Static Analysis

PE Compile Time

2025-06-19 15:12:38

PE Imphash

40a8015eede7d28b15d0a66266499c0d

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00010000 0x0023413e 0x00000000 0.0
.rdata 0x00250000 0x000abf7a 0x00000000 0.0
.data 0x00300000 0x0001a504 0x00000000 0.0
.pdata 0x00320000 0x00015b04 0x00000000 0.0
.GNC 0x00340000 0x00e38ae3 0x00000000 0.0
.0FP 0x01180000 0x00001018 0x00001200 0.205703156111
.!j[ 0x01190000 0x016e7f9c 0x016e8000 7.78995407048
.rsrc 0x02880000 0x000001e0 0x00000200 4.7681311517

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x02880058 0x00000188 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text, with CRLF line terminators

Imports

Library ntdll.dll:
0x141180000 RtlCaptureContext
Library dbghelp.dll:
0x141180010 SymGetTypeInfo
Library SHLWAPI.dll:
0x141180020 PathRemoveFileSpecA
Library urlmon.dll:
0x141180030 URLDownloadToFileA
Library KERNEL32.dll:
0x141180040 WideCharToMultiByte
Library USER32.dll:
Library ADVAPI32.dll:
0x141180060 RegOpenKeyExA
Library SHELL32.dll:
0x141180070 ShellExecuteExA
Library ole32.dll:
0x141180080 CoInitializeEx
Library OLEAUT32.dll:
0x141180090 SysAllocString
Library WS2_32.dll:
0x1411800a0 WSASetLastError
Library CRYPT32.dll:
Library bcrypt.dll:
0x1411800c0 BCryptGenRandom
Library KERNEL32.dll:
0x1411800d0 GetSystemTimeAsFileTime
Library KERNEL32.dll:
0x1411800e0 HeapAlloc
0x1411800e8 HeapFree
0x1411800f0 ExitProcess
0x1411800f8 GetModuleHandleA
0x141180100 LoadLibraryA
0x141180108 GetProcAddress
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
h.rsrc
"f:>JV'
L3=+)C
}i^pMn)
Z|;-E4@C
hjhcplQ
~2^Aw7J
<%^zrj
Hb8$k/{6
Tu"+HJ
dkHaxO[g
pJ(x]P
6Q6\WP
)ZFI{W
0G?n-%
xYg#fXY
3BL/jU
%:-&[e
qQhaaE8I
NHS[GYk
lGkUqR!
Y{4!t
whjhgSu
}ws%<,0
Fu`y}CY
65'ixL8kX
imO[>@
]=x^&n
ihhiYO\
._#d@/
U>ml/E
>}j.]P
4@ZQ'9
@y<Y<Y
i1e5{
`iBhme@&
g'dF_R
3V/8rs
|30\Q}
Pben`1Q
~kUH9yE<
/K2~`A
~>7(g%_F
ihjfqDh
^1sB6b
+tumpS
.i|??yX
\zxQvS
tC$?|v!
E7 =k&
ktfaqmW
6YIcRM
E8>pYl
g;%q3#
iMn!0-
Z-[8wX
Zo&s,*
YaKdYN,Y_
~3B7*H
R~GM)Q
(O4"xI
tJc;'|)puk'
rngiQX8I
D<R3Dg
.]euk<]
oxlti}%
/YBZkL
S6`y`Yp
N*jS4I
BSX&${
Hn|Y03
vt:?ZE@
`A`oqR8W}'
Q4;#pLTg^X
`tfxfC]"
1QZ;i8
L /l`03C
O9__X=;
eOMe+|
1]+MRY
Ha73ly
Q{7ALV
u<A,Y%R(
gDr@RM
19JPe"
N~FL-v
ADVAPI32.dll
Vs{dzGog
lw}axfuDW
3I[Y1[
0r`wk@
3y9u uK
e*sYEv
&C0fj#
#`WFX9D
+Ez'=
sn{bzM]
eVUG4(
PJ3{E,
hngl`Eh
m&ECf4
X"9rmM
FExH(T/
ljCQ=a
,PQ=a0
J;5.;
ib}h_EA&
bW4!>Z^
tA%cM2l
MM+`2q
iDG+R|
ibH}}Sy)
L4;#pLTg_T
sn{bzM]
le{lfY8^^
qJl~gA_
rYlYLf
gH9[Yj
x~{T9T
0"6Dm7
)waC>R+
GSV<kl
E%T@~T
QA~%!!
!e`!?
U d+Qs
:,x/9L
7)max L
k9SYk9SY
o4wY)k
^|YIK8a
ws]efEY
u2Ka?d
i]XCD`
\%2*4
EhYSm8H
SX`U56w
GHzS0U
s+UZUyv
*_g"s@
7uiv0;a
AgA~#mFk
kc]efEY
hG3H7P
DqcY[e
mf{Y{mM
s/.'Yi
/eD}ko
`g,_9&
jdHipR]
G~}h@Oo
w~ZtgT]
*#@=(]
8F:5Yf[
pd%iW10e%i
[EO"Y
Q"Z>In
QhA0Vy
%WBpu@
dsl^qCL
)iSs{FN(n
^+Mk'86!
