1yBy
W8rHhWDg6QSDtUa1Ly
xHKuvtXcNy
fsoz6MifEYjcfMXmdIX29cTftvXwOSNVEWkX8f7qE2vBJWvfShxpHdiFpsra76uQ4u8FHwwy67tLrDNj8Qy
ToArray
yKoc4CGDXvGvqdqaby
JSOIRLzRNiXqO9LBdOMdgJwA6Oub9KUcy
set_Key
CreateSubKey
DeleteSubKey
MapVirtualKey
RegistryKey
System.Security.Cryptography
Assembly
AddressFamily
VcowpYU8tr8bJogezluekz1J1pTNIXCt6nAeD8SOR2YHQM0pny
u1y1ab2ywO9D5yZWI76s5qOydFZJ4dPry
ObjectQuery
get_TotalPhysicalMemory
get_Directory
CreateDirectory
get_SystemDirectory
get_Registry
op_Equality
WindowsIdentity
IsNullOrEmpty
RegistryProxy
hBiZOeXNEJVwOGzF8nMBuN12we346t9tVPB9HnU7lTFeWkkUodZhGZ8rAeShM7G7GpYi64j61m3mNpaVinrXnm0dzy
MGMwSMus3z
3CwCjPTjHJ945i0a6z
d6LdOPJWvfMHzslkDz
0wnUFuxVCWUEXvFjjovCM4iTiC39Si8Jz
abwLcz0RmXYm0u36DBjXNxkQT2zZ9YcXz8KeRK8qzbxGMKA0j2cOxRG7FcgksxxviKWz
ADoQNkn7DFsnOFzDez
TBwU3wIS92raiL8KtZ9Zs8RnKz3WBeiCi4L5JsbBqgYCVgRSez
24lYufqDfgDQefOqLNuhKsXDDsA4N4vmz
0fps7hRdaZuxsYhRiiNlh1B6HC5fv0Zoz
&Microsoft
Windows
Operating System
Microsoft Corporation. All rights reserved.
!Host Process for Windows Services
Microsoft Corporation
WrapNonExceptionThrows
$65602f90-4d54-4f92-9419-8698eee0da7f
6.2.17763.3346
MyTemplate
14.0.0.0
My.Computer
My.Application
My.User
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
<generated method>
<generated method>
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
sKvrgRkzOdCkklXmMl
Z3ocg0U92K35syEKpg
NkJtj4ccDXbrYciYAg
nChtJeBsGpx9iCelna
VfI649Ffl3jCo0UtsN
wOFALCzywu21sPSWPC
pcJGXjaFMcB0CcXwcc
JTQQSJjFOtFGjlsIb67PNQ==
r1R9T98lg2Tmfl970iHBVQ==
i6Cpm/MK4DsYQc97jCF6NQ==
sEj+DjRLY0uNSufZ4xNPXw==
Yfhs2T14Or2ZMhm1imImpA==
J/0TW1pX/Uhh59hFPr/7gw==
bKdMYuaaynmxxhwsCAxbeQ==
teskXB6KpRyh8I8NnQP6Jw==
4I8Re5sXp42hc8KT
\Log.tmp
AiBBSWwGxVxmfk2Cwq
wMUzkXyQoCx9mq311E
schtasks.exe
/create /f /RL HIGHEST /sc minute /mo 1 /tn "
" /tr "
/create /f /sc minute /mo 1 /tn "
GQJgGGtcdxIopdoHUbYzhrIkiFOBDkAANKETeNnta0bXO58iPK
RSJuOgSYkvK1KTF8kd4DDGUvJu2dMgd1eYzUHOtQS12WWiQGHC
mRUpJXfECW6dqrIKWJvxS4Or6YH7WLWnUuluBCVsvywjohYfEJ
6GGKuGYYGGhhFEs1VVFvx1gH8qxwOqIjlwwvTF0DtatDhFnuxy
43IJrBGYY9jifl8IC8waHmdbjOUc2bbnuF9wTBdf5pxOZNxHpQ
Microsoft
Service Pack
dd/MM/yyy
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
SELECT * FROM Win32_VideoController
Win32_Processor.deviceid="CPU0"
Core(TM)
P9XwXcQN7LJDTfmMaUOZRLtZbhNX49rcviFuAurunKfg40qeP2
xSwngd5voY2nouxfGHFsukjdTEtM0KA1aBuoqaYTdhdrnfI5AD
WkugYglBbL2QXbnyfM7SHVohuptSaqsLVnaPpBBzVog8cQYhhE
4DR4TDsbbG9lUxvoQPRCPSaHJh99foh2O5JqVPh2tjidl1uTgz
