From 2bbf763303c7ce8ceb083916ce2115bf3620fa11 Mon Sep 17 00:00:00 2001 From: BlendLog Date: Thu, 31 Oct 2024 22:45:41 +0300 Subject: [PATCH] update 1,4.7.6 --- .gitignore | 2 + MinerSearch/Finish.Designer.cs | 718 +++---- MinerSearch/Finish.cs | 238 +-- MinerSearch/Finish.resx | 3 - MinerSearch/FormShadow.cs | 95 + MinerSearch/FormShadow.resx | 120 ++ MinerSearch/HostsDeletionForm.Designer.cs | 223 ++- MinerSearch/HostsDeletionForm.cs | 8 +- MinerSearch/License.Designer.cs | 147 +- MinerSearch/License.cs | 14 +- MinerSearch/LocalizedLogger.cs | 12 +- MinerSearch/Logger.cs | 36 + MinerSearch/MinerSearch.cs | 432 +++-- MinerSearch/MinerSearch.csproj | 27 +- MinerSearch/Native.cs | 79 +- MinerSearch/Program.cs | 131 +- MinerSearch/Properties/AssemblyInfo.cs | 4 +- MinerSearch/Properties/Resources.Designer.cs | 485 ++++- MinerSearch/Properties/Resources.resx | 1817 ++++++++++-------- MinerSearch/SplashForm.Designer.cs | 611 ++++++ MinerSearch/SplashForm.cs | 128 ++ MinerSearch/SplashForm.resx | 539 ++++++ MinerSearch/WinTrust.cs | 4 +- MinerSearch/utils.cs | 439 ++++- base/MSData.cs | 448 ++--- base/Properties/AssemblyInfo.cs | 4 +- base/dbase.csproj | 2 +- netlib/GithubAPI.cs | 39 + netlib/Internet.cs | 25 + netlib/Properties/AssemblyInfo.cs | 4 +- netlib/netlib.csproj | 13 +- 31 files changed, 4779 insertions(+), 2068 deletions(-) create mode 100644 MinerSearch/FormShadow.cs create mode 100644 MinerSearch/FormShadow.resx create mode 100644 MinerSearch/SplashForm.Designer.cs create mode 100644 MinerSearch/SplashForm.cs create mode 100644 MinerSearch/SplashForm.resx create mode 100644 netlib/GithubAPI.cs create mode 100644 netlib/Internet.cs diff --git a/.gitignore b/.gitignore index 3cd1068..aeb7f34 100644 --- a/.gitignore +++ b/.gitignore @@ -374,3 +374,5 @@ FodyWeavers.xsd *.blend1 *.lnk /MinerSearch/.vscode +/MinerSearch/Resources/sber.jpg +*.txt diff --git a/MinerSearch/Finish.Designer.cs b/MinerSearch/Finish.Designer.cs index 6430ffd..ec6a64e 100644 --- a/MinerSearch/Finish.Designer.cs +++ b/MinerSearch/Finish.Designer.cs @@ -29,340 +29,268 @@ protected override void Dispose(bool disposing) /// private void InitializeComponent() { - this.components = new System.ComponentModel.Container(); - this.panel1 = new System.Windows.Forms.Panel(); this.tableLayoutPanel1 = new System.Windows.Forms.TableLayoutPanel(); - this.LBL_link3 = new System.Windows.Forms.Panel(); - this.yoomoney_tb = new System.Windows.Forms.TextBox(); - this.textBox1 = new System.Windows.Forms.TextBox(); - this.pb_QR = new System.Windows.Forms.PictureBox(); - this.label1 = new System.Windows.Forms.Label(); - this.LBL_Support = new System.Windows.Forms.Label(); + this.panel1 = new System.Windows.Forms.Panel(); + this.button1 = new System.Windows.Forms.Button(); + this.top = new System.Windows.Forms.Label(); + this.panel3 = new System.Windows.Forms.Panel(); + this.LBL_ScanComplete = new System.Windows.Forms.Label(); + this.LBL_scanElapsedTime = new System.Windows.Forms.Label(); + this.LBL_ScanTime = new System.Windows.Forms.Label(); this.tableLayoutPanel2 = new System.Windows.Forms.TableLayoutPanel(); - this.panel4 = new System.Windows.Forms.Panel(); - this.pb_M1nerSearch = new System.Windows.Forms.PictureBox(); - this.LBL_link2 = new System.Windows.Forms.Label(); - this.LBL_link1 = new System.Windows.Forms.Label(); - this.LBL_JoinTelegram = new System.Windows.Forms.Label(); - this.pb_telegram = new System.Windows.Forms.PictureBox(); this.panel2 = new System.Windows.Forms.Panel(); - this.btnDetails = new System.Windows.Forms.Button(); - this.LBL_scanElapsedTime = new System.Windows.Forms.Label(); + this.Label_SuspiciousObjectsCount = new System.Windows.Forms.Label(); + this.Label_suspiciousObjects = new System.Windows.Forms.Label(); this.LBL_curedCount = new System.Windows.Forms.Label(); + this.LBL_totalThreats = new System.Windows.Forms.Label(); this.LBL_threatsCount = new System.Windows.Forms.Label(); - this.LBL_ScanTime = new System.Windows.Forms.Label(); - this.label7 = new System.Windows.Forms.Label(); - this.LBL_ScanComplete = new System.Windows.Forms.Label(); + this.LabelSeparator = new System.Windows.Forms.Label(); this.LBL_neutralizedThreats = new System.Windows.Forms.Label(); - this.label5 = new System.Windows.Forms.Label(); - this.LBL_totalThreats = new System.Windows.Forms.Label(); + this.panel4 = new System.Windows.Forms.Panel(); + this.Label_OpenLogsFolder = new System.Windows.Forms.LinkLabel(); + this.Label_showAllLogs = new System.Windows.Forms.Label(); + this.btnDetails = new System.Windows.Forms.Button(); + this.panel5 = new System.Windows.Forms.Panel(); this.FinalStatus_label = new System.Windows.Forms.Label(); - this.top = new System.Windows.Forms.Label(); - this.button1 = new System.Windows.Forms.Button(); - this.AnimationTimer = new System.Windows.Forms.Timer(this.components); - this.panel1.SuspendLayout(); this.tableLayoutPanel1.SuspendLayout(); - this.LBL_link3.SuspendLayout(); - ((System.ComponentModel.ISupportInitialize)(this.pb_QR)).BeginInit(); + this.panel1.SuspendLayout(); + this.panel3.SuspendLayout(); this.tableLayoutPanel2.SuspendLayout(); - this.panel4.SuspendLayout(); - ((System.ComponentModel.ISupportInitialize)(this.pb_M1nerSearch)).BeginInit(); - ((System.ComponentModel.ISupportInitialize)(this.pb_telegram)).BeginInit(); this.panel2.SuspendLayout(); + this.panel4.SuspendLayout(); + this.panel5.SuspendLayout(); this.SuspendLayout(); // - // panel1 - // - this.panel1.BackColor = System.Drawing.Color.White; - this.panel1.Controls.Add(this.tableLayoutPanel1); - this.panel1.Location = new System.Drawing.Point(1, 27); - this.panel1.Margin = new System.Windows.Forms.Padding(1); - this.panel1.Name = "panel1"; - this.panel1.Size = new System.Drawing.Size(702, 483); - this.panel1.TabIndex = 0; - // // tableLayoutPanel1 // - this.tableLayoutPanel1.CellBorderStyle = System.Windows.Forms.TableLayoutPanelCellBorderStyle.Single; + this.tableLayoutPanel1.BackColor = System.Drawing.Color.Transparent; this.tableLayoutPanel1.ColumnCount = 1; this.tableLayoutPanel1.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 50F)); this.tableLayoutPanel1.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 50F)); - this.tableLayoutPanel1.Controls.Add(this.LBL_link3, 0, 2); - this.tableLayoutPanel1.Controls.Add(this.tableLayoutPanel2, 0, 0); - this.tableLayoutPanel1.Controls.Add(this.FinalStatus_label, 0, 1); + this.tableLayoutPanel1.Controls.Add(this.panel1, 0, 0); + this.tableLayoutPanel1.Controls.Add(this.panel3, 0, 1); + this.tableLayoutPanel1.Controls.Add(this.tableLayoutPanel2, 0, 2); + this.tableLayoutPanel1.Controls.Add(this.panel5, 0, 3); this.tableLayoutPanel1.Dock = System.Windows.Forms.DockStyle.Fill; this.tableLayoutPanel1.Location = new System.Drawing.Point(0, 0); - this.tableLayoutPanel1.Margin = new System.Windows.Forms.Padding(2); + this.tableLayoutPanel1.Margin = new System.Windows.Forms.Padding(0); this.tableLayoutPanel1.Name = "tableLayoutPanel1"; - this.tableLayoutPanel1.RowCount = 3; - this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 82.80255F)); - this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 17.19745F)); - this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Absolute, 166F)); - this.tableLayoutPanel1.Size = new System.Drawing.Size(702, 483); + this.tableLayoutPanel1.RowCount = 4; + this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 35.29412F)); + this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 64.70588F)); + this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Absolute, 213F)); + this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Absolute, 94F)); + this.tableLayoutPanel1.Size = new System.Drawing.Size(684, 429); this.tableLayoutPanel1.TabIndex = 0; // - // LBL_link3 - // - this.LBL_link3.Controls.Add(this.yoomoney_tb); - this.LBL_link3.Controls.Add(this.textBox1); - this.LBL_link3.Controls.Add(this.pb_QR); - this.LBL_link3.Controls.Add(this.label1); - this.LBL_link3.Controls.Add(this.LBL_Support); - this.LBL_link3.Location = new System.Drawing.Point(3, 317); - this.LBL_link3.Margin = new System.Windows.Forms.Padding(2); - this.LBL_link3.Name = "LBL_link3"; - this.LBL_link3.Size = new System.Drawing.Size(696, 163); - this.LBL_link3.TabIndex = 3; - // - // yoomoney_tb - // - this.yoomoney_tb.BackColor = System.Drawing.Color.White; - this.yoomoney_tb.BorderStyle = System.Windows.Forms.BorderStyle.None; - this.yoomoney_tb.Font = new System.Drawing.Font("Segoe UI Semibold", 9F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(204))); - this.yoomoney_tb.Location = new System.Drawing.Point(16, 126); - this.yoomoney_tb.Name = "yoomoney_tb"; - this.yoomoney_tb.ReadOnly = true; - this.yoomoney_tb.Size = new System.Drawing.Size(478, 20); - this.yoomoney_tb.TabIndex = 10; - this.yoomoney_tb.Text = "ЮМани (яндекс): 4100 1161 1264 0968"; - this.yoomoney_tb.TextAlign = System.Windows.Forms.HorizontalAlignment.Right; - this.yoomoney_tb.WordWrap = false; - // - // textBox1 - // - this.textBox1.BackColor = System.Drawing.Color.White; - this.textBox1.BorderStyle = System.Windows.Forms.BorderStyle.None; - this.textBox1.Font = new System.Drawing.Font("Segoe UI Semibold", 9F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(204))); - this.textBox1.Location = new System.Drawing.Point(25, 93); - this.textBox1.Name = "textBox1"; - this.textBox1.ReadOnly = true; - this.textBox1.Size = new System.Drawing.Size(484, 20); - this.textBox1.TabIndex = 10; - this.textBox1.Text = "USDT: UQBw3htVV8uMW6lugGryttzR50GbBeSSMCsFoHCQjq75JiPl"; - this.textBox1.TextAlign = System.Windows.Forms.HorizontalAlignment.Center; - this.textBox1.WordWrap = false; - // - // pb_QR - // - this.pb_QR.Anchor = System.Windows.Forms.AnchorStyles.None; - this.pb_QR.BackColor = System.Drawing.Color.Transparent; - this.pb_QR.Cursor = System.Windows.Forms.Cursors.Hand; - this.pb_QR.Image = global::MSearch.Properties.Resources.blendlog_donate; - this.pb_QR.Location = new System.Drawing.Point(515, 12); - this.pb_QR.Name = "pb_QR"; - this.pb_QR.Size = new System.Drawing.Size(139, 140); - this.pb_QR.SizeMode = System.Windows.Forms.PictureBoxSizeMode.Zoom; - this.pb_QR.TabIndex = 3; - this.pb_QR.TabStop = false; - this.pb_QR.Click += new System.EventHandler(this.pb_QR_Click); - this.pb_QR.MouseEnter += new System.EventHandler(this.pb_QR_MouseEnter); - this.pb_QR.MouseLeave += new System.EventHandler(this.pb_QR_MouseLeave); - // - // label1 - // - this.label1.Anchor = System.Windows.Forms.AnchorStyles.None; - this.label1.Font = new System.Drawing.Font("Segoe UI Semibold", 10.2F, ((System.Drawing.FontStyle)((System.Drawing.FontStyle.Bold | System.Drawing.FontStyle.Underline))), System.Drawing.GraphicsUnit.Point, ((byte)(204))); - this.label1.Location = new System.Drawing.Point(51, 57); - this.label1.Margin = new System.Windows.Forms.Padding(2, 1, 2, 0); - this.label1.Name = "label1"; - this.label1.Size = new System.Drawing.Size(445, 25); - this.label1.TabIndex = 2; - this.label1.Text = "https://boosty.to/BlendLog/donate"; - this.label1.TextAlign = System.Drawing.ContentAlignment.MiddleRight; - this.label1.Click += new System.EventHandler(this.label1_Click); - // - // LBL_Support - // - this.LBL_Support.Anchor = System.Windows.Forms.AnchorStyles.None; - this.LBL_Support.Font = new System.Drawing.Font("Segoe UI", 10F, System.Drawing.FontStyle.Bold); - this.LBL_Support.Location = new System.Drawing.Point(9, 12); - this.LBL_Support.Margin = new System.Windows.Forms.Padding(0); - this.LBL_Support.Name = "LBL_Support"; - this.LBL_Support.Size = new System.Drawing.Size(493, 27); - this.LBL_Support.TabIndex = 1; - this.LBL_Support.Text = "Нравится приложение? Поддержи проект на Boosty"; - this.LBL_Support.TextAlign = System.Drawing.ContentAlignment.MiddleRight; + // panel1 + // + this.panel1.BackColor = System.Drawing.Color.Transparent; + this.panel1.Controls.Add(this.button1); + this.panel1.Controls.Add(this.top); + this.panel1.Dock = System.Windows.Forms.DockStyle.Fill; + this.panel1.Location = new System.Drawing.Point(0, 0); + this.panel1.Margin = new System.Windows.Forms.Padding(0); + this.panel1.Name = "panel1"; + this.panel1.Size = new System.Drawing.Size(684, 43); + this.panel1.TabIndex = 4; + // + // button1 + // + this.button1.BackColor = System.Drawing.Color.RoyalBlue; + this.button1.FlatAppearance.BorderColor = System.Drawing.Color.White; + this.button1.FlatAppearance.BorderSize = 0; + this.button1.FlatAppearance.MouseOverBackColor = System.Drawing.Color.FromArgb(((int)(((byte)(255)))), ((int)(((byte)(128)))), ((int)(((byte)(128))))); + this.button1.FlatStyle = System.Windows.Forms.FlatStyle.Flat; + this.button1.Font = new System.Drawing.Font("Verdana", 8F, System.Drawing.FontStyle.Bold); + this.button1.ForeColor = System.Drawing.Color.White; + this.button1.ImageAlign = System.Drawing.ContentAlignment.TopCenter; + this.button1.Location = new System.Drawing.Point(649, 5); + this.button1.Margin = new System.Windows.Forms.Padding(0); + this.button1.Name = "button1"; + this.button1.Size = new System.Drawing.Size(30, 30); + this.button1.TabIndex = 99; + this.button1.Text = "X"; + this.button1.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + this.button1.UseVisualStyleBackColor = false; + this.button1.Visible = false; + this.button1.Click += new System.EventHandler(this.button1_Click); + // + // top + // + this.top.BackColor = System.Drawing.Color.RoyalBlue; + this.top.Dock = System.Windows.Forms.DockStyle.Top; + this.top.FlatStyle = System.Windows.Forms.FlatStyle.Flat; + this.top.Font = new System.Drawing.Font("Trebuchet MS", 12F, System.Drawing.FontStyle.Bold); + this.top.ForeColor = System.Drawing.Color.White; + this.top.Location = new System.Drawing.Point(0, 0); + this.top.Margin = new System.Windows.Forms.Padding(0); + this.top.Name = "top"; + this.top.Padding = new System.Windows.Forms.Padding(8, 0, 0, 0); + this.top.Size = new System.Drawing.Size(684, 39); + this.top.TabIndex = 1; + this.top.Text = "MinerSearch "; + this.top.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + this.top.MouseDown += new System.Windows.Forms.MouseEventHandler(this.top_MouseDown); + // + // panel3 + // + this.panel3.BackColor = System.Drawing.Color.Gainsboro; + this.panel3.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; + this.panel3.Controls.Add(this.LBL_ScanComplete); + this.panel3.Controls.Add(this.LBL_scanElapsedTime); + this.panel3.Controls.Add(this.LBL_ScanTime); + this.panel3.Dock = System.Windows.Forms.DockStyle.Fill; + this.panel3.ForeColor = System.Drawing.Color.Transparent; + this.panel3.Location = new System.Drawing.Point(5, 46); + this.panel3.Margin = new System.Windows.Forms.Padding(5, 3, 5, 0); + this.panel3.Name = "panel3"; + this.panel3.Size = new System.Drawing.Size(674, 75); + this.panel3.TabIndex = 5; + // + // LBL_ScanComplete + // + this.LBL_ScanComplete.BackColor = System.Drawing.Color.Transparent; + this.LBL_ScanComplete.Dock = System.Windows.Forms.DockStyle.Top; + this.LBL_ScanComplete.FlatStyle = System.Windows.Forms.FlatStyle.Flat; + this.LBL_ScanComplete.Font = new System.Drawing.Font("Trebuchet MS", 14F, System.Drawing.FontStyle.Bold); + this.LBL_ScanComplete.ForeColor = System.Drawing.Color.Black; + this.LBL_ScanComplete.Location = new System.Drawing.Point(0, 0); + this.LBL_ScanComplete.Margin = new System.Windows.Forms.Padding(0); + this.LBL_ScanComplete.Name = "LBL_ScanComplete"; + this.LBL_ScanComplete.Size = new System.Drawing.Size(672, 42); + this.LBL_ScanComplete.TabIndex = 3; + this.LBL_ScanComplete.Text = "Сканирование завершено"; + this.LBL_ScanComplete.TextAlign = System.Drawing.ContentAlignment.MiddleCenter; + // + // LBL_scanElapsedTime + // + this.LBL_scanElapsedTime.Anchor = System.Windows.Forms.AnchorStyles.None; + this.LBL_scanElapsedTime.Font = new System.Drawing.Font("Trebuchet MS", 9F, System.Drawing.FontStyle.Bold); + this.LBL_scanElapsedTime.ForeColor = System.Drawing.Color.Black; + this.LBL_scanElapsedTime.Location = new System.Drawing.Point(380, 42); + this.LBL_scanElapsedTime.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); + this.LBL_scanElapsedTime.Name = "LBL_scanElapsedTime"; + this.LBL_scanElapsedTime.Size = new System.Drawing.Size(293, 20); + this.LBL_scanElapsedTime.TabIndex = 8; + this.LBL_scanElapsedTime.Text = "00:00:00:000"; + this.LBL_scanElapsedTime.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + // + // LBL_ScanTime + // + this.LBL_ScanTime.Anchor = System.Windows.Forms.AnchorStyles.None; + this.LBL_ScanTime.Font = new System.Drawing.Font("Trebuchet MS", 9F, System.Drawing.FontStyle.Bold); + this.LBL_ScanTime.ForeColor = System.Drawing.Color.Black; + this.LBL_ScanTime.Location = new System.Drawing.Point(2, 42); + this.LBL_ScanTime.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); + this.LBL_ScanTime.Name = "LBL_ScanTime"; + this.LBL_ScanTime.Size = new System.Drawing.Size(339, 20); + this.LBL_ScanTime.TabIndex = 5; + this.LBL_ScanTime.Text = "Время сканирования:"; + this.LBL_ScanTime.TextAlign = System.Drawing.ContentAlignment.MiddleRight; // // tableLayoutPanel2 // - this.tableLayoutPanel2.CellBorderStyle = System.Windows.Forms.TableLayoutPanelCellBorderStyle.Single; this.tableLayoutPanel2.ColumnCount = 2; - this.tableLayoutPanel2.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 50F)); - this.tableLayoutPanel2.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 50F)); - this.tableLayoutPanel2.Controls.Add(this.panel4, 1, 0); + this.tableLayoutPanel2.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 52.77778F)); + this.tableLayoutPanel2.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 47.22222F)); this.tableLayoutPanel2.Controls.Add(this.panel2, 0, 0); + this.tableLayoutPanel2.Controls.Add(this.panel4, 1, 0); this.tableLayoutPanel2.Dock = System.Windows.Forms.DockStyle.Fill; - this.tableLayoutPanel2.Location = new System.Drawing.Point(4, 4); + this.tableLayoutPanel2.Location = new System.Drawing.Point(0, 121); + this.tableLayoutPanel2.Margin = new System.Windows.Forms.Padding(0); this.tableLayoutPanel2.Name = "tableLayoutPanel2"; this.tableLayoutPanel2.RowCount = 1; this.tableLayoutPanel2.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 100F)); - this.tableLayoutPanel2.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Absolute, 252F)); - this.tableLayoutPanel2.Size = new System.Drawing.Size(694, 253); + this.tableLayoutPanel2.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Absolute, 213F)); + this.tableLayoutPanel2.Size = new System.Drawing.Size(684, 213); this.tableLayoutPanel2.TabIndex = 4; // - // panel4 - // - this.panel4.Controls.Add(this.pb_M1nerSearch); - this.panel4.Controls.Add(this.LBL_link2); - this.panel4.Controls.Add(this.LBL_link1); - this.panel4.Controls.Add(this.LBL_JoinTelegram); - this.panel4.Controls.Add(this.pb_telegram); - this.panel4.Dock = System.Windows.Forms.DockStyle.Fill; - this.panel4.Location = new System.Drawing.Point(349, 3); - this.panel4.Margin = new System.Windows.Forms.Padding(2); - this.panel4.Name = "panel4"; - this.panel4.Size = new System.Drawing.Size(342, 247); - this.panel4.TabIndex = 1; - // - // pb_M1nerSearch - // - this.pb_M1nerSearch.Anchor = System.Windows.Forms.AnchorStyles.None; - this.pb_M1nerSearch.Cursor = System.Windows.Forms.Cursors.Default; - this.pb_M1nerSearch.Image = global::MSearch.Properties.Resources._128; - this.pb_M1nerSearch.Location = new System.Drawing.Point(184, 65); - this.pb_M1nerSearch.Margin = new System.Windows.Forms.Padding(2); - this.pb_M1nerSearch.Name = "pb_M1nerSearch"; - this.pb_M1nerSearch.Size = new System.Drawing.Size(92, 92); - this.pb_M1nerSearch.SizeMode = System.Windows.Forms.PictureBoxSizeMode.Zoom; - this.pb_M1nerSearch.TabIndex = 6; - this.pb_M1nerSearch.TabStop = false; - this.pb_M1nerSearch.Click += new System.EventHandler(this.pb_M1nerSearch_Click); - this.pb_M1nerSearch.MouseEnter += new System.EventHandler(this.pb_M1nerSearch_MouseEnter); - this.pb_M1nerSearch.MouseLeave += new System.EventHandler(this.pb_M1nerSearch_MouseLeave); - // - // LBL_link2 - // - this.LBL_link2.Anchor = System.Windows.Forms.AnchorStyles.None; - this.LBL_link2.AutoSize = true; - this.LBL_link2.Cursor = System.Windows.Forms.Cursors.Hand; - this.LBL_link2.Font = new System.Drawing.Font("Segoe UI", 10.2F); - this.LBL_link2.Location = new System.Drawing.Point(53, 203); - this.LBL_link2.Margin = new System.Windows.Forms.Padding(2, 1, 2, 0); - this.LBL_link2.Name = "LBL_link2"; - this.LBL_link2.Size = new System.Drawing.Size(243, 23); - this.LBL_link2.TabIndex = 5; - this.LBL_link2.Text = "https://t.me/MinerSearch_chat"; - this.LBL_link2.TextAlign = System.Drawing.ContentAlignment.MiddleRight; - this.LBL_link2.Click += new System.EventHandler(this.LBL_link2_Click); - this.LBL_link2.MouseEnter += new System.EventHandler(this.LBL_link2_MouseEnter); - this.LBL_link2.MouseLeave += new System.EventHandler(this.LBL_link2_MouseLeave); - // - // LBL_link1 - // - this.LBL_link1.Anchor = System.Windows.Forms.AnchorStyles.None; - this.LBL_link1.AutoSize = true; - this.LBL_link1.Cursor = System.Windows.Forms.Cursors.Hand; - this.LBL_link1.Font = new System.Drawing.Font("Segoe UI", 10.2F); - this.LBL_link1.Location = new System.Drawing.Point(53, 169); - this.LBL_link1.Margin = new System.Windows.Forms.Padding(2, 1, 2, 0); - this.LBL_link1.Name = "LBL_link1"; - this.LBL_link1.Size = new System.Drawing.Size(244, 23); - this.LBL_link1.TabIndex = 4; - this.LBL_link1.Text = "https://t.me/MinerSearch_blog"; - this.LBL_link1.TextAlign = System.Drawing.ContentAlignment.MiddleRight; - this.LBL_link1.Click += new System.EventHandler(this.LBL_link1_Click); - this.LBL_link1.MouseEnter += new System.EventHandler(this.LBL_link1_MouseEnter); - this.LBL_link1.MouseLeave += new System.EventHandler(this.LBL_link1_MouseLeave); - // - // LBL_JoinTelegram - // - this.LBL_JoinTelegram.BackColor = System.Drawing.Color.Transparent; - this.LBL_JoinTelegram.Dock = System.Windows.Forms.DockStyle.Top; - this.LBL_JoinTelegram.Font = new System.Drawing.Font("Verdana", 10.2F, System.Drawing.FontStyle.Bold); - this.LBL_JoinTelegram.ForeColor = System.Drawing.Color.Black; - this.LBL_JoinTelegram.Location = new System.Drawing.Point(0, 0); - this.LBL_JoinTelegram.Margin = new System.Windows.Forms.Padding(0); - this.LBL_JoinTelegram.Name = "LBL_JoinTelegram"; - this.LBL_JoinTelegram.Size = new System.Drawing.Size(342, 46); - this.LBL_JoinTelegram.TabIndex = 4; - this.LBL_JoinTelegram.Text = "Есть вопросы? Заходите в телеграм!"; - this.LBL_JoinTelegram.TextAlign = System.Drawing.ContentAlignment.MiddleCenter; - // - // pb_telegram - // - this.pb_telegram.Anchor = System.Windows.Forms.AnchorStyles.None; - this.pb_telegram.Image = global::MSearch.Properties.Resources.telegram_logo; - this.pb_telegram.Location = new System.Drawing.Point(74, 65); - this.pb_telegram.Margin = new System.Windows.Forms.Padding(2); - this.pb_telegram.Name = "pb_telegram"; - this.pb_telegram.Size = new System.Drawing.Size(92, 92); - this.pb_telegram.SizeMode = System.Windows.Forms.PictureBoxSizeMode.Zoom; - this.pb_telegram.TabIndex = 0; - this.pb_telegram.TabStop = false; - this.pb_telegram.Click += new System.EventHandler(this.pb_telegram_Click); - this.pb_telegram.MouseEnter += new System.EventHandler(this.pb_telegram_MouseEnter); - this.pb_telegram.MouseLeave += new System.EventHandler(this.pb_telegram_MouseLeave); - // // panel2 // - this.panel2.Controls.Add(this.btnDetails); - this.panel2.Controls.Add(this.LBL_scanElapsedTime); + this.panel2.BackColor = System.Drawing.Color.Gainsboro; + this.panel2.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; + this.panel2.Controls.Add(this.Label_SuspiciousObjectsCount); + this.panel2.Controls.Add(this.Label_suspiciousObjects); this.panel2.Controls.Add(this.LBL_curedCount); + this.panel2.Controls.Add(this.LBL_totalThreats); this.panel2.Controls.Add(this.LBL_threatsCount); - this.panel2.Controls.Add(this.LBL_ScanTime); - this.panel2.Controls.Add(this.label7); - this.panel2.Controls.Add(this.LBL_ScanComplete); + this.panel2.Controls.Add(this.LabelSeparator); this.panel2.Controls.Add(this.LBL_neutralizedThreats); - this.panel2.Controls.Add(this.label5); - this.panel2.Controls.Add(this.LBL_totalThreats); this.panel2.Dock = System.Windows.Forms.DockStyle.Fill; - this.panel2.Location = new System.Drawing.Point(3, 3); - this.panel2.Margin = new System.Windows.Forms.Padding(2); + this.panel2.ForeColor = System.Drawing.Color.Transparent; + this.panel2.Location = new System.Drawing.Point(5, 5); + this.panel2.Margin = new System.Windows.Forms.Padding(5, 5, 4, 5); this.panel2.Name = "panel2"; - this.panel2.Size = new System.Drawing.Size(341, 247); + this.panel2.Size = new System.Drawing.Size(352, 203); this.panel2.TabIndex = 0; // - // btnDetails - // - this.btnDetails.Anchor = System.Windows.Forms.AnchorStyles.None; - this.btnDetails.FlatAppearance.BorderColor = System.Drawing.Color.Navy; - this.btnDetails.FlatAppearance.BorderSize = 2; - this.btnDetails.FlatStyle = System.Windows.Forms.FlatStyle.Flat; - this.btnDetails.Font = new System.Drawing.Font("Verdana", 10.2F); - this.btnDetails.ForeColor = System.Drawing.Color.Navy; - this.btnDetails.Location = new System.Drawing.Point(12, 122); - this.btnDetails.Name = "btnDetails"; - this.btnDetails.Size = new System.Drawing.Size(295, 34); - this.btnDetails.TabIndex = 9; - this.btnDetails.Text = "Подробно"; - this.btnDetails.UseVisualStyleBackColor = true; - this.btnDetails.Click += new System.EventHandler(this.btnDetails_Click); - // - // LBL_scanElapsedTime - // - this.LBL_scanElapsedTime.Anchor = System.Windows.Forms.AnchorStyles.None; - this.LBL_scanElapsedTime.AutoSize = true; - this.LBL_scanElapsedTime.Font = new System.Drawing.Font("Verdana", 10.2F); - this.LBL_scanElapsedTime.ForeColor = System.Drawing.Color.Black; - this.LBL_scanElapsedTime.Location = new System.Drawing.Point(17, 207); - this.LBL_scanElapsedTime.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); - this.LBL_scanElapsedTime.Name = "LBL_scanElapsedTime"; - this.LBL_scanElapsedTime.Size = new System.Drawing.Size(97, 20); - this.LBL_scanElapsedTime.TabIndex = 8; - this.LBL_scanElapsedTime.Text = "--:--:--:--"; - this.LBL_scanElapsedTime.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + // Label_SuspiciousObjectsCount + // + this.Label_SuspiciousObjectsCount.Anchor = System.Windows.Forms.AnchorStyles.None; + this.Label_SuspiciousObjectsCount.AutoSize = true; + this.Label_SuspiciousObjectsCount.Font = new System.Drawing.Font("Verdana", 10.2F, System.Drawing.FontStyle.Bold); + this.Label_SuspiciousObjectsCount.ForeColor = System.Drawing.Color.Black; + this.Label_SuspiciousObjectsCount.ImageAlign = System.Drawing.ContentAlignment.MiddleLeft; + this.Label_SuspiciousObjectsCount.Location = new System.Drawing.Point(285, 64); + this.Label_SuspiciousObjectsCount.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); + this.Label_SuspiciousObjectsCount.Name = "Label_SuspiciousObjectsCount"; + this.Label_SuspiciousObjectsCount.Size = new System.Drawing.Size(21, 20); + this.Label_SuspiciousObjectsCount.TabIndex = 9; + this.Label_SuspiciousObjectsCount.Text = "0"; + this.Label_SuspiciousObjectsCount.TextAlign = System.Drawing.ContentAlignment.MiddleCenter; + // + // Label_suspiciousObjects + // + this.Label_suspiciousObjects.Anchor = System.Windows.Forms.AnchorStyles.None; + this.Label_suspiciousObjects.AutoSize = true; + this.Label_suspiciousObjects.Font = new System.Drawing.Font("Verdana", 10.2F, System.Drawing.FontStyle.Bold); + this.Label_suspiciousObjects.ForeColor = System.Drawing.Color.Black; + this.Label_suspiciousObjects.Location = new System.Drawing.Point(13, 64); + this.Label_suspiciousObjects.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); + this.Label_suspiciousObjects.Name = "Label_suspiciousObjects"; + this.Label_suspiciousObjects.Size = new System.Drawing.Size(135, 20); + this.Label_suspiciousObjects.TabIndex = 8; + this.Label_suspiciousObjects.Text = "Подозрений:"; + this.Label_suspiciousObjects.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; // // LBL_curedCount // this.LBL_curedCount.Anchor = System.Windows.Forms.AnchorStyles.None; this.LBL_curedCount.AutoSize = true; - this.LBL_curedCount.Font = new System.Drawing.Font("Verdana", 10.2F, System.Drawing.FontStyle.Bold); + this.LBL_curedCount.Font = new System.Drawing.Font("Verdana", 11F, System.Drawing.FontStyle.Bold); this.LBL_curedCount.ForeColor = System.Drawing.Color.Black; - this.LBL_curedCount.Location = new System.Drawing.Point(287, 94); + this.LBL_curedCount.ImageAlign = System.Drawing.ContentAlignment.MiddleLeft; + this.LBL_curedCount.Location = new System.Drawing.Point(285, 147); this.LBL_curedCount.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); this.LBL_curedCount.Name = "LBL_curedCount"; - this.LBL_curedCount.Size = new System.Drawing.Size(21, 20); + this.LBL_curedCount.Size = new System.Drawing.Size(24, 23); this.LBL_curedCount.TabIndex = 7; this.LBL_curedCount.Text = "0"; this.LBL_curedCount.TextAlign = System.Drawing.ContentAlignment.MiddleCenter; // + // LBL_totalThreats + // + this.LBL_totalThreats.Anchor = System.Windows.Forms.AnchorStyles.None; + this.LBL_totalThreats.AutoSize = true; + this.LBL_totalThreats.Font = new System.Drawing.Font("Verdana", 10.2F, System.Drawing.FontStyle.Bold); + this.LBL_totalThreats.ForeColor = System.Drawing.Color.Crimson; + this.LBL_totalThreats.Location = new System.Drawing.Point(13, 31); + this.LBL_totalThreats.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); + this.LBL_totalThreats.Name = "LBL_totalThreats"; + this.LBL_totalThreats.Size = new System.Drawing.Size(160, 20); + this.LBL_totalThreats.TabIndex = 1; + this.LBL_totalThreats.Text = "Найдено угроз:"; + this.LBL_totalThreats.