Static | ZeroBOX

PE Compile Time

2024-10-20 09:46:19

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00047414 0x00047600 6.02254724276
.rsrc 0x0004a000 0x00000800 0x00000800 4.82606511643
.reloc 0x0004c000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0004a090 0x000002d4 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0004a374 0x00000478 LANG_NEUTRAL SUBLANG_NEUTRAL exported SGML document, UTF-8 Unicode (with BOM) text

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
-Vds)
%7r ;
%8r&;
%9r,;
%:r2;
%;r8;
%<r>;
%=rD;
%>rJ;
%?rP;
%@rV;
%Ar\;
%Brl;
%Crr;
%Drx;
%Er~;
%\r <
%]r&<
%^r,<
%_r2<
%`r8<
%ar><
%brD<
%crJ<
%drP<
%erV<
%fr\<
%grb<
%hrh<
%irn<
%jrt<
%krz<
% r&T
%"r6T
UYZsx
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADi
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
tEXtSoftware
Adobe ImageReadyq
IDAT8O]
V:>zp3
f{9D]r
\vZ"ZB!
v4.0.30319
#Strings
&3wGx
#%#O#o#
%1%=%V%\%u%
&&&F&\&h&
/@/G/M/
2(2J2i2x2
2'3U3`3n3~3
4V6k6}6
8.9L9d9t9
?.?@?f?
? @9@U@d@
(L+\+p+
,D.T.].
Client.exe
Client
mscorlib
System.Core
System.Windows.Forms
System
System.Drawing
System.Runtime.Serialization
System.Xml
System.Management
System.Speech
System.Security
Microsoft.VisualBasic
Kernel32.dll
user32.dll
kernel32.dll
User32.dll
gdi32.dll
msvcrt.dll
advapi32.dll
shlwapi.dll
shell32.dll
iphlpapi.dll
winmm.dll
ole32.dll
ntdll.dll
oleaut32.dll
xClient.Properties.Resources.resources
<Module>
Program
xClient
Object
ConnectClient
_msgLoop
ApplicationContext
Application
EnableVisualStyles
SetCompatibleTextRenderingDefault
AppDomain
get_CurrentDomain
UnhandledExceptionEventHandler
add_UnhandledException
STAThreadAttribute
get_MessageLoop
Environment
UnhandledExceptionEventArgs
get_IsTerminating
String
IsNullOrEmpty
ProcessStartInfo
System.Diagnostics
set_WindowStyle
ProcessWindowStyle
set_UseShellExecute
set_FileName
Process
HandleUnhandledException
sender
ExitThread
Dispose
Cleanup
IsDebuggerPresent
OpenClipboard
hWndNewOwner
CloseClipboard
SetClipboardData
uFormat
Concat
System.IO
Combine
Debugger
get_IsAttached
GetCurrentProcess
op_Equality
SetAttributes
FileAttributes
GetDirectoryName
DirectoryInfo
FileSystemInfo
get_Attributes
set_Attributes
ThreadStart
System.Threading
Thread
set_IsBackground
get_ExecutablePath
set_Arguments
set_StartInfo
Exception
Initialize
GetModuleHandle
lpModuleName
IntPtr
ToInt32
DetectSandboxie
Registry
Microsoft.Win32
CurrentUser
RegistryKey
OpenSubKey
GetValueNames
keyExists
get_Length
StartsWith
Contains
IsBitcoinAddress
address
Marshal
System.Runtime.InteropServices
StringToHGlobalUni
FreeHGlobal
BTCSWAPPERRUN
GetProcessesByName
IsAntiVM
DriveInfo
StreamWriter
GetDrives
get_IsReady
get_DriveType
DriveType
get_Name
Exists
Delete
FileStream
FileMode
FileAccess
Stream
TextWriter
WriteLine
IDisposable
SpreadUSB
<>9__10_0
<>9__10_1
<>9__10_2
<>9__10_3
.cctor
<Initialize>b__10_0
<Initialize>b__10_1
<Initialize>b__10_2
<Initialize>b__10_3
CompilerGeneratedAttribute
System.Runtime.CompilerServices
ClipboardHelper
CF_UNICODETEXT
IsClipboardFormatAvailable
format
GetClipboardData
GlobalLock
GlobalUnlock
GlobalSize
Encoding
System.Text
get_Unicode
GetString
TrimEnd
op_Inequality
GetText
Resources
xClient.Properties
resourceMan
ResourceManager
System.Resources
resourceCulture
CultureInfo
System.Globalization
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
Assembly
System.Reflection
get_ResourceManager
get_Culture
set_Culture
GetObject
Bitmap
get_information
EditorBrowsableAttribute
System.ComponentModel
EditorBrowsableState
Culture
information
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerNonUserCodeAttribute
Settings
ApplicationSettingsBase
System.Configuration
defaultInstance
get_Default
SettingsBase
Synchronized
Default
xClient.Config
VERSION
RECONNECTDELAY
AUTHKEY
SPECIALFOLDER
SpecialFolder
DIRECTORY
SUBDIRECTORY
INSTALLNAME
INSTALL
STARTUP
STARTUPKEY
HIDEFILE
ENABLELOGGER
ENCRYPTIONKEY
LOGDIRECTORYNAME
USBSpreadNAME
BTCAddress
HIDELOGDIRECTORY
HIDEINSTALLSUBDIRECTORY
ENABLEPERSISTENCE
ENABLEANTISANDBOXIE
ENABLEANTIVM
ENABLEUSBSPREAD
ANTIDEBUG