MatdPQHPe84qHL3LyZMSR07Yk5Kt1nAUGjGMqzMgyAKdreyMMv
oIh1tfl53XyHSYXKp9WjNP7xoWuJ6byiF2fVVnfG2j5tlmqqFV
U6dAaSyDIzQOCWHlBdIqh6Z0zVhHhRm2EP8dfF6Mz7awVsomea
A9ZwXEPEr7hXUEVCkVOgZSeO3Gj6wk6zj1LCP1AQYEIbZ3yapZ
lRrXKgHyoPOJDTgGgirAIfZfka6qGOockQOq5NF1fOHkVRPXBK
fkj2JdJD7Q4RNKzWO9Vk1qQ1XVZF5JWs01STU1eWvwhBXLZECY
31vaNeATJ9A7W0hFdze3tvU00RlL8kz4JAL89uqZSx4Js7d0rY
H02j6Nz8u5QWkIfHgslj0T0MI3tUeU0jhyvnkSHb8wNKpl8ass
iREDrOIRCfklGr3xyg6F77YIqOguAd4DMaBC5YuV25JGIfQg65
zdmcMKDvCPxPX9w6CVCcy993gZybtawjE2Os4pYf9yqhXNLMcX
15KlNvGBGbwOVkQ6Ar4WuWlsfjTX6H9bTtXByRq9Zb9PX5UmJe
VtcweUJ0CaXs9hoauBWQl3rUtZW90MzXjH5mDlSNel6UDyHbtR
wLWUD6dwthGGjtpLprFpleUhv6hulWjNVznn9RJhGKfDrEyyND
FgK4Nu6uiHjUJ9pxyCCUFrTm6BZO8tzT2YvB9LBdnL3uMQez0p
PzNT11KIXs4ch2oG8QwnMezUFRDSPs3W5QHtiQPewRK0cVJhXL
FLPSWy7bARfaM2cBPORRutbrTBY358nS8Hc5REOOwcd9VUjLPb
OJJJF3HXksTHxFXfIXK7HNByIY4UdUF0KfieAKcUytyvLBbnTUkd7wkzjY0h0CtQ7Lc2Iw73ZHgrCjedGA2
uninstall
update
Urlopen
Urlhide
PCShutdown
shutdown.exe /f /s /t 0
PCRestart
shutdown.exe /f /r /t 0
PCLogoff
shutdown.exe -L
RunShell
StartDDos
StopDDos
StartReport
StopReport
\drivers\etc\hosts
Shosts
HostsMSG
Modified successfully!
HostsErr
plugin
sendPlugin
savePlugin
RemovePlugins
Plugins Removed!
OfflineGet
Plugin
Invoke
RunRecovery
Recovery
RunOptions
injRun
UACFunc
ngrok+
Plugin Error!
ToLower
Open [
powershell.exe
-ExecutionPolicy Bypass -File "
cTZOzbM2dOvUxDnAA1ToPLYc1AGDBf77OTH8K8AO8cIQspo5GvEfZEolndAgoAxLIdNeoFZOYjskPtxRsjt
ZnRcirbh31eFZZrPJvXkv8Uby2TpQd7YyRKB5xJsEby984PaKrIhsvYvQ8VIz685mK6HTHwKOSpXVaj5tlE
Gxg8BGv8ssmfxOuVmtVnzOCquqHs0qYWXnwV1de1VPp7vG5nGtan7AbTX2rjNLYRr5TJlVrYEKbCpaJo5Ho
kdmpavEr9BJfJeoX4D19DvFCWApPI8GNo81TbTD1da5pycMYqNourEnbMisGY617byThSFGoCDn3KVKbr1B
SWVXcs9PiDfslz74oGOvbdJFWNUcfqEt8AgWLpltISVc3WTFy2h1LE1818cs4zJL9NayD2FigqC0Byc61W5
w3wJQYCAhuPLU7OnfeYWrXkCMGKuwDk9xyhsYWfA0KTUuAMaxxGXyoh1BiEqrP6AS9HnbKiN9utJ5ghc1A9
FbJsuuZ7pM3hBGoYckGEocwjoFtzDLeOsC1xtg3XgC5q13YxMQbhsNR2Hm85v3id3DfbRnJhEss7jda8E2L
4UGw2uCe9jJUKZtB0uEkJT5a0ivOdHrl9upuxtLfNn9dsRcYD3lpkoskmrg4xHMtUFrq9jpv63uYEKJRrpI
OLmEKfMBJFZt2t3PC6xIfqKs5S0ySx08JT8fsFhcI8P3GY3FidGuIo00prJpvgmIMfIxpArPAhhFHjG26XQ
h0ckrSKTpA512QyZlaJcND68qNnhpTx2zwc1VOHWCmaAyafdxgnEItDatirbflbqlBhzSrmZpmzUJe6li5u
9rj9LYospbtHqGbRkITFCACs44mFywE0oygi6WxHnVxoGijHRSNpKUchk3OzHBrnFfanuCRSJXsoIJzitRo
r7lduc96K8R1KoG0vrGADj4JCKrgdHe5Zc5dOvYTE3SgEXdxZNuJ6lAVA97KNPMRmHdBJJMmvAnaiQgk51I