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + // // LBL_threatsCount // this.LBL_threatsCount.Anchor = System.Windows.Forms.AnchorStyles.None; this.LBL_threatsCount.AutoSize = true; this.LBL_threatsCount.Font = new System.Drawing.Font("Verdana", 10.2F, System.Drawing.FontStyle.Bold); - this.LBL_threatsCount.ForeColor = System.Drawing.Color.Black; - this.LBL_threatsCount.Location = new System.Drawing.Point(286, 63); + this.LBL_threatsCount.ForeColor = System.Drawing.Color.Crimson; + this.LBL_threatsCount.ImageAlign = System.Drawing.ContentAlignment.MiddleLeft; + this.LBL_threatsCount.Location = new System.Drawing.Point(285, 31); this.LBL_threatsCount.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); this.LBL_threatsCount.Name = "LBL_threatsCount"; this.LBL_threatsCount.Size = new System.Drawing.Size(21, 20); @@ -370,144 +298,129 @@ private void InitializeComponent() this.LBL_threatsCount.Text = "0"; this.LBL_threatsCount.TextAlign = System.Drawing.ContentAlignment.MiddleCenter; // - // LBL_ScanTime - // - this.LBL_ScanTime.Anchor = System.Windows.Forms.AnchorStyles.None; - this.LBL_ScanTime.AutoSize = true; - this.LBL_ScanTime.Font = new System.Drawing.Font("Verdana", 10.2F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(204))); - this.LBL_ScanTime.Location = new System.Drawing.Point(9, 175); - this.LBL_ScanTime.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); - this.LBL_ScanTime.Name = "LBL_ScanTime"; - this.LBL_ScanTime.Size = new System.Drawing.Size(202, 20); - this.LBL_ScanTime.TabIndex = 5; - this.LBL_ScanTime.Text = "Время сканирования:"; - this.LBL_ScanTime.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; - // - // label7 - // - this.label7.Anchor = System.Windows.Forms.AnchorStyles.None; - this.label7.AutoSize = true; - this.label7.Font = new System.Drawing.Font("Verdana", 10.2F); - this.label7.Location = new System.Drawing.Point(1, 153); - this.label7.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); - this.label7.Name = "label7"; - this.label7.Size = new System.Drawing.Size(321, 20); - this.label7.TabIndex = 4; - this.label7.Text = "---------------------------------------"; + // LabelSeparator // - // LBL_ScanComplete - // - this.LBL_ScanComplete.Dock = System.Windows.Forms.DockStyle.Top; - this.LBL_ScanComplete.Font = new System.Drawing.Font("Verdana", 10.2F, System.Drawing.FontStyle.Bold); - this.LBL_ScanComplete.ForeColor = System.Drawing.Color.Black; - this.LBL_ScanComplete.Location = new System.Drawing.Point(0, 0); - this.LBL_ScanComplete.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); - this.LBL_ScanComplete.Name = "LBL_ScanComplete"; - this.LBL_ScanComplete.Size = new System.Drawing.Size(341, 46); - this.LBL_ScanComplete.TabIndex = 3; - this.LBL_ScanComplete.Text = "Сканирование завершено"; - this.LBL_ScanComplete.TextAlign = System.Drawing.ContentAlignment.MiddleCenter; + this.LabelSeparator.Anchor = System.Windows.Forms.AnchorStyles.None; + this.LabelSeparator.AutoSize = true; + this.LabelSeparator.BackColor = System.Drawing.Color.Transparent; + this.LabelSeparator.Font = new System.Drawing.Font("Verdana", 10.2F); + this.LabelSeparator.ForeColor = System.Drawing.Color.FromArgb(((int)(((byte)(64)))), ((int)(((byte)(64)))), ((int)(((byte)(64))))); + this.LabelSeparator.Location = new System.Drawing.Point(-21, 96); + this.LabelSeparator.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); + this.LabelSeparator.Name = "LabelSeparator"; + this.LabelSeparator.Size = new System.Drawing.Size(372, 20); + this.LabelSeparator.TabIndex = 4; + this.LabelSeparator.Text = "_________________________________"; // // LBL_neutralizedThreats // this.LBL_neutralizedThreats.Anchor = System.Windows.Forms.AnchorStyles.None; this.LBL_neutralizedThreats.AutoSize = true; - this.LBL_neutralizedThreats.Font = new System.Drawing.Font("Verdana", 10.2F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(204))); + this.LBL_neutralizedThreats.Font = new System.Drawing.Font("Verdana", 11F, System.Drawing.FontStyle.Bold); this.LBL_neutralizedThreats.ForeColor = System.Drawing.Color.Black; - this.LBL_neutralizedThreats.Location = new System.Drawing.Point(9, 94); + this.LBL_neutralizedThreats.Location = new System.Drawing.Point(12, 147); this.LBL_neutralizedThreats.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); this.LBL_neutralizedThreats.Name = "LBL_neutralizedThreats"; - this.LBL_neutralizedThreats.Size = new System.Drawing.Size(178, 20); + this.LBL_neutralizedThreats.Size = new System.Drawing.Size(199, 23); this.LBL_neutralizedThreats.TabIndex = 0; this.LBL_neutralizedThreats.Text = "Устранено угроз:"; this.LBL_neutralizedThreats.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; // - // label5 + // panel4 // - this.label5.Anchor = System.Windows.Forms.AnchorStyles.None; - this.label5.AutoSize = true; - this.label5.Font = new System.Drawing.Font("Verdana", 10.2F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(204))); - this.label5.Location = new System.Drawing.Point(1, 43); - this.label5.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); - this.label5.Name = "label5"; - this.label5.Size = new System.Drawing.Size(321, 20); - this.label5.TabIndex = 2; - this.label5.Text = "---------------------------------------"; + this.panel4.BackColor = System.Drawing.Color.Gainsboro; + this.panel4.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; + this.panel4.Controls.Add(this.Label_OpenLogsFolder); + this.panel4.Controls.Add(this.Label_showAllLogs); + this.panel4.Controls.Add(this.btnDetails); + this.panel4.Dock = System.Windows.Forms.DockStyle.Fill; + this.panel4.ForeColor = System.Drawing.Color.Transparent; + this.panel4.Location = new System.Drawing.Point(365, 5); + this.panel4.Margin = new System.Windows.Forms.Padding(4, 5, 5, 5); + this.panel4.Name = "panel4"; + this.panel4.Size = new System.Drawing.Size(314, 203); + this.panel4.TabIndex = 1; // - // LBL_totalThreats + // Label_OpenLogsFolder + // + this.Label_OpenLogsFolder.ActiveLinkColor = System.Drawing.Color.Navy; + this.Label_OpenLogsFolder.BackColor = System.Drawing.Color.Transparent; + this.Label_OpenLogsFolder.DisabledLinkColor = System.Drawing.Color.Gray; + this.Label_OpenLogsFolder.Font = new System.Drawing.Font("Segoe UI", 10F, System.Drawing.FontStyle.Bold); + this.Label_OpenLogsFolder.ForeColor = System.Drawing.Color.MediumSlateBlue; + this.Label_OpenLogsFolder.LinkColor = System.Drawing.Color.RoyalBlue; + this.Label_OpenLogsFolder.Location = new System.Drawing.Point(3, 137); + this.Label_OpenLogsFolder.Name = "Label_OpenLogsFolder"; + this.Label_OpenLogsFolder.Size = new System.Drawing.Size(322, 23); + this.Label_OpenLogsFolder.TabIndex = 11; + this.Label_OpenLogsFolder.TabStop = true; + this.Label_OpenLogsFolder.Text = "C:\\_MinerSearchLogs"; + this.Label_OpenLogsFolder.TextAlign = System.Drawing.ContentAlignment.MiddleCenter; + this.Label_OpenLogsFolder.LinkClicked += new System.Windows.Forms.LinkLabelLinkClickedEventHandler(this.Label_OpenLogsFolder_LinkClicked); + // + // Label_showAllLogs + // + this.Label_showAllLogs.Font = new System.Drawing.Font("Segoe UI", 9F, System.Drawing.FontStyle.Bold); + this.Label_showAllLogs.ForeColor = System.Drawing.Color.Black; + this.Label_showAllLogs.Location = new System.Drawing.Point(7, 112); + this.Label_showAllLogs.Name = "Label_showAllLogs"; + this.Label_showAllLogs.Size = new System.Drawing.Size(318, 21); + this.Label_showAllLogs.TabIndex = 10; + this.Label_showAllLogs.Text = "Посмотреть все отчёты в папке:"; + this.Label_showAllLogs.TextAlign = System.Drawing.ContentAlignment.MiddleCenter; // - this.LBL_totalThreats.Anchor = System.Windows.Forms.AnchorStyles.None; - this.LBL_totalThreats.AutoSize = true; - this.LBL_totalThreats.Font = new System.Drawing.Font("Verdana", 10.2F, System.Drawing.FontStyle.Bold); - this.LBL_totalThreats.ForeColor = System.Drawing.Color.Black; - this.LBL_totalThreats.Location = new System.Drawing.Point(9, 63); - this.LBL_totalThreats.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); - this.LBL_totalThreats.Name = "LBL_totalThreats"; - this.LBL_totalThreats.Size = new System.Drawing.Size(219, 20); - this.LBL_totalThreats.TabIndex = 1; - this.LBL_totalThreats.Text = "Всего найдено угроз:"; - this.LBL_totalThreats.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + // btnDetails + // + this.btnDetails.Anchor = System.Windows.Forms.AnchorStyles.None; + this.btnDetails.BackColor = System.Drawing.Color.RoyalBlue; + this.btnDetails.FlatAppearance.BorderColor = System.Drawing.Color.Black; + this.btnDetails.FlatAppearance.MouseDownBackColor = System.Drawing.Color.Navy; + this.btnDetails.FlatAppearance.MouseOverBackColor = System.Drawing.Color.RoyalBlue; + this.btnDetails.FlatStyle = System.Windows.Forms.FlatStyle.Flat; + this.btnDetails.Font = new System.Drawing.Font("Segoe UI", 12F, System.Drawing.FontStyle.Bold); + this.btnDetails.ForeColor = System.Drawing.Color.AliceBlue; + this.btnDetails.Location = new System.Drawing.Point(58, 46); + this.btnDetails.Name = "btnDetails"; + this.btnDetails.Size = new System.Drawing.Size(199, 53); + this.btnDetails.TabIndex = 9; + this.btnDetails.Text = "Открыть отчёт"; + this.btnDetails.UseVisualStyleBackColor = false; + this.btnDetails.Click += new System.EventHandler(this.btnDetails_Click); + // + // panel5 + // + this.panel5.BackColor = System.Drawing.Color.Transparent; + this.panel5.Controls.Add(this.FinalStatus_label); + this.panel5.Dock = System.Windows.Forms.DockStyle.Fill; + this.panel5.Location = new System.Drawing.Point(5, 334); + this.panel5.Margin = new System.Windows.Forms.Padding(5, 0, 5, 5); + this.panel5.Name = "panel5"; + this.panel5.Size = new System.Drawing.Size(674, 90); + this.panel5.TabIndex = 6; // // FinalStatus_label // - this.FinalStatus_label.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Left | System.Windows.Forms.AnchorStyles.Right))); - this.FinalStatus_label.AutoSize = true; - this.FinalStatus_label.Font = new System.Drawing.Font("Verdana", 10.2F, System.Drawing.FontStyle.Bold); + this.FinalStatus_label.BackColor = System.Drawing.Color.Gainsboro; + this.FinalStatus_label.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; + this.FinalStatus_label.Dock = System.Windows.Forms.DockStyle.Fill; + this.FinalStatus_label.Font = new System.Drawing.Font("Verdana", 12F, System.Drawing.FontStyle.Bold); this.FinalStatus_label.ForeColor = System.Drawing.Color.Black; - this.FinalStatus_label.Location = new System.Drawing.Point(3, 277); - this.FinalStatus_label.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); + this.FinalStatus_label.Location = new System.Drawing.Point(0, 0); + this.FinalStatus_label.Margin = new System.Windows.Forms.Padding(0); this.FinalStatus_label.Name = "FinalStatus_label"; - this.FinalStatus_label.Size = new System.Drawing.Size(696, 20); + this.FinalStatus_label.Size = new System.Drawing.Size(674, 90); this.FinalStatus_label.TabIndex = 2; this.FinalStatus_label.Text = "-----------------------------------"; this.FinalStatus_label.TextAlign = System.Drawing.ContentAlignment.MiddleCenter; // - // top - // - this.top.BackColor = System.Drawing.Color.Transparent; - this.top.Font = new System.Drawing.Font("Microsoft Sans Serif", 10.2F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(204))); - this.top.ForeColor = System.Drawing.Color.White; - this.top.Location = new System.Drawing.Point(2, 0); - this.top.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); - this.top.Name = "top"; - this.top.Size = new System.Drawing.Size(702, 28); - this.top.TabIndex = 1; - this.top.Text = "MinerSearch "; - this.top.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; - this.top.MouseDown += new System.Windows.Forms.MouseEventHandler(this.top_MouseDown); - // - // button1 - // - this.button1.FlatAppearance.BorderColor = System.Drawing.Color.White; - this.button1.FlatAppearance.BorderSize = 0; - this.button1.FlatStyle = System.Windows.Forms.FlatStyle.Flat; - this.button1.ForeColor = System.Drawing.Color.White; - this.button1.ImageAlign = System.Drawing.ContentAlignment.TopCenter; - this.button1.Location = new System.Drawing.Point(671, 0); - this.button1.Margin = new System.Windows.Forms.Padding(2); - this.button1.Name = "button1"; - this.button1.Size = new System.Drawing.Size(27, 26); - this.button1.TabIndex = 2; - this.button1.Text = "X"; - this.button1.TextAlign = System.Drawing.ContentAlignment.MiddleRight; - this.button1.UseVisualStyleBackColor = true; - this.button1.Visible = false; - this.button1.Click += new System.EventHandler(this.button1_Click); - // - // AnimationTimer - // - this.AnimationTimer.Interval = 10; - this.AnimationTimer.Tick += new System.EventHandler(this.AnimationTimer_Tick); - // // Finish // this.AutoScaleDimensions = new System.Drawing.SizeF(8F, 16F); this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; - this.BackColor = System.Drawing.Color.Navy; - this.ClientSize = new System.Drawing.Size(704, 343); - this.Controls.Add(this.button1); - this.Controls.Add(this.top); - this.Controls.Add(this.panel1); + this.BackColor = System.Drawing.SystemColors.Control; + this.ClientSize = new System.Drawing.Size(684, 429); + this.Controls.Add(this.tableLayoutPanel1); + this.ForeColor = System.Drawing.SystemColors.Control; this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None; this.Name = "Finish"; this.ShowIcon = false; @@ -515,54 +428,41 @@ private void InitializeComponent() this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen; this.TopMost = true; this.Load += new System.EventHandler(this.Finish_Load); - this.panel1.ResumeLayout(false); this.tableLayoutPanel1.ResumeLayout(false); - this.tableLayoutPanel1.PerformLayout(); - this.LBL_link3.ResumeLayout(false); - this.LBL_link3.PerformLayout(); - ((System.ComponentModel.ISupportInitialize)(this.pb_QR)).EndInit(); + this.panel1.ResumeLayout(false); + this.panel3.ResumeLayout(false); this.tableLayoutPanel2.ResumeLayout(false); - this.panel4.ResumeLayout(false); - this.panel4.PerformLayout(); - ((System.ComponentModel.ISupportInitialize)(this.pb_M1nerSearch)).EndInit(); - ((System.ComponentModel.ISupportInitialize)(this.pb_telegram)).EndInit(); this.panel2.ResumeLayout(false); this.panel2.PerformLayout(); + this.panel4.ResumeLayout(false); + this.panel5.ResumeLayout(false); this.ResumeLayout(false); } #endregion - - private System.Windows.Forms.Panel panel1; - private System.Windows.Forms.Label LBL_Support; - private System.Windows.Forms.PictureBox pb_telegram; private System.Windows.Forms.TableLayoutPanel tableLayoutPanel1; - private System.Windows.Forms.Panel LBL_link3; - private System.Windows.Forms.PictureBox pb_QR; - private System.Windows.Forms.Label label1; private System.Windows.Forms.Label LBL_totalThreats; private System.Windows.Forms.Label LBL_neutralizedThreats; - private System.Windows.Forms.Label LBL_JoinTelegram; private System.Windows.Forms.Panel panel4; private System.Windows.Forms.Panel panel2; - private System.Windows.Forms.Label LBL_link2; - private System.Windows.Forms.Label LBL_link1; private System.Windows.Forms.Label LBL_ScanComplete; - private System.Windows.Forms.Label label5; - private System.Windows.Forms.PictureBox pb_M1nerSearch; private System.Windows.Forms.Label LBL_ScanTime; - private System.Windows.Forms.Label label7; + private System.Windows.Forms.Label LabelSeparator; private System.Windows.Forms.Label top; private System.Windows.Forms.Button button1; private System.Windows.Forms.Label LBL_curedCount; private System.Windows.Forms.Label LBL_threatsCount; private System.Windows.Forms.Label LBL_scanElapsedTime; private System.Windows.Forms.Button btnDetails; - private System.Windows.Forms.TextBox yoomoney_tb; - private System.Windows.Forms.TextBox textBox1; private System.Windows.Forms.TableLayoutPanel tableLayoutPanel2; private System.Windows.Forms.Label FinalStatus_label; - private System.Windows.Forms.Timer AnimationTimer; + private System.Windows.Forms.Panel panel1; + private System.Windows.Forms.Panel panel3; + private System.Windows.Forms.Label Label_SuspiciousObjectsCount; + private System.Windows.Forms.Label Label_suspiciousObjects; + private System.Windows.Forms.Panel panel5; + private System.Windows.Forms.LinkLabel Label_OpenLogsFolder; + private System.Windows.Forms.Label Label_showAllLogs; } } \ No newline at end of file diff --git a/MinerSearch/Finish.cs b/MinerSearch/Finish.cs index 04d1599..865d6b0 100644 --- a/MinerSearch/Finish.cs +++ b/MinerSearch/Finish.cs @@ -1,29 +1,56 @@ using Microsoft.Win32; using System; using System.Diagnostics; +using System.Drawing; using System.IO; -using System.Threading; using System.Threading.Tasks; using System.Windows.Forms; namespace MSearch { - public partial class Finish : Form + public partial class Finish : FormShadow { int threatsCount = 0; int curedCount = 0; - private int targetHeight = 415; - private int step = 2; - - public Finish(int _totalThreats, int _neutralizedThreats, string _elapsedTime) + public Finish(int _totalThreats, int _neutralizedThreats, int _suspObj, string _elapsedTime) { InitializeComponent(); threatsCount = _totalThreats; curedCount = _neutralizedThreats; LBL_threatsCount.Text = _totalThreats.ToString(); - LBL_curedCount.Text = _neutralizedThreats.ToString(); + LBL_curedCount.Text = _neutralizedThreats.ToString(); + Label_SuspiciousObjectsCount.Text = _suspObj.ToString(); LBL_scanElapsedTime.Text = _elapsedTime; + + + if (!Program.ScanOnly) + { + if (threatsCount == 0) + { + LBL_totalThreats.ForeColor = Color.Green; + LBL_threatsCount.ForeColor = Color.Green; + LBL_ScanComplete.ForeColor = Color.Green; + } + else if (threatsCount > curedCount) + { + LBL_totalThreats.ForeColor = Color.Crimson; + LBL_threatsCount.ForeColor = Color.Crimson; + LBL_ScanComplete.ForeColor = Color.DarkRed; + } + else if (threatsCount == curedCount) + { + LBL_totalThreats.ForeColor = Color.Green; + LBL_threatsCount.ForeColor = Color.Green; + } + } + else + { + LBL_totalThreats.ForeColor = Color.DodgerBlue; + LBL_threatsCount.ForeColor = Color.DodgerBlue; + LBL_ScanComplete.ForeColor = Color.DodgerBlue; + FinalStatus_label.ForeColor = Color.DodgerBlue; + } } protected override void WndProc(ref Message m) @@ -39,38 +66,11 @@ protected override void WndProc(ref Message m) base.WndProc(ref m); } - void OpenExternalLink(string link) - { - if (link.StartsWith("http")) - { - Process.Start(new ProcessStartInfo() - { - FileName = "explorer", - Arguments = $"\"{link}\"" - }); - } - } - - private void pb_QR_Click(object sender, EventArgs e) - { - OpenExternalLink("https://boosty.to/blendlog/donate"); - } - - private void pb_telegram_Click(object sender, EventArgs e) - { - OpenExternalLink("https://t.me/MinerSearch_blog"); - } - - private void pb_M1nerSearch_Click(object sender, EventArgs e) - { - OpenExternalLink("https://t.me/MinerSearch_chat"); - } - private void button1_Click(object sender, EventArgs e) { if (curedCount < threatsCount) { - var result = MessageBox.Show(Program.LL.GetLocalizedString("_FinishRebootPCNow"), Utils.GetRndString(), MessageBoxButtons.YesNo, MessageBoxIcon.Question); + var result = MessageBox.Show(Program.LL.GetLocalizedString("_RebootPCNowDialog"), Utils.GetRndString(), MessageBoxButtons.YesNo, MessageBoxIcon.Question); if (result == DialogResult.Yes) { Process.Start(new ProcessStartInfo() @@ -83,6 +83,12 @@ private void button1_Click(object sender, EventArgs e) } else Environment.Exit(0); } + else if (curedCount == threatsCount && threatsCount > 0) + { + Hide(); + SplashForm splashForm = new SplashForm(); + splashForm.ShowDialog(); + } Environment.Exit(0); } @@ -98,11 +104,12 @@ private async void Finish_Load(object sender, EventArgs e) TopMost = true; TranslateForm(); - if (curedCount == threatsCount && !Program.WinPEMode && !Program.ScanOnly && threatsCount != 0) + if (Program.no_logs) { - top.Enabled = false; - await Task.Delay(1000); - AnimationTimer.Start(); + top.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + top.Text = "MinerSearch "; + button1.Visible = true; + return; } string registryPath = @"Software\M1nerSearch"; @@ -150,21 +157,21 @@ await Task.Run(() => Task.Delay(new Random().Next(10, 3000)); MinerSearch.SentLog(); }); - top.TextAlign = System.Drawing.ContentAlignment.BottomLeft; + top.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; top.Text = "MinerSearch "; button1.Visible = true; } catch (System.IO.FileNotFoundException fnf) { Program.LL.LogErrorMessage("_Error", fnf); - top.TextAlign = System.Drawing.ContentAlignment.BottomLeft; + top.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; top.Text = "MinerSearch "; button1.Visible = true; } catch (Exception ex) { Program.LL.LogErrorMessage("_Error", ex); - top.TextAlign = System.Drawing.ContentAlignment.BottomLeft; + top.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; top.Text = "MinerSearch "; button1.Visible = true; } @@ -174,7 +181,7 @@ await Task.Run(() => else { key.SetValue(valueName, 0, RegistryValueKind.DWord); - top.TextAlign = System.Drawing.ContentAlignment.BottomLeft; + top.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; top.Text = "MinerSearch "; button1.Visible = true; } @@ -190,14 +197,14 @@ await Task.Run(() => Task.Delay(new Random().Next(10, 3000)); MinerSearch.SentLog(); }); - top.TextAlign = System.Drawing.ContentAlignment.BottomLeft; + top.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; top.Text = "MinerSearch "; button1.Visible = true; } catch (System.IO.FileNotFoundException fnf) { Program.LL.LogErrorMessage("_Error", fnf); - top.TextAlign = System.Drawing.ContentAlignment.BottomLeft; + top.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; top.Text = "MinerSearch "; button1.Visible = true; @@ -205,7 +212,7 @@ await Task.Run(() => catch (Exception ex) { Program.LL.LogErrorMessage("_Error", ex); - top.TextAlign = System.Drawing.ContentAlignment.BottomLeft; + top.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; top.Text = "MinerSearch "; button1.Visible = true; } @@ -213,7 +220,7 @@ await Task.Run(() => } else { - top.TextAlign = System.Drawing.ContentAlignment.BottomLeft; + top.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; top.Text = "MinerSearch "; button1.Visible = true; } @@ -221,62 +228,39 @@ await Task.Run(() => } - void AnimationTimer_Tick(object sender, EventArgs e) - { - if (this.Height < targetHeight) - { - this.Height += step; - - Location = new System.Drawing.Point(Location.X, Location.Y - 1); - } - else - { - AnimationTimer.Stop(); - top.Enabled = true; - } - } - void TranslateForm() { - if (Program.ActiveLanguage != "RU") - { - textBox1.Select(0, 0); - yoomoney_tb.Visible = false; - } - else yoomoney_tb.Select(0, 0); - - if (Program.totalFoundThreats > 0) - { - LBL_totalThreats.ForeColor = System.Drawing.Color.DarkRed; - LBL_threatsCount.ForeColor = System.Drawing.Color.DarkRed; - } - else - { - LBL_totalThreats.ForeColor = System.Drawing.Color.DarkGreen; - LBL_threatsCount.ForeColor = System.Drawing.Color.DarkGreen; - } if (Program.ScanOnly || Program.totalFoundThreats == 0) { LBL_neutralizedThreats.Visible = false; LBL_curedCount.Visible = false; + LabelSeparator.Visible = false; } if (Program.no_logs) { - btnDetails.Visible = false; + btnDetails.Enabled = false; + btnDetails.BackColor = Color.FromArgb(10, 255, 255, 255); + btnDetails.FlatAppearance.BorderSize = 0; + btnDetails.Text = Program.LL.GetLocalizedString("_NoLogBtn"); + } + else + { + btnDetails.Text = Program.LL.GetLocalizedString("_BtnDetails"); } LBL_ScanComplete.Text = Program.LL.GetLocalizedString("_End"); LBL_totalThreats.Text = Program.LL.GetLocalizedString("_TotalThreatsFound"); LBL_neutralizedThreats.Text = Program.LL.GetLocalizedString("_TotalNeutralizedThreats"); - LBL_JoinTelegram.Text = Program.LL.GetLocalizedString("_JoinToTelegram"); + Label_suspiciousObjects.Text = Program.LL.GetLocalizedString("_SuspiciousObjects"); LBL_ScanTime.Text = Program.LL.GetLocalizedString("_Elapse"); - LBL_Support.Text = Program.LL.GetLocalizedString("_LabelSupport"); - btnDetails.Text = Program.LL.GetLocalizedString("_BtnDetails"); - top.TextAlign = System.Drawing.ContentAlignment.MiddleRight; + Label_showAllLogs.Text = Program.LL.GetLocalizedString("_ShowFolderLogs"); + top.TextAlign = ContentAlignment.TopRight; top.Text = Program.LL.GetLocalizedString("_PleaseWaitMessage"); + Label_OpenLogsFolder.Text = Logger.LogsFolder; + if (!Program.ScanOnly) { if (threatsCount > 0) @@ -284,7 +268,7 @@ void TranslateForm() if (curedCount < threatsCount) { FinalStatus_label.Text = Program.LL.GetLocalizedString("_FinishNotAllThreatsNeutralized"); - FinalStatus_label.ForeColor = System.Drawing.Color.Red; + FinalStatus_label.ForeColor = System.Drawing.Color.DarkRed; } else if (curedCount == threatsCount) { @@ -302,77 +286,35 @@ void TranslateForm() else { FinalStatus_label.Text = Program.LL.GetLocalizedString("_ScanOnlyMode"); - FinalStatus_label.ForeColor = System.Drawing.Color.Blue; } } - private void pb_QR_MouseEnter(object sender, EventArgs e) - { - pb_QR.BorderStyle = BorderStyle.FixedSingle; - } - - private void pb_QR_MouseLeave(object sender, EventArgs e) - { - pb_QR.BorderStyle = BorderStyle.None; - } - - private void pb_telegram_MouseEnter(object sender, EventArgs e) - { - pb_telegram.BorderStyle = BorderStyle.FixedSingle; - } - - private void pb_telegram_MouseLeave(object sender, EventArgs e) - { - pb_telegram.BorderStyle = BorderStyle.None; - } - - private void pb_M1nerSearch_MouseLeave(object sender, EventArgs e) - { - pb_M1nerSearch.BorderStyle = BorderStyle.None; - } - - private void pb_M1nerSearch_MouseEnter(object sender, EventArgs e) - { - pb_M1nerSearch.BorderStyle = BorderStyle.FixedSingle; - } - - private void LBL_link1_MouseEnter(object sender, EventArgs e) - { - LBL_link1.Font = new System.Drawing.Font("Segoe UI", 10.2F, System.Drawing.FontStyle.Underline, System.Drawing.GraphicsUnit.Point, 204); - } - - private void LBL_link1_MouseLeave(object sender, EventArgs e) - { - LBL_link1.Font = new System.Drawing.Font("Segoe UI", 10.2F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, 204); - } - - private void LBL_link2_MouseEnter(object sender, EventArgs e) - { - LBL_link2.Font = new System.Drawing.Font("Segoe UI", 10.2F, System.Drawing.FontStyle.Underline, System.Drawing.GraphicsUnit.Point, 204); - } - - private void LBL_link2_MouseLeave(object sender, EventArgs e) - { - LBL_link2.Font = new System.Drawing.Font("Segoe UI", 10.2F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, 204); - } - - private void LBL_link1_Click(object sender, EventArgs e) + private void btnDetails_Click(object sender, EventArgs e) { - OpenExternalLink("https://t.me/MinerSearch_blog"); - } + string logpath = Path.Combine(Logger.LogsFolder, Logger.logFileName); + if (!File.Exists(logpath)) + { + return; + } - private void LBL_link2_Click(object sender, EventArgs e) - { - OpenExternalLink("https://t.me/MinerSearch_chat"); + string argument = "/c \"" + logpath + "\""; + Process.Start(new ProcessStartInfo() + { + FileName = "cmd", + Arguments = argument, + UseShellExecute = false, + CreateNoWindow = true + }); } - private void label1_Click(object sender, EventArgs e) + private void Label_OpenLogsFolder_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e) { - OpenExternalLink("https://boosty.to/BlendLog/donate"); - } + if (Program.no_logs) + { + Process.Start("explorer.exe", Logger.LogsFolder); + return; + } - private void btnDetails_Click(object sender, EventArgs e) - { string logpath = Path.Combine(Logger.LogsFolder, Logger.logFileName); if (!File.Exists(logpath)) { @@ -381,8 +323,8 @@ private void btnDetails_Click(object sender, EventArgs e) string argument = "/select, \"" + logpath + "\""; Process.Start("explorer.exe", argument); - } + } } } diff --git a/MinerSearch/Finish.resx b/MinerSearch/Finish.resx index 1d406d3..1af7de1 100644 --- a/MinerSearch/Finish.resx +++ b/MinerSearch/Finish.resx @@ -117,7 +117,4 @@ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 - - 17, 17 - \ No newline at end of file diff --git a/MinerSearch/FormShadow.cs b/MinerSearch/FormShadow.cs new file mode 100644 index 0000000..2fbe3be --- /dev/null +++ b/MinerSearch/FormShadow.cs @@ -0,0 +1,95 @@ +using System; +using System.Runtime.InteropServices; +using System.Windows.Forms; + +namespace MSearch +{ + public class FormShadow : Form + { + private const int WM_NCHITTEST = 0x84; + private const int HTCLIENT = 0x1; + private const int HTCAPTION = 0x2; + private bool m_aeroEnabled; + private const int CS_DROPSHADOW = 0x00020000; + private const int WM_NCPAINT = 0x0085; + private const int WM_ACTIVATEAPP = 0x001C; + [DllImport("dwmapi.dll")] + public static extern int DwmExtendFrameIntoClientArea(IntPtr hWnd, ref MARGINS pMarInset); + [DllImport("dwmapi.dll")] + public static extern int DwmSetWindowAttribute(IntPtr hwnd, int attr, ref int attrValue, int attrSize); + [DllImport("dwmapi.dll")] + public static extern int DwmIsCompositionEnabled(ref int pfEnabled); + + public struct MARGINS + { + public int leftWidth; + public int rightWidth; + public int topHeight; + public int bottomHeight; + } + public FormShadow() + { + m_aeroEnabled = false; + } + protected override CreateParams CreateParams + { + get + { + m_aeroEnabled = CheckAeroEnabled(); + + CreateParams cp = base.CreateParams; + if (!m_aeroEnabled) + cp.ClassStyle |= CS_DROPSHADOW; + + return cp; + } + } + + private bool CheckAeroEnabled() + { + if (Environment.OSVersion.Version.Major >= 6) + { + int enabled = 0; + DwmIsCompositionEnabled(ref enabled); + return (enabled == 1) ? true : false; + } + return false; + } + protected override void WndProc(ref Message m) + { + switch (m.Msg) + { + case WM_NCPAINT: + if (m_aeroEnabled) + { + var v = 2; + DwmSetWindowAttribute(this.Handle, 2, ref v, 4); + MARGINS margins = new MARGINS() + { + bottomHeight = 0, + leftWidth = 0, + rightWidth = 0, + topHeight = 0 + }; + DwmExtendFrameIntoClientArea(this.Handle, ref margins); + + } + break; + case 0x0083: + m.Result = (IntPtr)0; + break; + case 0x84 when (int)m.Result == 0x1: + m.Result = (IntPtr)0x2; + break; + default: + break; + } + base.WndProc(ref m); + + if (m.Msg == WM_NCHITTEST && (int)m.Result == HTCLIENT) + m.Result = (IntPtr)HTCAPTION; + + } + } + +} diff --git a/MinerSearch/FormShadow.resx b/MinerSearch/FormShadow.resx new file mode 100644 index 0000000..1af7de1 --- /dev/null +++ b/MinerSearch/FormShadow.resx @@ -0,0 +1,120 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text/microsoft-resx + + + 2.0 + + + System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 + + + System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 + + \ No newline at end of file diff --git a/MinerSearch/HostsDeletionForm.Designer.cs b/MinerSearch/HostsDeletionForm.Designer.cs index 31c942b..03a70b9 100644 --- a/MinerSearch/HostsDeletionForm.Designer.cs +++ b/MinerSearch/HostsDeletionForm.Designer.cs @@ -32,28 +32,34 @@ private void InitializeComponent() this.top = new System.Windows.Forms.Label(); this.panel1 = new System.Windows.Forms.Panel(); this.tableLayoutPanel1 = new System.Windows.Forms.TableLayoutPanel(); - this.panel2 = new System.Windows.Forms.Panel(); - this.deselectAllButton = new System.Windows.Forms.Button(); + this.panel3 = new System.Windows.Forms.Panel(); this.selectAllButton = new System.Windows.Forms.Button(); + this.deselectAllButton = new System.Windows.Forms.Button(); + this.panel2 = new System.Windows.Forms.Panel(); + this.skipBtn = new System.Windows.Forms.Button(); this.continueButton = new System.Windows.Forms.Button(); this.checkedListBox1 = new System.Windows.Forms.CheckedListBox(); + this.panel4 = new System.Windows.Forms.Panel(); this.label_message = new System.Windows.Forms.Label(); - this.button1 = new System.Windows.Forms.Button(); + this.closeBtn = new System.Windows.Forms.Button(); this.panel1.SuspendLayout(); this.tableLayoutPanel1.SuspendLayout(); + this.panel3.SuspendLayout(); this.panel2.SuspendLayout(); + this.panel4.SuspendLayout(); this.SuspendLayout(); // // top // - this.top.BackColor = System.Drawing.Color.Transparent; + this.top.BackColor = System.Drawing.Color.RoyalBlue; this.top.Dock = System.Windows.Forms.DockStyle.Top; - this.top.Font = new System.Drawing.Font("Microsoft Sans Serif", 10.2F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(204))); + this.top.Font = new System.Drawing.Font("Trebuchet MS", 12F, System.Drawing.FontStyle.Bold); this.top.ForeColor = System.Drawing.Color.White; this.top.Location = new System.Drawing.Point(0, 0); this.top.