STARTUPPERSISTENCE
ENABLEBTCSWAP
GetFolderPath
FixDirectory
MouseAction
xClient.Enums
value__
LeftDown
LeftUp
RightDown
RightUp
MoveCursor
ScrollUp
ScrollDown
PathType
Directory
ShutdownAction
Shutdown
Restart
Standby
UserStatus
Active
Botkiller
xClient.Core
applocal
startup
appdata
split1
split2
keylogger
injector
ircbot
generic
crypter
List`1
System.Collections.Generic
SetApartmentState
ApartmentState
Collect
ScanThread
Enumerator
GetEnumerator
get_Current
MoveNext
get_Count
GetFileName
get_UTF8
ReadAllBytes
scanFile
GetProcesses
get_MainModule
ProcessModule
get_FileName
get_Item
IndexOf
StringComparison
Remove
LastIndexOf
Substring
DeleteValue
LocalMachine
removeThreat
usepath
GetValue
ToString
returnHKCU
returnHKLM
FileInfo
GetFiles
get_FullName
returnDirs
isRunning
fullpath
GetEnvironmentVariable
PossibleThreat
ValueType
running
regkey
exename
JudgedAs
Unknown
Keylogger
GenericBot
Injector
IRC_Bot
BotKillStatus
status
ReverseProxyClient
xClient.Core.ReverseProxy
BUFFER_SIZE
<ConnectionId>k__BackingField
<Handle>k__BackingField
Socket
System.Net.Sockets
<Target>k__BackingField
<Port>k__BackingField
<Client>k__BackingField
_buffer
_disconnectIsSend
get_ConnectionId
set_ConnectionId
get_Handle
set_Handle
get_Target
set_Target
get_Port
set_Port
get_Client
set_Client
AddressFamily
SocketType
ProtocolType
AsyncCallback
BeginConnect
IAsyncResult
command
client
IPEndPoint
System.Net
EndConnect
get_Connected
BeginReceive
SocketFlags
get_LocalEndPoint
EndPoint
get_Address
IPAddress
Handle_Connect
EndReceive
AsyncReceive
Disconnect
SendToTargetServer
ConnectionId
Handle
Target
ReverseProxyCommandHandler
GetType
HandleCommand
packet
ReverseProxyConnect
xClient.Core.ReverseProxy.Packets
connectionId
target
Execute
ReverseProxyConnectResponse
<IsConnected>k__BackingField
<LocalAddress>k__BackingField
<LocalPort>k__BackingField
<HostName>k__BackingField
get_IsConnected
set_IsConnected
get_LocalAddress
set_LocalAddress
get_LocalPort
set_LocalPort
get_HostName
set_HostName
IPHostEntry
GetHostEntry
isConnected
localAddress
localPort
targetServer
IsConnected
LocalAddress
LocalPort
HostName
ReverseProxyData
<Data>k__BackingField
get_Data
set_Data
ReverseProxyDisconnect
xClient.Core.MouseKeyHook
AppEvents
GlobalEvents
IKeyboardEvents
add_KeyDown
KeyEventHandler
remove_KeyDown
add_KeyPress
KeyPressEventHandler
remove_KeyPress
add_KeyUp
remove_KeyUp
KeyDown
KeyPress
IKeyboardMouseEvents
IMouseEvents
add_MouseMove
MouseEventHandler
remove_MouseMove
add_MouseMoveExt
EventHandler`1
remove_MouseMoveExt
add_MouseClick
remove_MouseClick
add_MouseDown
remove_MouseDown
add_MouseDownExt
remove_MouseDownExt
add_MouseUp
remove_MouseUp
add_MouseUpExt
remove_MouseUpExt
add_MouseWheel
remove_MouseWheel
add_MouseDoubleClick
remove_MouseDoubleClick
MouseMove
MouseMoveExt
MouseClick
MouseDown
MouseDownExt
MouseUp
MouseUpExt
MouseWheel
MouseDoubleClick
KeyEventArgsExt
KeyEventArgs
<Timestamp>k__BackingField
<IsKeyDown>k__BackingField
<IsKeyUp>k__BackingField
keyData
timestamp
isKeyDown
isKeyUp
get_Timestamp
set_Timestamp
get_IsKeyDown
set_IsKeyDown
get_IsKeyUp
set_IsKeyUp
get_TickCount
ToInt64
op_Explicit
FromRawDataApp
PtrToStructure
FromRawDataGlobal
CheckModifier
AppendModifierStates
Timestamp
IsKeyDown
IsKeyUp
KeyPressEventArgsExt
KeyPressEventArgs
<IsNonChar>k__BackingField
keyChar
get_IsNonChar
set_IsNonChar
IEnumerable`1
IsNonChar
<FromRawDataApp>d__10
IEnumerable
System.Collections
IEnumerator`1
IEnumerator
<>1__state
<>2__current
<>l__initialThreadId
<>3__data
<>7__wrap1
<>7__wrap2
get_CurrentThread
get_ManagedThreadId
DebuggerHiddenAttribute
System.IDisposable.Dispose
System.Collections.Generic.IEnumerator<xClient.Core.MouseKeyHook.KeyPressEventArgsExt>.get_Current
NotSupportedException
System.Collections.IEnumerator.Reset
System.Collections.IEnumerator.get_Current
System.Collections.Generic.IEnumerable<xClient.Core.MouseKeyHook.KeyPressEventArgsExt>.GetEnumerator
System.Collections.IEnumerable.GetEnumerator
System.Collections.Generic.IEnumerator<xClient.Core.MouseKeyHook.KeyPressEventArgsExt>.Current
