popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-03-28 21:47:26

PE Imphash

245788be5f7374c2353736518c2959b3

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0007aeaa 0x0007b000 6.58016694858
.rdata 0x0007c000 0x000f1f8c 0x000f2000 6.26329335581
.data 0x0016e000 0x00027a08 0x00012000 5.06126431084
.rsrc 0x00196000 0x0000908c 0x0000a000 5.60492051405
@\xb5\xdbf\xa3u\x9e 0x001a0000 0x00005000 0x00005000 6.03830591429

Resources

Name Offset Size Language Sub-language File type
TEXTINCLUDE 0x00196bc0 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00196bc0 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00196bc0 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x001970b0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_CURSOR 0x001970b0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_CURSOR 0x001970b0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_CURSOR 0x001970b0 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_BITMAP 0x001987b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_BITMAP 0x001987b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_BITMAP 0x001987b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_BITMAP 0x001987b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_BITMAP 0x001987b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_BITMAP 0x001987b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_BITMAP 0x001987b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_BITMAP 0x001987b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_BITMAP 0x001987b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_BITMAP 0x001987b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_BITMAP 0x001987b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_BITMAP 0x001987b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_BITMAP 0x001987b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_BITMAP 0x001987b8 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_ICON 0x00198d0c 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_ICON 0x00198d0c 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_ICON 0x00198d0c 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MENU 0x0019cf40 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_MENU 0x0019cf40 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_DIALOG 0x0019e188 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_DIALOG 0x0019e188 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_DIALOG 0x0019e188 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_DIALOG 0x0019e188 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_DIALOG 0x0019e188 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_DIALOG 0x0019e188 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_DIALOG 0x0019e188 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_DIALOG 0x0019e188 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_DIALOG 0x0019e188 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_DIALOG 0x0019e188 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_STRING 0x0019ebd0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_STRING 0x0019ebd0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_STRING 0x0019ebd0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_STRING 0x0019ebd0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_STRING 0x0019ebd0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_STRING 0x0019ebd0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_STRING 0x0019ebd0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_STRING 0x0019ebd0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_STRING 0x0019ebd0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_STRING 0x0019ebd0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_STRING 0x0019ebd0 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_GROUP_CURSOR 0x0019ec1c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED Lotus unknown worksheet or configuration, revision 0x2
RT_GROUP_CURSOR 0x0019ec1c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED Lotus unknown worksheet or configuration, revision 0x2
RT_GROUP_CURSOR 0x0019ec1c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED Lotus unknown worksheet or configuration, revision 0x2