HeapAlloc
aHoK}L]g
D$(}Q/
Q*Lc@?8
ZJaO}#&
Y3@=FG!,<xF']
20IfDr
:<h8Y"j
`O.luY
kK{ZaM
3Hsf8s
S3DmMgiOb
DaG~J0
UH,KZYB
Y^H_oQ
$P^VPZ;F
O{_iP\
>k7r^>n
le{lfY}
77/P=^f
r'M\%p
x+C~+7%
J=LXPd
,aCykm
T)%7^GR
CRYPT32.dll
[?a`}9
kSWS2_32.dll
pjMhbI[
ib}h@R]
`Nj~27
vsl`PIJ
>XePy9L
Ir{FD6
hYh:!KT
`SfbxH]
ljlY{sA
ktfaqs[
sqUa9J
KY[&TT
{]*#]M
l[) .)
jjGlyE8
A*.9Y
T>WCO,
2@Qi|Vsm
rMT?,^
sWjQBy
y1$~Z.0
$Hp`m0$
[$=*Om
8d,kYBv2
05e>y"
JNc8Lttn&F
-F2Pttc
wf+SZU!)ELn!7l
ACUD.3
k1xftiQ
D\D%2DX9
gl".6y
R-rP$x
7$=0X*w'W
0b0$Q.b]
h>C9Zu[
|rI%,0r\
A7t%!<}
yX^z^{
~YiW$(
D$(9t3
`A`aqw8
ikYl`Hv
WD#kSp
a]\qaL
npmnICS[zY
b<T~rP
1Ha|^=TB|
BJr}d@
w$_N%b
!8.IJ[
a]Hr?|
g4`n)x
tCT>1$_Js
n%<wuJ+"
D!ps-y
+;bTxE
R-U{b,
}Quq4$
UAWA)7
zTY|e
Mrg"9
kf}hDRW
<ZZ*8`M(X
U\pIoF
/S?NMZv_
9NMZv^P
Z}N[%m
94hk<)L
LZvWqn
ibZdnE}
^Y=tK
p`nhfpJ
BQ%Ylje*Q%Y
};r1ip
lfKg;(lfK
Vs{dzGog
56}2Cc
o;{?InW
>&VWl'
i)$!rg
ljlY{sA
%kfBE"U>
|5pM<(
jN5%bf
jtqrn
y:ZYl?
-`sA\Hb
_^~cfK
JBE('E
hzTog\
pk5M&1
'8^Y5G`
49~MRU
S#Uqf;K#C
nbsk@1
U2W:W[
4O0)VN}i
wngj@YH
Vs{dzG}
bFL(.4K
_0!g@*
(Ka4)"
1vf[^W
Z*jA1/
OLCY*XL
!Y2`TB
ffeh]N^
w$.|2M
aflYc!
qb_dfTM
-Gmm#A
ZB0fko
)0fj`C
8k0fjQ
4xkY<$
`Ul~{UJ
whjhgSl
2?AM"4b(
HPbjTYyom
1!d__*
[/t?EO
rv@?U"P/
>7r7lb-S
}U9G4L
Gv_3qYWoOn
qjPmD<
LX;(#O
#`E}sH
jV_4=1
8H9`}&
NhPw5#
[I0n)V4
6/m4}l
gO:D9\B
dj*Ey\B
KA>I7u
dw_dqWw
orzyDRQ
{\HpA{
UBy]e
'.ks3"
vsl`@IU
xpApy'5
+uUa>N
4CnP+ctFN
MNZFY#
{atVy?
fllyC
D[IVYg
W\'/H&z
TIqk;z
[O$^}=
#FWhd}
gME)N[
(i(RU;
SymGetTypeInfo
ibYb}NL
L_p,<KW
t'H-p,@
>'rg=D
^JO>!U
:BiKsa
pMc]Ut;'
IRP$M!
3\\'dv
|z}T(Q
$zS"zinJ`
ubg^mSL
F7c;jCTw
zeo=8yS0
'JL_16
Z;'Me\
Fb&\YO
o`LUb2Bc
J%~XUF
^*`kw)
kSHELL32.dll
Z[A}a"
OZfTm6
O_n&d
Ku%"mb
{S='O
/hJ'`@i
X^q)[x.P
bA{bygm.
whjhgS8
:}]-Zc
\T"pu3
S$yy8,
yj&mDu
glj&m)|
Kyj&mB
<xj&i
zxj&em
5XKGs+
ls`lxIB
=S+wjS
G>cu!Yc)kt!Yu3
"yZL@kQ
*}{`Fd
57DKX;Y
}yYWJ[
wulc`dQ
*e]%~^<2
B1=[R4
eVIE:
G)qy?
CheiqRh
{hqYY3t
p:IF(#
2}T<.5T
e,MaG4
Uh%@AC
%]YIoXw%]Yu7pu
).Xr[xA
os8e{S#
FEet{d
)mBl,L
l[Fs) i
>4F-YS
"=]Y`*u}I
3=a8Y*1
n',U7t
jizbxEw
UufumbT
dkHaxO["
V#K&!f
J34IkC
}K}L]&
qnha}Z]"
Y$MPp
n3/(vV
`NfN{NL
HcbQL<
b*Umi1
T5BO6g
Z@jeJ2
pyWQ*2R}
Y(KdMn
s_VO&a
0y{C_
7)S5DI
|`o,}duf
d6L34}$
G*o?!Yocg>!Y
!aCMY{
cWwC+2
L{}FNNS
<k]%&G
!4[_:g=
R(P1dS`A
O2hj[X
x-6s~z^0gw
_0JuXY
b;<oR<K
i:-83
5;9Pd2
ySamIT
V1Q8QF
qHyy}OV
Snlz[Fk
t&od!}
ktfaqmW
8m;pVF{
sUY7zf
{Qd\p&
G}pzQd\
xi_EWz]
3 dB[l
H|u:Ez
EC/G7
lsHcgIk
`tfxfC]gb
~Y2`tC
GQf-"*M
^A`Q6u
<h7VLd
X/~p3%3
kIVkNgb
)@G)f"
F<Sv3#
BksGHM9
( #Yu6
vdsk.o
bEXY(v
fe]THm
p)GYpux(GY
yqbYY-D
?4cIgv;
.d"W6;>
*Tesu8
K[G9+=
Al%RfZ
nCX3)w7
NO&HnS
<!/h#-
}9Qvzp
dXhhua
-XlzET0|
?mU5$B.