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); this.top.Name = "top"; - this.top.Size = new System.Drawing.Size(455, 27); + this.top.Padding = new System.Windows.Forms.Padding(8, 0, 0, 0); + this.top.Size = new System.Drawing.Size(494, 41); this.top.TabIndex = 4; this.top.Text = "MinerSearch - Hosts"; this.top.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; @@ -61,132 +67,191 @@ private void InitializeComponent() // // panel1 // - this.panel1.BackColor = System.Drawing.Color.White; + this.panel1.BackColor = System.Drawing.Color.Transparent; this.panel1.Controls.Add(this.tableLayoutPanel1); this.panel1.Dock = System.Windows.Forms.DockStyle.Fill; - this.panel1.Location = new System.Drawing.Point(0, 27); + this.panel1.Location = new System.Drawing.Point(0, 41); this.panel1.Name = "panel1"; - this.panel1.Size = new System.Drawing.Size(455, 590); + this.panel1.Size = new System.Drawing.Size(494, 626); this.panel1.TabIndex = 5; // // tableLayoutPanel1 // this.tableLayoutPanel1.AutoSizeMode = System.Windows.Forms.AutoSizeMode.GrowAndShrink; + this.tableLayoutPanel1.BackColor = System.Drawing.SystemColors.Control; this.tableLayoutPanel1.CellBorderStyle = System.Windows.Forms.TableLayoutPanelCellBorderStyle.Single; this.tableLayoutPanel1.ColumnCount = 1; this.tableLayoutPanel1.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 100F)); - this.tableLayoutPanel1.Controls.Add(this.panel2, 0, 2); - this.tableLayoutPanel1.Controls.Add(this.checkedListBox1, 0, 1); - this.tableLayoutPanel1.Controls.Add(this.label_message, 0, 0); + this.tableLayoutPanel1.Controls.Add(this.panel3, 0, 1); + this.tableLayoutPanel1.Controls.Add(this.panel2, 0, 3); + this.tableLayoutPanel1.Controls.Add(this.checkedListBox1, 0, 2); + this.tableLayoutPanel1.Controls.Add(this.panel4, 0, 0); this.tableLayoutPanel1.Dock = System.Windows.Forms.DockStyle.Fill; this.tableLayoutPanel1.Location = new System.Drawing.Point(0, 0); this.tableLayoutPanel1.Name = "tableLayoutPanel1"; - this.tableLayoutPanel1.RowCount = 3; - this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 11.39756F)); - this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 72.66553F)); - this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 15.95925F)); - this.tableLayoutPanel1.Size = new System.Drawing.Size(455, 590); + this.tableLayoutPanel1.RowCount = 4; + this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 13.6F)); + this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 8.64F)); + this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 61.6F)); + this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 16.16F)); + this.tableLayoutPanel1.Size = new System.Drawing.Size(494, 626); this.tableLayoutPanel1.TabIndex = 4; // - // panel2 + // panel3 // - this.panel2.Controls.Add(this.deselectAllButton); - this.panel2.Controls.Add(this.selectAllButton); - this.panel2.Controls.Add(this.continueButton); - this.panel2.Dock = System.Windows.Forms.DockStyle.Fill; - this.panel2.Location = new System.Drawing.Point(4, 497); - this.panel2.Name = "panel2"; - this.panel2.Size = new System.Drawing.Size(447, 89); - this.panel2.TabIndex = 1; + this.panel3.BackColor = System.Drawing.Color.Gainsboro; + this.panel3.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; + this.panel3.Controls.Add(this.selectAllButton); + this.panel3.Controls.Add(this.deselectAllButton); + this.panel3.Dock = System.Windows.Forms.DockStyle.Fill; + this.panel3.Location = new System.Drawing.Point(6, 86); + this.panel3.Margin = new System.Windows.Forms.Padding(5, 0, 5, 0); + this.panel3.Name = "panel3"; + this.panel3.Size = new System.Drawing.Size(482, 53); + this.panel3.TabIndex = 5; + // + // selectAllButton + // + this.selectAllButton.Anchor = System.Windows.Forms.AnchorStyles.Left; + this.selectAllButton.BackColor = System.Drawing.Color.RoyalBlue; + this.selectAllButton.FlatAppearance.BorderColor = System.Drawing.Color.Black; + this.selectAllButton.FlatStyle = System.Windows.Forms.FlatStyle.Flat; + this.selectAllButton.Font = new System.Drawing.Font("Segoe UI", 10F, System.Drawing.FontStyle.Bold); + this.selectAllButton.ForeColor = System.Drawing.Color.White; + this.selectAllButton.Location = new System.Drawing.Point(3, 9); + this.selectAllButton.Name = "selectAllButton"; + this.selectAllButton.Size = new System.Drawing.Size(242, 34); + this.selectAllButton.TabIndex = 1; + this.selectAllButton.Text = "Select All"; + this.selectAllButton.UseVisualStyleBackColor = false; + this.selectAllButton.Click += new System.EventHandler(this.selectAllButton_Click); // // deselectAllButton // - this.deselectAllButton.FlatAppearance.BorderColor = System.Drawing.Color.Navy; + this.deselectAllButton.Anchor = System.Windows.Forms.AnchorStyles.Right; + this.deselectAllButton.BackColor = System.Drawing.Color.RoyalBlue; + this.deselectAllButton.FlatAppearance.BorderColor = System.Drawing.Color.Black; this.deselectAllButton.FlatStyle = System.Windows.Forms.FlatStyle.Flat; - this.deselectAllButton.Font = new System.Drawing.Font("Microsoft Sans Serif", 10.2F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(204))); - this.deselectAllButton.Location = new System.Drawing.Point(224, 3); + this.deselectAllButton.Font = new System.Drawing.Font("Segoe UI", 10F, System.Drawing.FontStyle.Bold); + this.deselectAllButton.ForeColor = System.Drawing.Color.White; + this.deselectAllButton.Location = new System.Drawing.Point(249, 9); this.deselectAllButton.Name = "deselectAllButton"; - this.deselectAllButton.Size = new System.Drawing.Size(220, 34); + this.deselectAllButton.Size = new System.Drawing.Size(228, 34); this.deselectAllButton.TabIndex = 2; this.deselectAllButton.Text = "Deselect All"; - this.deselectAllButton.UseVisualStyleBackColor = true; + this.deselectAllButton.UseVisualStyleBackColor = false; this.deselectAllButton.Click += new System.EventHandler(this.deselectAllButton_Click); // - // selectAllButton + // panel2 // - this.selectAllButton.FlatAppearance.BorderColor = System.Drawing.Color.Navy; - this.selectAllButton.FlatStyle = System.Windows.Forms.FlatStyle.Flat; - this.selectAllButton.Font = new System.Drawing.Font("Microsoft Sans Serif", 10.2F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(204))); - this.selectAllButton.Location = new System.Drawing.Point(3, 3); - this.selectAllButton.Name = "selectAllButton"; - this.selectAllButton.Size = new System.Drawing.Size(220, 34); - this.selectAllButton.TabIndex = 1; - this.selectAllButton.Text = "Select All"; - this.selectAllButton.UseVisualStyleBackColor = true; - this.selectAllButton.Click += new System.EventHandler(this.selectAllButton_Click); + this.panel2.BackColor = System.Drawing.Color.Gainsboro; + this.panel2.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; + this.panel2.Controls.Add(this.skipBtn); + this.panel2.Controls.Add(this.continueButton); + this.panel2.Dock = System.Windows.Forms.DockStyle.Fill; + this.panel2.Location = new System.Drawing.Point(6, 528); + this.panel2.Margin = new System.Windows.Forms.Padding(5); + this.panel2.Name = "panel2"; + this.panel2.Size = new System.Drawing.Size(482, 92); + this.panel2.TabIndex = 1; + // + // skipBtn + // + this.skipBtn.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(200)))), ((int)(((byte)(120)))), ((int)(((byte)(120)))), ((int)(((byte)(200))))); + this.skipBtn.FlatAppearance.BorderColor = System.Drawing.Color.Black; + this.skipBtn.FlatStyle = System.Windows.Forms.FlatStyle.Flat; + this.skipBtn.Font = new System.Drawing.Font("Segoe UI", 10F, System.Drawing.FontStyle.Bold); + this.skipBtn.ForeColor = System.Drawing.Color.White; + this.skipBtn.Location = new System.Drawing.Point(112, 53); + this.skipBtn.Name = "skipBtn"; + this.skipBtn.Size = new System.Drawing.Size(271, 34); + this.skipBtn.TabIndex = 4; + this.skipBtn.Text = "Skip"; + this.skipBtn.UseVisualStyleBackColor = false; + this.skipBtn.Click += new System.EventHandler(this.skipBtn_Click); // // continueButton // - this.continueButton.FlatAppearance.BorderColor = System.Drawing.Color.Navy; + this.continueButton.BackColor = System.Drawing.Color.RoyalBlue; + this.continueButton.FlatAppearance.BorderColor = System.Drawing.Color.Black; this.continueButton.FlatStyle = System.Windows.Forms.FlatStyle.Flat; - this.continueButton.Font = new System.Drawing.Font("Microsoft Sans Serif", 10.2F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(204))); - this.continueButton.Location = new System.Drawing.Point(3, 43); + this.continueButton.Font = new System.Drawing.Font("Segoe UI", 10F, System.Drawing.FontStyle.Bold); + this.continueButton.ForeColor = System.Drawing.Color.White; + this.continueButton.Location = new System.Drawing.Point(112, 10); this.continueButton.Name = "continueButton"; - this.continueButton.Size = new System.Drawing.Size(441, 34); + this.continueButton.Size = new System.Drawing.Size(271, 37); this.continueButton.TabIndex = 3; this.continueButton.Text = "Continue"; - this.continueButton.UseVisualStyleBackColor = true; + this.continueButton.UseVisualStyleBackColor = false; this.continueButton.Click += new System.EventHandler(this.continueButton_Click); // // checkedListBox1 // - this.checkedListBox1.BorderStyle = System.Windows.Forms.BorderStyle.None; + this.checkedListBox1.BackColor = System.Drawing.Color.Gainsboro; + this.checkedListBox1.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; this.checkedListBox1.Dock = System.Windows.Forms.DockStyle.Fill; - this.checkedListBox1.Font = new System.Drawing.Font("Microsoft Sans Serif", 10.2F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(204))); + this.checkedListBox1.Font = new System.Drawing.Font("Verdana", 9F); + this.checkedListBox1.ForeColor = System.Drawing.Color.Black; this.checkedListBox1.FormattingEnabled = true; - this.checkedListBox1.Location = new System.Drawing.Point(4, 71); + this.checkedListBox1.Location = new System.Drawing.Point(6, 145); + this.checkedListBox1.Margin = new System.Windows.Forms.Padding(5, 5, 5, 0); this.checkedListBox1.Name = "checkedListBox1"; - this.checkedListBox1.Size = new System.Drawing.Size(447, 419); + this.checkedListBox1.Size = new System.Drawing.Size(482, 377); this.checkedListBox1.Sorted = true; this.checkedListBox1.TabIndex = 0; this.checkedListBox1.Click += new System.EventHandler(this.checkedListBox1_Click); // + // panel4 + // + this.panel4.BackColor = System.Drawing.Color.Gainsboro; + this.panel4.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; + this.panel4.Controls.Add(this.label_message); + this.panel4.Dock = System.Windows.Forms.DockStyle.Fill; + this.panel4.Location = new System.Drawing.Point(6, 6); + this.panel4.Margin = new System.Windows.Forms.Padding(5); + this.panel4.Name = "panel4"; + this.panel4.Size = new System.Drawing.Size(482, 74); + this.panel4.TabIndex = 4; + // // label_message // - this.label_message.Anchor = System.Windows.Forms.AnchorStyles.None; - this.label_message.AutoSize = true; - this.label_message.Font = new System.Drawing.Font("Microsoft Sans Serif", 10.2F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(204))); - this.label_message.Location = new System.Drawing.Point(167, 24); + this.label_message.Dock = System.Windows.Forms.DockStyle.Fill; + this.label_message.Font = new System.Drawing.Font("Segoe UI", 10F); + this.label_message.ForeColor = System.Drawing.Color.Black; + this.label_message.Location = new System.Drawing.Point(0, 0); this.label_message.Name = "label_message"; - this.label_message.Size = new System.Drawing.Size(121, 20); + this.label_message.Padding = new System.Windows.Forms.Padding(8, 0, 0, 0); + this.label_message.Size = new System.Drawing.Size(480, 72); this.label_message.TabIndex = 2; this.label_message.Text = "label_message"; this.label_message.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; // - // button1 - // - this.button1.FlatAppearance.BorderColor = System.Drawing.Color.White; - this.button1.FlatAppearance.BorderSize = 0; - this.button1.FlatStyle = System.Windows.Forms.FlatStyle.Flat; - this.button1.ForeColor = System.Drawing.Color.White; - this.button1.ImageAlign = System.Drawing.ContentAlignment.TopCenter; - this.button1.Location = new System.Drawing.Point(424, 1); - this.button1.Margin = new System.Windows.Forms.Padding(2); - this.button1.Name = "button1"; - this.button1.Size = new System.Drawing.Size(27, 26); - this.button1.TabIndex = 6; - this.button1.Text = "X"; - this.button1.TextAlign = System.Drawing.ContentAlignment.MiddleRight; - this.button1.UseVisualStyleBackColor = true; - this.button1.Click += new System.EventHandler(this.button1_Click); + // closeBtn + // + this.closeBtn.BackColor = System.Drawing.Color.RoyalBlue; + this.closeBtn.FlatAppearance.BorderColor = System.Drawing.Color.White; + this.closeBtn.FlatAppearance.BorderSize = 0; + this.closeBtn.FlatAppearance.MouseOverBackColor = System.Drawing.Color.FromArgb(((int)(((byte)(255)))), ((int)(((byte)(128)))), ((int)(((byte)(128))))); + this.closeBtn.FlatStyle = System.Windows.Forms.FlatStyle.Flat; + this.closeBtn.Font = new System.Drawing.Font("Verdana", 8F, System.Drawing.FontStyle.Bold); + this.closeBtn.ForeColor = System.Drawing.Color.White; + this.closeBtn.ImageAlign = System.Drawing.ContentAlignment.TopCenter; + this.closeBtn.Location = new System.Drawing.Point(460, 6); + this.closeBtn.Margin = new System.Windows.Forms.Padding(2); + this.closeBtn.Name = "closeBtn"; + this.closeBtn.Size = new System.Drawing.Size(30, 30); + this.closeBtn.TabIndex = 6; + this.closeBtn.Text = "X"; + this.closeBtn.UseVisualStyleBackColor = false; + this.closeBtn.Click += new System.EventHandler(this.button1_Click); // // HostsDeletionForm // this.AutoScaleDimensions = new System.Drawing.SizeF(8F, 16F); this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; - this.BackColor = System.Drawing.Color.Navy; - this.ClientSize = new System.Drawing.Size(455, 617); - this.Controls.Add(this.button1); + this.BackColor = System.Drawing.SystemColors.Control; + this.ClientSize = new System.Drawing.Size(494, 667); + this.Controls.Add(this.closeBtn); this.Controls.Add(this.panel1); this.Controls.Add(this.top); this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None; @@ -198,8 +263,9 @@ private void InitializeComponent() this.TopMost = true; this.panel1.ResumeLayout(false); this.tableLayoutPanel1.ResumeLayout(false); - this.tableLayoutPanel1.PerformLayout(); + this.panel3.ResumeLayout(false); this.panel2.ResumeLayout(false); + this.panel4.ResumeLayout(false); this.ResumeLayout(false); } @@ -214,6 +280,9 @@ private void InitializeComponent() private System.Windows.Forms.Button selectAllButton; private System.Windows.Forms.Button continueButton; private System.Windows.Forms.Label label_message; - private System.Windows.Forms.Button button1; + private System.Windows.Forms.Button closeBtn; + private System.Windows.Forms.Button skipBtn; + private System.Windows.Forms.Panel panel4; + private System.Windows.Forms.Panel panel3; } } \ No newline at end of file diff --git a/MinerSearch/HostsDeletionForm.cs b/MinerSearch/HostsDeletionForm.cs index a6b92f2..f8641de 100644 --- a/MinerSearch/HostsDeletionForm.cs +++ b/MinerSearch/HostsDeletionForm.cs @@ -5,7 +5,7 @@ namespace MSearch { - public partial class HostsDeletionForm : Form + public partial class HostsDeletionForm : FormShadow { List linesToDelete; @@ -30,6 +30,7 @@ private void TranslateForm() selectAllButton.Text = Program.LL.GetLocalizedString("_SelectAllButton"); deselectAllButton.Text = Program.LL.GetLocalizedString("_DeselectAllButton"); continueButton.Text = Program.LL.GetLocalizedString("_ContinueButton"); + skipBtn.Text = Program.LL.GetLocalizedString("_HostsCleanupSkipBtn"); } protected override void WndProc(ref Message m) @@ -98,5 +99,10 @@ private void checkedListBox1_Click(object sender, EventArgs e) checkedListBox1.SetItemChecked(index, !currentCheckState); } } + + private void skipBtn_Click(object sender, EventArgs e) + { + closeBtn.PerformClick(); + } } } diff --git a/MinerSearch/License.Designer.cs b/MinerSearch/License.Designer.cs index 56ac28f..b4c6b1b 100644 --- a/MinerSearch/License.Designer.cs +++ b/MinerSearch/License.Designer.cs @@ -32,30 +32,42 @@ private void InitializeComponent() this.richTextBox1 = new System.Windows.Forms.RichTextBox(); this.Accept_btn = new System.Windows.Forms.Button(); this.Exit_btn = new System.Windows.Forms.Button(); + this.Label_LicenseCaption = new System.Windows.Forms.Label(); + this.tableLayoutPanel1 = new System.Windows.Forms.TableLayoutPanel(); + this.panel1 = new System.Windows.Forms.Panel(); + this.button1 = new System.Windows.Forms.Button(); + this.panel2 = new System.Windows.Forms.Panel(); + this.panel3 = new System.Windows.Forms.Panel(); + this.tableLayoutPanel1.SuspendLayout(); + this.panel1.SuspendLayout(); + this.panel2.SuspendLayout(); + this.panel3.SuspendLayout(); this.SuspendLayout(); // // richTextBox1 // - this.richTextBox1.BackColor = System.Drawing.Color.White; + this.richTextBox1.BackColor = System.Drawing.Color.Gainsboro; this.richTextBox1.BorderStyle = System.Windows.Forms.BorderStyle.None; + this.richTextBox1.Dock = System.Windows.Forms.DockStyle.Fill; this.richTextBox1.ForeColor = System.Drawing.Color.Black; - this.richTextBox1.Location = new System.Drawing.Point(1, 1); - this.richTextBox1.Margin = new System.Windows.Forms.Padding(1); + this.richTextBox1.Location = new System.Drawing.Point(0, 0); + this.richTextBox1.Margin = new System.Windows.Forms.Padding(8); this.richTextBox1.Name = "richTextBox1"; this.richTextBox1.ReadOnly = true; - this.richTextBox1.Size = new System.Drawing.Size(853, 265); + this.richTextBox1.Size = new System.Drawing.Size(728, 461); this.richTextBox1.TabIndex = 0; this.richTextBox1.Text = ""; // // Accept_btn // - this.Accept_btn.BackColor = System.Drawing.Color.White; - this.Accept_btn.FlatAppearance.BorderSize = 0; + this.Accept_btn.BackColor = System.Drawing.Color.DarkBlue; + this.Accept_btn.FlatAppearance.BorderColor = System.Drawing.Color.Black; this.Accept_btn.FlatStyle = System.Windows.Forms.FlatStyle.Flat; - this.Accept_btn.Location = new System.Drawing.Point(270, 273); + this.Accept_btn.ForeColor = System.Drawing.Color.White; + this.Accept_btn.Location = new System.Drawing.Point(235, 6); this.Accept_btn.Margin = new System.Windows.Forms.Padding(4); this.Accept_btn.Name = "Accept_btn"; - this.Accept_btn.Size = new System.Drawing.Size(131, 56); + this.Accept_btn.Size = new System.Drawing.Size(131, 35); this.Accept_btn.TabIndex = 2; this.Accept_btn.Text = "Accept"; this.Accept_btn.UseVisualStyleBackColor = false; @@ -63,33 +75,128 @@ private void InitializeComponent() // // Exit_btn // - this.Exit_btn.BackColor = System.Drawing.Color.White; - this.Exit_btn.FlatAppearance.BorderSize = 0; + this.Exit_btn.BackColor = System.Drawing.Color.RoyalBlue; + this.Exit_btn.FlatAppearance.BorderColor = System.Drawing.Color.Black; this.Exit_btn.FlatStyle = System.Windows.Forms.FlatStyle.Flat; - this.Exit_btn.Location = new System.Drawing.Point(409, 273); + this.Exit_btn.ForeColor = System.Drawing.Color.White; + this.Exit_btn.Location = new System.Drawing.Point(374, 6); this.Exit_btn.Margin = new System.Windows.Forms.Padding(4); this.Exit_btn.Name = "Exit_btn"; - this.Exit_btn.Size = new System.Drawing.Size(131, 56); + this.Exit_btn.Size = new System.Drawing.Size(131, 35); this.Exit_btn.TabIndex = 1; this.Exit_btn.Text = "Exit"; this.Exit_btn.UseVisualStyleBackColor = false; this.Exit_btn.Click += new System.EventHandler(this.Exit_btn_Click); // + // Label_LicenseCaption + // + this.Label_LicenseCaption.BackColor = System.Drawing.Color.RoyalBlue; + this.Label_LicenseCaption.Dock = System.Windows.Forms.DockStyle.Fill; + this.Label_LicenseCaption.Font = new System.Drawing.Font("Trebuchet MS", 12F, System.Drawing.FontStyle.Bold); + this.Label_LicenseCaption.Location = new System.Drawing.Point(0, 0); + this.Label_LicenseCaption.Name = "Label_LicenseCaption"; + this.Label_LicenseCaption.Padding = new System.Windows.Forms.Padding(8, 0, 0, 0); + this.Label_LicenseCaption.Size = new System.Drawing.Size(750, 44); + this.Label_LicenseCaption.TabIndex = 3; + this.Label_LicenseCaption.Text = "Caption"; + this.Label_LicenseCaption.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + this.Label_LicenseCaption.MouseDown += new System.Windows.Forms.MouseEventHandler(this.Label_LicenseCaption_MouseDown); + // + // tableLayoutPanel1 + // + this.tableLayoutPanel1.BackColor = System.Drawing.Color.Transparent; + this.tableLayoutPanel1.ColumnCount = 1; + this.tableLayoutPanel1.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 50F)); + this.tableLayoutPanel1.Controls.Add(this.panel1, 0, 2); + this.tableLayoutPanel1.Controls.Add(this.panel2, 0, 1); + this.tableLayoutPanel1.Controls.Add(this.panel3, 0, 0); + this.tableLayoutPanel1.Dock = System.Windows.Forms.DockStyle.Fill; + this.tableLayoutPanel1.ForeColor = System.Drawing.Color.Transparent; + this.tableLayoutPanel1.Location = new System.Drawing.Point(0, 0); + this.tableLayoutPanel1.Name = "tableLayoutPanel1"; + this.tableLayoutPanel1.RowCount = 3; + this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 8.429119F)); + this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 91.57088F)); + this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Absolute, 66F)); + this.tableLayoutPanel1.Size = new System.Drawing.Size(750, 589); + this.tableLayoutPanel1.TabIndex = 4; + // + // panel1 + // + this.panel1.BackColor = System.Drawing.Color.Gainsboro; + this.panel1.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; + this.panel1.Controls.Add(this.Accept_btn); + this.panel1.Controls.Add(this.Exit_btn); + this.panel1.Dock = System.Windows.Forms.DockStyle.Fill; + this.panel1.ForeColor = System.Drawing.Color.Transparent; + this.panel1.Location = new System.Drawing.Point(10, 527); + this.panel1.Margin = new System.Windows.Forms.Padding(10, 5, 10, 10); + this.panel1.Name = "panel1"; + this.panel1.Size = new System.Drawing.Size(730, 52); + this.panel1.TabIndex = 4; + // + // button1 + // + this.button1.BackColor = System.Drawing.Color.RoyalBlue; + this.button1.FlatAppearance.BorderColor = System.Drawing.Color.White; + this.button1.FlatAppearance.BorderSize = 0; + this.button1.FlatAppearance.MouseOverBackColor = System.Drawing.Color.FromArgb(((int)(((byte)(255)))), ((int)(((byte)(128)))), ((int)(((byte)(128))))); + this.button1.FlatStyle = System.Windows.Forms.FlatStyle.Flat; + this.button1.Font = new System.Drawing.Font("Verdana", 8F, System.Drawing.FontStyle.Bold); + this.button1.ForeColor = System.Drawing.Color.White; + this.button1.Location = new System.Drawing.Point(710, 9); + this.button1.Margin = new System.Windows.Forms.Padding(0); + this.button1.Name = "button1"; + this.button1.Size = new System.Drawing.Size(30, 30); + this.button1.TabIndex = 100; + this.button1.Text = "X"; + this.button1.UseVisualStyleBackColor = false; + this.button1.Click += new System.EventHandler(this.button1_Click); + // + // panel2 + // + this.panel2.BackColor = System.Drawing.Color.Gainsboro; + this.panel2.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; + this.panel2.Controls.Add(this.richTextBox1); + this.panel2.Dock = System.Windows.Forms.DockStyle.Fill; + this.panel2.Location = new System.Drawing.Point(10, 54); + this.panel2.Margin = new System.Windows.Forms.Padding(10, 10, 10, 5); + this.panel2.Name = "panel2"; + this.panel2.Size = new System.Drawing.Size(730, 463); + this.panel2.TabIndex = 5; + // + // panel3 + // + this.panel3.Controls.Add(this.button1); + this.panel3.Controls.Add(this.Label_LicenseCaption); + this.panel3.Dock = System.Windows.Forms.DockStyle.Fill; + this.panel3.Location = new System.Drawing.Point(0, 0); + this.panel3.Margin = new System.Windows.Forms.Padding(0); + this.panel3.Name = "panel3"; + this.panel3.Size = new System.Drawing.Size(750, 44); + this.panel3.TabIndex = 6; + // // License // this.AutoScaleDimensions = new System.Drawing.SizeF(10F, 23F); this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; - this.BackColor = System.Drawing.Color.Navy; - this.ClientSize = new System.Drawing.Size(855, 340); - this.Controls.Add(this.Exit_btn); - this.Controls.Add(this.Accept_btn); - this.Controls.Add(this.richTextBox1); + this.BackColor = System.Drawing.SystemColors.Control; + this.ClientSize = new System.Drawing.Size(750, 589); + this.Controls.Add(this.tableLayoutPanel1); this.Font = new System.Drawing.Font("Segoe UI Semibold", 10.2F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(204))); + this.ForeColor = System.Drawing.Color.Transparent; this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None; this.Margin = new System.Windows.Forms.Padding(4); this.Name = "License"; + this.ShowIcon = false; + this.ShowInTaskbar = false; this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen; this.Text = "License"; + this.TopMost = true; + this.tableLayoutPanel1.ResumeLayout(false); + this.panel1.ResumeLayout(false); + this.panel2.ResumeLayout(false); + this.panel3.ResumeLayout(false); this.ResumeLayout(false); } @@ -99,5 +206,11 @@ private void InitializeComponent() public System.Windows.Forms.RichTextBox richTextBox1; public System.Windows.Forms.Button Accept_btn; public System.Windows.Forms.Button Exit_btn; + internal System.Windows.Forms.Label Label_LicenseCaption; + private System.Windows.Forms.TableLayoutPanel tableLayoutPanel1; + private System.Windows.Forms.Panel panel1; + private System.Windows.Forms.Button button1; + private System.Windows.Forms.Panel panel2; + private System.Windows.Forms.Panel panel3; } } \ No newline at end of file diff --git a/MinerSearch/License.cs b/MinerSearch/License.cs index 847d856..abe35e9 100644 --- a/MinerSearch/License.cs +++ b/MinerSearch/License.cs @@ -4,7 +4,7 @@ namespace MSearch { - public partial class License : Form + public partial class License : FormShadow { protected override void WndProc(ref Message m) { @@ -36,5 +36,17 @@ private void Accept_btn_Click(object sender, EventArgs e) Registry.CurrentUser.CreateSubKey(registryKeyPath).SetValue(valueName, 1); Close(); } + + private void Label_LicenseCaption_MouseDown(object sender, MouseEventArgs e) + { + Label_LicenseCaption.Capture = false; + Message m = Message.Create(Handle, 0xA1, new IntPtr(2), IntPtr.Zero); + base.WndProc(ref m); + } + + private void button1_Click(object sender, EventArgs e) + { + Environment.Exit(0); + } } } diff --git a/MinerSearch/LocalizedLogger.cs b/MinerSearch/LocalizedLogger.cs index afe6a74..95eb5fe 100644 --- a/MinerSearch/LocalizedLogger.cs +++ b/MinerSearch/LocalizedLogger.cs @@ -174,8 +174,9 @@ public static void LogIncorrectDrive(string driveletter) message = Resources._IncorrectDrive_EN; break; } - Console.WriteLine($"{message}: {driveletter}"); - + Console.ForegroundColor = ConsoleColor.Red; + Console.WriteLine($"\t[x] {message}: {driveletter}"); + Console.ResetColor(); } public static void LogWinPEMode(string driveletter) @@ -429,20 +430,23 @@ public static void LogElapsedTime(string elapsedTime) Logger.WriteLog($"\t\t[$] {message}: {elapsedTime}", ConsoleColor.White, false); } - public static void LogTotalScanResult(int _totalThreats, int _neutralizedThreats) + public static void LogTotalScanResult(int _totalThreats, int _neutralizedThreats, int _suspObjects) { string totalThreats = Resources._TotalThreatsFound_EN; string neutralizedThreats = Resources._TotalNeutralizedThreats_EN; + string totalSuspObj = Resources._TotalSuspObjects_EN; switch (Program.ActiveLanguage) { case "RU": totalThreats = Resources._TotalThreatsFound_RU; neutralizedThreats = Resources._TotalNeutralizedThreats_RU; + totalSuspObj = Resources._TotalSuspObjects_RU; break; case "EN": totalThreats = Resources._TotalThreatsFound_EN; neutralizedThreats = Resources._TotalNeutralizedThreats_EN; + totalSuspObj = Resources._TotalSuspObjects_EN; break; } @@ -452,7 +456,7 @@ public static void LogTotalScanResult(int _totalThreats, int _neutralizedThreats if (_neutralizedThreats <= Math.Round(Convert.ToDouble(_neutralizedThreats / 2))) color = ConsoleColor.Yellow; Logger.WriteLog($"\t\t[&] {totalThreats} {_totalThreats}", ConsoleColor.Magenta, false); - + Logger.WriteLog($"\t\t[&] {totalSuspObj} {_suspObjects}", ConsoleColor.Yellow, false); if (!Program.ScanOnly) { Logger.WriteLog($"\t\t[&] {neutralizedThreats} {_neutralizedThreats}", color, false); diff --git a/MinerSearch/Logger.cs b/MinerSearch/Logger.cs index f2d0506..0af9d5a 100644 --- a/MinerSearch/Logger.cs +++ b/MinerSearch/Logger.cs @@ -201,6 +201,42 @@ public static void WriteLog(string currentText, bool WriteOnly = false, bool Dis #if DEBUG Console.ForegroundColor = ConsoleColor.DarkRed; Console.Write($"\tLogger error: {ex.Message} \n{ex.StackTrace}"); +#endif + } + } + + public static void WriteLog(string currentText, bool WriteOnly = false, bool DisplayTime = false, bool force = false) + { + try + { + string logMessage = ""; + if (DisplayTime) + { + logMessage = $"[{DateTime.Now}]: {currentText}"; + } + else + logMessage = currentText; + + if (!WriteOnly) + { + Console.ForegroundColor = ConsoleColor.White; + Console.WriteLine(logMessage); + Console.ResetColor(); + } + + if (!Program.no_logs || force) + { + using (StreamWriter writer = new StreamWriter(Path.Combine(LogsFolder, logFileName), true)) + { + writer.WriteLine(logMessage); + } + } + } + catch (Exception ex) + { +#if DEBUG + Console.ForegroundColor = ConsoleColor.DarkRed; + Console.Write($"\tLogger error: {ex.Message} \n{ex.StackTrace}"); #endif } } diff --git a/MinerSearch/MinerSearch.cs b/MinerSearch/MinerSearch.cs index 08e0218..fbde3d9 100644 --- a/MinerSearch/MinerSearch.cs +++ b/MinerSearch/MinerSearch.cs @@ -52,7 +52,6 @@ public class MinerSearch }; List suspFls_path = new List(); - List prevMlwrPths = new List(); byte[] startSequence = { 0xFF, 0xC7, 0x05, 0xC5 }; byte[] endSequence = { 0xE8, 0x54, 0xFF, 0xFF, 0xFF }; @@ -87,7 +86,9 @@ public class MinerSearch 28672, //fc 12288, //help 28672, //sort - 20480 //label + 20480, //label + 106496, //runtimebroker + 245760 //compattelrunner }; long maxFileSize = 100 * 1024 * 1024; long minFileSize = 2112; @@ -124,7 +125,7 @@ public void DetectRk() Program.LL.LogSuccessMessage("_SuccessR00tkitNeutralized"); } - foreach (Process process in Process.GetProcesses()) + foreach (Process process in Utils.GetProcesses()) { if (!process.ProcessName.StartsWith("d?i?al?e??r?".Replace("?", ""))) continue; Program._utils.SuspendProcess(process.Id); @@ -380,12 +381,13 @@ public void Scan() } } } - if (processName == msData.SysFileName[5]) + if (processName == msData.SysFileName[5] && !Program.RunAsSystem) { int argsLen = args.Length; bool isFakeDwm = false; - if (Utils.GetProcessOwner(p.Id).StartsWith("NT")) + + if (Utils.IsSystemProcess(p.Id)) { isFakeDwm = true; } @@ -415,33 +417,32 @@ public void Scan() } bool isSuspiciousPath = false; + string fullPath = p.MainModule.FileName.ToLower(); + + if (processName == msData.SysFileName[28] && !fullPath.Contains($"{Program.drive_letter.ToLower()}:\\windows\\system32")) + { + Program.LL.LogWarnMessage("_SuspiciousPath", fullPath); + isSuspiciousPath = true; + riskLevel += 2; + } + for (int i = 0; i < msData.SysFileName.Length; i++) { if (processName == msData.SysFileName[i]) { - try - { - string fullPath = p.MainModule.FileName.ToLower(); - if (!fullPath.Contains($"{Program.drive_letter.ToLower()}:\\windows\\system32") - && !fullPath.Contains($"{Program.drive_letter.ToLower()}:\\windows\\syswow64") - && !fullPath.Contains($"{Program.drive_letter.ToLower()}:\\windows\\winsxs\\amd64") - && !fullPath.Contains($"{Program.drive_letter.ToLower()}:\\windows\\microsoft.net\\framework64") - && !fullPath.Contains($"{Program.drive_letter.ToLower()}:\\windows\\microsoft.net\\framework")) - { - Program.LL.LogWarnMessage("_SuspiciousPath", fullPath); - isSuspiciousPath = true; - riskLevel += 2; - } - } - catch (InvalidOperationException ex) + if (!fullPath.Contains($"{Program.drive_letter.ToLower()}:\\windows\\system32") + && !fullPath.Contains($"{Program.drive_letter.ToLower()}:\\windows\\syswow64") + && !fullPath.Contains($"{Program.drive_letter.ToLower()}:\\windows\\winsxs\\amd64") + && !fullPath.Contains($"{Program.drive_letter.ToLower()}:\\windows\\microsoft.net\\framework64") + && !fullPath.Contains($"{Program.drive_letter.ToLower()}:\\windows\\microsoft.net\\framework")) { - Program.LL.LogErrorMessage("_Error", ex); - continue; - } - + Program.LL.LogWarnMessage("_SuspiciousPath", fullPath); + isSuspiciousPath = true; + riskLevel += 2; + } if (fileSize >= constantFileSize[i] * 3 && !isValidProcess) { @@ -480,22 +481,34 @@ public void Scan() if (processName == "explorer") { - int ParentProcessId = Utils.GetParentProcessId(processId); - if (ParentProcessId != 0) + + try { - try + int ParentProcessId = Utils.GetParentProcessId(processId); + if (ParentProcessId != 0) { Process ParentProcess = Process.GetProcessById(ParentProcessId); if (ParentProcess.ProcessName.ToLower() == "explorer") { riskLevel += 3; } - } - catch { } + } + } + catch (Win32Exception w32e) + { +#if DEBUG + Console.WriteLine($"[DBG Scan()] {w32e.Message}"); +#endif + continue; + } + catch (ArgumentException) + { + continue; } - if (Utils.GetProcessOwner(p.Id).StartsWith("NT")) + + if (Utils.IsSystemProcess(p.Id) && !Program.RunAsSystem) { riskLevel += 2; } @@ -506,7 +519,7 @@ public void Scan() if (File.Exists(processPath)) { - AnalyzeFile(processPath, false); + AnalyzeFile(Utils.GetLongPath(processPath), false); } else { @@ -539,9 +552,9 @@ public void Scan() suspFls_path.Add(NewFilePath); } - catch (Exception e) when (e.HResult.Equals(unchecked((int)0x80131509))) + catch (ArgumentException) { - Program.LL.LogSuccessMessage("_ProcessNotRunning", processName); + continue; } catch (Exception e) { @@ -556,9 +569,20 @@ public void Scan() } } + catch (ArgumentException) + { + continue; + } catch (InvalidOperationException) { - Program.LL.LogWarnMessage("_ProcessNotRunning"); + continue; + } + catch (Win32Exception w32e) + { +#if DEBUG + Console.WriteLine($"\t[DBG] {p.ProcessName} {w32e.Message}"); +#endif + continue; } catch (Exception ex) when (ex.HResult.Equals(unchecked((int)0x8007012B))) { @@ -579,8 +603,6 @@ public void Scan() } public void StaticScan() { - Program._utils.InitPrivileges(); - Program.LL.LogHeadMessage("_ScanDirectories"); if (!Directory.Exists(quarantineFolder)) @@ -599,15 +621,19 @@ public void StaticScan() List LockedFolders = msData.obfStr5; if (!Program.WinPEMode) { - LockedFolders.Add(Path.Combine(Environment.GetEnvironmentVariable("Appdata"), "sys~fil~es".Replace("~", ""))); - LockedFolders.Add(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Desktop).ToLower(), "aut~olo~gger".Replace("~", ""))); - LockedFolders.Add(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Desktop).ToLower(), "av~_bl~ock~_rem~over".Replace("~", ""))); + LockedFolders.Add(Path.Combine(Environment.GetEnvironmentVariable("Appdata"), "sys~~fil~es".Replace("~", ""))); + LockedFolders.Add(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Desktop).ToLower(), "aut~olo~~gger".Replace("~", ""))); + LockedFolders.Add(Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Desktop).ToLower(), "av~_bl~~ock~_rem~~over".Replace("~", ""))); string DownloadsPath = Program._utils.GetDownloadsPath(); if (DownloadsPath != null) { LockedFolders.Add(Path.Combine(DownloadsPath, "aut~olo~gger".Replace("~", ""))); LockedFolders.Add(Path.Combine(DownloadsPath, "av~_bl~ock~_rem~over".Replace("~", ""))); + if (!Path.GetPathRoot(DownloadsPath).Equals("C:\\") && !Program.WinPEMode) + { + msData.obfStr6.Add(DownloadsPath); + } } } @@ -713,7 +739,9 @@ public void StaticScan() break; } } + //#if !DEBUG CleanHosts(); + //#endif } public void Clean() @@ -742,9 +770,9 @@ public void Clean() { Program.LL.LogWarnMessage("_ProcessNotRunning", $"PID: {id}"); } - catch (Exception e) when (e.HResult.Equals(unchecked((int)0x80131509))) + catch (ArgumentException) { - Program.LL.LogSuccessMessage("_ProcessNotRunning", id.ToString()); + continue; } catch (Exception e) { @@ -783,9 +811,9 @@ public void Clean() { Program.LL.LogWarnMessage("_ProcessNotRunning", $"PID: {id}"); } - catch (Exception e) when (e.HResult.Equals(unchecked((int)0x80131509))) + catch (ArgumentException) { - Program.LL.LogSuccessMessage("_ProcessNotRunning", id.ToString()); + continue; } catch (Exception e) { @@ -1005,9 +1033,9 @@ public void Clean() } } } - catch (Exception e) when (e.HResult.Equals(unchecked((int)0x80131509))) + catch (ArgumentException) { - Program.LL.LogSuccessMessage("_ProcessNotRunning", pid.ToString()); + continue; } catch (Exception) { } } @@ -1253,7 +1281,7 @@ void FindMlwrFiles(string directoryPath) if (Program._utils.IsBatchFileBad(file)) { - Program.LL.LogWarnMessage("_SuspiciousFile", file); + Program.LL.LogWarnMessage("_Malici0usFile", file); Program.totalFoundThreats++; founded_mlwrPths.Add(file); @@ -1286,164 +1314,157 @@ void CleanHosts() { Program.LL.LogHeadMessage("_ScanningHosts"); - RegistryKey hostsDir = Registry.LocalMachine.OpenSubKey(msData.queries[0]); List linesToDelete = new List(); + string hostsPath_full = $"{Program.drive_letter}:\\Windows\\System32\\drivers\\etc\\hosts"; - - if (hostsDir != null) + if (!File.Exists(hostsPath_full)) { - string hostsPath = hostsDir.GetValue("DataBasePath").ToString(); - if (hostsPath.StartsWith("%")) + Program.LL.LogMessage("\t[?]", "_HostsFileMissing", "", ConsoleColor.Gray); + string hostsdir = Path.GetDirectoryName(hostsPath_full); + if (!Directory.Exists(hostsdir)) { - hostsPath = Utils.ResolveEnvironmentVariables(hostsPath); + Directory.CreateDirectory(hostsdir); } - - string hostsPath_full = hostsPath + "\\hos?t?s".Replace("?", ""); - - if (Program.WinPEMode) + if (Program.WinPEMode && !Directory.Exists(hostsdir)) { - hostsPath_full.Replace("C:", $"{Program.drive_letter}:"); + Directory.CreateDirectory(hostsdir); } - if (!Program.WinPEMode && !File.Exists(hostsPath_full)) + File.Create(hostsPath_full).Close(); + Thread.Sleep(100); + if (File.Exists(hostsPath_full)) { - Program.LL.LogMessage("\t[?]", "_HostsFileMissing", "", ConsoleColor.Gray); - - File.Create(hostsPath_full).Close(); - Thread.Sleep(100); - if (File.Exists(hostsPath_full)) - { - Program.LL.LogSuccessMessage("_HostsFileCreated"); - } - return; + Program.LL.LogSuccessMessage("_HostsFileCreated"); } + return; + } - try - { + try + { - UnlockObjectClass.UnlockFile(hostsPath_full); - File.SetAttributes(hostsPath_full, FileAttributes.Normal); + UnlockObjectClass.UnlockFile(hostsPath_full); + File.SetAttributes(hostsPath_full, FileAttributes.Normal); - List lines = File.ReadAllLines(hostsPath_full).ToList(); - int deletedLineCount = 0; + List lines = File.ReadAllLines(hostsPath_full).ToList(); + int deletedLineCount = 0; - for (int i = lines.Count - 1; i >= 0; i--) - { - string line = lines[i]; + for (int i = lines.Count - 1; i >= 0; i--) + { + string line = lines[i]; - if (line.StartsWith("#") || msData.whitelistedWords.Any(word => line.Contains(word))) - { - continue; - } + if (line.StartsWith("#") || msData.whitelistedWords.Any(word => line.Contains(word))) + { + continue; + } - string[] parts = line.Split(new[] { ' ', '\t' }, StringSplitOptions.RemoveEmptyEntries); - if (parts.Length < 2) continue; + string[] parts = line.Split(new[] { ' ', '\t' }, StringSplitOptions.RemoveEmptyEntries); + if (parts.Length < 2) continue; - string ipAddress = parts[0]; - string domain = parts[1]; + string ipAddress = parts[0]; + string domain = parts[1]; - foreach (HashedString hLine in msData.hStrings) + foreach (HashedString hLine in msData.hStrings) + { + if (hLine.OriginalLength <= domain.Length) { - if (hLine.OriginalLength <= domain.Length) - { - string truncatedDomain = domain.Substring(domain.Length - hLine.OriginalLength); + string truncatedDomain = domain.Substring(domain.Length - hLine.OriginalLength); - if (Utils.StringMD5(truncatedDomain).Equals(hLine.Hash)) + if (Utils.StringMD5(truncatedDomain).Equals(hLine.Hash)) + { + if (!Program.ScanOnly) { - if (!Program.ScanOnly) + if (!msData.hStrings.Any(h => Utils.StringMD5(domain).Equals(h.Hash))) { - if (!msData.hStrings.Any(h => Utils.StringMD5(domain).Equals(h.Hash))) - { - linesToDelete.Add(line); - } - else - { - Program.totalFoundThreats++; - Program.LL.LogSuccessMessage("_MaliciousEntry", lines[i], "_Deleted"); - lines.RemoveAt(i); - deletedLineCount++; - break; - } - + linesToDelete.Add(line); } else { - Program.LL.LogWarnMessage("_MaliciousEntry", line); + Program.totalFoundThreats++; + Program.LL.LogSuccessMessage("_MaliciousEntry", lines[i], "_Deleted"); + lines.RemoveAt(i); + deletedLineCount++; + break; } + + } + else + { + Program.LL.LogWarnMessage("_SuspiciousEntry", line); } } } } + } - if (linesToDelete.Count > 0) + if (linesToDelete.Count > 0) + { + if (!Program.ScanOnly) { - if (!Program.ScanOnly) + HostsDeletionForm form = new HostsDeletionForm(linesToDelete) { - HostsDeletionForm form = new HostsDeletionForm(linesToDelete) - { - TopMost = true - }; + TopMost = true + }; - if (form.ShowDialog() == DialogResult.OK) - { - List selectedLinesToDelete = form.GetSelectedLinesToDelete(); + if (form.ShowDialog() == DialogResult.OK) + { + List selectedLinesToDelete = form.GetSelectedLinesToDelete(); - if (selectedLinesToDelete.Count != 0) + if (selectedLinesToDelete.Count != 0) + { + foreach (var line in selectedLinesToDelete) { - foreach (var line in selectedLinesToDelete) - { - deletedLineCount++; - Program.LL.LogSuccessMessage("_SuspiciousEntry", line, "_Deleted"); - lines.Remove(line); - } - - File.WriteAllLines(hostsPath_full, lines); - Program.LL.LogSuccessMessage("_HostsFileRecovered", selectedLinesToDelete.Count.ToString()); + deletedLineCount++; + Program.LL.LogSuccessMessage("_SuspiciousEntry", line, "_Deleted"); + lines.Remove(line); } - } - else - { - linesToDelete.Clear(); - } - } - } - - if (deletedLineCount > 0) - { - if (!Program.ScanOnly) - { - File.WriteAllLines(hostsPath_full, lines); + File.WriteAllLines(hostsPath_full, lines); + Program.LL.LogSuccessMessage("_HostsFileRecovered", deletedLineCount.ToString()); + } } else { - LocalizedLogger.LogScanOnlyMode(); + linesToDelete.Clear(); } + } + } + + if (deletedLineCount > 0) + { + if (!Program.ScanOnly) + { + File.WriteAllLines(hostsPath_full, lines); } - else if (!Program.ScanOnly) + else { - LocalizedLogger.LogNoThreatsFound(); + LocalizedLogger.LogScanOnlyMode(); } - - - } - catch (UnauthorizedAccessException) - { - string message = Program.LL.GetLocalizedString("_ErrorLockedFile").Replace("#file#", hostsPath_full); - Logger.WriteLog($"\t[!!] {message}", Logger.warnMedium); } - catch (Exception e) + else if (!Program.ScanOnly) { - Program.LL.LogErrorMessage("_ErrorCleanHosts", e); + LocalizedLogger.LogNoThreatsFound(); } - } + catch (UnauthorizedAccessException) + { + string message = Program.LL.GetLocalizedString("_ErrorLockedFile").Replace("#file#", hostsPath_full); + Logger.WriteLog($"\t[!!] {message}", Logger.warnMedium); + } + catch (Exception e) + { + Program.LL.LogErrorMessage("_ErrorCleanHosts", e); + } + + + + + } void ScanRegistry() @@ -1452,7 +1473,7 @@ void ScanRegistry() int affected_items = 0; - #region DisallowRun +#region DisallowRun Logger.WriteLog(@"[Reg] Dis?allo?wRun...".Replace("?", ""), ConsoleColor.DarkCyan); try { @@ -1503,22 +1524,24 @@ void ScanRegistry() } - #endregion +#endregion - #region Appinit_dlls +#region Appinit_dlls Logger.WriteLog(@"[Reg] AppInitDLL...", ConsoleColor.DarkCyan); try { RegistryKey appinit_key = Registry.LocalMachine.OpenSubKey(msData.queries[3], true); if (appinit_key != null) { - if (!String.IsNullOrEmpty(appinit_key.GetValue("App??In??it_DL?Ls".Replace("?", "")).ToString())) + string appInitDllsValue = appinit_key.GetValue("AppI?nit?_DLLs".Replace("?", "")).ToString(); + if (!string.IsNullOrEmpty(appInitDllsValue)) { if (appinit_key.GetValue("Loa??dApp??Init_DLLs".Replace("?", "")).ToString() == "1") { if (!appinit_key.GetValueNames().Contains("RequireSignedApp?Ini?t_D?LLs".Replace("?", ""))) { Program.LL.LogWarnMessage("_AppInitNotEmpty"); + Program.LL.LogMessage("\t\t[.]", "_File", appInitDllsValue, ConsoleColor.White, false); Program.LL.LogCautionMessage("_SignedAppInitNotFound"); Program.totalFoundThreats++; @@ -1536,6 +1559,7 @@ void ScanRegistry() else if (appinit_key.GetValue("RequireSignedApp?Init?_DLLs".Replace("?", "")).ToString() == "0") { Program.LL.LogWarnMessage("_AppInitNotEmpty"); + Program.LL.LogMessage("\t[.]", "_File", appInitDllsValue, ConsoleColor.White, false); Program.LL.LogCautionMessage("_SignedAppInitValue"); Program.totalFoundThreats++; @@ -1559,9 +1583,9 @@ void ScanRegistry() Program.LL.LogErrorMessage("_Error", ex); } - #endregion +#endregion - #region IFEO +#region IFEO Logger.WriteLog(@"[Reg] IFEO...", ConsoleColor.DarkCyan); try @@ -1623,9 +1647,9 @@ void ScanRegistry() } - #endregion +#endregion - #region IFEO_Wow6432 +#region IFEO_Wow6432 Logger.WriteLog(@"[Reg] IFEO WOW6432...", ConsoleColor.DarkCyan); try @@ -1685,9 +1709,9 @@ void ScanRegistry() Program.LL.LogErrorMessage("_ErrorCannotOpen", ex, "IFEO"); } - #endregion +#endregion - #region SilentExitCheck +#region SilentExitCheck Logger.WriteLog(@"[Reg] Silent_Exit_Process...", ConsoleColor.DarkCyan); try @@ -1724,9 +1748,9 @@ void ScanRegistry() Program.LL.LogErrorMessage("_ErrorCannotOpen", ex, "Silent_Exit_process"); } - #endregion +#endregion - #region HKLM +#region HKLM try { RegistryKey AutorunKey = Registry.LocalMachine.OpenSubKey(msData.queries[4], true); @@ -1781,9 +1805,9 @@ void ScanRegistry() } - #endregion +#endregion - #region HKCU +#region HKCU Logger.WriteLog(@"[Reg] HKCU Autorun...", ConsoleColor.DarkCyan); try { @@ -1846,9 +1870,9 @@ void ScanRegistry() Program.LL.LogErrorMessage("_ErrorCannotOpen", ex, "HKCU\\...\\t?e??k??ton?i?t"); Program.totalNeutralizedThreats--; } - #endregion +#endregion - #region Applocker +#region Applocker Logger.WriteLog(@"[Reg] Applocker...", ConsoleColor.DarkCyan); string registryPath = @"SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe"; @@ -1936,9 +1960,9 @@ void ScanRegistry() } } - #endregion +#endregion - #region WindowsDefender +#region WindowsDefender Logger.WriteLog(@"[Reg] Wind~ows De~fe~nder...".Replace("~", ""), ConsoleColor.DarkCyan); try @@ -2034,9 +2058,9 @@ void ScanRegistry() Program.LL.LogErrorMessage("_Error", ex); } - #endregion +#endregion - #region WOW6432Node +#region WOW6432Node try { RegistryKey AutorunKey = Registry.LocalMachine.OpenSubKey(msData.queries[8], true); @@ -2067,7 +2091,7 @@ void ScanRegistry() { Program.LL.LogErrorMessage("_ErrorCannotOpen", ex, "WOW6432?Node\\...\\run"); } - #endregion +#endregion if (affected_items == 0) { @@ -2081,6 +2105,23 @@ void ScanRegistry() } void ScanTaskScheduler() { + + string[] checkDirectories = + { + Environment.SystemDirectory, // System32 + $@"{Program.drive_letter}:\Wind?ows\Sys?WOW?64".Replace("?", ""), // SysWow64 + $@"{Program.drive_letter}:\W?in?dow?s\Sys?tem?32\wbem".Replace("?",""), // Wbem + msData.queries[9], // PowerShell + }; + + string[] badArgStrings = + { + "--??al??g??o".Replace("?",""), + "-?-c?oi?n".Replace("?",""), + "-?-?p?ass?? x".Replace("?",""), + "s?tr?at?um+".Replace("?","") + }; + using (TaskService taskService = new TaskService()) { var filteredTasks = taskService.AllTasks @@ -2101,7 +2142,7 @@ void ScanTaskScheduler() if (!Program.ScanOnly) { - if (taskName.StartsWith("dia?ler".Replace("?", ""))) + if (taskName.StartsWith("d?ia?le?r".Replace("?", ""))) { Program.LL.LogCautionMessage("_MaliciousEntry", taskName); @@ -2114,6 +2155,27 @@ void ScanTaskScheduler() continue; } } + + if (arguments != null) + { + foreach (string arg in badArgStrings) + { + if (arguments.Contains(arg)) + { + Program.LL.LogCautionMessage("_MaliciousEntry", taskName); + + taskService.GetFolder(taskFolder).DeleteTask(taskName); + if (taskService.GetTask($"{taskFolder}\\{taskName}") == null) + { + Program.LL.LogSuccessMessage("_MaliciousEntry", $"{taskFolder}\\{taskName}", "_Deleted"); + + Logger.WriteLog($"\t[+] M@alic@iou@s task {taskName} was deleted".Replace("@", ""), Logger.success); + break; + } + } + } + } + } // Check if the file path contains ":\" @@ -2138,13 +2200,6 @@ void ScanTaskScheduler() else { // Check in specific directories - string[] checkDirectories = - { - Environment.SystemDirectory, // System32 - $@"{Program.drive_letter}:\Wind?ows\Sys?WOW?64".Replace("?", ""), // SysWow64 - $@"{Program.drive_letter}:\W?in?dow?s\Sys?tem?32\wbem".Replace("?",""), // Wbem - msData.queries[9], // PowerShell - }; bool fileFound = false; @@ -2177,7 +2232,7 @@ void ScanTaskScheduler() } - Program._utils.ProccedFileFromArgs(filePath, arguments); + Program._utils.ProccedFileFromArgs(checkDirectories, filePath, arguments); // Check for empty tasks if (!Program.RemoveEmptyTasks) @@ -2625,10 +2680,6 @@ public void CleanFoundedMlwr() { Program.LL.LogHeadMessage("_RemovingFoundMlwrFiles"); - string prevMlwrPathsLog = Path.Combine(quarantineFolder, $"previousMlwrPaths_{Utils.GetRndString()}.txt"); - - File.WriteAllLines(prevMlwrPathsLog, prevMlwrPths); - foreach (string path in founded_mlwrPths) { if (File.Exists(path)) @@ -2715,7 +2766,7 @@ public void CleanFoundedMlwr() public void AnalyzeFile(string file, bool verboseLog = true) { - if (file.Length > 247) + if (!File.Exists(file) || file.Length > 240) { return; } @@ -2756,6 +2807,7 @@ public void AnalyzeFile(string file, bool verboseLog = true) if (Utils.IsSfxArchive(file)) { Program.LL.LogWarnMediumMessage("_sfxArchive", file); + Program.totalFoundSuspiciousObjects++; return; } @@ -2766,17 +2818,16 @@ public void AnalyzeFile(string file, bool verboseLog = true) Program.LL.LogCautionMessage("_Found", file); Program.totalFoundThreats++; founded_mlwrPths.Add(file); - prevMlwrPths.Add(file); return; } +#if !DEBUG bool computedSequence = Utils.CheckDynamicSignature(file, 16, 100); if (computedSequence) { founded_mlwrPths.Add(file); Program.totalFoundThreats++; - prevMlwrPths.Add(file); Program.LL.LogCautionMessage("_Found", file); return; @@ -2787,12 +2838,11 @@ public void AnalyzeFile(string file, bool verboseLog = true) { founded_mlwrPths.Add(file); Program.totalFoundThreats++; - prevMlwrPths.Add(file); Program.LL.LogCautionMessage("_Found", file); return; } - +#endif if (verboseLog) { Console.ForegroundColor = ConsoleColor.DarkGreen; @@ -2800,6 +2850,10 @@ public void AnalyzeFile(string file, bool verboseLog = true) Console.ForegroundColor = ConsoleColor.White; } } + catch (DirectoryNotFoundException) + { + //nothing to do + } catch (Exception e) when (e.HResult.Equals(unchecked((int)0x8007016A))) { Program.LL.LogWarnMediumMessage("_ErrorFileOnlineOnly", file); @@ -2816,7 +2870,7 @@ public void AnalyzeFile(string file, bool verboseLog = true) internal static void SentLog() { - if (Utils.GetWindowsVersion().Contains("Windows 7")) + if (Utils.GetWindowsVersion().Contains("Windows 7") || Program.bootMode == BootMode.SafeMinimal) { return; } diff --git a/MinerSearch/MinerSearch.csproj b/MinerSearch/MinerSearch.csproj index e16b6f8..0502a4a 100644 --- a/MinerSearch/MinerSearch.csproj +++ b/MinerSearch/MinerSearch.csproj @@ -50,7 +50,7 @@ bin\Release\ TRACE none - 3 + 2 false true Auto @@ -92,7 +92,7 @@ app.manifest - + False bin\Release\dbase.dll @@ -100,10 +100,13 @@ False bin\Release\Microsoft.Win32.TaskScheduler.dll - + False bin\Release\netlib.dll + + ..\packages\Newtonsoft.Json.13.0.3\lib\net45\Newtonsoft.Json.dll + @@ -129,6 +132,9 @@ Finish.cs + + Form + Form @@ -151,6 +157,12 @@ True Resources.resx + + Form + + + SplashForm.cs + @@ -164,6 +176,9 @@ + + + @@ -175,6 +190,9 @@ Finish.cs Designer + + FormShadow.cs + HostsDeletionForm.cs @@ -186,6 +204,9 @@ Resources.Designer.cs Designer + + SplashForm.cs + diff --git a/MinerSearch/Native.cs b/MinerSearch/Native.cs index a7004ad..c9d3919 100644 --- a/MinerSearch/Native.cs +++ b/MinerSearch/Native.cs @@ -24,6 +24,18 @@ internal class Native [DllImport("advapi32.dll", SetLastError = true)] public static extern bool AdjustTokenPrivileges(IntPtr tokenHandle, bool disableAllPrivileges, ref TOKEN_PRIVILEGES newState, uint bufferLength, IntPtr previousState, IntPtr returnLength); + [DllImport("advapi32.dll", SetLastError = true)] + public static extern bool PrivilegeCheck(IntPtr ClientToken, ref PRIVILEGE_SET RequiredPrivileges, out bool pfResult); + +#if DEBUG + [DllImport("advapi32.dll", SetLastError = true)] + public static extern bool GetTokenInformation(IntPtr TokenHandle, int TokenInformationClass, IntPtr TokenInformation, int TokenInformationLength, out int ReturnLength); + + [DllImport("advapi32.dll", SetLastError = true)] + public static extern bool LookupPrivilegeName(string lpSystemName, ref LUID lpLuid, StringBuilder lpName, ref int cchName); + +#endif + [DllImport("kernel32.dll")] public static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId); @@ -128,12 +140,6 @@ internal struct USER_INFO_0 [return: MarshalAs(UnmanagedType.Bool)] internal static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, IntPtr lpNumberOfBytesRead); - //[DllImport("kernel32.dll", SetLastError = true)] //unused - //internal static extern bool GetFileInformationByHandleEx(IntPtr hFile, FILE_INFO_BY_HANDLE_CLASS FileInformationClass, out FILE_BASIC_INFO lpFileInformation, uint dwBufferSize); - - //[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] - //internal static extern IntPtr CreateFile(string lpFileName, uint dwDesiredAccess, uint dwShareMode, IntPtr lpSecurityAttributes, uint dwCreationDisposition, uint dwFlagsAndAttributes, IntPtr hTemplateFile); - [DllImport("ntdll.dll")] public static extern int NtQuerySystemInformation( int SystemInformationClass, @@ -178,6 +184,54 @@ public struct SYSTEM_HANDLE_INFORMATION public const uint PROCESS_DUP_HANDLE = 0x0040; public const uint DUPLICATE_SAME_ACCESS = 0x0002; + + [DllImport("advapi32.dll", SetLastError = true)] + public static extern int LsaOpenPolicy(ref LSA_OBJECT_ATTRIBUTES ObjectAttributes, ref LSA_UNICODE_STRING SystemName, int AccessMask, out IntPtr PolicyHandle); + + [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] + public static extern int LsaAddAccountRights(IntPtr PolicyHandle, IntPtr AccountSid, LSA_UNICODE_STRING[] UserRights, int CountOfRights); + + [DllImport("advapi32.dll")] + public static extern int LsaClose(IntPtr PolicyHandle); + + [DllImport("advapi32.dll")] + public static extern int LsaNtStatusToWinError(int status); + + [DllImport("advapi32.dll", CharSet = CharSet.Unicode, SetLastError = true)] + public static extern bool LookupAccountName(string lpSystemName, string lpAccountName, IntPtr Sid, ref int cbSid, System.Text.StringBuilder ReferencedDomainName, ref int cchReferencedDomainName, out int peUse); + + // Импортируем необходимые функции из advapi32.dll и kernel32.dll + [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] + public static extern bool LookupAccountSid(string lpSystemName, IntPtr Sid, StringBuilder Name, ref int cchName, StringBuilder ReferencedDomainName, ref int cchReferencedDomainName, out int peUse); + + [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] + public static extern bool ConvertStringSidToSid(string StringSid, out IntPtr Sid); + + [DllImport("kernel32.dll", SetLastError = true)] + public static extern IntPtr LocalFree(IntPtr hMem); + + [StructLayout(LayoutKind.Sequential)] + public struct LSA_OBJECT_ATTRIBUTES + { + public int Length; + public IntPtr RootDirectory; + public IntPtr ObjectName; + public int Attributes; + public IntPtr SecurityDescriptor; + public IntPtr SecurityQualityOfService; + } + + [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] + public struct LSA_UNICODE_STRING + { + public ushort Length; + public ushort MaximumLength; + public IntPtr Buffer; + } + + public const int POLICY_ALL_ACCESS = 0x000F0FFF; + public const int ERROR_SUCCESS = 0; + [Flags] internal enum FILE_ATTRIBUTE { @@ -386,6 +440,15 @@ public struct TOKEN_PRIVILEGES public LUID_AND_ATTRIBUTES[] Privileges; } + [StructLayout(LayoutKind.Sequential)] + public struct PRIVILEGE_SET + { + public uint PrivilegeCount; + public uint Control; + [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] + public LUID_AND_ATTRIBUTES[] Privilege; + } + [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct OSVERSIONINFOEX { @@ -464,6 +527,8 @@ internal struct R77_PROCESS public uint ProcessId; public ulong DetachAddress; } + + } // https://github.com/DavidXanatos/priv10/blob/master/MiscHelpers/API/ServiceHelper.cs @@ -683,7 +748,7 @@ public static ServiceConfigInfo GetServiceInfoSafe(string serviceName) { return GetServiceInfo(serviceName); } - catch + catch (Exception) { return null; } diff --git a/MinerSearch/Program.cs b/MinerSearch/Program.cs index 51f178c..e94eea5 100644 --- a/MinerSearch/Program.cs +++ b/MinerSearch/Program.cs @@ -1,15 +1,15 @@ -#define BETA +//#define BETA using DBase; using Microsoft.Win32; using MSearch.Properties; -using netlib; using System; +using System.Collections.Generic; using System.Diagnostics; using System.Drawing; using System.IO; +using System.Reflection; using System.Text; -using System.Threading; using System.Windows.Forms; namespace MSearch @@ -30,18 +30,23 @@ public class Program public static bool ScanOnly = false; public static bool fullScan = false; public static bool RestoredWMI = false; + public static bool RunAsSystem = false; public static int maxSubfolders = 8; public static int totalFoundThreats = 0; + public static int totalFoundSuspiciousObjects = 0; public static int totalNeutralizedThreats = 0; public static string drive_letter = "C"; public static string ActiveLanguage = ""; internal static BootMode bootMode = Utils.GetBootMode(); public static LocalizedLogger LL = new LocalizedLogger(); public static Utils _utils = new Utils(); + public static string CurrentVersion = Assembly.GetExecutingAssembly().GetName().Version.ToString(); + [STAThread] static void Main(string[] args) { +#if !DEBUG AppDomain.CurrentDomain.UnhandledException += new UnhandledExceptionEventHandler(ExeptionHandler.HookExeption); ActiveLanguage = Utils.GetSystemLanguage(); try @@ -53,6 +58,10 @@ static void Main(string[] args) MessageBox.Show(LL.GetLocalizedString("_ErrorNotFoundComponent"), Utils.GetRndString(), MessageBoxButtons.OK, MessageBoxIcon.Warning); Environment.Exit(1); } +#else + ActiveLanguage = Utils.GetSystemLanguage(); + Init(args); +#endif } @@ -71,6 +80,39 @@ static void Init(string[] args) Environment.Exit(1); } + if (!Utils.IsRebootMtx()) + { + Utils.mutex.ReleaseMutex(); + MessageBox.Show(LL.GetLocalizedString("_RebootRequired"), Utils.GetRndString()); + Environment.Exit(0); + } + + if (Utils.IsWinPEEnv()) + { + List newargs = new List { "--winpemode" }; + if (args.Length > 0) + { + foreach (string arg in args) + { + newargs.Add(arg); + } + } + args = newargs.ToArray(); + + WinPEMode = true; + RunAsSystem = true; + } + + if (Utils.GetCurrentProcessOwner().IsSystem && !WinPEMode) + { + var msg = MessageBox.Show(LL.GetLocalizedString("_MessageRunAsSystemWarn"), Utils.GetRndString(), MessageBoxButtons.YesNo); + if (msg != DialogResult.Yes) + { + Environment.Exit(0); + } + RunAsSystem = true; + } + Console.Title = Utils.GetRndString(); var bitmap = (Bitmap)Utils.GetSmallWindowIcon(Process.GetCurrentProcess().MainWindowHandle); @@ -111,16 +153,17 @@ static void Init(string[] args) { if (ActiveLanguage == "EN") { - licenseForm.richTextBox1.Text = Resources._License_EN; + licenseForm.Label_LicenseCaption.Text = Resources._LicenseCaption_EN; + licenseForm.richTextBox1.Rtf = Resources._License_EN; licenseForm.Accept_btn.Text = Resources._accept_en; - licenseForm.Exit_btn.Text = Resources._exit_en; + licenseForm.Exit_btn.Text = Resources._exit_EN; } if (ActiveLanguage == "RU") { - - licenseForm.richTextBox1.Text = Resources._License_RU; + licenseForm.Label_LicenseCaption.Text = Resources._LicenseCaption_RU; + licenseForm.richTextBox1.Rtf = Resources._License_RU; licenseForm.Accept_btn.Text = Resources._accept_ru; - licenseForm.Exit_btn.Text = Resources._exit_ru; + licenseForm.Exit_btn.Text = Resources._exit_RU; } licenseForm.ShowDialog(); @@ -235,9 +278,16 @@ static void Init(string[] args) if (drive_letter.Length > 1 || Utils.IsDigit(drive_letter)) { LocalizedLogger.LogIncorrectDrive(drive_letter); - Console.ReadKey(); goto drive_letter_lbl; } + + if (!Directory.Exists(drive_letter + ":\\")) + { + LocalizedLogger.LogIncorrectDrive(drive_letter); + goto drive_letter_lbl; + } + + Drive.Letter = drive_letter; NoRootkitCheck = true; no_runtime = true; no_services = true; @@ -259,10 +309,11 @@ static void Init(string[] args) if (!WinPEMode) { - drive_letter = Environment.GetEnvironmentVariable("systemdrive").Remove(1); + drive_letter = Environment.GetEnvironmentVariable("SYSTEMDRIVE").Remove(1); Drive.Letter = drive_letter; } + #if !DEBUG if (!help) { @@ -288,7 +339,6 @@ static void Init(string[] args) } Logger.WriteLog("\t\tID: " + Utils.GetDeviceId(), ConsoleColor.White, false, true); - LL.LogMessage("\t\t", "_Version", new Version(Application.ProductVersion).ToString(), ConsoleColor.White, false); if (!help) @@ -296,12 +346,22 @@ static void Init(string[] args) LocalizedLogger.LogHelpHint(); } - if (no_runtime && no_scantime && WinPEMode) + LL.LogMessage("\t\t", "_Version", CurrentVersion, ConsoleColor.White, false); + + +#if !DEBUG + if (!WinPEMode && !Utils.GetWindowsVersion().Contains("Windows 7")) + { + Utils.CheckLatestReleaseVersion(); + } + + if (no_runtime && no_scantime && !WinPEMode) { LocalizedLogger.LogErrorDisabledScan(); Console.ReadKey(); return; } +#endif if (WinPEMode && nosignaturescan) { @@ -339,10 +399,45 @@ static void Init(string[] args) } MinerSearch mk = new MinerSearch(); - + LL.LogHeadMessage("_PreparingToScan"); Utils.RestoreSignatures(mk.msData.signatures); - Process.EnterDebugMode(); + + _utils.InitPrivileges(); + + if (!NoRootkitCheck || !no_runtime) + { + if (!