RT_GROUP_ICON 0x0019ec68 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_GROUP_ICON 0x0019ec68 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_GROUP_ICON 0x0019ec68 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_VERSION 0x0019ec7c 0x00000240 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_MANIFEST 0x0019eebc 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, ASCII text, with very long lines, with no line terminators

Imports

Library KERNEL32.dll:
0x47c170 lstrcmpiA
0x47c174 SetEndOfFile
0x47c178 UnlockFile
0x47c17c LockFile
0x47c180 FlushFileBuffers
0x47c184 SetFilePointer
0x47c188 DuplicateHandle
0x47c18c lstrcpynA
0x47c190 SetLastError
0x47c19c LocalFree
0x47c1a4 GetCurrentProcess
0x47c1ac GetSystemDirectoryA
0x47c1b0 CreateSemaphoreA
0x47c1b4 ResumeThread
0x47c1b8 ReleaseSemaphore
0x47c1c4 SetStdHandle
0x47c1c8 IsBadCodePtr
0x47c1cc IsBadReadPtr
0x47c1d0 CompareStringW
0x47c1d4 CompareStringA
0x47c1dc GetStringTypeW
0x47c1e0 GetStringTypeA
0x47c1e4 IsBadWritePtr
0x47c1e8 VirtualAlloc
0x47c1ec LCMapStringW
0x47c1f0 LCMapStringA
0x47c1f8 VirtualFree
0x47c1fc HeapCreate
0x47c200 HeapDestroy
0x47c208 GetFileType
0x47c20c GetStdHandle
0x47c210 SetHandleCount
0x47c228 GetACP
0x47c22c HeapSize
0x47c230 TerminateProcess
0x47c234 GetLocalTime
0x47c238 GetSystemTime
0x47c240 RaiseException
0x47c244 GetProfileStringA
0x47c248 WriteFile
0x47c250 CreateFileA
0x47c254 SetEvent
0x47c258 FindResourceA
0x47c25c LoadResource
0x47c260 LockResource
0x47c264 ReadFile
0x47c268 GetModuleFileNameA
0x47c26c WideCharToMultiByte
0x47c270 MultiByteToWideChar
0x47c274 GetCurrentThreadId
0x47c278 ExitProcess
0x47c27c GlobalSize
0x47c280 GlobalFree
0x47c28c lstrcatA
0x47c290 lstrlenA
0x47c294 WinExec
0x47c298 lstrcpyA
0x47c29c FindNextFileA
0x47c2a0 GlobalReAlloc
0x47c2a4 HeapFree
0x47c2a8 HeapReAlloc
0x47c2ac GetProcessHeap
0x47c2b0 HeapAlloc
0x47c2b4 GetFullPathNameA
0x47c2b8 FreeLibrary
0x47c2bc LoadLibraryA
0x47c2c0 GetLastError
0x47c2c4 GetVersionExA
0x47c2cc CreateThread
0x47c2d0 CreateEventA
0x47c2d4 Sleep
0x47c2d8 GlobalAlloc
0x47c2dc GlobalLock
0x47c2e0 GlobalUnlock
0x47c2e4 GetTempPathA
0x47c2e8 FindFirstFileA
0x47c2ec FindClose
0x47c2f0 RtlUnwind
0x47c2f4 GetStartupInfoA
0x47c2f8 GetOEMCP
0x47c2fc GetCPInfo
0x47c300 GetProcessVersion
0x47c304 SetErrorMode
0x47c308 GlobalFlags
0x47c30c GetCurrentThread
0x47c310 GetFileTime
0x47c314 GetFileSize
0x47c318 TlsGetValue
0x47c31c LocalReAlloc
0x47c320 TlsSetValue
0x47c324 TlsFree
0x47c328 GlobalHandle
0x47c32c TlsAlloc
0x47c330 GetFileAttributesA
0x47c33c GetModuleHandleA
0x47c340 GetProcAddress
0x47c344 MulDiv
0x47c348 GetCommandLineA
0x47c34c GetTickCount
0x47c350 CreateProcessA
0x47c354 WaitForSingleObject
0x47c358 CloseHandle
0x47c35c GlobalDeleteAtom
0x47c360 LocalAlloc
0x47c364 lstrcmpA
0x47c368 GetVersion
0x47c36c GlobalGetAtomNameA
0x47c370 GlobalAddAtomA
0x47c374 GlobalFindAtomA
Library USER32.dll:
0x47c3a0 GetScrollPos
0x47c3a4 WaitForInputIdle
0x47c3a8 wsprintfA
0x47c3ac CloseClipboard
0x47c3b0 GetClipboardData
0x47c3b4 OpenClipboard
0x47c3b8 SetClipboardData
0x47c3bc EmptyClipboard
0x47c3c0 GetSystemMetrics
0x47c3c4 GetCursorPos
0x47c3c8 MessageBoxA
0x47c3cc SetWindowPos
0x47c3d0 SendMessageA
0x47c3d4 DestroyCursor
0x47c3d8 SetParent
0x47c3dc IsWindow
0x47c3e0 PostMessageA
0x47c3e4 GetTopWindow
0x47c3e8 GetParent
0x47c3ec GetFocus
0x47c3f0 GetClientRect
0x47c3f4 InvalidateRect
0x47c3f8 ValidateRect
0x47c3fc UpdateWindow
0x47c400 EqualRect
0x47c404 GetWindowRect
0x47c408 SetForegroundWindow
0x47c40c DestroyMenu
0x47c410 IsChild
0x47c414 ReleaseDC
0x47c418 IsRectEmpty
0x47c41c FillRect
0x47c420 GetDC
0x47c424 SetCursor
0x47c428 LoadCursorA
0x47c42c SetCursorPos
0x47c430 SetActiveWindow
0x47c434 GetSysColor
0x47c438 SetWindowLongA
0x47c43c GetWindowLongA
0x47c440 RedrawWindow
0x47c444 EnableWindow
0x47c448 IsWindowVisible
0x47c44c OffsetRect
0x47c450 PtInRect
0x47c454 DestroyIcon
0x47c458 IntersectRect
0x47c45c InflateRect
0x47c460 SetRect
0x47c464 SetScrollPos
0x47c468 SetScrollRange
0x47c46c GetScrollRange
0x47c470 SetCapture
0x47c474 GetCapture
0x47c478 ReleaseCapture
0x47c47c GetForegroundWindow
0x47c480 LoadIconA