pa2eRLCq59tGHKNHOWK4xXIpl2K8Syvo3vGAw01uMXS8RDp74YI29THT83azITf2ARAll7Zpobqddl7dqiM
aVm0sv0Eq1gijFCPqGhPIVE6DdFxrHljWMiltvJYxcyrNVsT2u3iQDiBVs4BcOa1bJqQP84Sw7yrepujnym
J8iM5TyEowiNfh63J9oN1oKTQNVqRdCkPYlatQEv6SEl71Jrc9GVlVWpZH2XSzktCzPVwsKiOmFgePk5qe3
Qo91bKit6JScJMiVfzTlpDtBDg33vAwTfK5HEm41b6zJavWQAtAZh4KShwoyGrAMF8ZI
POST / HTTP/1.1
Host:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
User-Agent:
Content-length: 5235
schtasks
/delete /f /tn "
@echo off
timeout 3 > NUL
" /f /q
i4W563uTWJFrFwoW1tKI2CYVRcj3ZSs49pEcJkB3IOgjLqdoxvpjOpitCt2YB3BPekR7
gD5uoTeuSRgGuBOlWbUlb7gTPNBXhvVw1LebzrZBLingan0uPXYSOUCpWWMTdJ8Ljv3L
ToUpper
[SPACE]
Return
[ENTER]
Escape
LControlKey
[CTRL]
RControlKey
RShiftKey
[Shift]
LShiftKey
[Back]
Capital
[CAPSLOCK: OFF]
[CAPSLOCK: ON]
MainWindowTitle
ProcessName
GUehGi2yphLjgWIeAbWtx0YKGqypA4GanFPt6bx5KPENDZasSWis2ZZ8RwXLfoIMll0B
vfGvC6UrSB2DAr8oJiZKIX8yNF0c47Txlbb3WJMuoSg1bSSWzUTHqlxRWiV0Y04eJTPy
TYQardFXU8bqGQhd2BhfoxLwPPnNGYEN7q0dwRI27HhgVh77ofYpJ19qyLvRmjF7AQZQ
IBzUiWr3OvokTBIvmANDeSW8x8agLmSOmCi5UBXTdTvNvzwZZCxs2wwwPW2OrVZ8q2lg
CD450hFBr9UYb1K6k2YJ2WjlpZIFQWtGxnyqrSfCWOi5l2p6ulE0V0XXMRIrjsfrRjRD
woPoAcurv70WKgLTLLys1EvmTBICQzeKtAiAQBhHD0VJJffJLskATtKQ49s7YTjmWXTJ
j8Z2veYDHLDls9kvPwEgt3383019KPO4sVqBX2MH3u8ta4PBhUCXrjeEWvd0Jv0MGeya
5CFRP3wTX4qREF7rx4YiziQzS5G2eKaPehUeTS7c6S0yGbHeTGQDm3dEcSn4FUx3yOr8
O44CidwyMazt2iIDUdikzfWgpgzMFl5mSj9PrkyA0jrwySGmyI15k7kIsWiAuI8aaTFw
oFpWELhS4MhwxETU6ZDzelYtnvoOZLImUbfSbs3P0aCgUvsCyO4QneAorCqKu89uycCY
KJTuMROD5mLPyLvJEuZzLrdfAt3heZn4QiwlF0xe7uu6x5D4zwmsH3RtchAt8Op7pLjy
5uTjpgfvwGtKCchj1BjLewIqF2OSOHrXJzbrJiJUbfMZwq9lpWFrBzbsrVq1hVYsHRGp
IsXJ9ZNojeygwhJWHeUc6mEk0sss75YVKOrQTMRPTT1PtfXdAFpEV2PoHIB7CMckY2iF
OZfm4pIBpx4AgTArifgS6yBZfaDEhEK9Ryr564yaFFOLditbH89OqCeNY0sNyHVggM4Q
SJEbYgEDQ9pNvZS7vWgKpG2bkyOTlAoEjN1CFQwLqD8p4xQBmKLwvlazXccUiovYv479
CWrkHkSJhRFXnzprb4nKiA7Q7Lg0Ya80Lo6er2yDAKgoK2axHncIcZzOSxxX4urTmyUe
eGwy75lbTdFRDXSO0y7kycHtlORt8i1ywdKu6yIJY3eS5GMZLhnid7FMXXBBmfTyd57H
qo6Cn0FbQzxadiq8FImGNq4Nk3lwKFMKniB71EvwYlTRCX1Kb9OzB4Ptut8P7xgKc0KE
qWyjq1nqsn
SOCdJh4x0G
dJYOJtiFPb
RBYTU8qki5
b2PEszXx5w
Jgmb9jTBuR
WZCH0Q21EA
Software\
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
abcdefghijklmnopqrstuvwxyz
Err HWID
ToArray
vilM6jftrF
m4igSHnSkM
BlpsovHM3B
oo74oE1fVl
L4rm0UHPlR
OQabm7tr2v
1a5ZXcVIQC
yJLeRZRrUv
6W3wvfOD8P
U5wFtdid3Q
4PcqI8kGHN
XkEVNWnjQV
Vsjyzn8VoN
lPixj2bKl9
irZzgP6lgt
ZVH9oYgDcE
NxFQs0pbN1
DdpwAP0xOp
UiQYB3PgMA
9tTDefe8Qi
eugvXhJ85n
MuaonZ8ViI