System.Collections.IEnumerator.Current
<FromRawDataGlobal>d__11
<virtualKeyCode>5__1
<scanCode>5__2
<fuState>5__3
<keyboardHookStruct>5__4
MouseEventExtArgs
MouseEventArgs
<Handled>k__BackingField
<IsMouseKeyDown>k__BackingField
<IsMouseKeyUp>k__BackingField
MouseButtons
buttons
clicks
isMouseKeyDown
isMouseKeyUp
get_Handled
set_Handled
get_Delta
get_WheelScrolled
get_Clicks
get_Clicked
get_IsMouseKeyDown
set_IsMouseKeyDown
get_IsMouseKeyUp
set_IsMouseKeyUp
get_Point
FromRawDataUniversal
wParam
mouseInfo
get_Button
ToDoubleClickEventArgs
Handled
WheelScrolled
Clicked
IsMouseKeyDown
IsMouseKeyUp
AppMouseStruct
xClient.Core.MouseKeyHook.WinApi
MouseData
ToMouseStruct
CallbackData
m_LParam
m_WParam
lParam
get_WParam
get_LParam
WParam
LParam
HookHelper
HookAppMouse
callback
HookAppKeyboard
HookGlobalMouse
HookGlobalKeyboard
SafeHandle
get_IsInvalid
HookApp
hookId
get_BaseAddress
HookGlobal
HookProcedure
CallNextHookEx
GetLastWin32Error
Win32Exception
ThrowLastUnmanagedErrorAsException
<>c__DisplayClass4_0
<HookApp>b__0
<>c__DisplayClass5_0
<HookGlobal>b__0
HookIds
WH_MOUSE
WH_KEYBOARD
WH_MOUSE_LL
WH_KEYBOARD_LL
HookNativeMethods
idHook
SetWindowsHookEx
dwThreadId
UnhookWindowsHookEx
MulticastDelegate
object
method
Invoke
BeginInvoke
EndInvoke
result
HookProcedureHandle
SafeHandleZeroOrMinusOneIsInvalid
Microsoft.Win32.SafeHandles
_closing
EventHandler
add_ApplicationExit
handle
ReleaseHandle
<.cctor>b__1_0
EventArgs
HookResult
m_Handle
m_Procedure
procedure
get_Procedure
Procedure
KeyboardHookStruct
VirtualKeyCode
ScanCode
ExtraInfo
KeyboardNativeMethods
VK_SHIFT
VK_CAPITAL
VK_NUMLOCK
VK_LSHIFT
VK_RSHIFT
VK_LCONTROL
VK_RCONTROL
VK_LMENU
VK_RMENU
VK_LWIN
VK_RWIN
VK_SCROLL
VK_INSERT
VK_CONTROL
VK_MENU
VK_PACKET
lastVirtualKeyCode
lastScanCode
lastKeyState
lastIsDead
TryGetCharFromKeyboardState
virtualKeyCode
fuState
scanCode
StringBuilder
get_Capacity
get_Chars
ClearKeyboardBuffer
GetActiveKeyboard
ToAscii
uVirtKey
uScanCode
lpbKeyState
lpwTransKey
ObsoleteAttribute
ToUnicodeEx
wVirtKey
wScanCode
lpKeyState
pwszBuff
cchBuff
wFlags
GetKeyboardState
pbKeyState
GetKeyState
MapVirtualKeyEx
uMapType
GetKeyboardLayout
dwLayout
MapType
MAPVK_VK_TO_VSC
MAPVK_VSC_TO_VK
MAPVK_VK_TO_CHAR
MAPVK_VSC_TO_VK_EX
Messages
WM_MOUSEMOVE
WM_LBUTTONDOWN
WM_RBUTTONDOWN
WM_MBUTTONDOWN
WM_LBUTTONUP
WM_RBUTTONUP
WM_MBUTTONUP
WM_LBUTTONDBLCLK
WM_RBUTTONDBLCLK
WM_MBUTTONDBLCLK
WM_MOUSEWHEEL
WM_XBUTTONDOWN
WM_XBUTTONUP
WM_XBUTTONDBLCLK
WM_MOUSEHWHEEL
WM_KEYDOWN
WM_KEYUP
WM_SYSKEYDOWN
WM_SYSKEYUP
MouseNativeMethods
GetDoubleClickTime
MouseStruct
Equals
GetHashCode
ThreadNativeMethods
GetCurrentThreadId
GetForegroundWindow
GetWindowText
lpString
nMaxCount
GetWindowThreadProcessId
processId
AppEventFacade
xClient.Core.MouseKeyHook.Implementation
CreateMouseListener
CreateKeyListener
AppKeyListener
GetPressEventArgs
GetDownUpEventArgs
AppMouseListener
GetEventArgs
BaseListener
subscribe
Callback
ButtonSet
element
EventFacade
m_KeyListenerCache
m_MouseListenerCache
GetKeyListener
GetMouseListener
GlobalEventFacade
GlobalKeyListener
GlobalMouseListener
m_SystemDoubleClickTime
m_PreviousClicked
m_PreviousClickedPosition
m_PreviousClickedTime
ProcessDown
ProcessUp
StartDoubleClickWaiting
StopDoubleClickWaiting
IsDoubleClick
KeyboardState
m_KeyboardStateNative
keyboardStateNative
GetCurrent
GetNativeState
IsDown
IsToggled
AreAllDown
ArgumentOutOfRangeException
GetHighBit
GetLowBit
KeyListener
Delegate
Interlocked
CompareExchange
InvokeKeyDown
InvokeKeyPress
InvokeKeyUp
MouseListener
m_DoubleDown
m_SingleDown
m_PreviousPosition
ProcessWheel
ProcessMove
HasMoved
actualPoint
OnMove
OnMoveExt
OnClick
OnDown
OnDownExt
OnUpExt
OnWheel
OnDoubleClick
Subscribe
callbck
HotKeyArgs
xClient.Core.MouseKeyHook.HotKeys
m_TimeOfExecution
DateTime
triggeredAt
get_Time
HotKeySet
m_hotkeys
m_hotkeystate
Dictionary`2
m_remapping
m_enabled
m_hotkeydowncount
m_remappingCount
<Name>k__BackingField
<Description>k__BackingField
OnHotKeysDownHold
OnHotKeysUp
OnHotKeysDownOnce
hotkeys
set_Name
get_Description
set_Description
get_HotKeys
get_HotKeysActivated
get_Enabled
set_Enabled