0x47c484 TranslateMessage
0x47c488 DrawFrameControl
0x47c48c DrawEdge
0x47c490 DrawFocusRect
0x47c494 WindowFromPoint
0x47c498 GetMessageA
0x47c49c DispatchMessageA
0x47c4a0 SetRectEmpty
0x47c4b0 DrawIconEx
0x47c4b4 CreatePopupMenu
0x47c4b8 AppendMenuA
0x47c4bc ModifyMenuA
0x47c4c0 CreateMenu
0x47c4c8 GetDlgCtrlID
0x47c4cc GetSubMenu
0x47c4d0 EnableMenuItem
0x47c4d4 ClientToScreen
0x47c4dc LoadImageA
0x47c4e4 ShowWindow
0x47c4e8 IsWindowEnabled
0x47c4f0 GetKeyState
0x47c4f8 PostQuitMessage
0x47c4fc IsZoomed
0x47c500 GetClassInfoA
0x47c504 DefWindowProcA
0x47c508 GetSystemMenu
0x47c50c DeleteMenu
0x47c510 GetMenu
0x47c514 SetMenu
0x47c518 GetWindowTextA
0x47c520 CharUpperA
0x47c524 GetWindowDC
0x47c528 BeginPaint
0x47c52c EndPaint
0x47c530 TabbedTextOutA
0x47c534 DrawTextA
0x47c538 GrayStringA
0x47c53c GetDlgItem
0x47c540 DestroyWindow
0x47c548 EndDialog
0x47c54c GetNextDlgTabItem
0x47c550 GetWindowPlacement
0x47c558 GetLastActivePopup
0x47c55c GetMessageTime
0x47c560 RemovePropA
0x47c564 CallWindowProcA
0x47c568 GetPropA
0x47c56c UnhookWindowsHookEx
0x47c570 SetPropA
0x47c574 GetClassLongA
0x47c578 CallNextHookEx
0x47c57c SetWindowsHookExA
0x47c580 CreateWindowExA
0x47c584 GetMenuItemID
0x47c588 GetMenuItemCount
0x47c58c RegisterClassA
0x47c590 UnregisterClassA
0x47c594 AdjustWindowRectEx
0x47c598 MapWindowPoints
0x47c59c SendDlgItemMessageA
0x47c5a0 ScrollWindowEx
0x47c5a4 IsDialogMessageA
0x47c5a8 SetWindowTextA
0x47c5ac MoveWindow
0x47c5b0 CheckMenuItem
0x47c5b4 SetMenuItemBitmaps
0x47c5b8 GetMenuState
0x47c5c0 GetClassNameA
0x47c5c4 GetDesktopWindow
0x47c5c8 LoadStringA
0x47c5cc GetSysColorBrush
0x47c5d0 PeekMessageA
0x47c5d4 IsIconic
0x47c5d8 SetFocus
0x47c5dc GetActiveWindow
0x47c5e0 GetWindow
0x47c5e8 SetWindowRgn
0x47c5ec GetMessagePos
0x47c5f0 ScreenToClient
0x47c5f8 CopyRect
0x47c5fc LoadBitmapA
0x47c600 WinHelpA
0x47c604 KillTimer
0x47c608 SetTimer
Library GDI32.dll:
0x47c024 GetClipRgn
0x47c028 CreatePolygonRgn
0x47c02c SelectClipRgn
0x47c030 DeleteObject
0x47c034 CreateDIBitmap
0x47c03c CreatePalette
0x47c040 StretchBlt
0x47c044 SelectPalette
0x47c048 RealizePalette
0x47c04c GetDIBits
0x47c050 GetWindowExtEx
0x47c054 GetViewportOrgEx
0x47c058 GetWindowOrgEx
0x47c05c BeginPath
0x47c060 EndPath
0x47c064 PathToRegion
0x47c068 CreateEllipticRgn
0x47c06c CreateRoundRectRgn
0x47c070 GetTextColor
0x47c074 GetBkMode
0x47c078 GetBkColor
0x47c07c GetROP2
0x47c080 GetStretchBltMode
0x47c084 GetPolyFillMode
0x47c08c CreateDCA
0x47c090 CreateBitmap
0x47c094 SelectObject
0x47c098 GetObjectA
0x47c09c CreatePen
0x47c0a0 SetStretchBltMode
0x47c0a4 CombineRgn
0x47c0a8 CreateRectRgn
0x47c0ac FillRgn
0x47c0b0 CreateSolidBrush
0x47c0b4 GetStockObject
0x47c0b8 CreateFontIndirectA
0x47c0bc EndPage
0x47c0c0 EndDoc
0x47c0c4 DeleteDC
0x47c0c8 StartDocA
0x47c0cc StartPage
0x47c0d0 BitBlt
0x47c0d4 CreateCompatibleDC
0x47c0d8 Ellipse
0x47c0dc Rectangle
0x47c0e0 LPtoDP
0x47c0e4 DPtoLP
0x47c0e8 GetCurrentObject
0x47c0ec RoundRect
0x47c0f4 GetDeviceCaps
0x47c0f8 SaveDC
0x47c0fc RestoreDC
0x47c100 SetBkMode
0x47c104 SetPolyFillMode
0x47c108 SetROP2
0x47c10c SetTextColor
0x47c110 SetMapMode
0x47c114 SetViewportOrgEx
0x47c118 OffsetViewportOrgEx
0x47c11c SetViewportExtEx
0x47c120 ScaleViewportExtEx
0x47c124 SetWindowOrgEx
0x47c128 SetWindowExtEx
0x47c12c ScaleWindowExtEx
0x47c130 GetClipBox
0x47c134 ExcludeClipRect
0x47c138 MoveToEx
0x47c13c LineTo
0x47c144 SetBkColor
0x47c148 PatBlt
0x47c14c GetTextMetricsA
0x47c150 Escape
0x47c154 ExtTextOutA
0x47c158 TextOutA
0x47c15c RectVisible
0x47c160 PtVisible
0x47c164 GetViewportExtEx
0x47c168 ExtSelectClipRgn
Library WINMM.dll:
0x47c610 midiStreamRestart
0x47c614 midiStreamClose
0x47c618 midiOutReset
0x47c61c midiStreamStop
0x47c620 midiStreamOut
0x47c628 midiStreamProperty
0x47c62c midiStreamOpen
0x47c634 waveOutOpen
0x47c638 waveOutGetNumDevs
0x47c63c waveOutClose
0x47c640 waveOutReset
0x47c644 waveOutPause
0x47c648 waveOutWrite
Library WINSPOOL.DRV:
0x47c658 ClosePrinter
0x47c65c DocumentPropertiesA
0x47c660 OpenPrinterA
Library ADVAPI32.dll:
0x47c000 RegCloseKey
0x47c004 RegOpenKeyExA
0x47c008 RegSetValueExA
0x47c00c RegQueryValueA
0x47c010 RegCreateKeyExA
Library SHELL32.dll:
0x47c390 ShellExecuteA
0x47c394 Shell_NotifyIconA
Library ole32.dll:
0x47c6a4 OleInitialize
0x47c6a8 OleUninitialize
0x47c6ac CLSIDFromString
Library OLEAUT32.dll:
0x47c380 UnRegisterTypeLib
0x47c384 RegisterTypeLib
0x47c388 LoadTypeLib
Library COMCTL32.dll:
0x47c018 ImageList_Destroy
0x47c01c None
Library WS2_32.dll:
0x47c668 recv
0x47c66c getpeername
0x47c670 accept
0x47c674 recvfrom
0x47c678 ioctlsocket
0x47c67c WSAAsyncSelect
0x47c680 closesocket
0x47c684 inet_ntoa
0x47c688 WSACleanup
Library comdlg32.dll:
0x47c690 GetFileTitleA
0x47c694 GetSaveFileNameA
0x47c698 GetOpenFileNameA
0x47c69c ChooseColorA
!This program cannot be run in DOS mode.
`.rdata
@.data
D$$~9+
F\_^][
L$$_^d
L$@^[d
D$PQRP
L$pPQR
D$hRQP
9L$x~k
L$T_^][d
L$lRVQ
D$hQRP
D$hQRP
T$pPQR
\$8UVW
L$DPQj
\$8UVW
L$DPQj
L$ _^d
W9^du-
L$ PQh
L$L_^][d
L$D_^][d
L$@RUQ
L$|_^][d
L$|_^][d
L$|_^][d
T$0VRPSQ
L$4_^[d
V#D$,WPQ
D$@UPQ
T$XUSR
T$HQRP
L$x_^d
D$(SUV
T$8RWj
L$ _^][d
l$<VWj
L$(VQVj
L$(UUh
t$LUPh
o0SSSSU
D$dSUVW
D$@WPS
L$`_^][d
D$,RVhD
L$TQVSh
|$XSSW
T$TQRPhh
D$`QRP
D$hSUV3
D$,Pj<j
L$h_^][d
L$X_^d
t$ 90t
T$LRUj
t*h<W
D$89Vdu
FpHt&Ht
D$LUSWP
L$$_^][d
L$,_[3
L$,_[3
L$(WQR
QQUWSS
L$P_]^[d
T$hQRWW
t]9|$<tW
L$x_^]
L$<SQR
T$<RVW
9|$8tt
T$<WRh
T$lPRh
T$ SRh
9l$xtU9
u29l$xu,
T$$Rh0)V
L$XSQh
D$,SPh
T$,SRh
T$,SRh
T$,SRh
t$(SSh
t$$RVP
|$,RPQ
L$H][d
L$HSUVWP
D$XPQU
D$8VPQ
T$ SWRP
L$L_^]3
t%RSQP
XY[Z[]
~'PSQR
\$<VW3
L$4_^3
D$XQRWP
D$dQUWRP
D$0WPQ
T$$+D$4
L$L^[d
D$dhpkW
9^xu5j
L$X_^]3
h9n`u;
D$8RPj
T$DQRU
D$PRPQ
L$TSWQ
l$HQRVU
D$H_^][
\$lUV3
L$h_^]3
T$\jdSR
L$Hj&Q
;t$Xu";\$\u
L$DSVQ
L$,_^]3
L$$_^][d
L$0PQS
L$ ]_^
L$ QSR
D$TVPW
D$TRPW
WWVQRWWS
D$$QRP
T$,PQR
D$$RSSP
D$8WVRPQ
L$XRQP
l$@VW3
L$8_^][d
u"8D$yu
D$(_^][
8MThdu
~P9~Pun
t&9^$t
F(9V8tQ
F<_^][
F<_^][
|$@ Wu
|$D UV
L$8^]_3
@;l$\~Z
L$X;L$
uh9^8uX
F89^8u&j
L$T_^][d
L$L_^][d
D$,;\$|
L$0PQR
PQj WUS
T$dPQR
L$l_^][d
L$8WPQR
T$DQSR
D$49D$$}
T$\;D$Xu
L$(PQR
T$,RQP
T$(PQR
L$x_^][d
L$l_^][d
L$TPQR
L$dPQRV
u+\$l
L$4SUV
L$4WPQR
D$ |2;
L$@_^][d
u._^][
L$ WPQ
T$,RQP
L$\_^][d
L$@RQj
D$@RPQj
L$T_^]d
FD uy9D$$}s
FD@ul9L$(}f
L$P_^d
L$\_^][d
;D$xt&
9D$$t+
L$D_]d
L$ ^][d
D$$QUP
L$|_^][d
L$t][d
D$$SUV
D$DURP
RVPUSQ
L$$_^][d
j VUPWQ
T$(QVURWP
L$,_^][d
D$$_^[
D$$_^[
L$4VQUP
L$$_^][d
L$4UQWP
L$$_^][d
T$0SUV
L$(_^][d
T$8QRP
L$(_^][d
L$8_^][d
|$LtE;
t$PPVS
L$8_^][d
T$\WVR
jBWVSSQ
D$(_^]
\$ PQV
L$$_^][d
L$H_^][d
SWVVVRPV
L$$^]d
L$D_^[d
T$DWRh
D$,QRPS
L$$RPQS
L$<_^][d
L$(RPQ
NTRPQj
L$(RPQ
T$(PQR
D$(QRP
T$DPQRW
L$<RPQW
L$T_^]
Nh;NX|
Vh;VX|
Fxt_;FTu@
Nh;NX|
P$RWPh
D$0QVRP
L$$PVh
D$4RPQ
D$ PQR
=pscat
=YARGtD= BGRt
h BGRUPV
hYARGUQV
=lcmnw_tQ=tsbat-=knilt
=rtnmto
hknilUPV
htsbaUQV
=rtrpt =rncst
=capst
= baLt = ZYXt
TADIut
tkPUSV
ETLPuF
D$8QVRPU
QRVWPU
D$$SPh
3;L$4s
T$8QRU
L$Xh`[
T$,SRW
T$0;t$
PPPQSG
D$ EJ;
D$4SUVW
L$$QWV
D$0UhP
D$,Hx;@
D$(CM;
D$Hvm3
L$Lvj3
D$(FO;
L$t_^d
D$ RPUhD
L$l_^][d
L$$^[d
L$(WSR
T$0PQR
WjdjdPQh
|z;^<}uWS
L$D_^][d
L$\_^][d
It#Iu%
^l_^][
tI;Ftr
tL9~HvG;
~(9~$u
D/ VPS
L$<RWUQV
L$$j QV
L$(VQU
hPCCiU
L$(RPVQWU
l$,WuAS
|$ VurU
D$@QRPU
T$ PQW
Ht&HtcI
D$(SUW
=TADIt
TADIu"
hTADIV
Ht]Ht2Ht
HtfHt;Ht
t$,u%:D$<u
:L$<t;
\$$u9f;
\$@QUR
;=3333v
HtHHuz
V,_^[Y
D$ _^][
EHPWVS
u]9B uX
uR9BxuM
'9A`u"9
tq9~Dt
nd9~dt
tS9~@uN
T$LPQR
|$HPWS
L$(RPQ
T$DPVS
T$LRWS
Fdf+Fh
D$(8D*
tRHt}H
NH_^][
T$LWUQVR
L$4WQUVS
;l$ }:
|$$}$WP
\$\}-j
O(_^][
T$H} VP
T$$PRV
D$(QPW
L$,SUV
L$0SUV@W
NX9NXu
QPSWVR
T$PQRP
D$$SUV
D$(;l$
\$(UVW
D$,_^]
D$(CUSWP
9o4u'V
9t$0v8
T$,RWV
T$,RWV
T$,RWV
L$,QWV
T$,RWV
L$ RUPj
9t$Tu
T+3x%A
;D$<s!
T$,PQh@
D$0Qh4
|$ WUSV
D$$SUV
L$(SUV
N4_^]3
F$@;F(v
F$@@;F(v
t_hl6V
tNh\6V
t=hH6V
t,h46V
QQSVWj
QQSVWd
t.;t$$t(
B 02CV
C =02CVu
uRFGHt
YHYtLHt9
_9=`CY
8t9UW
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
VC20XC00U
t/WWUPj
QQSVW3
89=HCY
sO;>|C;~
[Sh,QV
"WWSh(QV
HHtpHHtl
tFGQPS
HSVHWtgHHtF
<]t_G<-uA
PPPPPPPP
PPPPPPPP
PPPPPPPP
^Vh,QV
PVh(QV
QQSVWj
>:uNFV
>:u#FV
tPhlUV
t+Ht$Ht
HtHHt
+ttHHtd
nt2Ht#Ht
F\jLSP
u$SShe
Wj(_Wj
hWj@_;
PQQQQQ
PPPPhd
tvWWWWU
F,_^][
(wqt\HHtS
t>Ht Ht
u09=X@Y
QSUVWj
n0SSSSU
_SSSSU
Ph_^][Y
tD9_Pt?
Ht#HHt
@t4Ht1Ht_Ht
^$_^[]
F(_+F$^[;E
<A|2<Z
<A|@<Z
+tJHt:Ht*
P<PuWSV
PWVWWW
^,_^][
d09f2340818511d396f6aaf844c7e325
52F260023059454187AF826A3C07AF2A
window
csrss1.exe
csrss2.exe
!This program cannot be run in DOS mode.