_utils.HasDebugPrivilege()) + { + string privilegename = "SeDebugPrivilege"; + string groupName = _utils.ConvertWellKnowSIDToGroupName("S-1-5-32-544"); //Admin group + + + if (_utils.GrantPrivilegeToGroup(groupName, privilegename)) + { + MessageBox.Show(LL.GetLocalizedString("_SuccessGrantPrivilege"), Utils.GetRndString(), MessageBoxButtons.OK, MessageBoxIcon.Exclamation); + var result = MessageBox.Show(Program.LL.GetLocalizedString("_RebootPCNowDialog"), Utils.GetRndString(), MessageBoxButtons.YesNo, MessageBoxIcon.Question); + if (result == DialogResult.Yes) + { + Process.Start(new ProcessStartInfo() + { + FileName = "shutdown", + Arguments = "/r /t 0", + UseShellExecute = false, + CreateNoWindow = true + }); + } + Native.ShowWindow(Native.GetConsoleWindow(), Native.SW_HIDE); + Utils.mutex.ReleaseMutex(); + Console.ReadLine(); + } + else + { + MessageBox.Show(LL.GetLocalizedString("_ErrorGrantPrivilege"), Utils.GetRndString(), MessageBoxButtons.OK, MessageBoxIcon.Exclamation); + Environment.Exit(0); + } + } + } if (!NoRootkitCheck) { @@ -351,7 +446,6 @@ static void Init(string[] args) if (!no_runtime) { - mk.Scan(); } @@ -382,18 +476,21 @@ static void Init(string[] args) Logger.WriteLog("\n\t\t-----------------------------------", ConsoleColor.White, false); LocalizedLogger.LogElapsedTime(elapsedTime); Logger.WriteLog("\t\t-----------------------------------", ConsoleColor.White, false); - LocalizedLogger.LogTotalScanResult(totalFoundThreats, totalNeutralizedThreats + totalFoundThreats); + LocalizedLogger.LogTotalScanResult(totalFoundThreats, totalNeutralizedThreats + totalFoundThreats, totalFoundSuspiciousObjects); Logger.WriteLog("\t\t-----------------------------------", ConsoleColor.White, false); Utils.SwitchMouseSelection(true); Native.ShowWindow(Native.GetConsoleWindow(), Native.SW_MINIMIZE); - Finish finish = new Finish(totalFoundThreats, totalNeutralizedThreats + totalFoundThreats, elapsedTime) + + Finish finish = new Finish(totalFoundThreats, totalNeutralizedThreats + totalFoundThreats, totalFoundSuspiciousObjects, elapsedTime) //+ sign because neutralized threats is negative { TopMost = true }; finish.ShowDialog(); + + Console.ReadLine(); Environment.Exit(0); } diff --git a/MinerSearch/Properties/AssemblyInfo.cs b/MinerSearch/Properties/AssemblyInfo.cs index a266f0b..6bfc593 100644 --- a/MinerSearch/Properties/AssemblyInfo.cs +++ b/MinerSearch/Properties/AssemblyInfo.cs @@ -3,8 +3,8 @@ [assembly: ComVisible(true)] [assembly: Guid("9c5d03a2-b3e5-4b28-a1f6-eafd9b0ed091")] -[assembly: AssemblyVersion("1.4.7.51")] -[assembly: AssemblyFileVersion("1.4.7.51")] +[assembly: AssemblyVersion("1.4.7.6")] +[assembly: AssemblyFileVersion("1.4.7.6")] [assembly: AssemblyTitle("")] [assembly: AssemblyDescription("")] [assembly: AssemblyCompany("")] diff --git a/MinerSearch/Properties/Resources.Designer.cs b/MinerSearch/Properties/Resources.Designer.cs index 14ef4ff..12b4755 100644 --- a/MinerSearch/Properties/Resources.Designer.cs +++ b/MinerSearch/Properties/Resources.Designer.cs @@ -738,6 +738,24 @@ internal static string _ErrorAnalyzingFile_RU { } } + /// + /// Ищет локализованную строку, похожую на Unable to check updates. + /// + internal static string _ErrorCannotCheckUpdates_EN { + get { + return ResourceManager.GetString("_ErrorCannotCheckUpdates_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Не удалось проверить обновления. + /// + internal static string _ErrorCannotCheckUpdates_RU { + get { + return ResourceManager.GetString("_ErrorCannotCheckUpdates_RU", resourceCulture); + } + } + /// /// Ищет локализованную строку, похожую на Can not open. /// @@ -846,6 +864,24 @@ internal static string _ErrorFileOnlineOnly_RU { } } + /// + /// Ищет локализованную строку, похожую на This application has found missing privileges for the Administrators group, but could not restore them. How to assign privileges manually read the blog https://t.me/MinerSearch_blog/24. + /// + internal static string _ErrorGrantPrivilege_EN { + get { + return ResourceManager.GetString("_ErrorGrantPrivilege_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Приложение обнаружило недостающие права доступа для группы Администраторов, но не удалось выполнить их восстановление. Как выполнить восстановление прав вручную читайте в блоге https://t.me/MinerSearch_blog/24. + /// + internal static string _ErrorGrantPrivilege_RU { + get { + return ResourceManager.GetString("_ErrorGrantPrivilege_RU", resourceCulture); + } + } + /// /// Ищет локализованную строку, похожую на File locked by Wi?ndo?ws Def?end?er:. /// @@ -1026,6 +1062,24 @@ internal static string _ErrorVerifySignature_RU { } } + /// + /// Ищет локализованную строку, похожую на Copied. + /// + internal static string _EventCopyText_EN { + get { + return ResourceManager.GetString("_EventCopyText_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Скопировано. + /// + internal static string _EventCopyText_RU { + get { + return ResourceManager.GetString("_EventCopyText_RU", resourceCulture); + } + } + /// /// Ищет локализованную строку, похожую на exclusion. /// @@ -1063,20 +1117,20 @@ internal static string _ExeptionTitle_RU { } /// - /// Ищет локализованную строку, похожую на No. + /// Ищет локализованную строку, похожую на Exit. /// - internal static string _exit_en { + internal static string _exit_EN { get { - return ResourceManager.GetString("_exit_en", resourceCulture); + return ResourceManager.GetString("_exit_EN", resourceCulture); } } /// /// Ищет локализованную строку, похожую на Выйти. /// - internal static string _exit_ru { + internal static string _exit_RU { get { - return ResourceManager.GetString("_exit_ru", resourceCulture); + return ResourceManager.GetString("_exit_RU", resourceCulture); } } @@ -1224,24 +1278,6 @@ internal static string _FinishNotAllThreatsNeutralized_RU { } } - /// - /// Ищет локализованную строку, похожую на Do you want to restart your computer right now?. - /// - internal static string _FinishRebootPCNow_EN { - get { - return ResourceManager.GetString("_FinishRebootPCNow_EN", resourceCulture); - } - } - - /// - /// Ищет локализованную строку, похожую на Перезагрузить компьютер сейчас?. - /// - internal static string _FinishRebootPCNow_RU { - get { - return ResourceManager.GetString("_FinishRebootPCNow_RU", resourceCulture); - } - } - /// /// Ищет локализованную строку, похожую на Found:. /// @@ -1369,7 +1405,25 @@ internal static string _HelpHint_RU { } /// - /// Ищет локализованную строку, похожую на The following lines look suspicious, the marked ones will be deleted. Uncheck the box if you want to keep the line untouched.. + /// Ищет локализованную строку, похожую на Skip. + /// + internal static string _HostsCleanupSkipBtn_EN { + get { + return ResourceManager.GetString("_HostsCleanupSkipBtn_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Пропустить. + /// + internal static string _HostsCleanupSkipBtn_RU { + get { + return ResourceManager.GetString("_HostsCleanupSkipBtn_RU", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на The following lines look suspicious, the marked ones will be deleted.. /// internal static string _HostsCleanupWarning_EN { get { @@ -1378,7 +1432,7 @@ internal static string _HostsCleanupWarning_EN { } /// - /// Ищет локализованную строку, похожую на Следующие строки выглядят подозрительно и отмеченные будут удалены. Снимите отметку с тех, которые хотите оставить.. + /// Ищет локализованную строку, похожую на Следующие строки выглядят подозрительно и отмеченные будут удалены. . /// internal static string _HostsCleanupWarning_RU { get { @@ -1549,32 +1603,123 @@ internal static string _Just_Service_RU { } /// - /// Ищет локализованную строку, похожую на Like the app? Support the project on Boosty!. + /// Ищет локализованную строку, похожую на News and updates. /// - internal static string _LabelSupport_EN { + internal static string _LabelBlogNews_EN { get { - return ResourceManager.GetString("_LabelSupport_EN", resourceCulture); + return ResourceManager.GetString("_LabelBlogNews_EN", resourceCulture); } } /// - /// Ищет локализованную строку, похожую на Нравится приложение? Поддержи проект на Boosty!. + /// Ищет локализованную строку, похожую на Новости и обновления. /// - internal static string _LabelSupport_RU { + internal static string _LabelBlogNews_RU { get { - return ResourceManager.GetString("_LabelSupport_RU", resourceCulture); + return ResourceManager.GetString("_LabelBlogNews_RU", resourceCulture); } } /// - /// Ищет локализованную строку, похожую на Denial of responsibility - /// - ///This software provided "as is" and was created exclusively to search and remove malware that secretly uses computer resources for mining cryptocurrency. The author is not responsible for incidental, indirect or unintentional damage of any kind during the use of this software. You may use it at your own risk. + /// Ищет локализованную строку, похожую на Discussion and help in removement threats. + /// + internal static string _LabelChatHelp_EN { + get { + return ResourceManager.GetString("_LabelChatHelp_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Обсуждение и помощь в устранении угроз. + /// + internal static string _LabelChatHelp_RU { + get { + return ResourceManager.GetString("_LabelChatHelp_RU", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Support the project!. + /// + internal static string _LabelSupportCaption_EN { + get { + return ResourceManager.GetString("_LabelSupportCaption_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Поддержать разработчика проекта!. + /// + internal static string _LabelSupportCaption_RU { + get { + return ResourceManager.GetString("_LabelSupportCaption_RU", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Click to copy. + /// + internal static string _LabelSupportClickHint_EN { + get { + return ResourceManager.GetString("_LabelSupportClickHint_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Нажмите, чтобы скопировать. + /// + internal static string _LabelSupportClickHint_RU { + get { + return ResourceManager.GetString("_LabelSupportClickHint_RU", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Support the project with a like!. + /// + internal static string _LabelSupportGroupCaption_EN { + get { + return ResourceManager.GetString("_LabelSupportGroupCaption_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Поддержать проект лайком!. + /// + internal static string _LabelSupportGroupCaption_RU { + get { + return ResourceManager.GetString("_LabelSupportGroupCaption_RU", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Support the developer in any convenient way – this will help to continue to effectively deal with silent miners. /// - ///FAQ: + ///Thank you for your help!. + /// + internal static string _LabelSupportText_EN { + get { + return ResourceManager.GetString("_LabelSupportText_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Поддержите разработчика любым удобным способом – это поможет и дальше эффективно бороться с майнерами. /// - ///Question: Why does my antivirus indicate that the software contains a Trojan/virus? - ///Answer: A third-party antivirus registers the very fact of interference in the [остаток строки не уместился]";. + ///Спасибо за вашу помощь!. + /// + internal static string _LabelSupportText_RU { + get { + return ResourceManager.GetString("_LabelSupportText_RU", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на {\rtf1\ansi\ansicpg1251\deff0\nouicompat\deflang1049\deflangfe1049{\fonttbl{\f0\fnil\fcharset204 Times New Roman;}} + ///{\colortbl ;\red118\green113\blue113;} + ///{\*\generator Riched20 10.0.19041}{\*\mmathPr\mdispDef1\mwrapIndent1440 }\viewkind4\uc1 + ///\pard\widctlpar\fi710\li142\ri212\sa160\sl276\slmult1\qj\f0\fs28\par + ///This software provided "as is" and was created exclusively to search and remove malware that secretly uses computer resources for mining cryptocurrency. The author is not responsible for incident [остаток строки не уместился]";. /// internal static string _License_EN { get { @@ -1583,13 +1728,14 @@ internal static string _License_EN { } /// - /// Ищет локализованную строку, похожую на Отказ от ответственности - /// - ///Данное программное обеспечение (Далее ПО) предоставляется "как есть" и создано исключительно для поиска и удаления вредоносного ПО, тайно использующее ресурсы компьютера для добычи (майнинга) криптовалюты. Автор не несет ответсвенности за причиненный случайный, косвенный или непреднамеренный ущерб любого рода в ходе использования данного ПО. Вы можете использовать его на свой страх и риск. - /// - ///Часто задаваемые вопросы: - /// - ///Вопрос: Почему мой антивирус указывает, что ПО содержит тр [остаток строки не уместился]";. + /// Ищет локализованную строку, похожую на {\rtf1\ansi\ansicpg1251\deff0\nouicompat\deflang1049\deflangfe1049{\fonttbl{\f0\fnil\fcharset204 Times New Roman;}} + ///{\colortbl ;\red128\green128\blue128;} + ///{\*\listtable + ///{\list\listhybrid + ///{\listlevel\levelnfc0\leveljc0\levelstartat1{\leveltext\'02\'00.;}{\levelnumbers\'01;}\jclisttab\tx0} + ///{\listlevel\levelnfc4\leveljc0\levelstartat1{\leveltext\'02\'01.;}{\levelnumbers\'01;}\jclisttab\tx0} + ///{\listlevel\levelnfc3\leveljc0\levelstartat1{\leveltext\'02\'02.;}{\levelnumbers\'01;}\jclisttab\tx0} + ///{\listlevel [остаток строки не уместился]";. /// internal static string _License_RU { get { @@ -1597,6 +1743,24 @@ internal static string _License_RU { } } + /// + /// Ищет локализованную строку, похожую на Denial of Responsibility. + /// + internal static string _LicenseCaption_EN { + get { + return ResourceManager.GetString("_LicenseCaption_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Отказ от ответственности. + /// + internal static string _LicenseCaption_RU { + get { + return ResourceManager.GetString("_LicenseCaption_RU", resourceCulture); + } + } + /// /// Ищет локализованную строку, похожую на Locked directory. /// @@ -1785,6 +1949,51 @@ internal static string _MaliciousService_RU { } } + /// + /// Ищет локализованную строку, похожую на Текущий. + /// + internal static string _MessageForGrantPrivilege_RU { + get { + return ResourceManager.GetString("_MessageForGrantPrivilege_RU", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на A new version is available #LATEST#. Go to the download page?. + /// + internal static string _MessageNewVersion_EN { + get { + return ResourceManager.GetString("_MessageNewVersion_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Доступна новая версия #LATEST#. Перейти на станицу загрузки?. + /// + internal static string _MessageNewVersion_RU { + get { + return ResourceManager.GetString("_MessageNewVersion_RU", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Caution! Running this application with SYSTEM privileges may accidentally harm the system. If you want to scan another disk, use the --winpemode option. Continue scanning as a SYSTEM?. + /// + internal static string _MessageRunAsSystemWarn_EN { + get { + return ResourceManager.GetString("_MessageRunAsSystemWarn_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Осторожно! Запуская это приложение с СИСТЕМНЫМИ привилегиями может случайно навредить системе. Если вы хотите просканировать другой диск, используйте параметр --winpemode. Продолжить сканирование от имени СИСТЕМЫ?. + /// + internal static string _MessageRunAsSystemWarn_RU { + get { + return ResourceManager.GetString("_MessageRunAsSystemWarn_RU", resourceCulture); + } + } + /// /// Ищет локализованную строку, похожую на Ma??li??cio??us processes:. /// @@ -1839,6 +2048,42 @@ internal static string _Name_RU { } } + /// + /// Ищет локализованную строку, похожую на No internet connection. + /// + internal static string _NoInternetConnection_EN { + get { + return ResourceManager.GetString("_NoInternetConnection_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Нет подключения к интернету. + /// + internal static string _NoInternetConnection_RU { + get { + return ResourceManager.GetString("_NoInternetConnection_RU", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на No Log. + /// + internal static string _NoLogBtn_EN { + get { + return ResourceManager.GetString("_NoLogBtn_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Без отчёта. + /// + internal static string _NoLogBtn_RU { + get { + return ResourceManager.GetString("_NoLogBtn_RU", resourceCulture); + } + } + /// /// Ищет локализованную строку, похожую на No threats found. /// @@ -1931,6 +2176,24 @@ internal static string _PleaseWaitMessage_RU { } } + /// + /// Ищет локализованную строку, похожую на <-- An update is available #LATEST#. + /// + internal static string _PrefixNewVersionAvailable_EN { + get { + return ResourceManager.GetString("_PrefixNewVersionAvailable_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на <-- Доступно обновление #LATEST#. + /// + internal static string _PrefixNewVersionAvailable_RU { + get { + return ResourceManager.GetString("_PrefixNewVersionAvailable_RU", resourceCulture); + } + } + /// /// Ищет локализованную строку, похожую на Preparing to scan, please wait.... /// @@ -2129,6 +2392,42 @@ internal static string _R00tkitPresent_RU { } } + /// + /// Ищет локализованную строку, похожую на Do you want to restart your computer right now?. + /// + internal static string _RebootPCNowDialog_EN { + get { + return ResourceManager.GetString("_RebootPCNowDialog_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Перезагрузить компьютер сейчас?. + /// + internal static string _RebootPCNowDialog_RU { + get { + return ResourceManager.GetString("_RebootPCNowDialog_RU", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Reboot is required. + /// + internal static string _RebootRequired_EN { + get { + return ResourceManager.GetString("_RebootRequired_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Требуется перезагрузка. + /// + internal static string _RebootRequired_RU { + get { + return ResourceManager.GetString("_RebootRequired_RU", resourceCulture); + } + } + /// /// Ищет локализованную строку, похожую на Key successfully removed -. /// @@ -2687,6 +2986,24 @@ internal static string _sfxArchive_RU { } } + /// + /// Ищет локализованную строку, похожую на Show folder containing logs. + /// + internal static string _ShowFolderLogs_EN { + get { + return ResourceManager.GetString("_ShowFolderLogs_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Показать все отчёты в папке. + /// + internal static string _ShowFolderLogs_RU { + get { + return ResourceManager.GetString("_ShowFolderLogs_RU", resourceCulture); + } + } + /// /// Ищет локализованную строку, похожую на RequireSignedAp?pIn??it_DLLs key is not found. /// @@ -2813,6 +3130,24 @@ internal static string _State_RU { } } + /// + /// Ищет локализованную строку, похожую на This application has found missing privileges for the Administrators group, which have been restored. To apply the changes, relogin or restart the computer.. + /// + internal static string _SuccessGrantPrivilege_EN { + get { + return ResourceManager.GetString("_SuccessGrantPrivilege_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Приложение обнаружило недостающие права доступа для группы Администраторов, которые были восстановлены. Для применения изменений следует выполнить повторный вход в систему или перезагрузить компьютер.. + /// + internal static string _SuccessGrantPrivilege_RU { + get { + return ResourceManager.GetString("_SuccessGrantPrivilege_RU", resourceCulture); + } + } + /// /// Ищет локализованную строку, похожую на Rootkit neutralized. /// @@ -2885,6 +3220,24 @@ internal static string _SuspiciousFileSize_RU { } } + /// + /// Ищет локализованную строку, похожую на Suspicious obj:. + /// + internal static string _SuspiciousObjects_EN { + get { + return ResourceManager.GetString("_SuspiciousObjects_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Подозрений:. + /// + internal static string _SuspiciousObjects_RU { + get { + return ResourceManager.GetString("_SuspiciousObjects_RU", resourceCulture); + } + } + /// /// Ищет локализованную строку, похожую на Suspicious path. /// @@ -2994,7 +3347,7 @@ internal static string _TermServiceRestored_RU { } /// - /// Ищет локализованную строку, похожую на Total neutralized threats:. + /// Ищет локализованную строку, похожую на Total cured threats:. /// internal static string _TotalNeutralizedThreats_EN { get { @@ -3003,7 +3356,7 @@ internal static string _TotalNeutralizedThreats_EN { } /// - /// Ищет локализованную строку, похожую на Итого удалено угроз:. + /// Ищет локализованную строку, похожую на Устранено угроз:. /// internal static string _TotalNeutralizedThreats_RU { get { @@ -3011,6 +3364,24 @@ internal static string _TotalNeutralizedThreats_RU { } } + /// + /// Ищет локализованную строку, похожую на Total suspcisious objects:. + /// + internal static string _TotalSuspObjects_EN { + get { + return ResourceManager.GetString("_TotalSuspObjects_EN", resourceCulture); + } + } + + /// + /// Ищет локализованную строку, похожую на Итого подозрительных объектов:. + /// + internal static string _TotalSuspObjects_RU { + get { + return ResourceManager.GetString("_TotalSuspObjects_RU", resourceCulture); + } + } + /// /// Ищет локализованную строку, похожую на Total threats:. /// @@ -3021,7 +3392,7 @@ internal static string _TotalThreatsFound_EN { } /// - /// Ищет локализованную строку, похожую на Итого найдено угроз:. + /// Ищет локализованную строку, похожую на Найдено угроз:. /// internal static string _TotalThreatsFound_RU { get { @@ -3381,6 +3752,16 @@ internal static System.Drawing.Bitmap blendlog_donate { } } + /// + /// Поиск локализованного ресурса типа System.Drawing.Bitmap. + /// + internal static System.Drawing.Bitmap sber { + get { + object obj = ResourceManager.GetObject("sber", resourceCulture); + return ((System.Drawing.Bitmap)(obj)); + } + } + /// /// Поиск локализованного ресурса типа System.Drawing.Bitmap. /// @@ -3391,6 +3772,16 @@ internal static System.Drawing.Bitmap telegram_logo { } } + /// + /// Поиск локализованного ресурса типа System.Drawing.Bitmap. + /// + internal static System.Drawing.Bitmap usdt_ton { + get { + object obj = ResourceManager.GetObject("usdt_ton", resourceCulture); + return ((System.Drawing.Bitmap)(obj)); + } + } + /// /// Поиск локализованного ресурса типа System.Drawing.Bitmap. /// diff --git a/MinerSearch/Properties/Resources.resx b/MinerSearch/Properties/Resources.resx index 7ac14ef..508a598 100644 --- a/MinerSearch/Properties/Resources.resx +++ b/MinerSearch/Properties/Resources.resx @@ -117,1213 +117,1364 @@ System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 - - Startup params: + + Total threats: + + + Сканирование реестра... + + + Вредоносный файл: + + + Внимание! Приложение выявило множество служб с недействительной цифровой подписью. ---help This help message ---no-logs Don't write logs in text file ---no-scantime Scan processes only ---no-runtime Static scan only (Malware dirs, files, registry keys, etc) ---no-services Skip scan services ---no-signature-scan Skip scan files by signatures ---no-rootkit-check Skip checking rootkit present ---depth=<number> Where <number> specify the number for maximum search depth. Usage example --depth=5 (default 8) ---pause Pause before cleanup ---remove-empty-tasks Delete a task from the Task Scheduler if the application file does not exist in it ---winpemode Start scanning in WinPE environment by specifying a different drive letter (without scanning processes, registry, firewall and task scheduler entries) ---scan-only Display malicious or suspicious objects, but do nothing ---full-scan Add other entire local drives for signature scan ---restore=<path> Restore specified file from quarantine +Предполагается, что система: + - была установлена из непроверенного источника; + - имеет статус Insider Preview; + - либо модифицирована сторонними программами. + +Перечисленные ниже службы будут отключены, что возможно приведёт к нестабильности системы: +#InvalidServices# + +Желаете продолжить? + + + Blocking process has been closed - + + + Версия W??indo??ws: + + + Имя пользователя: + + + Не удалось разблокировать + + + WMI Event + + + Analyzing + + + Субъект не выполнил указанное действие проверки + + + Проверка TermService... + + + The file is only available online + + + The program was launched from the archive! Extract the entire archive and restart again. + + + Process inj?ect?ion + + + Новый файл hosts создан + + + Для вызова справки используйте параметр "--help" + + + Deselect All Wi?ndo?ws ??ve??rsion: - - Error on unlock + + Процесс был приостановлен частично - - Выйти + + файл - - Service name: + + Перезапуск службы... - - Try to find blocking process... + + Перезапуск приложения... - - Некорректный запуск программы + + Scanning complete + + + Signer's certificate is in the Untrusted Publishers store + + + Scanning: + + + Key successfully removed - + + + Failed to apply mitigation policy + + + Вредоносный каталог + + + + ..\Resources\128.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + + + This application has found missing privileges for the Administrators group, but could not restore them. How to assign privileges manually read the blog https://t.me/MinerSearch_blog/24 + + + каталог + + + Startup type of the critical service has been restored + + + Empty task + + + Scan only mode + + + Removed empty dir + + + No threats found + + + Событие WMI + + + Безопасный режим: проверка задач планировщика и правил брандмауэра недоступна. Процесс был приостановлен - - - Уже обработан + + Выйти - - Can not proceed + + присутствует в парам. командной строки - - Найдено угроз: + + Файл заблокирован: #file#. Чтение невозможно. - - Safe boot: scan tasks and firewall rules is not available. + + TermService: failed to restore - - Обнаружен руткит! Выполняется нейтрализация... + + Service has been disabled - - Ma??li??cio??us processes: + + Сканирование служб... - - Root certificate is not trusted + + Suspicious entry - - Not all threads are suspended + + Разблокировано успешно + + + Ошибка проверки цифровой подписи + + + Пустая задача Сканирование: - - Параметр A?ppIn??it_DLL?s не пуст - - - Specify drive letter: + + Starting signature scan... - - Не удалось завершить вредоносный процесс: + + Scanning files... - - New hosts file has been created + + Something is prevent the search for malicious processes. You should temporarily turn off your antivirus and try again. - - Итого найдено угроз: + + Ошибка: - - Объемное потребление ресурсов ГП: + + Параметр A?ppIn??it_DLL?s не пуст - - service is not installed! + + Не удалось удалить задачу - - - ..