$C(]iB
mo,[5g
djliDIH
`D{d`I[
3iJ>z\
#.[>M]
Bl-DVQ
)9>wxY
Y(c\@5.
UufnqSK*
jdl~gwQ
byk4:[
([j2RI.
qnha}Z]4
VPLdZ;.7
8$GxN[
WideCharToMultiByte
XPvpyYwF
,n3*i'
^!tRpv
mtYT\q)
]84 -n
K_2f"v
ro+8W\
Zrx9i(\
={Gw/^
wulc`tP
`WfdzT]
areh\AV
prXs7!@P_
aOhcpL]g
9.{,}G
shnx`%
F"Yn?G
ZrVP4H'n
(7<0H;
Brsk<Z
cLsQO?I
4]r)[O
;n"<CF&
-|Qu0/i
@w` .+A
G)lu Yt)?
f5PQ.;
q[i[XM
_'79NuA
? **f}nF
vY| Y_!V
ktfaqcM
dcDbpUT
MfgixE8
8ypYz<
<_k~)+
E:GfpYY
Z;vYjg?
U@7-jP
rEe+PV
d>*d~Yt'F
H!rG-C
>:[|nA
e*7Y}vg
| +Ml"
cS487veL
qQCmws
Atks|:
fMXseX
iB+gUs3
0]2(7jg
jizbxEw
{{O3^\-
2,f=gP
("e%?$
@Egz-Y
#=GeF6
Hk`mjU
7`AwuZ
}aCu_0KVI;r
8I/u7+
OR3]%\
/0Lsy6
6o(\h)
hzQ\5P8
a5}<&n
9|Y?#;
#&mY0J
ngxNyZ
4^m2zZ*
+~bV)y
:E@}?^
"^Oobq
tZNyyr
y'R>}~
uyN9H
%)C!`W
Oi$*.=
gu%*P?@
HIEpQ6T
9\G=.D
.BKWdU}C7
@XA0nF
M?m# h\P+{
?8Uzfq
SjE=/C
%dAGt
S>q,1SI
qPqTNK!
CwOV7a&
a6w~kK
Mq D)+B}Vd
&$(UVY
48X3't
dw`,[[+h
v8Wt{W
`}AiX8
enP2RyT
iW+vq[j
w*(I.[
mNT ~I
U~t'Da
E%[;kx
*N7.'91
O`F,sq
7kl[#`
C&+O.-ik
qfd}{t
3GlJ ;d
"K#7%:
ITGd-CX %
.H+|l9
l N dC
Yh,@L,
sFziW/
)/F,<#
_\)^+e
c9%2vU~
ZTzdWc
$-^9h
x|{nCvfoIWF
C&Dk*g
TX.Wwe;b
{YrJ^.L
lOQ8u}_Q:
>gj]4s
r;3$MK
b0=Y+A?Q
&kFeqE
nZ]0m+~
zApck1
Uh+JR}
gsT;q+
glm,?,
)hDy0m
ssAL)d
}|Of5/##
U@CtMB7
mW/zbs
yk,[{
QfRtXt
~fR$F<
BLDJ/~c
a(=/sK+
x_o7r[
LQw*d0'
[.s=$
R)h(CQ
A&HHI
F,VL>@
O1yWs:
6]O$g9j
kfjE46M
zO;Li_
$@+QFg
|5)&?_
l>4ItC
zb^sJ_
P([</$g
451 3~
fMU=dcK
vW_f|qH
ixvt<oa
/iIO*9
9MlX@<
zyV>C2<l
9[MleK
e[?^dJ
^h<OYf
RCiXQ*
l1v)eT
2h6= t
EAQ)5@
XcsSwu
vCaTN0
{%YU^bk
}R[B)C
U78rH%~3
?!%fcn
IV9ffK
oAX&: @
3M3)Ca
[ZYl*3cbB
&Og+aI
=1SDlm
6%@gHG
KX^U
b~c>h6f
e?5ova
<9]UV;
e+R1c6
+L;v+"w
X*L%Vg
W{7W<I
dEz'~m
KL"|*w'
%kFCy:K
0'uO-j
KV`ZQO
,&2E)Ri\N|
n?$(wr
-uj;yv
p*Rt@=
z!PjUMhSJ7
~els;s
6_Oq4v
XF%8if
|vK<H8
P;Pz:d
1drr!d
Q/6X&^
QivNJ<
Rbps)y
<>u?<V
$.U]-(
s&0m@*Z0
bm0RV#4
[-\vf
bjz*su
wVVJ:5
t)I%'H
."GkFdp
44<1'OX:p!