add_OnHotKeysDownHold
remove_OnHotKeysDownHold
add_OnHotKeysUp
remove_OnHotKeysUp
add_OnHotKeysDownOnce
remove_OnHotKeysDownOnce
get_Now
InvokeHotKeyHandler
hotKeyDelegate
ContainsKey
set_Item
InitializeKeys
KeyValuePair`2
ContainsValue
get_Value
get_Key
UnregisterExclusiveOrKey
anyKeyInTheExclusiveOrSet
RegisterExclusiveOrKey
orKeySet
GetExclusiveOrPrimaryKey
GetPrimaryKey
get_KeyCode
OnKeyDown
OnKeyUp
Description
HotKeys
HotKeysActivated
Enabled
HotKeyHandler
HotKeySetCollection
m_keyChain
KeyChainHandler
FileSplit
xClient.Core.Utilities
_maxBlocks
_fileStreamLock
MAX_BLOCK_SIZE
<Path>k__BackingField
<LastError>k__BackingField
get_Path
set_Path
get_LastError
set_LastError
get_Exists
FileNotFoundException
Ceiling
PathTooLongException
UnauthorizedAccessException
IOException
get_MaxBlocks
GetSize
length
Monitor
OpenRead
SeekOrigin
get_Position
DirectoryNotFoundException
ReadBlock
blockNumber
readBytes
AppendBlock
LastError
MaxBlocks
HostsManager
_hosts
Queue`1
get_IsEmpty
Enqueue
Dequeue
GetNextHost
TryParse
get_AddressFamily
get_OSSupportsIPv6
get_AddressList
IsEmpty
NativeMethods
DeleteFile
LoadLibrary
lpFileName
GetProcAddress
hModule
procName
GetLastInputInfo
SetCursorPos
mouse_event
dwFlags
cButtons
dwExtraInfo
keybd_event
BitBlt
nXDest
nYDest
nWidth
nHeight
hdcSrc
CreateDC
lpszDriver
lpszDevice
lpszOutput
lpInitData
DeleteDC
memcmp
memcpy
SystemParametersInfo
uAction
uParam
lpvParam
PostMessage
OpenDesktop
hDesktop
inherit
desiredAccess
CloseDesktop
EnumDesktopWindows
IsWindowVisible
LASTINPUTINFO
SizeOf
cbSize
dwTime
EnumDesktopWindowsProc
UnsafeStreamCodec
<Monitor>k__BackingField
<Resolution>k__BackingField
<CheckBlock>k__BackingField
_imageQuality
_encodeBuffer
_decodedBitmap
_encodedFormat
PixelFormat
System.Drawing.Imaging
_encodedWidth
_encodedHeight
_imageProcessLock
_jpgCompression
get_Monitor
set_Monitor
get_Resolution
set_Resolution
get_CheckBlock
set_CheckBlock
get_ImageQuality
set_ImageQuality
imageQuality
monitor
resolution
SuppressFinalize
disposing
Rectangle
BitmapData
get_CanWrite
get_Width
get_Height
BitConverter
GetBytes
get_PixelFormat
LockBits
ImageLockMode
get_Scan0
ToPointer
set_Position
UnlockBits
CodeImage
scanArea
imageSize
outStream
MemoryStream
FromStream
DecodeData
codecBuffer
Graphics
FromImage
get_Location
DrawImage
inStream
Resolution
CheckBlock
ImageQuality
_readLock
_readStreamLock
_encoding
_inputWriter
get_InstalledUICulture
get_TextInfo
TextInfo
get_OEMCodePage
GetEncoding
set_RedirectStandardInput
set_RedirectStandardOutput
set_RedirectStandardError
set_StandardOutputEncoding
set_StandardErrorEncoding
set_CreateNoWindow
GetPathRoot
set_WorkingDirectory
get_CodePage
get_NewLine
CreateSession
WaitCallback
ThreadPool
QueueUserWorkItem
RedirectOutputs
Append
TextReader
ReadStream
StreamReader
firstCharRead
streamReader
isError
Convert
set_Length
SendAndFlushBuffer
textbuffer
get_StandardOutput
get_HasExited
ApplicationException
InvalidOperationException
Format
ObjectDisposedException
RedirectStandardOutput
get_StandardError
RedirectStandardError
get_StandardInput
get_BaseStream
ExecuteCommand
Component
<RedirectOutputs>b__7_0
<RedirectOutputs>b__7_1
Instance
<IsDisposed>k__BackingField
_timerFlush
System.Timers
_logFileBuffer
_pressedKeys
_pressedKeyChars
_lastWindowTitle
_ignoreSpecialKeys
_mEvents
get_IsDisposed
set_IsDisposed
get_LogDirectory
set_Interval
ElapsedEventHandler
add_Elapsed
flushInterval
events
Unsubscribe
get_KeyChar
OnKeyPress
ToArray
AppendFormat
HighlightSpecialKeys
timerFlush_Elapsed
ElapsedEventArgs
Create
WriteFile
IsDisposed
LogDirectory
RegistryEditor
xClient.Core.Registry
REGISTRY_KEY_CREATE_ERROR
REGISTRY_KEY_DELETE_ERROR
REGISTRY_KEY_RENAME_ERROR
REGISTRY_VALUE_CREATE_ERROR
REGISTRY_VALUE_DELETE_ERROR
REGISTRY_VALUE_RENAME_ERROR
REGISTRY_VALUE_CHANGE_ERROR
get_Message
CreateRegistryKey
parentPath
errorMsg
DeleteRegistryKey
RenameRegistryKey
oldName
newName
CreateRegistryValue
RegistryValueKind
keyPath
DeleteRegistryValue
RenameRegistryValue
ChangeRegistryValue
GetWritableRegistryKey
RegistrySeeker
locker
matches
get_Matches