\Resources\telegram_logo.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + + Сканирование настроек брандмауэра... - - Invalid file + + Failed to terminate ma?li?ci?ou?s process: - - Параметр RequireSignedAp?pIn??it_DLLs не найден + + Register necessary DLLs... - - Another copy of the application is already running. For display help message use --help option + + Файл не существует в указанных каталогах: - - TermService: не удалось ввостановить + + Процесс успешно прерван - - - Yes + + Continue - - Service has been stopped + + directory - - Try to unlock directory... + + Path: - - Signer's certificate was expired + + Checking TermService... - - Путь: + + Параметр RequireSignedAp?pIn??it_DLLs не найден - - All Done. Press ENTER to close this window... + + Startup params: + +--help This help message +--no-logs Don't write logs in text file +--no-scantime Scan processes only +--no-runtime Static scan only (Malware dirs, files, registry keys, etc) +--no-services Skip scan services +--no-signature-scan Skip scan files by signatures +--no-rootkit-check Skip checking rootkit present +--depth=<number> Where <number> specify the number for maximum search depth. Usage example --depth=5 (default 8) +--pause Pause before cleanup +--remove-empty-tasks Delete a task from the Task Scheduler if the application file does not exist in it +--winpemode Start scanning in WinPE environment by specifying a different drive letter (without scanning processes, registry, firewall and task scheduler entries) +--scan-only Display malicious or suspicious objects, but do nothing +--full-scan Add other entire local drives for signature scan +--restore=<path> Restore specified file from quarantine - - Proccess failed to execute! + + Incorrent value on RequireS?ign?edApp?Init_DLLs - - Сканирование процессов... + + Checking roo??tk??it present... - - Empty task + + Вероятно RAT-процесс (бэкдор): - - Имя службы: + + Выбрать все - - Mali?cious file: + + Ошибка: невозможно отключить все типы сканирования - - Перезапуск очистки... + + Приложение обнаружило недостающие права доступа для группы Администраторов, которые были восстановлены. Для применения изменений следует выполнить повторный вход в систему или перезагрузить компьютер. - - Необработанное исключение + + --------------Условные-обозначения------------------- +[!] Незначительное предупреждение +[!!] Предупреждение, на которое стоит обратить внимание +[!!!] Обнаружена угроза +[!!!!] Обнаружен руткит +[Reg] Cканирование раздела(ов) реестра +[+] Успешное выполнение действия (лечение, удаление и т.д.) +[x] Ошибка +[xxx] Критическая ошибка: например, при запуске в песочнице +[#] Статус +[.] Описание +[_] Разблокировка каталога и удаление, если пуст +[i] Информация +[$] Затраченное время сканирования +[&] Итог +----------------------------------------------------- - - File or signature was probably corrupt + + State: - - Нежелательный порт: + + Mali?cio?us process: - - Already proceeded + + Caution! Running this application with SYSTEM privileges may accidentally harm the system. If you want to scan another disk, use the --winpemode option. Continue scanning as a SYSTEM? - - исключение + + Блокирующий процесс был закрыт - - - Подозрительный размер файла + + Уже обработан - - Имя пользователя: + + File or signature was probably corrupt - - File does not exist in the specified directories: + + Error verify signature - - NET Framework version 4.7.1 or higher is required to run this application. Check this component and try again + + Разрешить отправлять лог-файл (журнал сканирования найденных угроз) разработчику при каждом использовании? Это поможет улучшить работу приложения. - - Scanning complete + + Error: you cannot disable all types of scanning - - RequireSignedAp?pIn??it_DLLs key is not found + + - Удалено успешно - - Субъект не выполнил указанное действие проверки + + База данных WMI повреждена. Выполняется восстановление...пожалуйста, ждите - - The value was set to 1 + + Error analyzing file - - Блокирующий процесс был закрыт - + + Skipped Service - - - Checking TermService... + + Некорректный файл - - Failed to delete task + + Актуальные версии на Github Unknown command - - Начато сигнатурное сканирование... + + TermService успешно восстановлен - - Файл переименован в + + {\rtf1\ansi\ansicpg1251\deff0\nouicompat\deflang1049\deflangfe1049{\fonttbl{\f0\fnil\fcharset204 Times New Roman;}} +{\colortbl ;\red118\green113\blue113;} +{\*\generator Riched20 10.0.19041}{\*\mmathPr\mdispDef1\mwrapIndent1440 }\viewkind4\uc1 +\pard\widctlpar\fi710\li142\ri212\sa160\sl276\slmult1\qj\f0\fs28\par +This software provided "as is" and was created exclusively to search and remove malware that secretly uses computer resources for mining cryptocurrency. The author is not responsible for incidental, indirect or unintentional damage of any kind during the use of this software. You may use it at your own risk.\par +\par +\cf1\b FAQ:\par +\cf0 Why does my antivirus indicate that the software contains a Trojan/virus?\par +\b0 Answer: A third-party antivirus registers the very fact of interference in the system and cannot distinguish a specific action (change), which is what gives rise to such a reaction. It is impossible to clearly indicate that the action (change) being performed is performed for good purposes.\par +\b The software closes during operation / freezes / does not start\par +\b0 Answer:\par + +\pard +{\pntext\f0 1)\tab}{\*\pn\pnlvlbody\pnf0\pnindent0\pnstart1\pndec{\pntxta)}} +\fi710\li142\ri212\sa160\sl276\slmult1\qj Third-party antivirus interferes with normal operation;\par +{\pntext\f0 2)\tab}incorrect startup parameters / path too long / important components disabled or not installed;\par +{\pntext\f0 3)\tab}Malicious software blocks its operation - in this case, you need to rename the executable file "Min\'e5rSearch_\{version number\}.exe" to anything else.\par +{\pntext\f0 4)\tab}There was an error in the code that requires correction. Write about an error in an issue in the official github repository.\par + +\pard\widctlpar\fi710\li142\ri212\sa160\sl276\slmult1\qj This license agreement applies to all copies, and to previous and subsequent versions of the software.\par +Are you sure you want to continue? \par +Click \b Yes\b0 to continue. \par +Click \b Exit\b0 to exit.\par +} - - Укажите букву диска: + + Already proceeded - - userprofile + + Файл: - - Файл hosts отсутствует + + Цифровая подпись сертификата неверна - - Ошибка очистки файла hosts: + + Unhandled Exeption - - Error: + + Restored file - - is present in cmd args + + Процесс не выполняется - - файл + + PC Name: - - - Удалено успешно + + Найдено угроз: - - Проверка TermService... + + Файл заблокирован Защитником Windows: - - Сканирование настроек брандмауэра... + + Total cured threats: - - Scanning firewall... + + Требуется перезагрузка - - Activated WinPE mode. Specified drive letter - + + Invalid signature file - - Restored file + + Startup count - - Removing known mal?ware files... + + Mali?cious file: - - Готово. Нажмите ENTER, чтобы закрыть... + + exclusion - - Вредоносных процессов: + + Proccess failed to execute! - - Starting signature scan... + + Username: - - Режим загрузки: + + The file is blocked: #file#. Reading is not possible. - - Name: + + Scanning services... - - Вероятно RAT-процесс (бэкдор): + + Другая копия приложения уже запущена. Для вызова справки используйте параметр --help - - Цифровая подпись сертификата неверна + + - Deleted successfull - - Suspicious file: + + Неизвестная команда - - directory + + Без отчёта - - Path: + + The following lines look suspicious, the marked ones will be deleted. - - Total neutralized threats: + + Warning! The application has identified many services with invalid digital signatures. + +It is assumed that the system: + - was installed from an unverified source; + - has Insider Preview status; + - or modified by third-party programs. + +The following services will be disabled, which may lead to system instability: +#InvalidServices# + +Would you like to continue? - - Preparing to scan, please wait... + + Нежелательный порт в парам. командной строки - - - Удален пустой каталог + + Показать все отчёты в папке - - Задача успешно удалена - + + Регистрация необходимых DLL... - - Found threats: + + Попытка разблокировать каталог... - - Кол-во запусков + + Boot mode: - - Incorrect drive letter + + Осторожно! Запуская это приложение с СИСТЕМНЫМИ привилегиями может случайно навредить системе. Если вы хотите просканировать другой диск, используйте параметр --winpemode. Продолжить сканирование от имени СИСТЕМЫ? - - Обнаружен вредоносный процесс! Уровень риска + + Файл переименован в - - служба не установлена! + + Анализ - - ???S??F?X?? А?р?хив: + + Правило - - Ma??li??cio??us process detected! Risk level + + Укажите букву диска: - - Invalid signature file + + Service: - - Startup count + + Снять выбор - - Подозрительный путь + + Hosts file is missing - - Имя компьютера: + + Угроз не найдено - - Только проверка + + <-- Доступно обновление #LATEST# - - Для работы приложения требуется .NET Framework 4.7.1 и выше. Проверьте установлен ли компонент и повторите попытку + + {\rtf1\ansi\ansicpg1251\deff0\nouicompat\deflang1049\deflangfe1049{\fonttbl{\f0\fnil\fcharset204 Times New Roman;}} +{\colortbl ;\red128\green128\blue128;} +{\*\listtable +{\list\listhybrid +{\listlevel\levelnfc0\leveljc0\levelstartat1{\leveltext\'02\'00.;}{\levelnumbers\'01;}\jclisttab\tx0} +{\listlevel\levelnfc4\leveljc0\levelstartat1{\leveltext\'02\'01.;}{\levelnumbers\'01;}\jclisttab\tx0} +{\listlevel\levelnfc3\leveljc0\levelstartat1{\leveltext\'02\'02.;}{\levelnumbers\'01;}\jclisttab\tx0} +{\listlevel\levelnfc2\leveljc0\levelstartat1{\leveltext\'02\'03.;}{\levelnumbers\'01;}\jclisttab\tx0} +{\listlevel\levelnfc1\leveljc0\levelstartat1{\leveltext\'02\'04.;}{\levelnumbers\'01;}\jclisttab\tx0} +{\listlevel\levelnfc0\leveljc0\levelstartat1{\leveltext\'02\'05.;}{\levelnumbers\'01;}\jclisttab\tx0} +{\listlevel\levelnfc4\leveljc0\levelstartat1{\leveltext\'02\'06.;}{\levelnumbers\'01;}\jclisttab\tx0} +{\listlevel\levelnfc3\leveljc0\levelstartat1{\leveltext\'02\'07.;}{\levelnumbers\'01;}\jclisttab\tx0} +{\listlevel\levelnfc0\leveljc1\levelstartat1{\leveltext\'02\'08);}{\levelnumbers\'01;}\jclisttab\tx0}\listid1 }} +{\*\listoverridetable{\listoverride\listid1\listoverridecount0\ls1}} +{\*\generator Riched20 10.0.19041}{\*\mmathPr\mdispDef1\mwrapIndent1440 }\viewkind4\uc1 +\pard\widctlpar\fi710\li142\ri212\sa160\sl276\slmult1\qj\tx284\f0\fs28\par +\'c4\'e0\'ed\'ed\'ee\'e5 \'ef\'f0\'ee\'e3\'f0\'e0\'ec\'ec\'ed\'ee\'e5 \'ee\'e1\'e5\'f1\'ef\'e5\'f7\'e5\'ed\'e8\'e5 (\'c4\'e0\'eb\'e5\'e5 \'cf\'ce) \'ef\'f0\'e5\'e4\'ee\'f1\'f2\'e0\'e2\'eb\'ff\'e5\'f2\'f1\'ff "\'ea\'e0\'ea \'e5\'f1\'f2\'fc" \'e8 \'f1\'ee\'e7\'e4\'e0\'ed\'ee \'e8\'f1\'ea\'eb\'fe\'f7\'e8\'f2\'e5\'eb\'fc\'ed\'ee \'e4\'eb\'ff \'ef\'ee\'e8\'f1\'ea\'e0 \'e8 \'f3\'e4\'e0\'eb\'e5\'ed\'e8\'ff \'e2\'f0\'e5\'e4\'ee\'ed\'ee\'f1\'ed\'ee\'e3\'ee \'cf\'ce, \'f2\'e0\'e9\'ed\'ee \'e8\'f1\'ef\'ee\'eb\'fc\'e7\'f3\'fe\'f9\'e5\'e5 \'f0\'e5\'f1\'f3\'f0\'f1\'fb \'ea\'ee\'ec\'ef\'fc\'fe\'f2\'e5\'f0\'e0 \'e4\'eb\'ff \'e4\'ee\'e1\'fb\'f7\'e8 (\'ec\'e0\'e9\'ed\'e8\'ed\'e3\'e0) \'ea\'f0\'e8\'ef\'f2\'ee\'e2\'e0\'eb\'fe\'f2\'fb. \'c0\'e2\'f2\'ee\'f0 \'ed\'e5 \'ed\'e5\'f1\'e5\'f2 \'ee\'f2\'e2\'e5\'f2\'f1\'f2\'e2\'e5\'ed\'ed\'ee\'f1\'f2\'e8 \'e7\'e0 \'ef\'f0\'e8\'f7\'e8\'ed\'e5\'ed\'ed\'fb\'e9 \'f1\'eb\'f3\'f7\'e0\'e9\'ed\'fb\'e9, \'ea\'ee\'f1\'e2\'e5\'ed\'ed\'fb\'e9 \'e8\'eb\'e8 \'ed\'e5\'ef\'f0\'e5\'e4\'ed\'e0\'ec\'e5\'f0\'e5\'ed\'ed\'fb\'e9 \'f3\'f9\'e5\'f0\'e1 \'eb\'fe\'e1\'ee\'e3\'ee \'f0\'ee\'e4\'e0 \'e2 \'f5\'ee\'e4\'e5 \'e8\'f1\'ef\'ee\'eb\'fc\'e7\'ee\'e2\'e0\'ed\'e8\'ff \'e4\'e0\'ed\'ed\'ee\'e3\'ee \'cf\'ce. \'c2\'fb \'ec\'ee\'e6\'e5\'f2\'e5 \'e8\'f1\'ef\'ee\'eb\'fc\'e7\'ee\'e2\'e0\'f2\'fc \'e5\'e3\'ee \'ed\'e0 \'f1\'e2\'ee\'e9 \'f1\'f2\'f0\'e0\'f5 \'e8 \'f0\'e8\'f1\'ea. \par +\par +\cf1\b\'d7\'e0\'f1\'f2\'ee \'e7\'e0\'e4\'e0\'e2\'e0\'e5\'ec\'fb\'e5 \'e2\'ee\'ef\'f0\'ee\'f1\'fb:\par +\cf0\'cf\'ee\'f7\'e5\'ec\'f3 \'ec\'ee\'e9 \'e0\'ed\'f2\'e8\'e2\'e8\'f0\'f3\'f1 \'f3\'ea\'e0\'e7\'fb\'e2\'e0\'e5\'f2, \'f7\'f2\'ee \'cf\'ce \'f1\'ee\'e4\'e5\'f0\'e6\'e8\'f2 \'f2\'f0\'ee\'ff\'ed/\'e2\'e8\'f0\'f3\'f1?\par +\'ce\'f2\'e2\'e5\'f2\b0 : \'d1\'f2\'ee\'f0\'ee\'ed\'ed\'e8\'e9 \'e0\'ed\'f2\'e8\'e2\'e8\'f0\'f3\'f1 \'f0\'e5\'e3\'e8\'f1\'f2\'f0\'e8\'f0\'f3\'e5\'f2 \'f1\'e0\'ec \'f4\'e0\'ea\'f2 \'e2\'ec\'e5\'f8\'e0\'f2\'e5\'eb\'fc\'f1\'f2\'e2\'e0 \'e2 \'f1\'e8\'f1\'f2\'e5\'ec\'f3 \'e8 \'ed\'e5 \'ec\'ee\'e6\'e5\'f2 \'ee\'f2\'eb\'e8\'f7\'e8\'f2\'fc \'ea\'ee\'ed\'ea\'f0\'e5\'f2\'ed\'ee\'e5 \'e4\'e5\'e9\'f1\'f2\'e2\'e8\'e5 (\'e8\'e7\'ec\'e5\'ed\'e5\'ed\'e8\'e5), \'f7\'f2\'ee \'ea\'e0\'ea \'f0\'e0\'e7 \'ef\'ee\'f0\'ee\'e6\'e4\'e0\'e5\'f2 \'f2\'e0\'ea\'f3\'fe \'f0\'e5\'e0\'ea\'f6\'e8\'fe. \'cd\'e5\'e2\'ee\'e7\'ec\'ee\'e6\'ed\'ee \'ff\'e2\'ed\'ee \'f3\'ea\'e0\'e7\'e0\'f2\'fc, \'f7\'f2\'ee \'ef\'f0\'ee\'e8\'e7\'e2\'ee\'e4\'e8\'ec\'ee\'e5 \'e4\'e5\'e9\'f1\'f2\'e2\'e8\'e5 (\'e8\'e7\'ec\'e5\'ed\'e5\'ed\'e8\'e5) \'e2\'fb\'ef\'ee\'eb\'ed\'ff\'e5\'f2\'f1\'ff \'e2 \'e1\'eb\'e0\'e3\'e8\'f5 \'f6\'e5\'eb\'ff\'f5. \par +\b\'cf\'ce \'e7\'e0\'ea\'f0\'fb\'e2\'e0\'e5\'f2\'f1\'ff \'e2\'ee \'e2\'f0\'e5\'ec\'ff \'f0\'e0\'e1\'ee\'f2\'fb / \'e7\'e0\'e2\'e8\'f1\'e0\'e5\'f2 / \'ed\'e5 \'e7\'e0\'ef\'f3\'f1\'ea\'e0\'e5\'f2\'f1\'ff\par +\'ce\'f2\'e2\'e5\'f2\b0 : \par + +\pard +{\listtext\f0 1)\tab}\ls1\ilvl8\fi142\li710\ri212\sa160\sl276\slmult1\qj\tx284\'d1\'f2\'ee\'f0\'ee\'ed\'ed\'e8\'e9 \'e0\'ed\'f2\'e8\'e2\'e8\'f0\'f3\'f1 \'ec\'e5\'f8\'e0\'e5\'f2 \'ed\'ee\'f0\'ec\'e0\'eb\'fc\'ed\'ee\'e9 \'f0\'e0\'e1\'ee\'f2\'e5;\par +{\listtext\f0 2)\tab}\'ed\'e5\'e2\'e5\'f0\'ed\'fb\'e5 \'ef\'e0\'f0\'e0\'ec\'e5\'f2\'f0\'fb \'e7\'e0\'ef\'f3\'f1\'ea\'e0 / \'f1\'eb\'e8\'f8\'ea\'ee\'ec \'e4\'eb\'e8\'ed\'ed\'fb\'e9 \'ef\'f3\'f2\'fc / \'ed\'e5 \'f3\'f1\'f2\'e0\'ed\'ee\'e2\'eb\'e5\'ed\'fb \'e8\'eb\'e8 \'ee\'f2\'ea\'eb\'fe\'f7\'e5\'ed\'fb \'e2\'e0\'e6\'ed\'fb\'e5 \'ea\'ee\'ec\'ef\'ee\'ed\'e5\'ed\'f2\'fb;\par +{\listtext\f0 3)\tab}\'c2\'f0\'e5\'e4\'ee\'ed\'ee\'f1\'ed\'ee\'e5 \'cf\'ce \'e1\'eb\'ee\'ea\'e8\'f0\'f3\'e5\'f2 \'e5\'e3\'ee \'f0\'e0\'e1\'ee\'f2\'f3 - \'e2 \'f2\'e0\'ea\'ee\'ec \'f1\'eb\'f3\'f7\'e0\'e5 \'ed\'e5\'ee\'e1\'f5\'ee\'e4\'e8\'ec\'ee \'ef\'e5\'f0\'e5\'e8\'ec\'e5\'ed\'ee\'e2\'e0\'f2\'fc \'e8\'f1\'ef\'ee\'eb\'ed\'ff\'e5\'ec\'fb\'e9 \'f4\'e0\'e9\'eb "Min\'e5rSearch_\{\'ed\'ee\'ec\'e5\'f0-\'e2\'e5\'f0\'f1\'e8\'e8\}.exe" \'e2 \'eb\'fe\'e1\'ee\'e5 \'e4\'f0\'f3\'e3\'ee\'e5.\par +{\listtext\f0 4)\tab}\'c2 \'ea\'ee\'e4\'e5 \'e1\'fb\'eb\'e0 \'e4\'ee\'ef\'f3\'f9\'e5\'ed\'e0 \'ee\'f8\'e8\'e1\'ea\'e0, \'ea\'ee\'f2\'ee\'f0\'e0\'ff \'f2\'f0\'e5\'e1\'f3\'e5\'f2 \'e8\'f1\'ef\'f0\'e0\'e2\'eb\'e5\'ed\'e8\'ff. \'ce\'e1 \'ee\'f8\'e8\'e1\'ea\'e5 \'ef\'e8\'f1\'e0\'f2\'fc \'e2 issue \'e2 \'ee\'f4\'e8\'f6\'e8\'e0\'eb\'fc\'ed\'fb\'e9 \'f0\'e5\'ef\'ee\'e7\'e8\'f2\'ee\'f0\'e8\'e9 github. \par + +\pard\widctlpar\fi710\li142\ri212\sa160\sl276\slmult1\qj\tx284\par +\'cd\'e0\'f1\'f2\'ee\'ff\'f9\'e5\'e5 \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'ee\'ed\'ed\'ee\'e5 \'f1\'ee\'e3\'eb\'e0\'f8\'e5\'ed\'e8\'e5 \'f0\'e0\'f1\'ef\'f0\'ee\'f1\'f2\'f0\'e0\'ed\'ff\'e5\'f2\'f1\'ff \'ed\'e0 \'e2\'f1\'e5 \'ea\'ee\'ef\'e8\'e8, \'e0 \'f2\'e0\'ea\'e6\'e5 \'ed\'e0 \'ef\'f0\'e5\'e4\'fb\'e4\'f3\'f9\'e8\'e5 \'e8 \'ef\'ee\'f1\'eb\'e5\'e4\'f3\'fe\'f9\'e8\'e5 \'e2\'e5\'f0\'f1\'e8\'e8 \'ef\'f0\'ee\'e3\'f0\'e0\'ec\'ec\'ed\'ee\'e3\'ee \'ee\'e1\'e5\'f1\'ef\'e5\'f7\'e5\'ed\'e8\'ff.\par +\'c2\'fb \'f3\'e2\'e5\'f0\'e5\'ed\'fb, \'f7\'f2\'ee \'f5\'ee\'f2\'e8\'f2\'e5 \'ef\'f0\'ee\'e4\'ee\'eb\'e6\'e8\'f2\'fc?\par +\'cd\'e0\'e6\'ec\'e8\'f2\'e5 "\b\'cf\'f0\'e8\'ed\'ff\'f2\'fc\b0 " - \'f7\'f2\'ee\'e1\'fb \'ef\'f0\'ee\'e4\'ee\'eb\'e6\'e8\'f2\'fc. \par +\'cd\'e0\'e6\'ec\'e8\'f2\'e5 "\b\'c2\'fb\'e9\'f2\'e8\b0 " - \'f7\'f2\'ee\'e1\'fb \'e7\'e0\'ea\'f0\'fb\'f2\'fc \'ef\'f0\'ee\'e3\'f0\'e0\'ec\'ec\'f3.\par +} - - Critical service has been restarted + + Сертификат субъекта был отозван - - присутствует в парам. командной строки + + Try to find blocking process... - - Не удалось применить политику устранения рисков + + Safe boot: scan tasks and firewall rules is not available. - - Incorrent value on RequireS?ign?edApp?Init_DLLs + + Scanning directories... - - Службы была отключена + + Scan elapsed time: - - TermService успешно восстановлен + + Failed to delete task - - Не удалось открыть + + Restart the cleanup... - - Программа была запущена из архива! Извлеките весь архив и повторите перезапуск. + + Модуль перехвата Svchost: - - Сторожевой процесс + + Rootkit neutralized - - File: + + Service name: - - file + + Scanning firewall... - - Некорректный файл + + Try to close processes... + + + Сканирование завершено + + + Готово. Нажмите ENTER, чтобы закрыть... + + + Не удалось загрузить важные компоненты, так как вероятно архив был извлечён не полностью. + + + Удаление найденных вредоносных файлов... - - Can not open + + Suspicious path - - Название: + + Preparing to scan, please wait... - - TermService: неккоректный путь к библиотеке + + Указанная служба не установлена: - - Startup type of the critical service has been restored + + File does not exist in the specified directories: - - Mali?cious processes... + + Support the project! - - Не удалось удалить + + Try to unlock directory... - - Найден вредоносный ключ реестра - + + A?ppIn??it_DLL?s is not empty - - Failed to terminate ma?li?ci?ou?s process: + + Проверка присутствия руткита... - - Вредоносная запись - + + Файл восстановлен - - каталог + + Activated WinPE mode. Specified drive letter - - - - Deleted successfull + + Параметры запуска: + +--help Вызов этой справки +--no-logs Не записывать лог в файл +--no-scantime Сканировать только процессы +--no-runtime Не сканировать процессы (только каталоги, файлы, ключи реестра, и т.д.) +--no-services Пропустить сканирование служб +--no-signature-scan Пропустить сигнатурное сканирование файлов +--no-rootkit-check Не проверять присутствие руткита +--depth=<число> Где <число> - уровень максимальной глубины поиска. Пример использования --depth=5 (по-умолчанию 8) +--pause Пауза перед очисткой +--remove-empty-tasks Удалять задачу из Планировщика задач, если файл приложения в ней не существует +--winpemode Запускает сканирование в режиме WinPE (без сканирования процессов, реестра, правил фаерволла, служб, задач планировщика) +--scan-only Отображать вредоносный или подозрительный объект, но не выполнять лечение +--full-scan Целиком добавляет другие локальные диски для сигнатурного сканирования +--restore=<путь> Восстановить указанный файл из карантина - - Unhandled Exeption + + NET Framework version 4.7.1 or higher is required to run this application. Check this component and try again - - Failed to apply mitigation policy + + ПАУЗА ПЕРЕД ОЧИСТКОЙ +Нажмите любую клавишу, чтобы продолжить... - - Process inj?ect?ion + + Важный для работы компонент (служба) был перезапущен - - Try to close processes... + + Use "--help" option to display list of available commands - - The program was launched from the archive! Extract the entire archive and restart again. + + Invalid file - - Ошибка анализа файла + + ???S??F?X?? А?р?хив: - - Попытка найти блокирующий процесс... + + Error: - - exclusion + + Файл службы не найден - - Удаление вредоносных файлов... + + Сканирование каталогов... - - Analyzing + + Moved to Quarantine - - Service has been disabled + + Signer's certificate was expired - - Ключ успешно удалён - + + Необработанное исключение - - Попытка завершить процессы... + + TermService: non original library path - - Принять + + RequireS?ign?edApp?Init_DLLs - установлено неверное значение - - Подозрительный файл: + + The value was set to 1 - - ..\Resources\yoomoney.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + + Service has been stopped - - Removing found mal?ici?ous files... + + PAUSE BEFORE CLEANUP +Press any key to continue... - - Ho??sts file has been recovered. Affected strings: + + Задано значение 1 + + + WMI Database check... Found mali?cio?us registry key - - - Ошибка: невозможно отключить все типы сканирования - - - Файл: + + Пропустить - - Пустая задача + + A new version is available #LATEST#. Go to the download page? - - Version: + + Заблокированный каталог - - Scanning services... + + Попытка найти блокирующий процесс... - - ПАУЗА ПЕРЕД ОЧИСТКОЙ -Нажмите любую клавишу, чтобы продолжить... + + Рекомпиляция необходимых фалов... - - Сертификат подписавшего находится в хранилище ненадежных издателей + + Scanning hosts file... - - File renamed to + + File is not found: - - Error clean hosts file: + + New hosts file has been created - - Версия: + + Incorrect drive letter - - Subject's certificate was revoked + + Программа была запущена из архива! Извлеките весь архив и повторите перезапуск. - - Error verify signature + + Только проверка - - Scanning hosts file... + + Ключ успешно удалён - - - Сканирование файлов... + + File renamed to - - Ошибка: + + Select All - - Вредоносный профиль + + File locked by Wi?ndo?ws Def?end?er: - - Ошибка проверки цифровой подписи + + Параметр был создан - - Не удалось обработать + + <-- An update is available #LATEST# - - Restart the cleanup... + + Подозрительный размер файла - - PAUSE BEFORE CLEANUP -Press any key to continue... + + Сторожевой процесс - - Проверка присутствия руткита... + + Обнаружен руткит! Выполняется нейтрализация... - - Разблокировано успешно + + Сканирование файлов... - - Can not remove + + Файл hosts отсутствует - - Key successfully removed - + + Нежелательный порт: - - Безопасный режим: проверка задач планировщика и правил брандмауэра недоступна. + + Не удалось открыть Подозрительный ключ реестра: - - Removed empty dir - - - Не удалось загрузить важные компоненты, так как вероятно архив был извлечён не полностью. + + Suspicious obj: - - Не удалось разблокировать + + Svchost Hijacking module: - - Scanning files... + + Найден вредоносный ключ реестра - - - Отказ от ответственности - -Данное программное обеспечение (Далее ПО) предоставляется "как есть" и создано исключительно для поиска и удаления вредоносного ПО, тайно использующее ресурсы компьютера для добычи (майнинга) криптовалюты. Автор не несет ответсвенности за причиненный случайный, косвенный или непреднамеренный ущерб любого рода в ходе использования данного ПО. Вы можете использовать его на свой страх и риск. - -Часто задаваемые вопросы: - -Вопрос: Почему мой антивирус указывает, что ПО содержит троян/вирус? -Ответ: Сторонний антивирус регистрирует сам факт вмешательства в систему и не может отличить конкретное действие (изменение), что как раз пораждает такую реакцию. Невозможно явно указать, что производимое действие (изменение) выполняется в благих целях. - -Вопрос: ПО закрывается во время работы / зависает / не запускается -Ответ: - 1) Сторонний антивирус мешает нормальной работе; - 2) неверные параметры запуска / слишком длинный путь / не установлены / отключены важные компоненты; - 3) Вредоносное ПО блокирует его работу - в таком случае необходимо переименовать исполняемый файл "MinеrSearch_{номер-версии}.exe" в любое другое. - 4) В коде была допущена ошибка, которая требует исправления. Об ошибке писать в issue в официальный репозиторий github. - -Настоящее лицензионное соглашение распространяется на все копии, а также на предыдущие и последующие версии программного обеспечения. - -Вы уверены, что хотите продолжить? - -Нажмите "Принять" - чтобы подолжить. Нажмите "Выйти" - чтобы закрыть программу. + + Process successfully terminated - - - No threats found + + Приложение обнаружило недостающие права доступа для группы Администраторов, но не удалось выполнить их восстановление. Как выполнить восстановление прав вручную читайте в блоге https://t.me/MinerSearch_blog/24 - - ..\Resources\blendlog-donate.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + + Внедрённый процесс - - Too much GPU libs usage: + + Режим загрузки: - - No + + Обнаружен вредоносный процесс! Уровень риска - - Файл ho??s?ts был восстановлен. Удалено строк: + + профиль пользователя - - Новый файл hosts создан + + Locked directory - - Rule + + Mali?cious profile - - Error: you cannot disable all types of scanning + + file - - Безопасный режим с поддержкой сети: проверка задач планировщика недоступна. + + --------------Legend-symbols------------------- +[!] Minor warning +[!!] A warning worth paying attention to +[!!!] A threat has been detected +[!!!!] A rootkit has been detected +[reg] Scan the registry key(s) +[+] Successful completion of the action (treatment, removal, etc.) +[x] Error +[xxx] Critical error: for example, when running in the sandbox +[#] Status +[.] Description +[_] Unblocking the directory and deleting if empty +[i] Information +[$] Elapsed scan time +[&] Summary +---------------------------------------------------- - - Removing m?ali?cious files... + + Не все найденные угрозы были устранены. Перезагрузите компьютер и выполните проверку снова. - - Scan only mode + + Version: - - RequireS?ign?edApp?Init_DLLs - установлено неверное значение + + Restart Application... - - Состояние: + + Активирован режим WinPE. Указанная буква диска - - - Файл не существует в указанных каталогах: + + Не удалось проверить обновления - - Для вызова справки используйте параметр "--help" + + No Log - - Blacklisted port: + + Mali?cious processes... - - Сканирование реестра... + + Checking user John... - - Scanning registry... + + Malicious Service - - - Username: + + ..\Resources\telegram_logo.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a - - Error analyzing file + + Руткит нейтрализован - - State: + + Задача успешно удалена - - - Blacklisted port in cmd args - + + Найдено: - - Не удалось удалить задачу + + Safe boot networking: task scheduler check not available - - Вредоносный файл: + + Удален пустой каталог - - Incorrect program startup + + Mi?ner's r?o??o?tk??it detected! Try to remove... - - Итого удалено угроз: + + Exit - - S??F????X A????rch???i???ve??: + + Вредоносные процессы... - - Тип запуска важного для работы компонента (службы) был восстановлен + + Доступна новая версия #LATEST#. Перейти на станицу загрузки? - - Служба: + + Scanning processes... - - Событие WMI + + Файл доступен только онлайн - - Probably RAT process: + + Попытка завершить процессы... - - Сертификат субъекта был отозван + + Файл ho??s?ts был восстановлен. Удалено строк: - - Проверка базы данных WMI... + + Incorrect program startup - - Неизвестная команда + + Important components could not be loaded, as the archive was probably not fully extracted. - - Watchdog process + + ..\Resources\blendlog-donate.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a - - Неверная буква диска + + Critical service has been restarted - - Параметр был создан + + Denial of Responsibility - - Total threats: + + Process has been suspended - - - Suspicious path + + S??F????X A????rch???i???ve??: - - Активирован режим WinPE. Указанная буква диска - + + Unlock success - - Проверка пользователя John... + + Specified service is not installed: - - Актуальные версии на Github + + служба не установлена! - - Файл службы не найден + + is present in cmd args - - Сертификат подписавшего просрочен + + Вредоносный профиль - - WMI Database check... + + Подозрительная запись - - Process successfully terminated - + + Can not proceed - - Внедрённый процесс + + Sus?pic?ious registry key: - - A?ppIn??it_DLL?s is not empty + + Removing m?ali?cious files... - - Сканирование служб... + + службу - - Сканирование завершено + + Состояние: - - Process has been suspended - + + Нет подключения к интернету - - Checking user John... + + ..\Resources\yoomoney.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a - - Boot mode: + + Что-то мешает выполнить поиск вредоносных процессов. Следует временно приостановить работу антивирусного ПО и повторить попытку. - - Scan elapsed time: + + Can not remove - - Угроз не найдено + + Файл или подпись вероятно были повреждены - - Анализ + + Mali?cious entry - Нет доверия корневому сертификату - - Denial of responsibility - -This software provided "as is" and was created exclusively to search and remove malware that secretly uses computer resources for mining cryptocurrency. The author is not responsible for incidental, indirect or unintentional damage of any kind during the use of this software. You may use it at your own risk. - -FAQ: - -Question: Why does my antivirus indicate that the software contains a Trojan/virus? -Answer: A third-party antivirus registers the very fact of interference in the system and cannot distinguish a specific action (change), which is what gives rise to such a reaction. It is impossible to clearly indicate that the action (change) being performed is performed for good purposes. - -Question: The software closes during operation / freezes / does not start -Answer: -1) Third-party antivirus interferes with normal operation; -2) incorrect startup parameters / path too long / not installed / important components disabled; -3) Malicious software blocks its operation - in this case, you need to rename the executable file "MinеrSearch_{version number}.exe" to anything else. -4) There was an error in the code that requires correction. Write about an error in an issue in the official github repository. - -This license agreement applies to all copies, and to previous and subsequent versions of the software. - -Are you sure you want to continue? - -Click Yes to continue. Click No to exit. + + Текущий - - Процесс был приостановлен частично + + Принять - - Scanning directories... + + Некорректный запуск программы - - Вредоносные процессы... + + Поддержать разработчика проекта! - - Сканирование задач планировщика... + + service - - Found: + + Show Log + + + Службы была отключена + + + Вероятно подделка системной задачи + + + Не удалось запустить процесс! + + + Объемное потребление ресурсов ГП: - - Задано значение 1 + + Проверка пользователя John... - - Sus?pic?ious registry key: + + Relevant versions on Github - - Hosts file is missing + + Removing found mal?ici?ous files... - - TermService: non original library path + + Сертификат подписавшего просрочен Task successfully deleted - - - TermService successfully restored + + Время сканирования: - - Удаление найденных вредоносных файлов... + + All threats has been neutralized! - - Removing mal?ware dirs... + + Ho??sts file has been recovered. Affected strings: - - Файл не найден: + + Служба пропущена - - - Suspicious file size + + Служба: - - Service: + + Вредоносная запись - - - Вероятно подделка системной задачи + + Scanning scheduled tasks... - - Параметры запуска: - ---help Вызов этой справки ---no-logs Не записывать лог в файл ---no-scantime Сканировать только процессы ---no-runtime Не сканировать процессы (только каталоги, файлы, ключи реестра, и т.