`.rdata
@.data
3kWRwlWR
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
fffffff
3kWRwlWR
9MZuqLcA<I
uRFGHt
t(ENEN;
L$$_^]
T$$_^]
D$$_^]
D$0UVW
L$$_^]d
D$4SUV
D$$ CJ
L$89l$8}
D$(t,;
T$ RPW
D$0 CJ
D$0 CJ
D$D CJ
L$X_^d
L$DQRf
T$$RPQ
D$$ CJ
D$$ CJ
D$$ CJ
D$$ CJ
D$$ CJ
T$0QRS
T$XPVR
t6HtHt
D$$~9+
F\_^][
L$$_^d
L$@^[d
L$@PQR
D$8d[J
D$dRPQ
D$0X[J
D$0d[J
D$tRQP
9L$|~q
T$LQh
L$LPh
L$T_^][d
L$lRVQ
D$4L[J
D$hQRP
D$hQRP
T$pPQR
\$8UVW
L$DPQj
\$8UVW
L$DPQj
L$ _^d
W9^du-
L$ PQh
L$L_^][d
L$D_^][d
L$@RUQ
L$|_^][d
L$|_^][d
L$|_^][d
O\VRPSQ
L$4_^[d
V#D$,WPQ
D$@UPQ
T$XUSR
T$HQRP
D$$d[J
L$x_^d
D$(SUV
T$8RWj
L$ _^][d
l$<VWj
L$(VQVj
L$(UUh
t$LUPh
o0SSSSU
D$dSUVW
D$@WPS
D$LH[J
L$`_^][d
D$,RVhl
L$TQVSh
|$XSSW
T$TQRPh
D$`QRP
D$0H[J
D$hSUV3
D$,Pj<j
L$h_^][d
L$X_^d
t$ 90t
T$LRUj
D$8H[J
L$(WQR
QQUWSS
L$P_]^[d
T$hQRWW
t]9|$<tW
L$x_^]
L$<SQR
T$<RVW
9|$8tt
T$<WRh
T$lPRh
T$ SRh
9l$xtU9
u29l$xu,
T$$RhP
L$XSQh
D$,SPh
T$,SRh
T$,SRh
T$,SRh
t$(SSh
t$$RVP
|$,RPQ
L$H][d
L$HSUVWP
D$XPQU
D$8VPQ
T$ SWRP
L$L_^]3
t%RSQP
XY[Z[]
~'PSQR
D$XQRWP
D$dQUWRP
|$D.tm
L$0^[d
D$0WPQ
T$$+D$4
D$xHdJ
L$L^[d
9^xu5j
L$X_^]3
h9n`u;
D$8RPj
T$DQRU
D$PRPQ
L$TSWQ
l$HQRVU
D$H_^][
\$lUV3
L$h_^]3
T$\jdSR
L$Hj&Q
;t$Xu";\$\u
L$DSVQ
L$,_^]3
L$$_^][d
L$0PQS
L$ ]_^
L$ QSR
D$TVPW
D$TRPW
D$ QRP
L$X_^][d
D$$QRP
T$,PQR
D$$RSSP
D$8WVRPQ
L$XRQP
l$@VW3
L$8_^][d
u"8D$yu
D$(_^][
8MThdu
~P9~Pun
t&9^$t
F(9V8tQ
F<_^][
F<_^][
|$@ Wu
|$D UV
L$8^]_3
D$dxiJ
D$4|iJ
@;l$\~Z
L$X;L$
D$4xiJ
uh9^8uX
F89^8u&j
L$T_^][d
L$L_^][d
D$,;\$|
L$0PQR
PQj WUS
T$dPQR
L$l_^][d
L$8WPQR
T$DQSR
D$49D$$}
T$\;D$Xu
L$(PQR
T$,RQP
T$(PQR
L$x_^][d
L$l_^][d
L$TPQR
L$dPQRV
u+\$l
L$4SUV
L$4WPQR
D$ |2;
L$@_^][d
u._^][
L$ WPQ
T$,RQP
L$\_^][d
L$@RQj
D$@RPQj
L$T_^]d
FD uy9D$$}s
FD@ul9L$(}f
L$P_^d
L$\_^][d
;D$xt&
9D$$t+
L$D_]d
L$ ^][d
D$$QUP
L$|_^][d
L$t][d
D$$SUV
D$DURP
RVPUSQ
L$$_^][d
j VUPWQ
T$(QVURWP
L$,_^][d
D$$_^[
D$$_^[
L$4VQUP
L$$_^][d
L$4UQWP
L$$_^][d
T$0SUV
L$(_^][d
T$8QRP
L$(_^][d
L$8_^][d
|$LtE;
t$PPVS
L$8_^][d
T$\WVR
jBWVSSQ
D$(_^]
\$ PQV
L$$_^][d
D$ xnJ
L$H_^][d
SWVVVRPV
L$$^]d
L$D_^[d
T$DWRh
D$$TuJ
D$,QRPS
L$$RPQS
L$<_^][d
D$LTuJ
L$(RPQ
NTRPQj
L$(RPQ
T$(PQR
D$(QRP
T$DPQRW
L$<RPQW
L$T_^]
Nh;NX|
Vh;VX|
Fxt_;FTu@
Nh;NX|
P$RWPh
D$0QVRP
jdQh(xJ
L$$PVh
D$4RPQ
D$ PQR
=pscat
=YARGtD= BGRt
h BGRUPV
hYARGUQV
=lcmnw_tQ=tsbat-=knilt
=rtnmto
hknilUPV
htsbaUQV
=rtrpt =rncst
=capst
= baLt = ZYXt
TADIut
tkPUSV
ETLPuF
D$8QVRPU
QRVWPU
D$0XyJ
D$$SPh
3;L$4s
T$8QRU
L$Xh`[
T$,SRW
T$0;t$
PPPQSG
D$ EJ;
D$4SUVW
L$$QWV
D$0UhP
D$,Hx;@
D$(CM;
D$Hvm3
L$Lvj3
D$(FO;
L$t_^d
D$ RPUhD
QUhh!L
L$l_^][d
L$$^[d
L$(WSR
T$0PQR
WjdjdPQh
|z;^<}uWS
L$D_^][d
L$\_^][d
It#Iu%
^l_^][
tI;Ftr
tL9~HvG;
~(9~$u
D/ VPS
L$<RWUQV
L$$j QV
L$(VQU
hPCCiU
L$(RPVQWU
u!hp'L
l$,WuAS
|$ VurU
D$@QRPU
T$ PQW
}khX)L
Ht&HtcI
D$(SUW
=TADIt
t4hh*L
TADIu"
hTADIV
Ht]Ht2Ht
HtfHt;Ht
u7hd,L
t$,u%:D$<u
:L$<t;
\$$u9f;
\$@QUR
;=3333v
HtHHuz
V,_^[Y
D$ _^][
EHPWVS
u]9B uX
uR9BxuM
'9A`u"9
tq9~Dt
nd9~dt
tS9~@uN
T$LPQR
|$HPWS
L$(RPQ
T$DPVS
T$LRWS
Fdf+Fh
D$(8D*
tRHt}H
NH_^][
T$LWUQVR
L$4WQUVS
;l$ }:
|$$}$WP
\$\}-j
O(_^][
T$H} VP
T$$PRV
D$(QPW
L$,SUV
L$0SUV@W
NX9NXu
QPSWVR
T$PQRP
D$$SUV
D$(;l$
\$(UVW
D$,_^]
D$(CUSWP
9o4u'V
9t$0v8
T$,RWV
T$,RWV
T$,RWV
L$,QWV
T$,RWV
L$ RUPj
9t$Tu
T+3x%A
;D$<s!