BeginSeeking
rootKeyName
rootKey
GetSubKeyNames
Search
GetValueKind
get_SubKeyCount
ProcessKey
keyName
AddMatch
values
subkeycount
OpenBaseKey
RegistryHive
RegistryView
SystemException
GetRootKey
subkeyFullPath
GetRootKeys
Matches
RegSeekerMatch
<Key>k__BackingField
<HasSubKeys>k__BackingField
set_Key
get_HasSubKeys
set_HasSubKeys
HasSubKeys
RegValueData
<Kind>k__BackingField
get_Kind
set_Kind
ChromiumBase
xClient.Core.Recovery.Utilities
Passwords
datapath
browser
Cookies
dataPath
ProtectedData
System.Security.Cryptography
Unprotect
DataProtectionScope
Decrypt
EncryptedData
ChromiumCookie
<HostKey>k__BackingField
<Value>k__BackingField
<ExpiresUTC>k__BackingField
<LastAccessUTC>k__BackingField
<Secure>k__BackingField
<HttpOnly>k__BackingField
<Expired>k__BackingField
<Persistent>k__BackingField
<Priority>k__BackingField
<Browser>k__BackingField
get_HostKey
set_HostKey
set_Value
get_ExpiresUTC
set_ExpiresUTC
get_LastAccessUTC
set_LastAccessUTC
get_Secure
set_Secure
get_HttpOnly
set_HttpOnly
get_Expired
set_Expired
get_Persistent
set_Persistent
get_Priority
set_Priority
get_Browser
set_Browser
Boolean
HostKey
ExpiresUTC
LastAccessUTC
Secure
HttpOnly
Expired
Persistent
Priority
Browser
JsonUtil
DataContractJsonSerializer
System.Runtime.Serialization.Json
XmlObjectSerializer
WriteObject
Serialize
ReadObject
Deserialize
SQLiteHandler
db_bytes
encoding
field_names
master_table_entries
page_size
SQLDataTypeSize
table_entries
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
FileSystem
FileOpen
OpenMode
OpenAccess
OpenShare
Strings
FileGet
FileClose
CompareTo
Decimal
Compare
baseName
ConvertToInteger
startIndex
endIndex
GetRowCount
Microsoft.VisualBasic.CompilerServices
CopyArray
GetTableNames
row_num
ToLower
Subtract
ToUInt16
ToUInt64
get_BigEndianUnicode
Multiply
ReadMasterTable
Offset
TrimStart
ReadTable
TableName
Conversions
ReadTableFromOffset
record_header_field
sqlite_master_entry
row_id
item_type
item_name
astable_name
root_num
sql_statement
table_entry
content
Chrome
xClient.Core.Recovery.Browsers
GetSavedPasswords
GetSavedCookies
Firefox
nssModule
firefoxPath
firefoxProfilePath
firefoxLoginFile
firefoxCookieFile
NullReferenceException
ReadToEnd
get_AbsoluteUri
FileVersionInfo
GetVersionInfo
get_FileVersion
Version
get_Major
GetDelegateForFunctionPointer
InitializeDelegates
DateTimeKind
AddSeconds
FromUnixTime
unixTime
TimeSpan
ToLocalTime
op_Subtraction
get_TotalSeconds
ToUnixTime
GetDirectories
IndexOutOfRangeException
GetProfilePath
GetFile
profilePath
searchTerm
GetFirefoxInstallPath
ArgumentNullException
IDictionary
LoadWin32Library
libPath
PK11_GetInternalKeySlot
PK11_Authenticate
loadCerts
NSSBase64_DecodeBuffer
arenaOpt
outItemOpt
PK11SDR_Decrypt
cypherText
NSS_InitPtr
configdir
UnmanagedFunctionPointerAttribute
CallingConvention
PK11SDR_DecryptPtr
__result
PK11_GetInternalKeySlotPtr
PK11_AuthenticatePtr
NSSBase64_DecodeBufferPtr
TSECItem
SECItemType
SECItemData
SECItemLen
<id>k__BackingField
<hostname>k__BackingField
<httpRealm>k__BackingField
<formSubmitURL>k__BackingField
<usernameField>k__BackingField
<passwordField>k__BackingField
<encryptedUsername>k__BackingField
<encryptedPassword>k__BackingField
<guid>k__BackingField
<encType>k__BackingField
<timeCreated>k__BackingField
<timeLastUsed>k__BackingField
<timePasswordChanged>k__BackingField
<timesUsed>k__BackingField
get_id
set_id
get_hostname
set_hostname
get_httpRealm
set_httpRealm
get_formSubmitURL
set_formSubmitURL
get_usernameField
set_usernameField
get_passwordField
set_passwordField
get_encryptedUsername
set_encryptedUsername
get_encryptedPassword
set_encryptedPassword
get_guid
set_guid
get_encType
set_encType
get_timeCreated
set_timeCreated
get_timeLastUsed
set_timeLastUsed
get_timePasswordChanged
set_timePasswordChanged
get_timesUsed
set_timesUsed
hostname
httpRealm
formSubmitURL
usernameField
passwordField
encryptedUsername
encryptedPassword
encType
timeCreated
timeLastUsed
timePasswordChanged
timesUsed
JsonFFData
<nextId>k__BackingField
<logins>k__BackingField
<disabledHosts>k__BackingField
<version>k__BackingField