д.) ---no-services Пропустить сканирование служб ---no-signature-scan Пропустить сигнатурное сканирование файлов ---no-rootkit-check Не проверять присутствие руткита ---depth=<число> Где <число> - уровень максимальной глубины поиска. Пример использования --depth=5 (по-умолчанию 8) ---pause Пауза перед очисткой ---remove-empty-tasks Удалять задачу из Планировщика задач, если файл приложения в ней не существует ---winpemode Запускает сканирование в режиме WinPE (без сканирования процессов, реестра, правил фаерволла, служб, задач планировщика) ---scan-only Отображать вредоносный или подозрительный объект, но не выполнять лечение ---full-scan Целиком добавляет другие локальные диски для сигнатурного сканирования ---restore=<путь> Восстановить указанный файл из карантина + + Ошибка анализа файла - - WMI Event + + Found: - - Файл или подпись вероятно были повреждены + + Reboot is required - - TermService: failed to restore + + Blacklisted port: - - Important components could not be loaded, as the archive was probably not fully extracted. + + Подозрений: - - Файл восстановлен + + Ma??li??cio??us processes: - - Service file is not found + + Blacklisted port in cmd args - - - Locked directory + + Yes - - Mali?cio?us process: + + Subject failed the specified verification action - - Версия W??indo??ws: + + Found threats: - - Службы была остановлена + + Перезагрузить компьютер сейчас? - - Scanning processes... + + Не удалось применить политику устранения рисков - - service + + Show folder containing logs - - Процесс успешно прерван - + + Отказ от ответственности - - Scanning scheduled tasks... + + Rule - - службу + + Root certificate is not trusted - - Удаление известных вредоносных файлов... + + Удаление вредоносных каталогов... - - Mi?ner's r?o??o?tk??it detected! Try to remove... + + Name: - - Safe boot networking: task scheduler check not available + + Подождите... - - Найдено: + + service is not installed! - - Signer's certificate is in the Untrusted Publishers store + + Removing known mal?ware files... - - Relevant versions on Github + + Error on unlock - - Checking roo??tk??it present... + + Suspicious file: - - Blocking process has been closed - + + Service file is not found - - Mali?cious entry - + + TermService successfully restored - - Вредоносный процесс: + + Найдено угроз: - - Сканирование каталогов... + + Subject's certificate was revoked - - Scanning: + + Unable to check updates - - Нежелательный порт в парам. командной строки - + + Scanning registry... - - Сканирование файла hosts... + + Не удалось удалить - - Mali?cious directory + + Название: - - Попытка разблокировать каталог... + + Подготовка сканирования, пожалуйста, подождите... - - Правило + + userprofile - - Subject failed the specified verification action + + Продолжить - - File is not found: + + Too much GPU libs usage: - - Не удалось запустить процесс! + + Службы была остановлена - - Удаление вредоносных каталогов... + + Removing mal?ware dirs... - - Важный для работы компонент (служба) был перезапущен + + RequireSignedAp?pIn??it_DLLs key is not found - - The value was created + + Skip - - Время сканирования: + + Wait... - - Вредоносный каталог + + Кол-во запусков - - Use "--help" option to display list of available commands + + Файл не найден: - - профиль пользователя + + Подозрительный путь - - Mali?cious profile + + Сертификат подписавшего находится в хранилище ненадежных издателей - - Probably fake system task + + Another copy of the application is already running. For display help message use --help option - - PC Name: + + Have questions? Join the telegram! - - Другая копия приложения уже запущена. Для вызова справки используйте параметр --help + + Неверная буква диска - - Unlock success + + This application has found missing privileges for the Administrators group, which have been restored. To apply the changes, relogin or restart the computer. - - Подготовка сканирования, пожалуйста, подождите... + + Recompile necessary MOF files... - - Заблокированный каталог + + Тип запуска важного для работы компонента (службы) был восстановлен + + + Все угрозы были устранены! + + + Удаление известных вредоносных файлов... + + + The value was created + + + Сканирование процессов... - - ..\Resources\128.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + + Начато сигнатурное сканирование... - - Have questions? Join the telegram! + + Suspicious file size + + + Вредоносный процесс: Есть вопросы? Заходите в телеграм! - - Like the app? Support the project on Boosty! - - - Нравится приложение? Поддержи проект на Boosty! - - - Rootkit neutralized + + Сканирование файла hosts... - - Руткит нейтрализован + + Specify drive letter: - - Specified service is not installed: + + TermService: неккоректный путь к библиотеке - - Указанная служба не установлена: + + Перезапуск очистки... - - WMI Database corrupted. Trying to restore...Please wait + + Mali?cious directory - - База данных WMI повреждена. Выполняется восстановление...пожалуйста, ждите + + Not all threads are suspended - - Recompile necessary MOF files... + + No internet connection - - Рекомпиляция необходимых фалов... + + TermService: не удалось ввостановить - - Register necessary DLLs... + + Вредоносная служба - - - Регистрация необходимых DLL... + + File: - - Restart Application... + + Do you allow sending a log file (scan log of detected threats) to the developer every time you use it? This will help to improve the operation of the application. - - Перезапуск приложения... + + Watchdog process - - Restart service... + + Устранено угроз: - - Перезапуск службы... + + Не удалось завершить вредоносный процесс: - - Show Log + + Путь: - - Показать отчёт + + Перемещено в карантин - - --------------Условные-обозначения------------------- -[!] Незначительное предупреждение -[!!] Предупреждение, на которое стоит обратить внимание -[!!!] Обнаружена угроза -[!!!!] Обнаружен руткит -[Reg] Cканирование раздела(ов) реестра -[+] Успешное выполнение действия (лечение, удаление и т.д.) -[x] Ошибка -[xxx] Критическая ошибка: например, при запуске в песочнице -[#] Статус -[.] Описание -[_] Разблокировка каталога и удаление, если пуст -[i] Информация -[$] Затраченное время сканирования -[&] Итог ------------------------------------------------------ + + Следующие строки выглядят подозрительно и отмеченные будут удалены. - - Svchost Hijacking module: + + Удаление вредоносных файлов... - - Модуль перехвата Svchost: + + Probably RAT process: - - --------------Legend-symbols------------------- -[!] Minor warning -[!!] A warning worth paying attention to -[!!!] A threat has been detected -[!!!!] A rootkit has been detected -[reg] Scan the registry key(s) -[+] Successful completion of the action (treatment, removal, etc.) -[x] Error -[xxx] Critical error: for example, when running in the sandbox -[#] Status -[.] Description -[_] Unblocking the directory and deleting if empty -[i] Information -[$] Elapsed scan time -[&] Summary ----------------------------------------------------- + + The process is not running - - Do you allow sending a log file (scan log of detected threats) to the developer every time you use it? This will help to improve the operation of the application. + + Can not open - - Разрешить отправлять лог-файл (журнал сканирования найденных угроз) разработчику при каждом использовании? Это поможет улучшить работу приложения. + + Проверка базы данных WMI... - - Moved to Quarantine + + Сканирование задач планировщика... - - Перемещено в карантин + + All Done. Press ENTER to close this window... - - Wait... + + Подозрительный файл: - - Подождите... + + Not all threats found have been neutralized. Restart your computer and run the check again. - - The file is only available online + + Безопасный режим с поддержкой сети: проверка задач планировщика недоступна. - - Файл доступен только онлайн + + Показать отчёт - - File locked by Wi?ndo?ws Def?end?er: + + Error clean hosts file: - - Файл заблокирован Защитником Windows: + + Для работы приложения требуется .NET Framework 4.7.1 и выше. Проверьте установлен ли компонент и повторите попытку - - The process is not running + + Ошибка очистки файла hosts: - - Процесс не выполняется + + WMI Database corrupted. Trying to restore...Please wait - - Something is prevent the search for malicious processes. You should temporarily turn off your antivirus and try again. + + Do you want to restart your computer right now? - - Что-то мешает выполнить поиск вредоносных процессов. Следует временно приостановить работу антивирусного ПО и повторить попытку. + + исключение - - All threats has been neutralized! + + Probably fake system task - - Все угрозы были устранены! + + Имя компьютера: - - Not all threats found have been neutralized. Restart your computer and run the check again. + + Имя службы: - - Не все найденные угрозы были устранены. Перезагрузите компьютер и выполните проверку снова. + + Вредоносных процессов: - - Do you want to restart your computer right now? + + Restart service... - - Перезагрузить компьютер сейчас? + + Не удалось обработать - - Warning! The application has identified many services with invalid digital signatures. - -It is assumed that the system: - - was installed from an unverified source; - - has Insider Preview status; - - or modified by third-party programs. - -The following services will be disabled, which may lead to system instability: -#InvalidServices# - -Would you like to continue? + + Ma??li??cio??us process detected! Risk level - - Внимание! Приложение выявило множество служб с недействительной цифровой подписью. - -Предполагается, что система: - - была установлена из непроверенного источника; - - имеет статус Insider Preview; - - либо модифицирована сторонними программами. - -Перечисленные ниже службы будут отключены, что возможно приведёт к нестабильности системы: -#InvalidServices# - -Желаете продолжить? + + Версия: - - Malicious Service - + + ..\Resources\usdt_ton.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a - - Вредоносная служба - + + Copied - - Skipped Service - + + Скопировано - - Служба пропущена - + + News and updates - - The file is blocked: #file#. Reading is not possible. + + Новости и обновления - - Файл заблокирован: #file#. Чтение невозможно. + + Discussion and help in removement threats - - Continue + + Обсуждение и помощь в устранении угроз - - Продолжить + + Click to copy - - Deselect All + + Нажмите, чтобы скопировать - - Снять выбор + + Support the project with a like! - - The following lines look suspicious, the marked ones will be deleted. Uncheck the box if you want to keep the line untouched. + + Поддержать проект лайком! - - Следующие строки выглядят подозрительно и отмеченные будут удалены. Снимите отметку с тех, которые хотите оставить. + + Support the developer in any convenient way – this will help to continue to effectively deal with silent miners. + +Thank you for your help! - - Select All + + Поддержите разработчика любым удобным способом – это поможет и дальше эффективно бороться с майнерами. + +Спасибо за вашу помощь! - - Выбрать все + + Total suspcisious objects: - - Suspicious entry + + Итого подозрительных объектов: - - Подозрительная запись + + ..\Resources\sber.jpg;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a \ No newline at end of file diff --git a/MinerSearch/SplashForm.Designer.cs b/MinerSearch/SplashForm.Designer.cs new file mode 100644 index 0000000..d760d31 --- /dev/null +++ b/MinerSearch/SplashForm.Designer.cs @@ -0,0 +1,611 @@ + +namespace MSearch +{ + partial class SplashForm + { + /// + /// Required designer variable. + /// + private System.ComponentModel.IContainer components = null; + + /// + /// Clean up any resources being used. + /// + /// true if managed resources should be disposed; otherwise, false. + protected override void Dispose(bool disposing) + { + if (disposing && (components != null)) + { + components.Dispose(); + } + base.Dispose(disposing); + } + + #region Windows Form Designer generated code + + /// + /// Required method for Designer support - do not modify + /// the contents of this method with the code editor. + /// + private void InitializeComponent() + { + System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(SplashForm)); + this.tableLayoutPanel1 = new System.Windows.Forms.TableLayoutPanel(); + this.panel1 = new System.Windows.Forms.Panel(); + this.tableLayoutPanel2 = new System.Windows.Forms.TableLayoutPanel(); + this.panel2 = new System.Windows.Forms.Panel(); + this.XBtn = new System.Windows.Forms.Button(); + this.top = new System.Windows.Forms.Label(); + this.panel3 = new System.Windows.Forms.Panel(); + this.Label_supportCaption = new System.Windows.Forms.Label(); + this.Label_supportClickHint = new System.Windows.Forms.Label(); + this.Label_supportText = new System.Windows.Forms.Label(); + this.pictureBox1 = new System.Windows.Forms.PictureBox(); + this.tableLayoutPanel5 = new System.Windows.Forms.TableLayoutPanel(); + this.pictureBox5 = new System.Windows.Forms.PictureBox(); + this.textBox4 = new System.Windows.Forms.TextBox(); + this.tableLayoutPanel4 = new System.Windows.Forms.TableLayoutPanel(); + this.pictureBox4 = new System.Windows.Forms.PictureBox(); + this.pictureBox3 = new System.Windows.Forms.PictureBox(); + this.textBox1 = new System.Windows.Forms.TextBox(); + this.textBox2 = new System.Windows.Forms.TextBox(); + this.linkLabel1 = new System.Windows.Forms.LinkLabel(); + this.pictureBox2 = new System.Windows.Forms.PictureBox(); + this.panel4 = new System.Windows.Forms.Panel(); + this.Exit_btn = new System.Windows.Forms.Button(); + this.label7 = new System.Windows.Forms.Label(); + this.Label_chatHelp = new System.Windows.Forms.Label(); + this.Label_BlogNews = new System.Windows.Forms.Label(); + this.linkLabel3 = new System.Windows.Forms.LinkLabel(); + this.linkLabel2 = new System.Windows.Forms.LinkLabel(); + this.pictureBox7 = new System.Windows.Forms.PictureBox(); + this.pictureBox6 = new System.Windows.Forms.PictureBox(); + this.Label_supportGroupCaption = new System.Windows.Forms.Label(); + this.tableLayoutPanel1.SuspendLayout(); + this.panel1.SuspendLayout(); + this.tableLayoutPanel2.SuspendLayout(); + this.panel2.SuspendLayout(); + this.panel3.SuspendLayout(); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).BeginInit(); + this.tableLayoutPanel5.SuspendLayout(); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox5)).BeginInit(); + this.tableLayoutPanel4.SuspendLayout(); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox4)).BeginInit(); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox3)).BeginInit(); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox2)).BeginInit(); + this.panel4.SuspendLayout(); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox7)).BeginInit(); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox6)).BeginInit(); + this.SuspendLayout(); + // + // tableLayoutPanel1 + // + this.tableLayoutPanel1.BackColor = System.Drawing.Color.Transparent; + this.tableLayoutPanel1.CellBorderStyle = System.Windows.Forms.TableLayoutPanelCellBorderStyle.Single; + this.tableLayoutPanel1.ColumnCount = 1; + this.tableLayoutPanel1.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 100F)); + this.tableLayoutPanel1.Controls.Add(this.panel1, 0, 0); + this.tableLayoutPanel1.Dock = System.Windows.Forms.DockStyle.Fill; + this.tableLayoutPanel1.Location = new System.Drawing.Point(0, 0); + this.tableLayoutPanel1.Margin = new System.Windows.Forms.Padding(0); + this.tableLayoutPanel1.Name = "tableLayoutPanel1"; + this.tableLayoutPanel1.RowCount = 1; + this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 100F)); + this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Absolute, 552F)); + this.tableLayoutPanel1.Size = new System.Drawing.Size(632, 790); + this.tableLayoutPanel1.TabIndex = 0; + // + // panel1 + // + this.panel1.Controls.Add(this.tableLayoutPanel2); + this.panel1.Dock = System.Windows.Forms.DockStyle.Fill; + this.panel1.Location = new System.Drawing.Point(1, 1); + this.panel1.Margin = new System.Windows.Forms.Padding(0); + this.panel1.Name = "panel1"; + this.panel1.Size = new System.Drawing.Size(630, 788); + this.panel1.TabIndex = 0; + // + // tableLayoutPanel2 + // + this.tableLayoutPanel2.ColumnCount = 1; + this.tableLayoutPanel2.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 50F)); + this.tableLayoutPanel2.Controls.Add(this.panel2, 0, 0); + this.tableLayoutPanel2.Controls.Add(this.panel3, 0, 1); + this.tableLayoutPanel2.Controls.Add(this.panel4, 0, 2); + this.tableLayoutPanel2.Dock = System.Windows.Forms.DockStyle.Fill; + this.tableLayoutPanel2.Location = new System.Drawing.Point(0, 0); + this.tableLayoutPanel2.Margin = new System.Windows.Forms.Padding(0); + this.tableLayoutPanel2.Name = "tableLayoutPanel2"; + this.tableLayoutPanel2.RowCount = 3; + this.tableLayoutPanel2.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 6.873977F)); + this.tableLayoutPanel2.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 93.12602F)); + this.tableLayoutPanel2.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Absolute, 262F)); + this.tableLayoutPanel2.Size = new System.Drawing.Size(630, 788); + this.tableLayoutPanel2.TabIndex = 0; + // + // panel2 + // + this.panel2.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(45)))), ((int)(((byte)(200)))), ((int)(((byte)(200)))), ((int)(((byte)(200))))); + this.panel2.Controls.Add(this.XBtn); + this.panel2.Controls.Add(this.top); + this.panel2.Dock = System.Windows.Forms.DockStyle.Fill; + this.panel2.Location = new System.Drawing.Point(0, 0); + this.panel2.Margin = new System.Windows.Forms.Padding(0); + this.panel2.Name = "panel2"; + this.panel2.Size = new System.Drawing.Size(630, 36); + this.panel2.TabIndex = 0; + // + // XBtn + // + this.XBtn.BackColor = System.Drawing.Color.RoyalBlue; + this.XBtn.FlatAppearance.BorderColor = System.Drawing.Color.White; + this.XBtn.FlatAppearance.BorderSize = 0; + this.XBtn.FlatAppearance.MouseOverBackColor = System.Drawing.Color.FromArgb(((int)(((byte)(255)))), ((int)(((byte)(128)))), ((int)(((byte)(128))))); + this.XBtn.FlatStyle = System.Windows.Forms.FlatStyle.Flat; + this.XBtn.Font = new System.Drawing.Font("Verdana", 8F, System.Drawing.FontStyle.Bold); + this.XBtn.ForeColor = System.Drawing.Color.White; + this.XBtn.Location = new System.Drawing.Point(595, 4); + this.XBtn.Margin = new System.Windows.Forms.Padding(0); + this.XBtn.Name = "XBtn"; + this.XBtn.Size = new System.Drawing.Size(30, 30); + this.XBtn.TabIndex = 3; + this.XBtn.Text = "X"; + this.XBtn.UseVisualStyleBackColor = false; + this.XBtn.Click += new System.EventHandler(this.button1_Click); + // + // top + // + this.top.BackColor = System.Drawing.Color.RoyalBlue; + this.top.Dock = System.Windows.Forms.DockStyle.Fill; + this.top.FlatStyle = System.Windows.Forms.FlatStyle.Flat; + this.top.Font = new System.Drawing.Font("Trebuchet MS", 12F, System.Drawing.FontStyle.Bold); + this.top.ForeColor = System.Drawing.Color.White; + this.top.Location = new System.Drawing.Point(0, 0); + this.top.Margin = new System.Windows.Forms.Padding(0); + this.top.Name = "top"; + this.top.Padding = new System.Windows.Forms.Padding(8, 0, 0, 0); + this.top.Size = new System.Drawing.Size(630, 36); + this.top.TabIndex = 2; + this.top.Text = "MinerSearch "; + this.top.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + this.top.MouseDown += new System.Windows.Forms.MouseEventHandler(this.top_MouseDown); + // + // panel3 + // + this.panel3.BackColor = System.Drawing.Color.White; + this.panel3.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; + this.panel3.Controls.Add(this.Label_supportCaption); + this.panel3.Controls.Add(this.Label_supportClickHint); + this.panel3.Controls.Add(this.Label_supportText); + this.panel3.Controls.Add(this.pictureBox1); + this.panel3.Controls.Add(this.tableLayoutPanel5); + this.panel3.Controls.Add(this.tableLayoutPanel4); + this.panel3.Dock = System.Windows.Forms.DockStyle.Fill; + this.panel3.Location = new System.Drawing.Point(5, 41); + this.panel3.Margin = new System.Windows.Forms.Padding(5, 5, 5, 0); + this.panel3.Name = "panel3"; + this.panel3.Size = new System.Drawing.Size(620, 484); + this.panel3.TabIndex = 1; + // + // Label_supportCaption + // + this.Label_supportCaption.BackColor = System.Drawing.Color.White; + this.Label_supportCaption.Dock = System.Windows.Forms.DockStyle.Top; + this.Label_supportCaption.Font = new System.Drawing.Font("Trebuchet MS", 12F, System.Drawing.FontStyle.Bold); + this.Label_supportCaption.ForeColor = System.Drawing.Color.Black; + this.Label_supportCaption.Location = new System.Drawing.Point(0, 0); + this.Label_supportCaption.Margin = new System.Windows.Forms.Padding(5); + this.Label_supportCaption.Name = "Label_supportCaption"; + this.Label_supportCaption.Padding = new System.Windows.Forms.Padding(8, 0, 0, 0); + this.Label_supportCaption.Size = new System.Drawing.Size(618, 39); + this.Label_supportCaption.TabIndex = 3; + this.Label_supportCaption.Text = "Поддержать разработчика проекта! "; + this.Label_supportCaption.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + // + // Label_supportClickHint + // + this.Label_supportClickHint.BackColor = System.Drawing.Color.White; + this.Label_supportClickHint.FlatStyle = System.Windows.Forms.FlatStyle.Flat; + this.Label_supportClickHint.Font = new System.Drawing.Font("Trebuchet MS", 10F); + this.Label_supportClickHint.ForeColor = System.Drawing.Color.DarkGray; + this.Label_supportClickHint.Location = new System.Drawing.Point(5, 441); + this.Label_supportClickHint.Margin = new System.Windows.Forms.Padding(5); + this.Label_supportClickHint.Name = "Label_supportClickHint"; + this.Label_supportClickHint.Padding = new System.Windows.Forms.Padding(8, 0, 0, 0); + this.Label_supportClickHint.Size = new System.Drawing.Size(607, 29); + this.Label_supportClickHint.TabIndex = 4; + this.Label_supportClickHint.Text = "Нажмите, чтобы скопировать"; + this.Label_supportClickHint.TextAlign = System.Drawing.ContentAlignment.MiddleCenter; + // + // Label_supportText + // + this.Label_supportText.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; + this.Label_supportText.Font = new System.Drawing.Font("Segoe UI", 12F); + this.Label_supportText.Location = new System.Drawing.Point(5, 44); + this.Label_supportText.Margin = new System.Windows.Forms.Padding(5, 5, 5, 0); + this.Label_supportText.Name = "Label_supportText"; + this.Label_supportText.Padding = new System.Windows.Forms.Padding(8, 0, 0, 0); + this.Label_supportText.Size = new System.Drawing.Size(606, 157); + this.Label_supportText.TabIndex = 8; + this.Label_supportText.Text = "Поддержите разработчика любым удобным способом – это поможет и дальше эффективно " + + "бороться с майнерами.\r\n\r\nСпасибо за вашу помощь!"; + this.Label_supportText.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + // + // pictureBox1 + // + this.pictureBox1.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; + this.pictureBox1.Image = global::MSearch.Properties.Resources.sber; + this.pictureBox1.Location = new System.Drawing.Point(446, 209); + this.pictureBox1.Margin = new System.Windows.Forms.Padding(0); + this.pictureBox1.Name = "pictureBox1"; + this.pictureBox1.Size = new System.Drawing.Size(165, 166); + this.pictureBox1.SizeMode = System.Windows.Forms.PictureBoxSizeMode.StretchImage; + this.pictureBox1.TabIndex = 5; + this.pictureBox1.TabStop = false; + // + // tableLayoutPanel5 + // + this.tableLayoutPanel5.BackColor = System.Drawing.Color.White; + this.tableLayoutPanel5.CellBorderStyle = System.Windows.Forms.TableLayoutPanelCellBorderStyle.Single; + this.tableLayoutPanel5.ColumnCount = 2; + this.tableLayoutPanel5.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 25.49669F)); + this.tableLayoutPanel5.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 74.50331F)); + this.tableLayoutPanel5.Controls.Add(this.pictureBox5, 0, 0); + this.tableLayoutPanel5.Controls.Add(this.textBox4, 1, 0); + this.tableLayoutPanel5.Location = new System.Drawing.Point(5, 381); + this.tableLayoutPanel5.Name = "tableLayoutPanel5"; + this.tableLayoutPanel5.RowCount = 1; + this.tableLayoutPanel5.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 25F)); + this.tableLayoutPanel5.Size = new System.Drawing.Size(605, 56); + this.tableLayoutPanel5.TabIndex = 7; + // + // pictureBox5 + // + this.pictureBox5.Dock = System.Windows.Forms.DockStyle.Fill; + this.pictureBox5.Image = ((System.Drawing.Image)(resources.GetObject("pictureBox5.Image"))); + this.pictureBox5.Location = new System.Drawing.Point(4, 4); + this.pictureBox5.Name = "pictureBox5"; + this.pictureBox5.Size = new System.Drawing.Size(147, 48); + this.pictureBox5.SizeMode = System.Windows.Forms.PictureBoxSizeMode.Zoom; + this.pictureBox5.TabIndex = 16; + this.pictureBox5.TabStop = false; + // + // textBox4 + // + this.textBox4.Anchor = System.Windows.Forms.AnchorStyles.None; + this.textBox4.BackColor = System.Drawing.Color.WhiteSmoke; + this.textBox4.BorderStyle = System.Windows.Forms.BorderStyle.None; + this.textBox4.Cursor = System.Windows.Forms.Cursors.Hand; + this.textBox4.Font = new System.Drawing.Font("Segoe UI", 9F); + this.textBox4.ForeColor = System.Drawing.Color.Black; + this.textBox4.Location = new System.Drawing.Point(158, 18); + this.textBox4.Multiline = true; + this.textBox4.Name = "textBox4"; + this.textBox4.ReadOnly = true; + this.textBox4.Size = new System.Drawing.Size(443, 20); + this.textBox4.TabIndex = 12; + this.textBox4.Text = "UQBw3htVV8uMW6lugGryttzR50GbBeSSMCsFoHCQjq75JiPl"; + this.textBox4.MouseClick += new System.Windows.Forms.MouseEventHandler(this.textBox4_MouseClick); + this.textBox4.MouseLeave += new System.EventHandler(this.textBox4_MouseLeave); + // + // tableLayoutPanel4 + // + this.tableLayoutPanel4.CellBorderStyle = System.Windows.Forms.TableLayoutPanelCellBorderStyle.Single; + this.tableLayoutPanel4.ColumnCount = 2; + this.tableLayoutPanel4.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 35.17241F)); + this.tableLayoutPanel4.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 64.82758F)); + this.tableLayoutPanel4.Controls.Add(this.pictureBox4, 0, 2); + this.tableLayoutPanel4.Controls.Add(this.pictureBox3, 0, 1); + this.tableLayoutPanel4.Controls.Add(this.textBox1, 1, 0); + this.tableLayoutPanel4.Controls.Add(this.textBox2, 1, 1); + this.tableLayoutPanel4.Controls.Add(this.linkLabel1, 1, 2); + this.tableLayoutPanel4.Controls.Add(this.pictureBox2, 0, 0); + this.tableLayoutPanel4.Location = new System.Drawing.Point(5, 209); + this.tableLayoutPanel4.Name = "tableLayoutPanel4"; + this.tableLayoutPanel4.RowCount = 3; + this.tableLayoutPanel4.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 25F)); + this.tableLayoutPanel4.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 25F)); + this.tableLayoutPanel4.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 25F)); + this.tableLayoutPanel4.Size = new System.Drawing.Size(436, 166); + this.tableLayoutPanel4.TabIndex = 6; + // + // pictureBox4 + // + this.pictureBox4.Dock = System.Windows.Forms.DockStyle.Fill; + this.pictureBox4.Image = ((System.Drawing.Image)(resources.GetObject("pictureBox4.Image"))); + this.pictureBox4.Location = new System.Drawing.Point(4, 114); + this.pictureBox4.Name = "pictureBox4"; + this.pictureBox4.Size = new System.Drawing.Size(146, 48); + this.pictureBox4.SizeMode = System.Windows.Forms.PictureBoxSizeMode.Zoom; + this.pictureBox4.TabIndex = 14; + this.pictureBox4.TabStop = false; + // + // pictureBox3 + // + this.pictureBox3.Dock = System.Windows.Forms.DockStyle.Fill; + this.pictureBox3.Image = ((System.Drawing.Image)(resources.GetObject("pictureBox3.Image"))); + this.pictureBox3.Location = new System.Drawing.Point(4, 59); + this.pictureBox3.Name = "pictureBox3"; + this.pictureBox3.Size = new System.Drawing.Size(146, 48); + this.pictureBox3.SizeMode = System.Windows.Forms.PictureBoxSizeMode.Zoom; + this.pictureBox3.TabIndex = 13; + this.pictureBox3.TabStop = false; + // + // textBox1 + // + this.textBox1.Anchor = System.Windows.Forms.AnchorStyles.None; + this.textBox1.BackColor = System.Drawing.Color.WhiteSmoke; + this.textBox1.BorderStyle = System.Windows.Forms.BorderStyle.None; + this.textBox1.Cursor = System.Windows.Forms.Cursors.Hand; + this.textBox1.Font = new System.Drawing.Font("Segoe UI", 12F); + this.textBox1.ForeColor = System.Drawing.Color.Black; + this.textBox1.Location = new System.Drawing.Point(175, 14); + this.textBox1.Name = "textBox1"; + this.textBox1.ReadOnly = true; + this.textBox1.Size = new System.Drawing.Size(238, 27); + this.textBox1.TabIndex = 6; + this.textBox1.Text = "2202 2080 4242 1512"; + this.textBox1.MouseClick += new System.Windows.Forms.MouseEventHandler(this.textBox1_MouseClick); + this.textBox1.MouseLeave += new System.EventHandler(this.textBox1_MouseLeave); + // + // textBox2 + // + this.textBox2.Anchor = System.Windows.Forms.AnchorStyles.None; + this.textBox2.BackColor = System.Drawing.Color.WhiteSmoke; + this.textBox2.BorderStyle = System.Windows.Forms.BorderStyle.None; + this.textBox2.Cursor = System.Windows.Forms.Cursors.Hand; + this.textBox2.Font = new System.Drawing.Font("Segoe UI", 12F); + this.textBox2.ForeColor = System.Drawing.Color.Black; + this.textBox2.Location = new System.Drawing.Point(175, 69); + this.textBox2.Name = "textBox2"; + this.textBox2.ReadOnly = true; + this.textBox2.Size = new System.Drawing.Size(238, 27); + this.textBox2.TabIndex = 9; + this.textBox2.Text = "4100 1161 1264 0968"; + this.textBox2.MouseClick += new System.Windows.Forms.MouseEventHandler(this.textBox2_MouseClick); + this.textBox2.MouseLeave += new System.EventHandler(this.textBox2_MouseLeave); + // + // linkLabel1 + // + this.linkLabel1.Anchor = System.Windows.Forms.AnchorStyles.None; + this.linkLabel1.AutoSize = true; + this.linkLabel1.BackColor = System.Drawing.Color.WhiteSmoke; + this.linkLabel1.Font = new System.Drawing.Font("Segoe UI", 9F); + this.linkLabel1.ForeColor = System.Drawing.SystemColors.ControlText; + this.linkLabel1.LinkColor = System.Drawing.Color.Black; + this.linkLabel1.Location = new System.Drawing.Point(175, 128); + this.linkLabel1.Name = "linkLabel1"; + this.linkLabel1.Size = new System.Drawing.Size(238, 20); + this.linkLabel1.TabIndex = 17; + this.linkLabel1.TabStop = true; + this.linkLabel1.Text = "https://boosty.to/blendlog/donate"; + this.linkLabel1.