7c]wn)X
I=~,IaTCf
mfO%L_94
Uf'@S|
ar.,RX
dbghelp.dll
`sJhfTQ
whjhgS8_T
areh\AV
`uMhrAM
^Y8nE;
s_n?,-E
v@ 7.u
uh-R0H9
^Yw9JE
QhOdxEp
areh\AV
~sif4
R<WAqzi9H
hjhcplQ
n@Kkr<
'.C&!L-
]:I"Yro
@'2\>=
Mo0AdT(
t{1wCSa
a&ZSYL
)03bi]R
Vs{dzGyg
NU.B~t
^7M{@t
5vRCOT
Fw&*Y_
Uzdbo,'/
UjN6/.w
6S4b(F
mOyrXi
W #<tK
U$D13kM
eA^tdoYB
,m/cTD
fOMNT&_K
HtRGuJ
2IO[E",
Vuz8Zt3w
/'V4xX
e!j&r
yATM]K
,\J}`R
lnXWN5
!W:;_;A
-+[bG-
U:vZyBf-*N
DL+(C_{G
U*qNRWd
>TyZYB
aBw!B8
k>7PUX
b3Z0&
.3e'"x
%J 0`1N
8q@t6#
y6Na8o_
sP@NiET0
bm!lr%k
52tXS>
'uK0{+L
^Q)=:M
Oc3hwvv"
/SJ7ls
=vKdG'(
\;%u;%*
L|Xi_t
q[cIgTr
BAhV=Z
>l%&8A
Psf*Ko
Ir/iIb
uW)=1P
fYd+}W6o
q4Bf{
3:{F"Y
G,VK;PFI
(u=AbU4
D{]>\
F7}$UU
57Slelb
MvS.\?
Q8)t5a
AgB3fp
7tT]"C
Al+[X3
g` W$,
`&G!YBu
kQ!'GX
$"NZhi
I*-B`(
m\%QP0
/:!GbH
+LbX1I
V45bW*i
4^{}{a
wY9C8R6
,X-P8sS
0>{DPp
A@?Ma&
p<:9})
UGtm'h
|vWs:UM
$q~>9c
zYm]a\mMj
lG5/L}d
upDGd>,
|.}X_e
IbnvMs
:eC&j^\/
4P66U:`vs8
C,S<,|!
5j@H&\'tq
]_3<x$,
Thq=?ozf(
-zl9!
^TYkVD
/Q$X<CG#
#(601Nd|h
Q!>1-s
t\^)ID&
]HW|Uk
NAQ{Ol
Z]H=.Z
Yd0j=PF
+&sJ`X
&x[&Y_
AKW*N5
D(0sxA_&
-<X:&P
)zc(Y?
qb}te{h
?x)(-R2
4J<l[$
-kHD1,
NxX'.-;
Q>)x_XAuc
70B5:2
\`~j5iW|
wavLnp
o<;?n#L<
Lo| S"
sv0b?
:'k7W%
JvWcRC
"G?@se
pArPhNG(
%YIQNt
|JXmE3
u|K[Wv2
Um\(sR
5RGcDgUh
1o]sbI!
}*EReK
j*zmP=
)bA#Lr
B~3J|<
>O{3hF
oe!g0z
cDjy&9(
f%q@co
9\RG@HS9
| Oj =Q/
Q^WXZy=
r]b/SK
BGaPZ8
{32Xpf
:pE,G:
kKoU{eX
X.5:t3
3{B{E!
r`8jm+
%+-diU<4
`l6B-i
OST]U/-
oOj"+{
/uE\+k
C`ss81
t]q<)z-v
C:7Ws3
NW"XBT
wa|.X`
ak08_z
XI!SO<N
u@x7Bd+
I&<6-r
CC!fF{
Kojsu4
U]XvN?
LyJ1Jf3
i Pm-d
dDB9|<
K5wOdE
eZU#WX
,oMMG42]
[1U\pO
]Bt?<y
XplSZ]s
*+P&1.r
A'&)pV
~!+y`j8e
6'Q9e%
6ZcK}2
KYt}HKf.
^H{!)Bx
oFi0>68
JTA\cb
8H2'7j
bSbD%b
k}(alLX
,H%VZ
9>fR0-mt<
,hfA/8?
+1yDhe
Zy(DG"#B
f ?5Kv
`^1be?Ac
A_H{z/
Z1ALF:Oc
-f}|8:P}UM"
HV8kSx
B=vCNw
ZH7`F7
$~y!yxI
/-a)rC8
66'%7`c
]NBvn)@l
]K~gg=
'|/ &>
LH"@Hk
^{;PQ]
_8a?&r
)Qx gj
~)hC`sw
Cb/!q%
xtd\"N
V~->,#
y.mIi/>
)PXo_z=
.WcQ,H
!\j2"q.
yNJc\Q
JQ7R|1
NT\6i~
#p/B6*
5No#~|
7Io=>`
8rhS a
eBpf7C
h$<aW8A
)ho]5K
^UZG=`\ Iq
(4>6Zyt!O
hUL@B9
).QHwt
u/Kh1x
G*9,r:4
"{J<6F
l@bHUL
n*c41d
xMPwOC>
\C =_o
8<@O\o
@z2'>W
|j)U\y
0(<z!A/
<WNtLt
NJ_s;*
#>r[A8
o$aU'hn
]r#@O
8_uAoD;^M+5s
Iktd]b
[n~*Vn
p@<aT'm
J-&DON
r-UhlF>!
[u%~Q\
\4shb
m&=}N^
2':E1.
oTr"BH
[b+Dt`*
OFddZT
Ulki8D<A
PbG>xV
)HgPL9
S3R9c%
GeliVU!K7
7qND"~
'M=\+=
'o0<LT
[WK/P?
92FXE=Q
\se~k[
zqCdHh
BdceI!