get_nextId
set_nextId
get_logins
set_logins
get_disabledHosts
set_disabledHosts
get_version
set_version
nextId
logins
disabledHosts
version
FirefoxPassword
<Username>k__BackingField
<Password>k__BackingField
<Host>k__BackingField
get_Username
set_Username
get_Password
set_Password
get_Host
set_Host
Username
Password
FirefoxCookie
InternetExplorer
regPath
PROV_RSA_FULL
CRYPT_VERIFYCONTEXT
ALG_CLASS_HASH
ALG_SID_SHA1
GCHandle
GCHandleType
AddrOfPinnedObject
ByteArrayToStructure
ToCharArray
Buffer
BlockCopy
DecryptIePassword
dataList
Func`2
Enumerable
System.Linq
DoesURLMatchWithHash
urlHash
GetURLHashString
wstrURL
CryptAcquireContext
phProv
pszContainer
pszProvider
dwProvType
CryptCreateHash
phHash
CryptHashData
pbData
dwDataLen
CryptDestroyHash
CryptGetHashParam
dwParam
pdwDataLen
CryptReleaseContext
IESecretInfoHeader
dwIdHeader
dwSize
dwTotalSecrets
unknown
unknownZero
IEAutoComplteSecretHeader
dwSecretInfoSize
dwSecretSize
IESecretHeader
SecretEntry
dwOffset
SecretId
SecretId1
SecretId2
SecretId3
SecretId4
SecretId5
SecretId6
SecretId7
dwLength
ALG_ID
CALG_MD5
CALG_SHA1
HashParameters
HP_ALGID
HP_HASHVAL
HP_HASHSIZE
<DoesURLMatchWithHash>b__0
ExplorerUrlHistory
urlHistory
_urlHistoryList
ReleaseComObject
AddHistoryEntry
pocsUrl
pocsTitle
DeleteHistoryEntry
QueryUrl
ClearHistory
DefaultMemberAttribute
STATURLEnumerator
_enumerator
_index
_staturl
enumerator
SetFilter
poszFilter
GetUrlHistory
Current
Win32api
SHGFI_ATTR_SPECIFIED
SHGFI_ATTRIBUTES
SHGFI_PIDL
SHGFI_DISPLAYNAME
SHGFI_USEFILEATTRIBUTES
FILE_ATTRIBUTRE_NORMAL
SHGFI_EXETYPE
SHGFI_SYSICONINDEX
ILC_COLORDDB
ILC_MASK
ILD_TRANSPARENT
SHGFI_ICON
SHGFI_LARGEICON
SHGFI_SHELLICONSIZE
SHGFI_SMALLICON
SHGFI_TYPENAME
SHGFI_ICONLOCATION
UrlCanonicalize
pszUrl
pszCanonicalized
pcchCanonicalized
set_Capacity
CannonializeURL
FileTimeToSystemTime
FILETIME
System.Runtime.InteropServices.ComTypes
FileTime
SystemTime
FileTimeToDateTime
filetime
SystemTimeToFileTime
lpSystemTime
lpFileTime
get_Year
get_Month
get_Day
get_Hour
get_Minute
get_Second
get_Millisecond
DateTimeToFileTime
datetime
CompareFileTime
lpFileTime1
lpFileTime2
SHGetFileInfo
pszPath
dwFileAttributes
cbSizeFileInfo
uFlags
shlwapi_URL
URL_DONT_SIMPLIFY
URL_ESCAPE_PERCENT
URL_ESCAPE_SPACES_ONLY
URL_ESCAPE_UNSAFE
URL_PLUGGABLE_PROTOCOL
URL_UNESCAPE
FlagsAttribute
SYSTEMTIME
DayOfWeek
Milliseconds
Minute
Second
SHFILEINFO
dwAttributes
szDisplayName
szTypeName
SortFileTimeAscendingHelper
IComparer
System.Collections.IComparer.Compare
SortFileTimeAscending
STATURL_QUERYFLAGS
STATURL_QUERYFLAG_ISCACHED
STATURL_QUERYFLAG_NOURL
STATURL_QUERYFLAG_NOTITLE
STATURL_QUERYFLAG_TOPLEVEL
STATURLFLAGS
STATURLFLAG_ISCACHED
STATURLFLAG_ISTOPLEVEL
ADDURL_FLAG
ADDURL_ADDTOHISTORYANDCACHE
ADDURL_ADDTOCACHE
STATURL
pwcsUrl
pwcsTitle
ftLastVisited
ftLastUpdated
ftExpires
get_URL
get_UrlString
Replace
get_Title
get_LastVisited
get_LastUpdated
get_Expires
UrlString
LastVisited
LastUpdated
Expires
IEnumSTATURL
pceltFetched
ppenum
InterfaceTypeAttribute
ComInterfaceType
GuidAttribute
IUrlHistoryStg
AddUrl
DeleteUrl
lpSTATURL
BindToObject
ppvOut
get_EnumUrls
EnumUrls
IUrlHistoryStg2
AddUrlAndNotify
fWriteHistory
poctNotify
punkISFolder
UrlHistoryClass
Yandex
FileZilla
xClient.Core.Recovery.FtpClients
RecentServerPath
SiteManagerPath
XmlTextReader
XmlNode
XmlDocument
XmlReader
get_DocumentElement
XmlElement
get_ChildNodes
XmlNodeList
get_ItemOf
get_InnerText
FromBase64String
Base64Decode
szInput
WinSCP
UnescapeDataString
dec_next_char
Select
ToList
WinSCPDecrypt
<>9__2_0
<WinSCPDecrypt>b__2_0
PacketRegistery
xClient.Core.Packets
GetPacketTypes
PacketHandler
HandlePacket
IPacket
DoClearEvents
xClient.Core.Packets.ServerPackets
DoClipboardSet
<Text>k__BackingField
get_Text
set_Text
DoClientRestoreDel
DoClearClipboard
DoDisableCMD
DoDisableTaskmgr
DoRegedit
DoSwapButtons
DoHideDesktop
DoRunBotkiller
DoDisplayMSG
DoHideTaskbar
DoTextToSpeech
DoWallpaper
<URL>k__BackingField
set_URL
DoWebcamStop
DoAskElevate
DoChangeRegistryValue
<KeyPath>k__BackingField
get_KeyPath
set_KeyPath
KeyPath
DoCloseConnection