T$,PQh(
|$ WUSV
D$$SUV
L$(SUV
N4_^]3
T$0u`U
V<j PR
F<j QP
T$HRj$
T$<RWP
D$ QRPW
T$ PQRW
D$(PQh
T$@SRh
\$(UVW
L$4PUQ
D$$QRWVPU
T$@QRj
L$4PQj
T$4QRj
L$(PQj
T$8QRj
L$,PQj
D$lRPj
T$<QRj
T$dQRj
D$`RPj
T$0QRj
L$|PQj
T$XQRj
D$dRPj
T$4QRj
T$\QRj
D$DSUVW
D$DRPj
T$0QRj
L$`PQj
D$<RPj
T$(QRj
L$XPQj
D$@RPj
T$,QRj
L$\PQj
;t$<}
D$(d.O
;t$<}8
D$(SUV
|$<tM;
T$ h`bO
T$8QRj
D$HhxbO
L$,PQj
T$,QRj
D$<hxbO
L$ PQj
T$,QRj
D$<hxbO
L$ PQj
L$Lh`bO
D$ hpbO
L$dPQj
T$thxbO
D$8RPj
D$\RPj
T$@h`bO
T$XQRj
D$hhxbO
L$,PQj
D$|RPj
L$PPQj
D$@h`bO
D$XRPj
L$hhxbO
T$,QRj
L$|PQj
T$PQRj
L$DSVW
D$,hpbO
T$ hxbO
D$DRPj
T$4QRj
L$dPQj
D$ hpbO
D$8RPj
T$(QRj
L$XPQj
D$ hpbO
D$8RPj
T$(QRj
L$XPQj
d$t_^][
F$@;F(v
F$@@;F(v
QQSVWj
QQSVWd
t.;t$$t(
B 02CV
C =02CVu
YYF;5@
^}%95p
VC20XC00U
uRFGHt
YHYtLHt9
_9=H]O
8t9UW
SS@SSPVSS
t#SSUP
t$$VSS
_^][YY
t/WWUPj
QQSVW3
89=0]O
sO;>|C;~
"WWShX
HHtpHHtl
tFGQPS
btHHt.
YYF;5@
HSVHWtgHHtF
<]t_G<-uA
PPPPPPPP
PPPPPPPP
PPPPPPPP
QQSVWj
>:uNFV
>:u#FV
,f9=l_O
t+Ht$Ht
HtHHt
+ttHHtd
QQSUVWj
_^][YY
nt2Ht#Ht
F\jLSP
u$SShe
ue;=p\O
z;=l\O
M;=t\O
(;=h\O
Wj(_Wj
hWj@_;
PQQQQQ
PPPPhd
tvWWWWU
F,_^][
(wqt\HHtS
t>Ht Ht
u09=@ZO
QSUVWj
n0SSSSU
_SSSSU
Ph_^][Y
tD9_Pt?
Ht#HHt
@t4Ht1Ht_Ht
^$_^[]
F(_+F$^[;E
<A|2<Z
<A|@<Z
+tJHt:Ht*
P<PuWSV
PWVWWW
^,_^][
kernel32.dll
kernel32.dll
kernel32.dll
ntdll.dll
kernel32.dll
kernel32.dll
kernel32.dll
kernel32
advapi32.dll
advapi32.dll
advapi32.dll
kernel32.dll
kernel32.dll
kernel32.dll
user32
user32
user32
kernel32.dll
kernel32.dll
kernel32
ntdll.dll
kernel32
kernel32
GetCurrentProcess
OpenProcess
LocalAlloc
NtQueryInformationProcess
LocalFree
CloseHandle
GetCurrentProcessId
OpenProcess
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CloseHandle
CreateDirectoryA
MoveFileA
GetMessageA
TranslateMessage
DispatchMessageA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
ZwWow64ReadVirtualMemory64
CreateWaitableTimerA
SetWaitableTimer
MsgWaitForMultipleObjects
CoInitialize
CoUninitialize
d09f2340818511d396f6aaf844c7e325
A512548E76954B6E92C21055517615B0
5F99C1642A2F4e03850721B4F5D7C3F8
9DEDA17547CF40e085B7C8919B1800AF
52F260023059454187AF826A3C07AF2A
ComObject
Variant
e@/Windows Session Manager.exe
SeDebugPrivilege
\....\
\....\TemporaryFile
\TemporaryFile
|xxxx|ey.txt|xxxx|
http://38.147.172.248:8080/apii.php
0000000000040100
7FFFFFFFFFFFFFFF
NtQueryVirtualMemory
NtReadVirtualMemory.
z>ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
OPTIONS
DELETE
CONNECT
WinHttp.WinHttpRequest.5.1
@SetTimeouts
SetProxy
Option
Accept:
Accept: */*
Referer:
Referer:
Accept-Language:
Accept-Language: zh-cn
User-Agent:
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Content-Type:
Content-Type: application/x-www-form-urlencoded
Basic
Proxy-Authorization
SetRequestHeader
Cookie:
Cookie
Connection
keep-alive
ResponseBody
GetAllResponseHeaders
Status
StatusText
Set-Cookie
Set-Cookie:
=deleted
kernel32.dll
ntdll.dll
kernel32
advapi32.dll
user32
GetCurrentProcess
OpenProcess
LocalAlloc
NtQueryInformationProcess
LocalFree
CloseHandle
GetCurrentProcessId
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateDirectoryA
MoveFileA
GetMessageA
TranslateMessage
DispatchMessageA
CreateToolhelp32Snapshot
Process32First
Process32Next
ZwWow64ReadVirtualMemory64
CreateWaitableTimerA
SetWaitableTimer
MsgWaitForMultipleObjects
CoInitialize
CoUninitialize
4i5U6B738%9
B#C0D?EQFeG|H
E=FZGrH
QyReSOT5U
qdZRMHD@=;86421/.-+*)(''&%$$#""!! 