DZ_Dw2
x)r:YKQ
D]pMqi?
]RJ/5
4bo[]c'
]t!F|k
l$x[k,
`"p$ H
)DlG:a
"nSM<U`
;*S&$F
f"`8RT
VmC;(%
Z$i8B
`?{g4Re
o_$N)=F;
f}JfnJ
=,?a{
Cv;V0D
,;\u{b0
BiF:$Pz_l
8~J6rdRn
v)nr&H
"]9K<`
Y=YA/g
>+}Hbi
GN"4~rr
%[oJPT
7Y4`&&JS
.Yp`he]
VSU2%-;
`A1'9"
oW7PgZ
Wk@Y0cv
f#PO*e
&z+a'|
#U[uU0
YheAIQ
Gghl:N
HY8gA@:
(Fqg${
im~RRtl
Th~h!_j
'HAU<[
X fAz 9
+kAK^Rr
5.j:&b
bvzTNgNJ
E;-eo}GD
pvA (i
%!^(7YY
/jO\Jo
zcq>bcb
2JoW'SM
/7N[>};
6XZ}Rt
,.8io&
21"VKC*-YZR
:ig39+
o|ZFDt%
<\lh,`
wh'&[O%
;u:>!~
l@KD 8
pr+PxA
$?TTo`v
>%nY+
#{b-"w
x{.2dEF
}2xby7
ut3@,A
\h,wPg2
pr)ZB"
s"F+{
FHO2J\
?%E$ET7
?mc^@$
\xnTqy
Y6{a[G
2-D{gf
|h6{k^
ofgwaz4TA
`xDClB
|Gu.bG
2!|0Ju
b+Tekvg)]
b[kBa;
XpE@c<
KlJ&<5
pFG#,7
_gACB[8
%}C?*T
4zwZ0
GDI[\2G
n-FAeI
*-,NXw
e4f0.F
K;S.CQ
6B\K t
S{H<M3
`_{6T5
mbvVZXf
X~qMncx
]eh`=s
=M#g8i
z7xn7D
:">4n4
eWiFs{.f
(D*NUb
F?\t{i
E)cVs7
IQ]}/S
S'#KW/wZ
@N7no/Z
NCnh0m
kdLhS<$
F9<BXz
8<6s[h
&t)j=!
vr:ouvK
#Kp.A\
O79M;$
]+g)L!
d.$B2yT
;)M3Epd
&wV zN
u]M%g~
\ZJZwm?
L"9g;v
`f}h_EA&
cUl~{UJ
M`]08B
luzY*q
=In!_b|}
jqqYkQ
@w<'55
55rs"-t
VywmM=
2ss7[k
(ApvD%g
$(cY1SO
dkHaxO[gL
le{lfYygSt0
I4;#pLTg[C
WbehuS]$
pRgBNY
B%UKyo
_!8=bY
]+w3zi
7LYY7LYY=G
z@O5i*
/'l!I?y
MH.E`n
R](51Y0
tM<S\p
5~lMQd
Lt;GHC&\
`A`aqa8e
lc7(IlW$30
LG&/yU
Bb}XgEJ,
xK^HHL)
N'G9~ 0
&Sv"!$
mD-%kg
bInv8{
`A`aqa8Md
Z$*Yt~
*`VrNo
RYT"y-
qac+,n@
EcE3[9
OpLO]'Yp
p"}DW*
ze>sh[
iNiVmK
w~@crOJ
mSfK}B]
=<|VI
r#bO#N
@vqmC+\
eZf-<E
mv<q|8Vf
'G"gHt
8f):RA
59Zy4YV
YaZY)!
XsPj4^x
YN~'>
0rb66m
hUM~Y{y
LizyfU[
riebuDl
au`crO8#
o</*+!
c;qajd
wbZ_ClW
vt:?RIJ
5/PTaa
jiZM/B
y~4s)J
Kjca'~
l!tKAPl!t
.xNLy.&
oDCLEV
qh1gm}9G
.1>Be,
m}9GO(HcW
o@g/na
|Y,A2c
{Ah=H@
ws|lxuV
4y"Y,%
A$-~wNP
foA]8Mx
w6z|~m
3[7vR7
c\;.<q
hjhcplQ
Y7El&0J
1oM*tb
AKJ^(5-
f-#D7~
>-=/Jh0:2h>I
}{9K?U
/Z!=i,
Aun -1
*J5yvH0
|mYT_v
n 2RGg
PmS?nY
:cUv4L]
O8rYWd
qbjyBIJ
,d$ubM#
e:&\XW
q!.YA};
R,]-i[]
@y&}n8-mV
jl|}RUV
qQZy=E
ye-Zcr
t((mYM
lsJbpEh
kD;'@kld_
z6_-
?4~8*\
qQhaaE8s
eKDpHQ
Np,Y;"
Q'OW^Mk
kJ2>`+
:nT$*DY
MfgixE84
zoQ8yC
o0L`U$
LlH;G3
{p2Sg!z
1$`aH-x
?,;Wo*
8+xSbx
sXj|CyB
X XjS,|
q,D()c#
qCl{}C]#
d~LuqCM
xoCL0@
stVSE2_
bn[t3E~{
qQhaaE8JT
`iBhma8
p.PnquGq
Z -|Pr
;I,>{WIo
JUFeYe
uW{dbIT
Asn\[H
qWdkx&
vnZyfIV
0>Su0!