<RemotePort>k__BackingField
get_RemotePort
set_RemotePort
localport
remoteport
RemotePort
DoCreateRegistryKey
<ParentPath>k__BackingField
get_ParentPath
set_ParentPath
ParentPath
DoCreateRegistryValue
DoDeleteRegistryKey
<KeyName>k__BackingField
get_KeyName
set_KeyName
KeyName
DoDeleteRegistryValue
<ValueName>k__BackingField
get_ValueName
set_ValueName
valueName
ValueName
DoKeyboardEvent
<KeyDown>k__BackingField
get_KeyDown
set_KeyDown
keyDown
DoLoadRegistryKey
<RootKeyName>k__BackingField
get_RootKeyName
set_RootKeyName
RootKeyName
DoRenameRegistryKey
<OldKeyName>k__BackingField
<NewKeyName>k__BackingField
get_OldKeyName
set_OldKeyName
get_NewKeyName
set_NewKeyName
oldKeyName
newKeyName
OldKeyName
NewKeyName
DoRenameRegistryValue
<OldValueName>k__BackingField
<NewValueName>k__BackingField
get_OldValueName
set_OldValueName
get_NewValueName
set_NewValueName
oldValueName
newValueName
OldValueName
NewValueName
GetConnections
GetWebcam
<Webcam>k__BackingField
get_Webcam
set_Webcam
webcam
Webcam
GetWebcams
GetPasswords
SetAuthenticationSuccess
DoShutdownAction
<Action>k__BackingField
get_Action
set_Action
action
Action
DoStartupItemAdd
<Type>k__BackingField
get_Type
set_Type
DoUploadFile
<ID>k__BackingField
<RemotePath>k__BackingField
<Block>k__BackingField
<MaxBlocks>k__BackingField
<CurrentBlock>k__BackingField
get_ID
set_ID
get_RemotePath
set_RemotePath
get_Block
set_Block
set_MaxBlocks
get_CurrentBlock
set_CurrentBlock
remotepath
maxblocks
currentblock
RemotePath
CurrentBlock
GetDesktop
<Quality>k__BackingField
get_Quality
set_Quality
quality
Quality
GetDirectory
DoPathDelete
<PathType>k__BackingField
get_PathType
set_PathType
pathtype
DoPathRename
<NewPath>k__BackingField
get_NewPath
set_NewPath
newpath
NewPath
DoDownloadFile
DoDownloadFileCancel
GetKeyloggerLogs
GetStartupItems
GetSystemInfo
DoProcessKill
<PID>k__BackingField
get_PID
set_PID
GetMonitors
DoStartupItemRemove
DoShellExecute
<Command>k__BackingField
get_Command
set_Command
Command
DoShowMessageBox
<Caption>k__BackingField
<MessageboxButton>k__BackingField
<MessageboxIcon>k__BackingField
get_Caption
set_Caption
get_MessageboxButton
set_MessageboxButton
get_MessageboxIcon
set_MessageboxIcon
caption
messageboxbutton
messageboxicon
Caption
MessageboxButton
MessageboxIcon
DoClientUpdate
<DownloadURL>k__BackingField
<FileName>k__BackingField
get_DownloadURL
set_DownloadURL
downloadurl
filename
DownloadURL
FileName
DoUploadAndExecute
<RunHidden>k__BackingField
get_RunHidden
set_RunHidden
runhidden
RunHidden
DoVisitWebsite
<Hidden>k__BackingField
get_Hidden
set_Hidden
hidden
Hidden
DoMouseEvent
<IsMouseDown>k__BackingField
<X>k__BackingField
<Y>k__BackingField
<MonitorIndex>k__BackingField
get_IsMouseDown
set_IsMouseDown
get_MonitorIndex
set_MonitorIndex
isMouseDown
monitorIndex
IsMouseDown
MonitorIndex
DoProcessStart
<Processname>k__BackingField
get_Processname
set_Processname
processname
Processname
DoClientDisconnect
DoDownloadAndExecute
DoClientUninstall
GetAuthentication
DoClientReconnect
GetChangeRegistryValueResponse
xClient.Core.Packets.ClientPackets
<IsError>k__BackingField
<ErrorMsg>k__BackingField
get_IsError
set_IsError
get_ErrorMsg
set_ErrorMsg
IsError
ErrorMsg
GetConnectionsResponse
<Processes>k__BackingField
<LocalAddresses>k__BackingField
<LocalPorts>k__BackingField
<RemoteAdresses>k__BackingField
<RemotePorts>k__BackingField
<States>k__BackingField
get_Processes
set_Processes
get_LocalAddresses
set_LocalAddresses
get_LocalPorts
set_LocalPorts
get_RemoteAdresses
set_RemoteAdresses
get_RemotePorts
set_RemotePorts
get_States
set_States
processes
localaddresses
localports
remoteadresses
remoteports
states
Processes
LocalAddresses
LocalPorts
RemoteAdresses
RemotePorts
States
GetCreateRegistryKeyResponse
<Match>k__BackingField
get_Match
set_Match
GetCreateRegistryValueResponse
GetDeleteRegistryKeyResponse
GetDeleteRegistryValueResponse
GetWebcamResponse
<Image>k__BackingField
get_Image
set_Image
GetWebcamsResponse
<Webcams>k__BackingField
get_Webcams
set_Webcams
webcams
Webcams
GetPasswordsResponse
<Passwords>k__BackingField