HXyFBsvhvi
Tid7rJa6I9
7cgyfRC4rI
NLivUqAFzO
vWsgL5p4q3
abcdefghijklmnopqrstuvwxyz
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
CompanyName
Microsoft Corporation
FileDescription
Host Process for Windows Services
FileVersion
6.2.17763.3346
InternalName
svchost.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
svchost.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
6.2.17763.3346
Assembly Version
6.2.17763.3346
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.XWorm.m!c
Elastic malicious (high confidence)
ClamAV Win.Packed.njRAT-10002074-1
CMC Clean
CAT-QuickHeal Worm.GenericFC.S32598663
Skyhigh Trojan-FVYT!00135A86AB82
ALYac Clean
Cylance unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 005aa5f01 )
Alibaba Backdoor:MSIL/XWorm.e49270f5
K7GW Trojan ( 005aa5f01 )
Cybereason malicious.6ab829
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.B
Paloalto Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/Agent.DWN
APEX Malicious
McAfee Trojan-FVYT!00135A86AB82
Avast Win32:RATX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Backdoor.MSIL.XWorm.gen
BitDefender Gen:Heur.MSIL.Krypt.!cdmip!.2
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Heur.MSIL.Krypt.!cdmip!.2
Tencent Msil.Backdoor.Xworm.Adhl
TACHYON Clean
Sophos Troj/RAT-FJ
F-Secure Trojan.TR/Spy.Gen
DrWeb BackDoor.BladabindiNET.30
Zillya Clean
TrendMicro TROJ_GEN.R002C0DD624
Trapmine Clean
FireEye Generic.mg.00135a86ab829fc2
Emsisoft Gen:Heur.MSIL.Krypt.!cdmip!.2 (B)
SentinelOne Static AI - Malicious PE
GData MSIL.Backdoor.XWormRAT.A
Jiangmin Clean
Varist W32/MSIL_Troj.UP.gen!Eldorado
Avira TR/Spy.Gen
Antiy-AVL Trojan[Backdoor]/MSIL.XWorm
Kingsoft malware.kb.c.1000
Gridinsoft Ransom.Win32.Bladabindi.sa
Xcitium Clean
Arcabit Trojan.MSIL.Krypt.!cdmip!.2
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Backdoor.MSIL.XWorm.gen
Microsoft Trojan:MSIL/XWorm.C!MTB
Google Detected
AhnLab-V3 Backdoor/Win.AsyncRat.C5360693
Acronis suspicious
BitDefenderTheta Gen:NN.ZemsilF.36802.em0@ayeJQad
MAX malware (ai score=88)
VBA32 Backdoor.MSIL.XWorm.gen
Malwarebytes Backdoor.XWorm.Generic
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DD624
Rising Backdoor.njRAT!1.9E49 (CLASSIC)
Yandex Clean
Ikarus Trojan.MSIL.Agent
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Conwise.RCE!tr
AVG Win32:RATX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Backdoor:MSIL/XWorm.C!MTB
No IRMA results available.