zk S:\iU
s~f@>1l
O<D!kw
eGF}?4*
luzyRIT
UGdr\o
Af|N3S~&
ZoK8F
O+^c^<
L;c{@g;
:EF_8'
LAfZCR
Aw1=D_
(d6^Gs>
]9(21-T4
tSehFF
P_!>+K
@CDalYBt
sn{bzM]
|9s{zT
;a o^E
afizzT
GJx/RYxs`r
"7!:}P
{7_BZk
EORz$b
5@*f:
qq`;5C
wbhiXO[
G%YM/3
)r$_z{
XZydD_
dBof[C
`W{bwEK
FhgyqXL3
m{1h33
9YzDk"
064IR6
-*l/ZlH
^bw*k~
urUg+y#9`*
vsl`PE^
4HUQW&
wOiS<l
Y"]6>8
yJrP'k|A
CU93>D
af}hFEK
Ac>&Kr
&xZ3P^
e7D)?V
\'cF(:
~amq{Y_Q
C$;<O=
v82&U^(8
wGtbG@
B$^6ES
Gq]qN
l/)`\(^
^mhNYs-r
[];&mI
EBBmp7/AB
1.}0`=*
HMY}+noY
ffeh]N^
DCMi|`vO
cxv8V'
c&V8\:
@jA2uR
fdRMYl
qQhaaE}
7)max VE.
aC{dbEJg
hS``qtW!
{wzG{/j
x"xXN+
>_9xoLU
eKc;Xk
3{2\uG%
}4T<;4W
_`9b@L
!io^1{
CnehVU^
+#I7>=_g,
8N{;\r
V$UY`bq>$UY
xnZJuJ
gCa@}/
Xknn4s
U6ts@
`_v.W(z
9p8VmN
qLltBAT
H5%Yhi`4%YV
`D{d`I[
aZ>64D
hWY[WD
LZ\R*&
AOZ\R!
C;a<&I
ac{dzFWg
o%A(f"
fnY:D3q
dw_dqWw
}Q2yYoAN
E-x);P
);PAw`);P
{Tc}/d
{k"pe^
c}Y?
2JLT,g
Fu`y}CY
cxx(N@
dOEuYx
>[j+`H8Ir
&l05"\
AtmuKoB
}6]2j)
(~8quuk
%c],VN
+n$=4/
M+x;Q^
'k /2Q^
jevqY0
`WfdzT]
`DqG#*~
(7<2X
HeapFree
wulc`pJ
TY^87m[PY
I.{:))
}BP._8
i\LP3u
BB"tZk
gYnLg~yo/1
5a tM<
M>s+D)5~2
b*15[Z8
USER32.dll
1_K|:A[
lL"fj:u
*3=1}e
Yvh@<_
wkKr}E
q=F?c
(&'G$xa
$4_Ty6x&
jl+ =/d
dg}6cb
[9tY$f
LoadLibraryA
RU/1!,
N]2]An
ZON*M5
SHLWAPI.dll
!yTT=<&G
ZZ#his
!+Oq/3
NByN.?a
s&$dXP
cHz@5L_
#gTY)S4*oPY
Z{Qko}
0<,S1]x
du}xdiV
"7s|oq
~^8lOx
ktfaqoM
sb[AFsr
W"8BG)'
`WFGU1
Y!`vQ=
GeZ0|Yzl
HG~[Y}
wblNqRL
URLDownloadToFileA
5}(Y5!=|(Y
{QKQX%
fp@>f%?
ktfaqcL
o8z~Ng
aOhcpL]g
BCryptGenRandom
!!y%KQ
vbZ_ClW
wbhyq ^]
CnehVU^
<{i;-s,
ZT@Wsf
MoAK|W
fRs+<)i/
)Twi"-
>-0Y&q
cZKY/z
-w9?C0>
MdxoaQg*
0.O?wC
+BQ2O4
/2||P[
:iGgvw
oy5X'ci<
lcx~"U
gh;<#AO
g{t]sJ
.D&=F
b1QdJXl -
t9p9w
i}4k c.
s/c3?c
Oz eAv *
i4;#pLTg
{01t{S
<7nE5Y
Ricq[`
1X2D*,$y^aZ
le{lfYog
d`lC`h]
!*y~i{
V9u~va
g!uxNwu
M&y@5h-
fvo+tr
20bj%`O
3>l%Vz-7t
vI;V_B
o6jA%3u
`SfbxH]
$KFTvt2
W8bCMU
^=#y6_
>3v{%D
2J.oY\
BSH3KO
w~ZtgT]
?4anF!k
r=&Wk'
dk`wqcJ
ta2(DF
ur$Qe8
ee*hZj
`9SkV!
"ovsZ<j
o,+FY
XRMrxDW
ga,pV
&9Pk/XiNW/t
dgIM|G
NWmmJ
`tfxfC]g=h5
if$bYP
0yhF,-b
m2@[sS
}V'=K`
dk`wqcJ
sm/xr|
\(fQ$u
I(|`DSO
oZn%`I
2`Q@D{
lHzs`1\
`A`aqw8VE0
3o"/TaY
Q58gY5d
qQhaaE8hQq
@/KZ!&
&Sn0*
)c$|s_B
l1~!mV
B}eB|Y
,ib0,
0AMJj[J~
:E/OyarA
-,haIJ
&VmPM<
h)Gs35
ExitProcess
`tfxfC]+
hS``qtW3
wulc`pJ
Ioxz2G
F=guJ+
sn{bzM]
`W{bwEK
`iBhmw8
UN'ixL8JE
Wa>VBy:OsY
W50|zq
5|gJeYC
w|2ngD
$xZl$0
Gi6!jSx=|
Fu`y}CY
9T\eah
; h/7E
kTln`IW
ihzhGTW
UufnqSK*
7?-}G1
J-q=dbDL;
,^-$Xx
4vWY"@
aR3TOi<
yjLVqh
*8$T~*oK
{G"+D 2
RsWYP*
@Wz6c!