|?5^<@
0123456789ABCDEF
123456789
0123456789ABCDEF
Qkkbal
DDDDUUUU
00003333
""""UUUU
0@P`p
!1AQaq
"2BRbr
#3CScs
$4DTdt
%5EUeu
&6FVfv
'7GWgw
(8HXhx
)9IYiy
*:JZjz
+;K[k{
,<L\l|
-=M]m}
.>N^n~
/?O_o
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
BKbhTb~XBK!;
inflate 1.1.3 Copyright 1995-1998 Mark Adler
?u='@^
UUUUUU
@UUUUUU
UUUUUU
@UUUUUU
UUUUUU
F%*.*f
CNotSupportedException
CMemoryException
CException
CMemFile
CTempGdiObject
CTempDC
CPalette
CBitmap
CBrush
CGdiObject
CPaintDC
CWindowDC
CClientDC
CUserException
CResourceException
CDialog
MS Sans Serif
MS Shell Dlg
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
DISPLAY
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
InitCommonControlsEx
COMCTL32.DLL
CPtrArray
CComboBox
CButton
CStatic
CFileDialog
CStringArray
CWinApp
PreviewPages
Settings
CTempImageList
CImageList
CProgressCtrl
CArchiveException
CCmdTarget
CWinThread
CTempMenu
combobox
CDWordArray
CWordArray
CFileException
CMapPtrToPtr
CToolTipCtrl
tooltips_class32
CColorDialog
CObject
System
commdlg_SetRGBColor
commdlg_help
commdlg_ColorOK
commdlg_FileNameOK
commdlg_ShareViolation
commdlg_LBSelChangedNotify
software
CMapStringToPtr
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error
TLOSS error
SING error
DOMAIN error
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
abnormal program termination
- not enough space for environment
- not enough space for arguments
- floating point not loaded
Microsoft Visual C++ Runtime Library
Runtime Error!
Program:
<program name unknown>
GAIsProcessorFeaturePresent
KERNEL32
_hypot
`h````
ppxxxx
(null)
Illegal byte sequence
Directory not empty
Function not implemented
No locks available
Filename too long
Resource deadlock avoided
Result too large
Domain error
Broken pipe
Too many links
Read-only file system
Invalid seek
No space left on device
File too large
Inappropriate I/O control operation
Too many open files
Too many open files in system
Invalid argument
Is a directory
Not a directory
No such device
Improper link
File exists
Resource device
Unknown error
Bad address
Permission denied
Not enough space
Resource temporarily unavailable
No child processes
Bad file descriptor
Exec format error
Arg list too long
No such device or address
Input/output error
Interrupted function call
No such process
No such file or directory
Operation not permitted
No error
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#SNAN
CloseHandle
WaitForSingleObject
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
DeleteFileA
GetFileAttributesA
SetFileAttributesA
FindClose
FindFirstFileA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
RemoveDirectoryA
lstrlenW
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
TerminateThread
GetSystemDirectoryA
GetWindowsDirectoryA
GetCurrentProcess
CreateMutexA
ReleaseMutex
SuspendThread
KERNEL32.dll
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
ReleaseCapture
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
InflateRect
SetRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DefWindowProcA
GetClassInfoA
IsZoomed
EnumWindows
IsWindowEnabled
GetWindowThreadProcessId
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
GetForegroundWindow
USER32.dll
GetDeviceCaps
GetTextExtentPoint32A
RoundRect
GetCurrentObject
DPtoLP
LPtoDP
Rectangle
Ellipse
CreateCompatibleDC
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
GetObjectA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
CombineRgn
CreateRectRgn
PatBlt
CreatePen
SelectObject
CreateBitmap
FillRgn
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
GDI32.dll
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutRestart
WINMM.dll
ClosePrinter
DocumentPropertiesA
OpenPrinterA
WINSPOOL.DRV
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
ADVAPI32.dll
ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA
SHELL32.dll
OleRun
CoCreateInstance
CLSIDFromString
OleUninitialize
OleInitialize
ole32.dll
OLEAUT32.dll
ImageList_Destroy
COMCTL32.dll
WS2_32.dll
InterlockedIncrement
InterlockedDecrement
LocalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
SetLastError
lstrcpynA
DuplicateHandle
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
lstrcmpiA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
lstrcmpA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileSize
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RaiseException
TerminateProcess
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
comdlg32.dll
RegCreateKeyExA
CLSIDFromProgID
UnregisterClassA
Shell32.dll
Mpr.dll
Advapi32.dll
User32.dll
Gdi32.dll
Kernel32.dll
.PAVCException@@
\shell\open\command
mailto:
OpenDatabase
CloseDatabase
GetConnectString
GetTabList
%d, %d
DllUnregisterServer
DllRegisterServer
DEFAULT_ICON
RemovePlayer
WG!2S(
L23fff&ff
?fff&ff23
CWinFormUnit
.PAVCException@@
GetMonitorInfoA
MonitorFromWindow
User32.dll
bcdfghijklmnpqrstuvwxyz
abcddefghijklmnoopqrrsstuvvwwxyyz;
,1"52.*
(&07-034/)7 '
hgjlkbrfzaoe
 !"#!