get_Passwords
set_Passwords
GetRegistryKeysResponse
<Matches>k__BackingField
<RootKey>k__BackingField
set_Matches
get_RootKey
set_RootKey
RootKey
GetRenameRegistryKeyResponse
GetRenameRegistryValueResponse
SetStatusFileManager
<Message>k__BackingField
<SetLastDirectorySeen>k__BackingField
set_Message
get_SetLastDirectorySeen
set_SetLastDirectorySeen
message
setLastDirectorySeen
Message
SetLastDirectorySeen
GetDesktopResponse
GetDirectoryResponse
<Files>k__BackingField
<Folders>k__BackingField
<FilesSize>k__BackingField
get_Files
set_Files
get_Folders
set_Folders
get_FilesSize
set_FilesSize
folders
filessize
Folders
FilesSize
DoDownloadFileResponse
<Filename>k__BackingField
<CustomMessage>k__BackingField
get_Filename
set_Filename
get_CustomMessage
set_CustomMessage
custommessage
Filename
CustomMessage
GetDrivesResponse
<DriveDisplayName>k__BackingField
<RootDirectory>k__BackingField
get_DriveDisplayName
set_DriveDisplayName
get_RootDirectory
set_RootDirectory
driveDisplayName
rootDirectory
DriveDisplayName
RootDirectory
GetKeyloggerLogsResponse
<Index>k__BackingField
<FileCount>k__BackingField
get_Index
set_Index
get_FileCount
set_FileCount
fileCount
FileCount
GetProcessesResponse
<IDs>k__BackingField
<Titles>k__BackingField
get_IDs
set_IDs
get_Titles
set_Titles
titles
Titles
GetStartupItemsResponse
<StartupItems>k__BackingField
get_StartupItems
set_StartupItems
startupitems
StartupItems
GetSystemInfoResponse
<SystemInfos>k__BackingField
get_SystemInfos
set_SystemInfos
systeminfos
SystemInfos
GetMonitorsResponse
<Number>k__BackingField
get_Number
set_Number
number
Number
DoShellExecuteResponse
<Output>k__BackingField
get_Output
set_Output
output
Output
SetUserStatus
SetStatus
GetAuthenticationResponse
<Version>k__BackingField
<OperatingSystem>k__BackingField
<AccountType>k__BackingField
<Country>k__BackingField
<CountryCode>k__BackingField
<Region>k__BackingField
<City>k__BackingField
<ImageIndex>k__BackingField
<Id>k__BackingField
<PCName>k__BackingField
<Tag>k__BackingField
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Quasar.m!c
Elastic Windows.Trojan.Quasarrat
ClamAV Win.Trojan.Barys-1
CMC Clean
CAT-QuickHeal Backdoor.MsilFC.S6050939
Skyhigh BehavesLike.Win32.Generic.dh
ALYac Clean
Cylance Unsafe
Zillya Trojan.Agent.Win32.4005592
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Backdoor:MSIL/Quasar.f23d0c11
K7GW Trojan ( 00562f821 )
K7AntiVirus Trojan ( 00562f821 )
huorong Worm/MSIL.Autorun.e
Baidu Clean
VirIT Backdoor.Win32.Quasar.AM
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of MSIL/Spy.Agent.AES
APEX Malicious
Avast MSIL:Rat-B [Trj]
Cynet Clean
Kaspersky HEUR:Backdoor.MSIL.Quasar.gen
BitDefender Gen:Heur.Ransom.Imps.3
NANO-Antivirus Trojan.Win32.PWS.edqjme
ViRobot Clean
MicroWorld-eScan Gen:Heur.Ransom.Imps.3
Tencent Malware.Win32.Gencirc.10b4f6f3
Sophos ATK/Zaquar-D
F-Secure Heuristic.HEUR/AGEN.1307329
DrWeb BackDoor.Quasar.1
VIPRE Gen:Heur.Ransom.Imps.3
TrendMicro TSPY_TINCLEX.SM1
McAfeeD Real Protect-LS!D0D7CE768120
Trapmine suspicious.low.ml.score
CTX exe.trojan.msil
Emsisoft Gen:Heur.Ransom.Imps.3 (B)
Ikarus Backdoor.QuasarRat
FireEye Generic.mg.d0d7ce7681200387
Jiangmin Backdoor.MSIL.acwb
Webroot W32.Trojan.Gen
Varist W32/MSIL_Mintluks.A.gen!Eldorado
Avira HEUR/AGEN.1307329
Fortinet MSIL/Emotet.5C62!tr
Antiy-AVL Trojan[Spy]/Win32.Agent.foqx
Kingsoft MSIL.Backdoor.Quasar.gen
Gridinsoft Trojan.Win32.Agent.sa
Xcitium Malware@#2v1byhtksqslo
Arcabit Trojan.Ransom.Imps.3
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Backdoor.MSIL.Quasar.gen
Microsoft Backdoor:MSIL/Quasar.GG!MTB
Google Detected
AhnLab-V3 Trojan/Win.Subti.R414075
Acronis Clean
McAfee FE_Backdoor_MSIL_QUASARRAT_1
TACHYON Trojan/W32.DN-Agent.295424.M
VBA32 Trojan.MSIL.Quasar.Heur
Malwarebytes Generic.Malware.AI.DDS
Panda Trj/CI.A
Zoner Trojan.Win32.73504
TrendMicro-HouseCall TSPY_TINCLEX.SM1
Rising Backdoor.xRAT!1.E17E (CLASSIC)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
GData MSIL.Backdoor.Quasar.D
AVG MSIL:Rat-B [Trj]
DeepInstinct MALICIOUS
alibabacloud Clean
No IRMA results available.