<DhBgn"
Fy?Kcp
ubg^`OJ
a4;K}RK
Qv+Yg}
Eh7HM7
mullp _
!m/kY]s
o=H_hP
fOu?JI
WS5W.m
&N8,Ol6
D"n$s5S
c@&9T?
#}grgl
4\/1@f\
nY_]9wN
l3NX%0<*
qazcX
bReYO,
&ILbG)K.!
lILbc4e1^n
e&|^9A
zFJjQF
a~s><mA
|C!Mw4J
YeY)/h
DUc0Pr
]P?'YHc
N:|rx2
<>%=Y5
areh\AV
ShellExecuteExA
wulc`tP
RIXo|r
b"?p"D
Yi_d;G
dslDzSL
,c~-hbc
*7e0^E"7
',0WY)
}|x$s^vZ
F0UZIy
jNSZ~mP
?<bPY<bPY&
GetUserObjectInformationW
ntdll.dll
fI\:6SE
#3/3O`-
XFn4lqH
GHMHa&
'h(y:;rH~9
vsl`@IU
wulc`tP
\oX(`Z'
'cB3D%
[uK"*x
ibHy`RQ
iw'ixL8o
WE$%Drn
"!BER
qQhaaE8
ibHy`RQ
*=17;_h
`IYs=A
<l<1?f
>(x0iu
Pwml`Ej
[XOG5vt
flJbaNLgKT
wbhiUF^
qSffqNh
}@=6Y]^
@^oh<3LU$
WO*~C
Bq</ys
:p#9@G
mZ^LUY
}hBBx$xl
xw4umH
Ji=Iw
r7`T:?
4l"0;*
FX5:ds
08U99S
%c|M31
1gu Mb
!kiY ]
hogYp3-
}YtwWY
aNrgdk
L=VE{Y.
HNo(W/5&o
?E\amFHr]
wCV55vb
tYG9Y+F
W%teo8Q
a4;CqXLgjU
1Z)YLo
I;d4< H
Vn^MYB
f1'+;qPoL
rc}r_W^
akliQX[
!D9j>*
ju}]uTP)
MfgixE8PT
`s@crOJ
Y@DG$Wp
_!5$"tV3
2-M9vz
Fu7dUG
arehRIT
pwedwAL
kdlN{MH
mz7ba\;|C
">_*;Y
c-@=S*7
h,QM9%
UAYLeF.
%{QwY[
pE$lcT_
Fhg~{L]0
`tfxfC])
jE$WK-z
hzTyg_T
hwYl`Hyg[C
. Oi5[)
/i&YU&1_
lr0h0S
}jikD:
ym2|{Q
#s/):
Vb}EuSP7
GvJR9*&^
Ub{k{RU
wsOdvEJ3
It?m5^
jdCW37
L|]58M
9YM`#Q
n2s`^lBb'
/]^m^0g
&3!ty-*
8|[(C2
jdHipR]
@{!A3
@|73r({7
-\_7LJt
e?Vg6 [
Q*:Mu)
^jqYhbI
e4<0h1
1T> ;1
kdlOqGQ
$ha`yQ
Full`Ep
td(@&@
RegOpenKeyExA
3\@D%P
>Qw*0f
32L|h1
)W&Rx8nX[
,e]h-{
c'_<W.
+iufYl
`fgxd t
*YFWL3
Q_}]"WC
AEyHPK
'Y;]c"
bcrypt.dll
zU7,,$
51ba7L
P&'u{Y
GetSystemTimeAsFileTime
qb{HbEV
jdl~ga^
jl|}RUV
ib@crOJ
rk<Q0xN
Ih'^O5
qSp}qfJ
}T?@@?'0
'TVO%]
`7iR|f\
M(*Y}t
!ytxWb
',*Y_qP
!WkE=DM}
M}fOZ
b}>sS}@
9s4!r{+
FTd#w+
F%*Jpi
dj*ZGw
juZdzGT
775wS;
<05!~4
Q7F!8/
+@}?EPD
VYkH7J
Vnnc\AK
{T-KUP
so5;=Wd
c{Oq}V
vsl`]N^
OH#d)_
SiC+wd
`va|ef
,K#bfY
ibYb}NL
`Fea{C8})
GMY#1JM
tMb}&S!kz
'Gyl[U
n]&-h|
1'-hgO
Ub{k{RU
IN Aef
aL5N?_!r
rngiQX8pG
2UIy%f
`uMhrAM
03mrhk
wicW:I
`A`aqw8
:qriYq
k(>agY|
%#Qe>:
~%{/vy
fbz~{R~
CoInitializeEx
wngj@YH
InZ#/9&
bLX6iE
&$Iz(J
8<:D{&
UYU7C,
`f}h_EA0
le{lfYyg]_
Fu`y}CY
,ORmWY`
9%[19B
Qq "dC
l-{Jm(*
ghN51MM
Aps,~+
,>enZ6
ibHy`RQ
sn{bzM]
~E`X^y5x]N
luzyRIT
2a+YJY
ywuj{dBm
1,xDMK
.>P+$c
Bb}]fON7
fOa,XI
nrg;|G
\_iYbDc
1L<y6U
2!N~YH
/-DA]vz
wulc`pJ
LiobfMY
{,^byG
4qVrC
<^"wZg5
<2na]}
'z=b}.A3
~B%IP[
gE6Y_>
t"_&tx
dk`wqcJ
amqB<`
*7Bh?d
B&QJY
OAyi: {
Te_l5~Y?