?? / %d]
%d / %d]
.PAVCException@@
.PAVCFileException@@
(*.*)|*.*||
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.*)|*.*||
Ctrl+Shift+F12
Ctrl+Shift+F11
Ctrl+Shift+F10
Ctrl+Shift+F9
Ctrl+Shift+F8
Ctrl+Shift+F7
Ctrl+Shift+F6
Ctrl+Shift+F5
Ctrl+Shift+F4
Ctrl+Shift+F3
Ctrl+Shift+F2
Ctrl+Shift+F1
Shift+F12
Shift+F11
Shift+F10
Shift+F9
Shift+F8
Shift+F7
Shift+F6
Shift+F5
Shift+F4
Shift+F3
Shift+F2
Shift+F1
Ctrl+F12
Ctrl+F11
Ctrl+F10
Ctrl+F9
Ctrl+F8
Ctrl+F7
Ctrl+F6
Ctrl+F5
Ctrl+F4
Ctrl+F3
Ctrl+F2
Ctrl+F1
Ctrl+Z
Ctrl+Y
Ctrl+X
Ctrl+W
Ctrl+V
Ctrl+U
Ctrl+T
Ctrl+S
Ctrl+R
Ctrl+Q
Ctrl+P
Ctrl+O
Ctrl+N
Ctrl+M
Ctrl+L
Ctrl+K
Ctrl+J
Ctrl+I
Ctrl+H
Ctrl+G
Ctrl+F
Ctrl+E
Ctrl+D
Ctrl+C
Ctrl+B
Ctrl+A
.PAVCException@@
.PAVCException@@
GdiAlphaBlend
Gdi32.dll
(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|PNG
(*.PNG)|*.PNG|BMP
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.*)|*.*||
.PAVCException@@
devices
windows
device
MGridCells
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
.PAVCException@@
.PAVCFileException@@
.PAVCException@@
.PAVCFileException@@
CColourPicker
out.prn
(*.prn)|*.prn|
(*.*)|*.*||
devices
windows
device
.PAVCException@@
_EL_HideOwner
%d/%d
%d/%d
.PAVCException@@
Potential overflow in png_zalloc()
but running with
Application built with libpng-
unexpected zlib return code
unexpected zlib return
unsupported zlib version
truncated
insufficient memory
damaged LZ stream
bad parameters to zlib
zlib IO error
missing LZ dictionary
unexpected end of LZ stream
gamma value out of range
duplicate
gamma value does not match sRGB
gamma value does not match libpng estimate
invalid chromaticities
internal error checking chromaticities
inconsistent chromaticities
invalid sRGB rendering intent
cHRM chunk does not match sRGB
duplicate sRGB information ignored
inconsistent rendering intents
profile '
invalid length
too short
tag count too large
unexpected ICC PCS encoding
unrecognized ICC profile class
unexpected NamedColor ICC profile class
invalid embedded Abstract ICC profile
unexpected DeviceLink ICC profile class
Gray color space not permitted on RGB PNG
RGB color space not permitted on grayscale PNG
invalid ICC profile color space
PCS illuminant is not D50
invalid signature
intent outside defined range
invalid rendering intent
length does not match profile
ICC profile tag outside profile
ICC profile tag start not a multiple of 4
out-of-date sRGB profile with no signature
known incorrect sRGB profile
copyright violation: edited ICC profile ignored
internal error handling cHRM->XYZ
internal error handling cHRM coefficients
Invalid IHDR data
Invalid filter method in IHDR
Unknown filter method in IHDR
MNG features are not allowed in a PNG datastream
Unknown compression method in IHDR
Unknown interlace method in IHDR
Invalid color type/bit depth combination in IHDR
Invalid color type in IHDR
Invalid bit depth in IHDR
Invalid image height in IHDR
Invalid image width in IHDR
Image height exceeds user limit in IHDR
Image width exceeds user limit in IHDR
Image height is zero in IHDR
Image width is zero in IHDR
gamma table being rebuilt
Too many IDATs found
Missing PLTE before IDAT
Missing IHDR before IDAT
png_read_update_info/png_start_read_image: duplicate call
internal sequential row size calculation error
sequential row overflow
bad adaptive filter value
Invalid attempt to read row data
png_image_read: opaque pointer not NULL
png_image_read: out of memory
png_image_begin_read_from_memory: incorrect PNG_IMAGE_VERSION
png_image_begin_read_from_memory: invalid argument
invalid memory read
read beyond end of data
png_image_finish_read: damaged PNG_IMAGE_VERSION
png_image_finish_read: invalid argument
png_image_finish_read[color-map]: no color-map
bad background index (internal error)
bad processing option (internal error)
color map overflow (BAD internal error)
bad data option (internal error)
invalid PNG color type
palette color-map: too few entries
rgb-alpha color-map: too few entries
rgb+alpha color-map: too few entries
rgb color-map: too few entries
rgb[gray] color-map: too few entries
rgb[ga] color-map: too few entries
gray-alpha color-map: too few entries
ga-alpha color-map: too few entries
gray+alpha color-map: too few entries
gray[16] color-map: too few entries
gray[8] color-map: too few entries
a background color must be supplied to remove alpha/transparency
unexpected encoding (internal error)
bad encoding (internal error)
color-map index out of range
bad color-map processing (internal error)
unknown interlace type
png_read_image: invalid transformations
unexpected alpha swap transformation
png_image_read: alpha channel lost
png_read_image: unsupported transformation
unexpected bit depth
unexpected 8-bit transformation
lost/gained channels
unexpected compose
lost rgb to gray
%d / %d
_EL_ColourPopup
Bogus message code %d
libpng error: %s
undefined
libpng warning: %s
bad longjmp:
internal error: array alloc
internal error: array realloc
Out of memory
need dictionary
incorrect data check
incorrect header check
invalid window size
unknown compression method
Call to NULL read function
Read Error
Can't set both read_data_fn and write_data_fn in the same structure
PNG unsigned integer out of range
PNG file corrupted by ASCII conversion
Not a PNG file
CRC error
invalid
out of place
Antivirus Signature
Bkav W32.FamVT.DumpModuleInfectiousNME.PE
Lionic Virus.Win32.Nimnul.n!c
Elastic Windows.Generic.Threat
ClamAV Win.Malware.Wapomi-10020301-0
CMC Clean
CAT-QuickHeal Clean
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.ins
K7AntiVirus Virus ( 0040f7441 )
K7GW Virus ( 0040f7441 )
Cybereason malicious.b1f5be
VirIT Win32.Nimnul.F
Symantec W32.Wapomi.C!inf
tehtris Generic.Malware
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Alibaba Trojan:Win32/Mikcer.35a
NANO-Antivirus Trojan.Win32.Banload.cstqaj
ViRobot Win32.Ramnit.F
MicroWorld-eScan Win32.VJadtre.3
Sophos W32/Nimnul-A
VIPRE Win32.VJadtre.3
McAfeeD Real Protect-LS!6C63F5DB1F5B
Trapmine malicious.high.ml.score
Emsisoft Application.Generic (A)
Jiangmin Win32/Nimnul.f
Avira W32/Jadtre.B
MAX malware (ai score=80)
Antiy-AVL Virus/Win32.Nimnul.f
Kingsoft Win32.Nimnul.f.168959
Gridinsoft Trojan.Heur!.03002201
Xcitium Virus.Win32.Wali.KA@558nxg
Arcabit Win32.VJadtre.3
SUPERAntiSpyware Clean
Google Detected
AhnLab-V3 Win32/VJadtre.Gen
Acronis suspicious
VBA32 Virus.Nimnul.19209
TACHYON Virus/W32.Ramnit.C
Malwarebytes Generic.Malware.AI.DDS
Zoner Probably Heur.ExeHeaderL
Tencent Virus.Win32.Nimnul.ka
Yandex Trojan.GenAsa!iFI0cidiERI
Ikarus Trojan.SuspectCRC
MaxSecure Clean
Fortinet W32/CoinMiner.EC2B!tr
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Virus:Win/Jadtre.A(dyn)
No IRMA results available.