0T?Bq
&Q.g%]
7)max \T
lt}hfeN
v0FQE+j
oHi^`-
gAZ~i[i
iy/O*-
5nA/IY_
V)x>a#*,
Cj]]{B
dk`wqcJ
U>'1%F
ls\c}CW
AoS~Sy
\:IR~Sy
S~SyC<
`Ly'W9
9S~Sy\
pkfXl4
W\Yix@
luzyRIT
`WfdzT]
5Y.AT$
^.I=Ku<$
4zS-yL:
Snlz[Fk
aA|cwTQ
5BQ6T|
h z3n)
HO""9)
4P3s>G
uyzq #
ib@crOJ
Fhg~{L]&
wngj@YH
~Y"O
T!$@4<
rXm,k0
Ff8f4a
$N8|/Xt/v
M]"":0N
x;sY}c\
wbZyfIV
%@EU/79
'l+q}\x
YRsK{T(
AbzyfOA,
5__EV_n
}(q[I<
sEu",w3
}MXEaf
{,,mO3Y]
::Rh":r
_\",.^
^L+3
]q>vj
c_1>jZ
kcehWOM
t((T0}5
>+ }xb*
-\"zRs,B
?yp`Yf
Fbi^UDK
Q-`uBN
^"f=gD
T~m@*;
zAtkR~
#'vNS$
`jf{qfQ
a98i7 0
eu{1-I
U35r"&>vr
<"Ad9U
4[KaU4
JkkY3(<td
HY|*uZ
wbZyfIV
wulc`pJ
dsl^qCL
lcJbpEh
u:1\U
[IX~>q
M03)|
*6.g%)
]x.djb
=z{AU`9'5
W;WyLg
RBH2+~
evL}L_
EFWyX?
`6ri/XK
"Jrl:{t1(H
3{tgA2
3^`3q4
2fkKr(fDWT
7G}zc'
g4U0Aa/
<sW|)t!
={6_5S
<\s|@kaS
#xT}m;W
hh8)AC
Zk!Yuj
*}pq6A&
/Uy=x\
O7/DmD4
, Stg;
7<'zgP
BbCZoL
8Kx[f!
nP*pp0
xm[8eA
W+RrM7
)=V{m
b$iW1Z
Wq.:GE
8F6w9m
`2"C{E[~:n
-7h2b8
b<}]zJ?W`
B!99_8
ZjIsKz,X
;+Z-?-
#~!Xo89
,k/=kmR
2?8V}J\VxW
%;z~W
zrFK$z
1\^I79
l)vhv
ln}sc/N
tp9wN-
hh[RfK
!6[d}U
W.x\Si
wj"=}K
T@s9Ab
HF`0_t
,hS0fT
hXc"<W
&F1{o%
Ga.,QveL
Antivirus Signature
Bkav W64.AIDetectMalware
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
K7GW Trojan ( 0059b3891 )
K7AntiVirus Trojan ( 0059b3891 )
huorong Clean
Baidu Clean
VirIT Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win32/Packed.VMProtect.ACX
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky UDS:Trojan.Win64.DBadur.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Clean
F-Secure Heuristic.HEUR/AGEN.1379237
DrWeb Clean
VIPRE Clean
McAfeeD Real Protect-LS!5AC42C541562
Trapmine Clean
Sophos Clean
Ikarus Trojan.Win32.VMProtect
Jiangmin Clean
Webroot Clean
Varist Clean
Avira HEUR/AGEN.1379237
Antiy-AVL RiskWare[Packed]/Win32.VMProtect.a
Kingsoft Clean
Gridinsoft Trojan.Heur!.02212023
Xcitium Clean
Microsoft Trojan:Win32/Sabsik.FL.A!ml
SUPERAntiSpyware Clean
ZoneAlarm Clean
Google Detected
AhnLab-V3 Trojan/Win.Generic.R712046
Acronis Clean
VBA32 Clean
TACHYON Clean
Malwarebytes Malware.AI.3755712024
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
TrellixENS Artemis!5AC42C541562
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/PossibleThreat
DeepInstinct Clean
alibabacloud VirTool:Win/Packed.VMProtect.AWF
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win64:MalwareX-gen [Misc]
C4S ClamAV (Linux) Clean
Trellix (Linux) Clean
Sophos Anti-Virus (Linux) Mal/Generic-S
Bitdefender Antivirus (Linux) QD:Trojan.GenericKDQ.1DB86945FF
G Data Antivirus (Windows) Virus: QD:Trojan.GenericKDQ.1DB86945FF (Engine A)
WithSecure (Linux) Heuristic.HEUR/AGEN.1379237
ESET Security (Windows) a variant of Win32/Packed.VMProtect.ACX trojan
DrWeb Antivirus (Linux) Clean
ClamAV (Linux) Clean
eScan Antivirus (Linux) QD:Trojan.GenericKDQ.1DB86945FF(DB)
Kaspersky Standard (Windows) UDS:Trojan.Win64.DBadur.gen
Emsisoft Commandline Scanner (Windows) QD:Trojan.GenericKDQ.1DB86945FF (B)
Cuckoo

We're processing your submission... This could take a few seconds.