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + this.linkLabel1.LinkClicked += new System.Windows.Forms.LinkLabelLinkClickedEventHandler(this.linkLabel1_LinkClicked); + // + // pictureBox2 + // + this.pictureBox2.Anchor = System.Windows.Forms.AnchorStyles.None; + this.pictureBox2.Image = ((System.Drawing.Image)(resources.GetObject("pictureBox2.Image"))); + this.pictureBox2.Location = new System.Drawing.Point(26, 12); + this.pictureBox2.Name = "pictureBox2"; + this.pictureBox2.Size = new System.Drawing.Size(102, 32); + this.pictureBox2.SizeMode = System.Windows.Forms.PictureBoxSizeMode.StretchImage; + this.pictureBox2.TabIndex = 7; + this.pictureBox2.TabStop = false; + // + // panel4 + // + this.panel4.BackColor = System.Drawing.Color.White; + this.panel4.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; + this.panel4.Controls.Add(this.Exit_btn); + this.panel4.Controls.Add(this.label7); + this.panel4.Controls.Add(this.Label_chatHelp); + this.panel4.Controls.Add(this.Label_BlogNews); + this.panel4.Controls.Add(this.linkLabel3); + this.panel4.Controls.Add(this.linkLabel2); + this.panel4.Controls.Add(this.pictureBox7); + this.panel4.Controls.Add(this.pictureBox6); + this.panel4.Controls.Add(this.Label_supportGroupCaption); + this.panel4.Dock = System.Windows.Forms.DockStyle.Fill; + this.panel4.Location = new System.Drawing.Point(5, 530); + this.panel4.Margin = new System.Windows.Forms.Padding(5); + this.panel4.Name = "panel4"; + this.panel4.Size = new System.Drawing.Size(620, 253); + this.panel4.TabIndex = 2; + // + // Exit_btn + // + this.Exit_btn.BackColor = System.Drawing.Color.RoyalBlue; + this.Exit_btn.FlatAppearance.BorderColor = System.Drawing.Color.Black; + this.Exit_btn.FlatStyle = System.Windows.Forms.FlatStyle.Flat; + this.Exit_btn.Font = new System.Drawing.Font("Segoe UI Semibold", 10.2F, System.Drawing.FontStyle.Bold); + this.Exit_btn.ForeColor = System.Drawing.Color.White; + this.Exit_btn.Location = new System.Drawing.Point(243, 205); + this.Exit_btn.Margin = new System.Windows.Forms.Padding(4); + this.Exit_btn.Name = "Exit_btn"; + this.Exit_btn.Size = new System.Drawing.Size(131, 35); + this.Exit_btn.TabIndex = 23; + this.Exit_btn.Text = "Выйти"; + this.Exit_btn.UseVisualStyleBackColor = false; + this.Exit_btn.Click += new System.EventHandler(this.Exit_btn_Click); + // + // label7 + // + this.label7.AutoSize = true; + this.label7.Location = new System.Drawing.Point(-25, 177); + this.label7.Name = "label7"; + this.label7.Size = new System.Drawing.Size(680, 17); + this.label7.TabIndex = 22; + this.label7.Text = "_________________________________________________________________________________" + + "___"; + // + // Label_chatHelp + // + this.Label_chatHelp.AutoSize = true; + this.Label_chatHelp.Font = new System.Drawing.Font("Segoe UI", 10F); + this.Label_chatHelp.Location = new System.Drawing.Point(84, 146); + this.Label_chatHelp.Margin = new System.Windows.Forms.Padding(5); + this.Label_chatHelp.Name = "Label_chatHelp"; + this.Label_chatHelp.Padding = new System.Windows.Forms.Padding(8, 0, 0, 0); + this.Label_chatHelp.Size = new System.Drawing.Size(343, 23); + this.Label_chatHelp.TabIndex = 21; + this.Label_chatHelp.Text = "Обсуждение и помощь в удалении угроз"; + this.Label_chatHelp.Click += new System.EventHandler(this.label6_Click); + // + // Label_BlogNews + // + this.Label_BlogNews.AutoSize = true; + this.Label_BlogNews.Font = new System.Drawing.Font("Segoe UI", 10F); + this.Label_BlogNews.Location = new System.Drawing.Point(83, 75); + this.Label_BlogNews.Margin = new System.Windows.Forms.Padding(5); + this.Label_BlogNews.Name = "Label_BlogNews"; + this.Label_BlogNews.Padding = new System.Windows.Forms.Padding(8, 0, 0, 0); + this.Label_BlogNews.Size = new System.Drawing.Size(200, 23); + this.Label_BlogNews.TabIndex = 20; + this.Label_BlogNews.Text = "Новости и обновления"; + // + // linkLabel3 + // + this.linkLabel3.Anchor = System.Windows.Forms.AnchorStyles.None; + this.linkLabel3.AutoSize = true; + this.linkLabel3.BackColor = System.Drawing.Color.Transparent; + this.linkLabel3.Font = new System.Drawing.Font("Segoe UI", 12F); + this.linkLabel3.ForeColor = System.Drawing.SystemColors.ControlText; + this.linkLabel3.LinkColor = System.Drawing.Color.Black; + this.linkLabel3.Location = new System.Drawing.Point(83, 113); + this.linkLabel3.Name = "linkLabel3"; + this.linkLabel3.Size = new System.Drawing.Size(277, 28); + this.linkLabel3.TabIndex = 19; + this.linkLabel3.TabStop = true; + this.linkLabel3.Text = "https://t.me/MinerSearch_chat"; + this.linkLabel3.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + this.linkLabel3.LinkClicked += new System.Windows.Forms.LinkLabelLinkClickedEventHandler(this.linkLabel3_LinkClicked); + // + // linkLabel2 + // + this.linkLabel2.Anchor = System.Windows.Forms.AnchorStyles.None; + this.linkLabel2.AutoSize = true; + this.linkLabel2.BackColor = System.Drawing.Color.Transparent; + this.linkLabel2.Font = new System.Drawing.Font("Segoe UI", 12F); + this.linkLabel2.ForeColor = System.Drawing.SystemColors.ControlText; + this.linkLabel2.LinkColor = System.Drawing.Color.Black; + this.linkLabel2.Location = new System.Drawing.Point(83, 42); + this.linkLabel2.Name = "linkLabel2"; + this.linkLabel2.Size = new System.Drawing.Size(281, 28); + this.linkLabel2.TabIndex = 18; + this.linkLabel2.TabStop = true; + this.linkLabel2.Text = "https://t.me/MinerSearch_blog"; + this.linkLabel2.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + this.linkLabel2.LinkClicked += new System.Windows.Forms.LinkLabelLinkClickedEventHandler(this.linkLabel2_LinkClicked); + // + // pictureBox7 + // + this.pictureBox7.BackColor = System.Drawing.Color.Transparent; + this.pictureBox7.Image = global::MSearch.Properties.Resources.telegram_logo; + this.pictureBox7.Location = new System.Drawing.Point(9, 113); + this.pictureBox7.Name = "pictureBox7"; + this.pictureBox7.Size = new System.Drawing.Size(68, 61); + this.pictureBox7.SizeMode = System.Windows.Forms.PictureBoxSizeMode.Zoom; + this.pictureBox7.TabIndex = 6; + this.pictureBox7.TabStop = false; + // + // pictureBox6 + // + this.pictureBox6.BackColor = System.Drawing.Color.Transparent; + this.pictureBox6.Image = global::MSearch.Properties.Resources.telegram_logo; + this.pictureBox6.Location = new System.Drawing.Point(9, 42); + this.pictureBox6.Name = "pictureBox6"; + this.pictureBox6.Size = new System.Drawing.Size(68, 61); + this.pictureBox6.SizeMode = System.Windows.Forms.PictureBoxSizeMode.Zoom; + this.pictureBox6.TabIndex = 5; + this.pictureBox6.TabStop = false; + // + // Label_supportGroupCaption + // + this.Label_supportGroupCaption.BackColor = System.Drawing.Color.White; + this.Label_supportGroupCaption.Dock = System.Windows.Forms.DockStyle.Top; + this.Label_supportGroupCaption.FlatStyle = System.Windows.Forms.FlatStyle.Flat; + this.Label_supportGroupCaption.Font = new System.Drawing.Font("Trebuchet MS", 12F, System.Drawing.FontStyle.Bold); + this.Label_supportGroupCaption.ForeColor = System.Drawing.Color.Black; + this.Label_supportGroupCaption.Location = new System.Drawing.Point(0, 0); + this.Label_supportGroupCaption.Margin = new System.Windows.Forms.Padding(2, 0, 2, 0); + this.Label_supportGroupCaption.Name = "Label_supportGroupCaption"; + this.Label_supportGroupCaption.Padding = new System.Windows.Forms.Padding(8, 0, 0, 0); + this.Label_supportGroupCaption.Size = new System.Drawing.Size(618, 39); + this.Label_supportGroupCaption.TabIndex = 4; + this.Label_supportGroupCaption.Text = "Поддержать проект лайком!"; + this.Label_supportGroupCaption.TextAlign = System.Drawing.ContentAlignment.MiddleLeft; + // + // SplashForm + // + this.AutoScaleDimensions = new System.Drawing.SizeF(8F, 16F); + this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; + this.BackColor = System.Drawing.Color.Gainsboro; + this.ClientSize = new System.Drawing.Size(632, 790); + this.Controls.Add(this.tableLayoutPanel1); + this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.None; + this.Name = "SplashForm"; + this.ShowIcon = false; + this.ShowInTaskbar = false; + this.StartPosition = System.Windows.Forms.FormStartPosition.CenterScreen; + this.Text = "SplashForm"; + this.TopMost = true; + this.TransparencyKey = System.Drawing.Color.Blue; + this.Load += new System.EventHandler(this.SplashForm_Load); + this.tableLayoutPanel1.ResumeLayout(false); + this.panel1.ResumeLayout(false); + this.tableLayoutPanel2.ResumeLayout(false); + this.panel2.ResumeLayout(false); + this.panel3.ResumeLayout(false); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).EndInit(); + this.tableLayoutPanel5.ResumeLayout(false); + this.tableLayoutPanel5.PerformLayout(); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox5)).EndInit(); + this.tableLayoutPanel4.ResumeLayout(false); + this.tableLayoutPanel4.PerformLayout(); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox4)).EndInit(); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox3)).EndInit(); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox2)).EndInit(); + this.panel4.ResumeLayout(false); + this.panel4.PerformLayout(); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox7)).EndInit(); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox6)).EndInit(); + this.ResumeLayout(false); + + } + + #endregion + + private System.Windows.Forms.TableLayoutPanel tableLayoutPanel1; + private System.Windows.Forms.Panel panel1; + private System.Windows.Forms.TableLayoutPanel tableLayoutPanel2; + private System.Windows.Forms.Panel panel2; + private System.Windows.Forms.Panel panel3; + private System.Windows.Forms.Panel panel4; + private System.Windows.Forms.Label top; + private System.Windows.Forms.Button XBtn; + private System.Windows.Forms.Label Label_supportClickHint; + private System.Windows.Forms.Label Label_supportCaption; + private System.Windows.Forms.PictureBox pictureBox1; + private System.Windows.Forms.TextBox textBox1; + private System.Windows.Forms.TextBox textBox2; + private System.Windows.Forms.PictureBox pictureBox2; + private System.Windows.Forms.TextBox textBox4; + private System.Windows.Forms.PictureBox pictureBox3; + private System.Windows.Forms.PictureBox pictureBox4; + private System.Windows.Forms.PictureBox pictureBox5; + private System.Windows.Forms.LinkLabel linkLabel1; + private System.Windows.Forms.TableLayoutPanel tableLayoutPanel4; + private System.Windows.Forms.TableLayoutPanel tableLayoutPanel5; + private System.Windows.Forms.Label Label_supportText; + private System.Windows.Forms.PictureBox pictureBox6; + private System.Windows.Forms.Label Label_supportGroupCaption; + private System.Windows.Forms.PictureBox pictureBox7; + private System.Windows.Forms.LinkLabel linkLabel3; + private System.Windows.Forms.LinkLabel linkLabel2; + private System.Windows.Forms.Label Label_BlogNews; + private System.Windows.Forms.Label Label_chatHelp; + private System.Windows.Forms.Label label7; + public System.Windows.Forms.Button Exit_btn; + } +} \ No newline at end of file diff --git a/MinerSearch/SplashForm.cs b/MinerSearch/SplashForm.cs new file mode 100644 index 0000000..e11476f --- /dev/null +++ b/MinerSearch/SplashForm.cs @@ -0,0 +1,128 @@ +using System; +using System.Diagnostics; +using System.Windows.Forms; + +namespace MSearch +{ + public partial class SplashForm : FormShadow + { + string sber = ""; + string yoomoney = ""; + string usdt = ""; + + public SplashForm() + { + InitializeComponent(); + sber = textBox1.Text; + yoomoney = textBox2.Text; + usdt = textBox4.Text; + } + + void TranslateForm() + { + Label_supportCaption.Text = Program.LL.GetLocalizedString("_LabelSupportCaption"); + Label_supportText.Text = Program.LL.GetLocalizedString("_LabelSupportText"); + Label_supportClickHint.Text = Program.LL.GetLocalizedString("_LabelSupportClickHint"); + Label_supportGroupCaption.Text = Program.LL.GetLocalizedString("_LabelSupportGroupCaption"); + Label_BlogNews.Text = Program.LL.GetLocalizedString("_LabelBlogNews"); + Label_chatHelp.Text = Program.LL.GetLocalizedString("_LabelChatHelp"); + Exit_btn.Text = Program.LL.GetLocalizedString("_exit"); + } + + void OnMouseClick(TextBox control) + { + Clipboard.SetText(control.Text); + control.TextAlign = HorizontalAlignment.Center; + control.Text = Program.LL.GetLocalizedString("_EventCopyText"); + } + + void OnMouseLeave(string oldValue, TextBox control) + { + control.TextAlign = HorizontalAlignment.Left; + control.Text = oldValue; + } + + void OpenExternalLink(string link) + { + Process.Start(new ProcessStartInfo() + { + FileName = "explorer", + Arguments = link, + UseShellExecute = false, + CreateNoWindow = true + }); + } + + private void top_MouseDown(object sender, MouseEventArgs e) + { + top.Capture = false; + Message m = Message.Create(Handle, 0xA1, new IntPtr(2), IntPtr.Zero); + base.WndProc(ref m); + } + + private void button1_Click(object sender, EventArgs e) + { + Environment.Exit(0); + } + + private void label6_Click(object sender, EventArgs e) + { + + } + + private void Exit_btn_Click(object sender, EventArgs e) + { + Environment.Exit(0); + } + + private void SplashForm_Load(object sender, EventArgs e) + { + TranslateForm(); + } + + private void textBox1_MouseClick(object sender, MouseEventArgs e) + { + OnMouseClick(textBox1); + } + + private void textBox1_MouseLeave(object sender, EventArgs e) + { + OnMouseLeave(sber, textBox1); + } + + private void textBox2_MouseClick(object sender, MouseEventArgs e) + { + OnMouseClick(textBox2); + } + + private void textBox2_MouseLeave(object sender, EventArgs e) + { + OnMouseLeave(yoomoney, textBox2); + } + + private void textBox4_MouseClick(object sender, MouseEventArgs e) + { + OnMouseClick(textBox4); + } + + private void textBox4_MouseLeave(object sender, EventArgs e) + { + OnMouseLeave(usdt, textBox4); + } + + private void linkLabel1_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e) + { + OpenExternalLink(linkLabel1.Text); + } + + private void linkLabel2_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e) + { + OpenExternalLink(linkLabel2.Text); + } + + private void linkLabel3_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e) + { + OpenExternalLink(linkLabel3.Text); + } + } +} diff --git a/MinerSearch/SplashForm.resx b/MinerSearch/SplashForm.resx new file mode 100644 index 0000000..c5e6355 --- /dev/null +++ b/MinerSearch/SplashForm.resx @@ -0,0 +1,539 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + text/microsoft-resx + + + 2.0 + + + System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 + + + System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 + + + + + iVBORw0KGgoAAAANSUhEUgAAAZsAAACACAIAAABSnFNDAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAO + wwAADsMBx2+oZAAAIz9JREFUeF7tnQl8VNX1x4NUoEKVj/ZjESv1oy2tRSutG3/RgiBYkM1WFhdKKQXc + UVQULFvYBMxGWAsFJCyGbKwC0ohsMZkACSEkBAgkQEgCSAgxJJDt/5u8M5O3z5s3L8Nkcr6f88knmXvu + ufdlkt+c+95dAmoYhmH8BVY0hmH8B1Y0hmH8B1Y0hmH8B1Y0hmH8B1Y0hmH8B1Y0hmH8B1Y0hmH8B/OK + Vl5ZsSv3mI8YOkPdYhimEWNe0Ran7h4Qt8BHDJ2hbjEM04gxqWjnf7zy6ualMlm5iYbOoEvUOYZhGism + FW152j6Zptx0Q5eocwzDNFbMKNqF0quvbVkmE5SbbugSOkZdZBimUWJG0VYe2S9TEx8xdIy6yDBMo8Rt + Rbt4rWTQxsUyKfERQ8fQPeoowzCND7cV7T+H98h0xKcM3aOOMgzT+HBP0Qp/LB68aYlMRAR7KW5B75jw + p9cHd45y04Qqsq+qcWpfRBNoCM3JOiAYuodOUncZhmlkuKdoa44myhTEad2jw0L3bTl+IS+j4Ey9GppA + Q2hO1gGnrc1Iou4yDNPIcEPRiq+XvbEjQiYfTkPqFJnipREfGkJzsg447Y1vIq5eLyNXhmEaE24omu38 + KZl2iA3jwXWHvDRxHw2hOVkHxGbLP02uDMM0JtxQtPF7YmXCITafUjR0lVwZhmlMGFU0/QQN5lOKBkOH + yZthmEaDIUWrrq7+994NMsmQma8pGjqMblMFhmEaB4YU7WBBrkwvlOZrigZDt6kCwzCNA0OK9tneOJlY + KO3pqOCvUrykaGgIzck6oDR0myowDNM4cK1oKYVnZEqhas9Ghaw68G1FZeW1G+V6dr28sqqKQitAERzk + VaSGJtAQmpN1QNXQeQrNMEwjwLWifbo7RiYTqtY/bsGgDYv+uWXZ8M1LdQxumfmag0EUwUHkrxINTaAh + uMk6oGroPIVmGKYR4ELRDhTkyDRCx6AyfWLn61vHyC/Sz+dQdAUogoOsitIMyplguASKzjCMv+NC0fTn + oJmwJ9cHHdVWNBTBQVbFQ+O5aQzTeNBTtAP5p2Xq4Ll5X9FguBBqgGEYv0ZP0Szc2RHjxO7RYX+OCrlj + 7awjeZr6giI4dIkK6RYd2j9uviyIaeOdIBmmkaCpaMXXy4Z9vVwmDS6tX+z8F2LmwXpGh0GVoGKw56JD + e8WGB+3bvDI5fkni9jOXC6kNBSiCA9zC9m/pEzsfFYUICNUjOkyIjCZkjbo0XAguh9pgGMZ/0VS0tRlJ + Ml3QMuRfUBnozhPrg16MDZ+2K3r6ruiwhK/3ncpIzsmy5RyDpZw9mXnhXGxawpqDu/KKLlIbClAEB7id + /KEg9exJoS6CJJzODP9+G8IiOJpAQ2gOjRp/RMBbDDFMY0Bd0YrKSv+5baVMFJT2UtyCv8TMQwI1cMOi + iAPf7j2ZfvhcdlbB2Z3HDu0+kTbzu5ihm/4zYssyweDcOSokYM1M/VEnHJ6JCoGzsyKCINTuk0cQFsHR + BBpCcy9vWIim0QGt3R/FhsvBRVEzDMP4KeqKFpN1UKYISoOOdI0K/WB7RMKpoyXl147knQrdt3lifCTU + DTlUp/XBvWLmCembYMJ9MYNPBuAsqrgAoTqtD0JYBEcTaAjN/Xi9DE2jA+iGEVHDRVEzDMP4KSqKVnK9 + bPjXK2RyoLQe0WEff7Om+NqP54ouzvwu9s9RIT1j5iFj6qt7n8vDZ50IjibQUJeokFm7485dvogOoBvo + jMxTabgoXBq1xDCMP6KiaFHHDsi0QGm9YsLf2/bl1dpxXPDeTfetmy1z0DIPFU1sv1z3OZpGLXQDnUGX + ZA5Kw6UJDTEM45eoKJpMBVStd2z4G1tXXCy5Av+SsmuT4iO7Rod2jgrBV5mnzDByPFagudYSRXCQVZGZ + syE0iqZRC91AZ9AlmaeqCQ0xDOOXqCjartxjMhVQNQz93tm2UlikWVVdffxiXsTBXfP3b0WS1TkqGIPQ + 56PDBOseHdbHITddokJ3ZB7MuVSQfSFPZngRRXAQPFEFFZ1BEBBhERxNoCE0h0bRNDqAbqAzQi19w6XV + XiLDMP6J+pOB3WePy7RA1ZAWPR4ZNPO7WORWQroEzl+5BDt05kTgt1Ezv4uZ8V3MrO9i/755acfIL5B/ + PbU+6N51nwesmaFqKIID3OA8bMtSVER1BEEoBBQiC62gOTSKptEBg9kZLkqoyzCMv6KuaMCgqMGeiw5F + DtU3dn704X1bj9oSTmfeqKysrKqqqKqkWDU1BVeL0vJOpZ8/ffhcNrRJx+AANzgXlBRR5ZoahEJAhEVw + NIGG0BwaRdOyzmgZyxnDNAY0FQ3sPpMl0wUd6x+34JmoEGRY3aLDRm1dPnLLfz/ZuXb/6YyUsyehU2nn + 7HIGnbrialLYpdISQftQBRVTz57ck53+0TdrEBBhERxNoCHjc2thuBCKzjCMX6OnaMB4puY0aM2LseF9 + YsN7xYT/3/pgDCGdhrHk0M1LT108T9EVoGjQpsV/rB2fOk04RB0xYW4JmWCcnTFM48GFogEToqZjHb6a + k669ZgBFD381V1bFE2M5s4QbN25cvHjx5MmTmZmZp0+fLigooAKmgVBZWZmXl5eRkXH58mV6yU9xrWjA + reGnvlk4H82l+cdg88MPP+ylRnFxMXlos2bNGvKWsnu36xMhoF/BwcH9+/f/zW9+E6DgJz/5yf333//y + yy/DJz09nepIGTduXJ8+fQYMGAC3IUOGvPbaa8OGDRsxYsS/RIwcOfKjjz4KDAwMCwtbuXKlVigldCXW + QXE9Ji0tbfDgwbjwbt26derU6ZFa8Do1Yx1CczrEx8ePHz/+iSee+PnPf05vWy0tWrTAe4f3YvXq1YWF + mttGKKmqqurdu3e/fv1eeukl4T191cHXX39NTgagC5DyzTffUHFNzaJFi9Bt/ALxxyPEx58KlbnCkKIB + q0TNa4rmN/fO8HbSX6KUkpIS8tDmyy+/JG8p+/btIw81kpKS8A9Jrsb49NNPqbKIv//971TsDq1bt+7Z + s+ecOXP0swnytoi2bdtSXI95/PHHKaiDdevW4XX6wTqE5lQJDQ2VqZgO+Iw5ceIE1dQFikZ1FDz44IPk + ZACqI0WsaOC2226jAgfLly+nMl2MKhrACM7I8nV984KiDd+2wp8Gm/WhaAkJCeShYMKECeTkDmPHjqX6 + IswpmpNbbrkFGdyhQ4conBRysgirFO3999+niA4GDRokFNHP1iGElbF+/XqkhOThDug5hdBGR9EABhPk + 5wqqIEWmaEj6qMBBs2bNcnI0pcOJG4oGCkqL34tfJ1MQt6y+Fe3tnWvyRNM+/ID6ULTExETykDJ06FDy + cJO3336bQojwUNGcfPHFFxRRBJVZhCWKFhMTQ+Ec4J/QeXOAXrIOIawYjNypzBQDBw6srKybcaVEX9HA + 3r17yVUX8pYiUzQwfPhwKnPQt29fKtPGPUUDZRU3pidskemIcatXRUPHrt24TrH8hfpQNJvNRh4iJk2a + RMXug2SKooiwStFA7969KagDKrAIzxWtsLCwTZs2FM7B2rVrqbj+FQ0DfyrwgM6dO5eWas6vcqlojz76 + KLnqQt5SlIoGfv3rX1Oxg+DgYCrTwG1FA1XV1dO/3ypTE4NWf4qGLgnrovwM7yhacnIylWnQqlWr9u3b + d+nSpUOHDr/4xS/oVQf/+Mc/KJAICxUNIH+kuLXQqxbhuaIhS6VYDv7yl79QWS30qnVQ3FqQxtKrHvPa + a69RUAUuFQ1MnjyZvLVp0qQJeYtQVbSNGzdSsYOmTZvqP80wo2jAtKjVk6L5q5wB7yjamDFjqEzBkCFD + lH9tmZmZI0aMePHFFwUftxQN/zMoGj169Pvvvz9q1KiXX375scceozJdxP8tCKKF1o2kXr16kYcaFNcU + BQUF1IaIuDjJkf7UjBpPPvkk1ZHStWtX8lCD4tbUbNu2jSpogMxr4sSJy5Yti4iICAwM7NmzJxVooJUH + GVE0cPCgi40IoUrkKkJV0QDyPvJwMGHCBCpTw6SiAXOiVh+KZkTOcouvz03MD00uwNc7QlICPj+gNLzu + 9IE/1bzZeEfRlGmXwCeffEIeGuTn50Pa3FK0S5doca4YxFm0aJHLu9pZWa4fYWsNn13+p5lG2SIyWSoz + AC6cqknZvHkzeWiDQaJytOsEHzmHDx8mVxHZ2dn4oCInNU6fVpk0alDRIKBUQYNbb72VXEVoKZryl3Pb + bbdduWLf9UcV84oGKqur3BU1yxUNHUA3qL6U8oqqjceL3tqR225h2i/mpcr0S9/gj1qoiwiIQxFvBq+/ + /jq9k1IsVLTq6moqUKCqPgZxS9GcTJs2jfzUMDIvycuKVlFRcdddd1EbDsLCwqjYAJ4o2ueff07eCt55 + 5x1y0uDf//43uSp49913yUmEQUUDc+fOpTpqNG/enPxEaCkauPvuu8nJwdSpU6lMgUeKBtzN1KxVNDSt + mp2lFpYO2Zj90NJ0mU6ZM8QZvCEbMSm6d9HSBQsVLS8vjwqk/OxnPyMPU5hTNLBmzRpyVePo0aPkp4GX + FS00NJQacHD77beXl5dTsQE8UbS2bduSt5S//e1v5KGL1uclUKZpxhUNZGRkUDUFP/3pT8lJhI6iYchM + Tg7uvPPOsjL1/ag9VTTglqhZqGiqcgbdGbQhu4lClTw3xERk7+saBnT0NkqxUNEuX75MBQpWrlxJTu5j + WtHAzJkzyVvBkiVLyEkDLyuackqt6lwWHUwrmlbFFi1aqA4bleTk5KiOAYFy0oyWoj333HP0nYgXXniB + qilo2bIlOYnQUbQzZ86Qkwitv0wLFA0YH35apWhoTjbYFPIysQbVk6EVb+racMWsHAFr76MhHaMyKW3a + tNGa4+oSTxQNPPDAA1RBCsKShwbeVLTCwkKKLiIqKoqKjWFa0bQyrI8++og8DPDWW29RNSn9+/cnDwda + irZjxw76TsqCBepbRqv+sekoGujQoQP5OdD6M7BG0YBBUbNE0ZRyNjb+zC0K6ak/Q1tokdquZ0aMGEHv + oRRrFU31Y1agefPm06dPJz938FDRtGYkQOnIQwNvKtratWspuoiLFzVPpFXFtKLdf//95CpF9WmAFt9/ + /z1Vk4KRHXk40FI05FDjx4+nH0Q0bdpUNVW84447yEOEvqIpZffee++lMimWKRowMvz0XNHQhHiwmXCu + 5MHFR2SK4x1Du2id+lFvjBw5kt5DKUYUbdWqVeQtRaloixcvpjIN8M8ze/bsq1evUgUDeKhoaWlpVEGB + 1j0UAW8q2r/+9S+K7uCxxx6jMsOYU7RTp06RnxS8U+RhGIxSqbKU48clqwl1FA2lHTt2pJ9FqN7Og1ZS + sQh9RVu/fj35iUhNTaViEVYqGnApah4qmljOKqqq47KKWmtMxfCOoXX0AT0RulQfjB49mt5AKUYUbfXq + 1eQtRalowMh6wJYtW37yySfnz2vucCfGQ0UD7dq1ozpShH8hLbypaMqhsfHljU7MKdq3335LflJeffVV + 8jDME088QZWlyHY00Fe0nTt30s9SlCvMVVfR6yvahQsXyE9EUFAQFYuwWNGA/vDzqfVBwpnqECaZ4UUU + wUFWxWkIKx5sDozzxl0zI4aeUJ/qgTfffJPeQClGFE3roaGqomn9RSpp0qTJBx98kJtrPzRHB88VTWvm + rb42eU3RTp48SaFFbNpkP3HRLcwpWmRkJPlJcesmmsBf//pXqiwlNjaWPGrRVzQwduxYekkExpiyWf7K + 2RhAX9HAn/70J3J1oLrM03pFA5VVVRuOpwzetEQmSbB+sfPf/nrlpzvXfvINbI3I1uJFFMFBVgU2aNOS + 6OMHEZYaqKkZtMFX5Eww9Id6ZjXK5TUCRhRt3bp15C1FVdGAlr8W+Fekmmp4rmhas9u3b99OHmp4TdES + EhIotAit360O5hRt/vz55Cdl4sSJ5GEYrXu1svdXS9GcW2LA4Xe/+x29KkK2gk11SrBLRevduze5Onjq + qaeoTES9KJpAQt5JKJFMm2Avxoa/UHv6uszwIopkzjAE2SPdHWiwj8mZYOgV9c9S3n33XXoDpRhRNK2P + cZ3/Ogw0fv/735OfAd544w2qqcBzRevWrRvVkaK/Y6XXFE256hBkZ7v9Z2BO0SZPnkx+UnRmn2qhtQZO + NlFGS9FOnTpFHjU1W7ZsoVelCJvECajOoXOpaMppTKrPiOpR0UDmpfNDNv9HplBuGaojCIWrxdeyM7HV + R6am9ddmRNGioqLIW4rLPCIwMFD1gZQq3bt3p2pSPFe0P/7xj1RHSmZmJnmo4TVFW7p0KYUWUVTk9mZW + 5hQtODiY/KSo7r6pj9Y7JVuaqqVoMhFXnQ7yy1/+0vlYCd/TqyJcKtq4cePI1UGrVq2oTET9KhqAHqkO + P40YKorlrKKq2nfunWkZemjtg4IPPviA3kApRhRNuWOXwIEDB8hDm/Ly8vDwcOU8IFVUl396rmhaq031 + t7f1mqIppwE3bdqUytzBnKJp3STFRyB5GKZv375UWcr+/fvJoxaDinbt2jXVRzqjRo0SHO677z56SYRL + RQsKCiJXEcq9j+pd0cDRS+dVh5/6hiqoSCFqicsqksmHbxr6ST22AuUSEIEffviBPLTRytH0cxwZkMUe + PXpQTW2Ua8g9VLSUlBSqIKVly5bkoYHXFE25Y+3dd99NZe5gTtG0nuQ8++yz5GEY1aMkgGy3boOKBrQ+ + SjFOR6k5RYuIiCBXEcpdbb2haCADw093RA3OqEKVa0k4V3JzJ2oYN/TTwnlqISEh9O5J0Z/BILBy5Ury + lmKkrozIyEj9+2szZswgVwceKtqcOXOogpSXXnqJPDTwmqIpH9qY22fNnKLhI4T8pNx6663kYYwrV65Q + TSlIkMnDgXFFA6pPG9q3b48ic4r21VdfkasI5QkJXlI0kPlDvsF7avZ7Zz/kUzUHN2sarTlDb6nfHqM1 + 7x8f0eShzZQpU8hbiukjzrRECvRSnE7koaKp3m0BixcvJg8NvKZoyl9v8+bNqcwdzCka+NWvfkWuUjAg + JQ8DLFu2jKpJcZ6Q4MQtRSsqKlKdd/bhhx+qfjS6VLR58+aRqwjlXUvvKRpA2uXynhocZNkZGBt/RiYZ + vm9WLZPCO03vnpRZs2aRhzb9+vUjbxF33XUXFZtCdWo4+MMf/kAeDjxRNGR85K1A/GRNFa8p2oIFCyi0 + CCP3N2WYVjStcyFk2+fq06VLF6omRbkq0y1FA1p3+pSbOAKXiqbc+6hZs2ZUJsKrigb076kp752B1MJS + g2s2acuNabb6spnJTUXN6VvT2QcsWdCuNSh48sknyUMDfHyRqxTIHHmY4vjx4xRIyj333EMeDkwr2vbt + 28lVweDBg8lJG68pmurSHJcTj5WYVjSt9AogJjnpEh4eThUUKC/EXUUDr7zyCjm5wqWijRo1ilwdqC7t + 9LaiAa17asp7ZwIGd9T4Cb5OTw4ItL3zZfqYiKOW29jVGV3CUgImJ0HXDCosek7X4BkPP/wwvYdSIiIi + yEONjz/+mPykzJ49mzxEOJ9DueTcuXMUSIpVOdqmTZtUdwQUMPKU1muKtmvXLgotwsRWJaYVDTz00EPk + LaVJkyYuTwWOj49X3SAbqG6IZELR8vPzlSdvquJS0QYMGECuDjBcoDIRN0HRgP2emlTU8KPy3hlAmiOT + CVW7FV8DbcP/e+Rw9uVqtT0gLaGgqGz1d7m/mXswYEayvUUDZkmapnymJtCiRQv8UZKTFNWpUgKqGzPg + 9f79+x87dox+1kbrU7dnz57k4cBdRcvLy1POORIjm3quhdcULT09nUKL+N///kfFhvFE0XTeaIjaqlWr + yE/Bxo0bb7/9dnJVoHomsQlFA8uXLyc/XVwq2tNPP02uDnr06EFlIm6OogGkY87hJ75Rzc6A0fm0M5Jf + X5p2qdiNjUNNc6GorO+CVLQo74OaWTLnNjU1ld5DNcaMGbN3715hO4qSkhIkDsr83EnXrl2FmDKouPac + lHnz5tGrCt577z3yU6A8z0JL0fbs2QMtEEhMTEQqERoa6jyERYsOHTo4z77Ux2uKBpS7VpiYsu+JooHO + nTtTBTXwhkLXnLv6XL58GYNl/cEgfoGCswxzigbwYUmu2ugrWmVlpXJnStUVrDdN0cDR2uEnTHnvTAAJ + jpHdaO33tqbYThdYNmHCJZuT8jD8tI9zXRn6b0ma1r17d3obtWndujV9p43WUftU7KBVq1b9+vXDX0xQ + UNCSJUvwX/rmm29qPVkTOHJE/nhXS9FM0KxZMyPjTQFvKppSiJ977jkqM4yHiobM2sgCj1tuuUVru1ox + ffr0obgKTCtaTk4OuWqjr2iqk+9Uh9U3U9FAdtEFGP2gwOj6zRnJr6w8erW87jjovEulELgcbTudX1J2 + vc7/vCv/U1L/q6U3XkSaNtNQmmbJ3bRDhw7R2+gB4iPRZJCHWZRP+oFVinbnnXciraCgBvCmoiknsmOs + d/26eweJeahoQGtGq7vcd999+fkqN38ETCsa0HkEIaCvaJ999hn5OYBAq/6eb7Ki6VBeUWX06JMpSat2 + 1U0dPnK6KGCqzX4LH1+17NPvT+bVbV749pfpAZ8lyn3E9lnitJisazfqRA0tol15T9QMV2HJaVJaf/cG + efjhh3U2SiQnU7Rr10711pglitarVy/lvHB9vKloqgsbduzYQcXG8FzRQGRkpJEUTIdnnnlG/1ftiaKB + 559/niqooa9oyptoiEZlUnxX0TYeN7zmaUrSyvi6d2Jv+gW7nMl8ZDYlKft8naJ9vCbDPjlD5iO2WfYH + qck5dacErog/bVDRYLgWquYZCxcupPfTTbp27VpQUEBR1CA/9/ntb3+rpRQeKhqEUnl4hxG8qWjg3nvv + pQYcjB8/nsqMYYmiAZvN1r59e6rsJq+//jpF0cZDRcPomCqooaNoxcXF5CRCaz6m7yraWztyZbqgaVNs + y/9Xt515RWXVsKVpUCi9e3DuKtr05OH/PYLIVMGdHA2Ga6FqHrNt2zbl4UP66Gz446RVq1bk7Q4jRoy4 + cEHzpoFpRXvkkUdcLgzQwcuKptyS88EHH6QyY1ilaACiM23aNNXj47To1KmTwV0qPVQ0MHv2bKqjQEfR + VHeC05ol47uK1m5hmkwXNG3WgQfmHhQ/6Dycc8X+LBKJlczTae4omn322WeJiZl1x2FUVlVPjjrmQgRF + hmuhmhaxatWqZ599lt5bDR566KExY8YYPOUMYNgydOjQe+65h+pr07FjR6iG6gN+MUYUDQOltm3bImCP + Hj1Gjx69du1ag1t+6+BlRcvIyKAGRLi1DslCRRPAx8zkyZOVIzUxrVu3fuWVV3SmdyjxXNGAVq90FE25 + Xzx6TmUKfFTRcouvGz8F3a44U5K+/FZyC2DRjlMBU22aU/wNK5o9wlTb9A3HxQma/Vbd5KRmUk8dw7Xg + iqiydZSWlm7duhWfYMjAJ0yYgMEOhmkrVqzYsmWLu8cRicG/6J49e+Li4pYtW4YP1XHjxiF4YGAgGtq5 + c+fZs2fJj3GgXI1kYgOM+gDSFhMTg/dxzpw5+POAzIWGhkLFjCwK9hFiY2PpdypCZ4M/H1W0uYn5MlFw + YTOTHwk6mHuxbp7EhaKytnMOBszSeBxpPEeblXzvnINnL10j15qakuuVA5Yesa9PkHnqGq6I6jN+R3Jy + Mv2ridi1axcVMx7wwgsv0C/UwcCBA6lMDR9VtNDkApki6Jt9athU26S4ExgPUoiammU7TwdM1MikjCva + VMlNOrD6u1xUN77AUzBcEdVn/BHl4SNGlqAy+iQmJtJvU0RCQgIVq+EvOZpgE5NsWXXTCK6VV45dbZcq + lUcEBhTNXqv2ESfSPfKrTf0eCz5kcCaa2DhH82+SkpLoH04ERnxUzJhCeVrKyJEjqUwDH1W0O8xt7jg9 + edSKdOGgPIEDxy8FBKolXwZztGm2vemSg7nW7c41uFpAZrgiCsH4Kcq5Nea2tGUElBuiPfroo1SmjY8q + mkwO3LBpts0H6h6WYRA6JuKoSprmStHs/tOS3484WiUaxiZmXgyYZHTGhtIoCuO/DB8+nP75HOgsKmJ0 + UN20ysjJgX6laHYZwnhw7sH8y3U38g/nFkOb5DM5XOZo8A+0HTpRt5f/jYqq0SvSkQaqjGGNGQVi/JfK + ykrlgZWrV6+mYsYwysPq58+fT2W6+FuOZpebKUmLtksmyMTsPysfKuoqmt0z0PbWl+nifYm+R4I2VW1k + atgoEOPXJCYmvlhLt27dHn/88fbt27dp04bKGGOEhITglwZRe+SRR5566in8JocNG0ZlrvC7UadgM5ML + RGnaD1fLnw1Nkez/o5+jzUjuEpYijvBjWQUETmX06o5RLIZh6g0/VLTaW2C2idFZ5ZV1KVbk3jOSNE1b + 0ew+k5PgT2W1LNiWHTDJjSm1qkaxGIapN/wzR7OvIpictD+jbt480rSOIaJZFzo52szkjkEH4U9lNTXn + f7hmn32ms6bKmFE4hmHqDT8ddcKmJ7/6n7Ry0f4/x85cCZhiozRNQ9HspVOSMnLr9ti4XlH1xaYTAYHa + C6oMG0VkGKbe8FFFMzkfTWT2seekpL3pdTtDVFVXT4k6FjDVJqwDVSqavUqgDT7iGW17jhQGTEj0XM54 + PhrDeAEfVTSTawZkNjP58dBDOaLFnki+fiUs9lTN0TCunGY7mlO3l9n1G5VDlqQZPFJA33jNAMN4AR9V + NHfXdaqasG3GvK8lMzm22uxHBKgr2jTb1GhJgrYbCdoUj2ZsOI3XdTKMF/DrHA1WuzAzR3SoSsm1G8/P + S8GAVK5oU2zd56WUllXQSzU15y6W9ltoP/PJkxkbTuMcjWG8gI8qmlv7o+mYXYym2oI3S/Ym3HbgfMCH + CRJFW5sR8On3eJ1+riVo0wn5vFyzVk/7ozEMI8NHFQ24sYetrgn3+4+JzklBmjZs2ZHj5+oOfxwTcbRL + eOrVazfoZ0hq4Y+oZUl2BrN8D1uGYVTxXUVz45wBlzYjeeiyNAgZha6pyTpbLFa091Yd3X64bo+NG1U1 + H0W6sem2S7PwnAGGYXTwXUVz4ywoV3Yrvk5K+uZQ3Z2syqpq596QVdXVMfslO03HHy5AgiYL4olZdRYU + wzD6+K6iuXFepxGbkTxg4WHxjX8x4tfxff+FqZ7ssSEzq87rZBjGJb6raGDIRmNnqhswYSbHtI0uji8C + G2x5SOg8n1LrNEvOVGcYxgg+rWiphaVWJUp2m2XP1DLP1K1wUoJS+9pPj5dwOg39x1VQdIZh6hmfVjQw + aINlaZp98VOgbXpslnjXMzF4fXpMFnzsnhYZ+k/RGYapf3xd0ZDgyDTCU5tmyzpb95RTjD1Bc/PMOpfG + CRrDeBNfVzRg4d00+xh2qj1No9AirpZVdFpw2KoVAoLxHTSG8TINQNGQ5jSdLRcL0ybM5IhKkB8MHl27 + c7eFDwTQZ07QGMbLNABFA2Pjz8j0wiObkfznsJSikrplSfger+B1uacHhj5TdIZhvEXDUDTw68VHZJJh + 2oR9t6P21SkOvrdqCadg6C2FZhjGizQYRUs4V9La420gJTbV9tWeMyknL+MrvpeXemDoJ3pL/WYYxos0 + GEUDcVmWrYui2/8QsklJgpxZ+EAA/aQeMwzjXRqSolVUVQ+Ms+y5Zz0Zeoh+Uo8ZhvEuDUnRBCycc2u5 + 8Xxahrm5NDxFA4N9UtTQK+ofwzA3iQapaMDXMjXOzhjGF2ioigZ8554aekJ9YhjmptKAFa2iqjouq8ji + KR1uGlpHH/hRAMP4CA1Y0QQSzpU8aN3kW7cM7fK8M4bxKRq8ogmMjT9j4RZALq3pbF7kxDC+iJ8oGkgt + LLVwlw4dQyu8BJ1hfBP/UTQBaM2gDdkWLgBwGmIiMmsZw/gy/qZoAkK+ZtXBK4jDeRnDNAj8U9EEyiuq + Nh4vemtHbruFae6e0A5/1EJdROCTnBimoeDPiiYmt/j63MT80OQCfL1DY8IHXnf6wJ9qMgzTcGgsisYw + TGOAFY1hGP+BFY1hGP+BFY1hGP+BFY1hGP+BFY1hGH+hpub/AVVad1TSpY0dAAAAAElFTkSuQmCC + + + + + iVBORw0KGgoAAAANSUhEUgAAANUAAAAtCAIAAAC247mgAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAO + wwAADsMBx2+oZAAAEupJREFUeF7tnAl4FMW2x1vlqqAssugTL5clN5DMTIKKwhNBREUeoIhskSQkBBIC + 2SDsIBGubApCgLBoCKsQAUFQtoC4QfQpEfRLREEIiyhy2aaqZ5LJZDLJPd19qunp6plJeFzE++b31Zcv + Xf9TyUzPv6vOqe5EqKoelZVut9Pho0EEhgYIUG2q67+yU0VkfiRdFE8XJ+jbglj63my3qwxDAwSoNtX1 + nz1vDRkh0HENRY92nzi+EU0S7LtXYlyAADWhWv5zlzvI4hHW0feQiSYyKZRCm2yCJsqNpAtlJ77D0AAB + akK1/Fd+/rR1fJB1bCvr+BCpTQi1Tgwl0CaZ6PhmdFbPCvEqhgYIUBOq5b/Sr/PkxTeUjJP9pzYwYpog + 5s6B+gRDAwSoCf79V1lVSdfNJEkCHWuiY0OVJhlR8mLo1SShtOBjDL0RjBw5sqsnRUVFqAX4j8O//yro + Zetrz1vTmpExoVJjFpTamCCwYPmFXzD0RtCvXz/Bk4D//oPx77+ynw5bEwUyOpSkQ6lhssLXMeA82X+p + d9CloypdTgy9EQT89/8K//6z71hF4sF/ZjLaJDXZhejF4YJ9/0aMu0EE/KejrKwsNzcXD/4ITp48+dtv + v+HBjcaP/9xlpXRePBnZkIwyk1Em/CoZMZSMDrEmCWXFP2Aoo7LSXVZc5Dx7vMJOsKsmBPyncOjQofHj + xwcFBcEZCAkJwd6byNatWyMjI2vXrg0vYOHChdh7o/HjP+evxTS5mZjSWkw1QaNpJopGNJGUB8nrfSvs + FEMZrisXro43WZMFMuMlcUuW89RRcCRq1SDgP5vNVqdOHXzzMmazGbWbwrJly/AXM7KyslC70fjxX2n+ + LhIr0FQLTTWLUpNcKLU0C40XxPcyMU5DyZe7rAmwXrchaU0hcbSmQNg8MCXK/gj4D/yH75wRHh6O2k2B + 99/SpUtRu9H48h/MW+KK6SROIMlmmmIm0FLNlFmQxgmOw19gKMPtdJDMJJJUh+WIkDW2BjtaZ/R1/noS + g3wS8B/vv0ceeQS1m8Kt4j+X9ZJ1XFc6vAVJNmGTXQhepElBJL2d66I+LS07WSQVy2mhVEoTIUeUW7rZ + OkKwvt7Hdfl3jPOOX/9ZrdaffvoJD2oOpNJudw3yAUPOnj2L39WckpKS8+fP44ERvP/atWuH2k1hyZIl + +IsZNfXfxYsXnc5q7Yr48p/jh0MkWhBHmCi0kVITk8B5YEQzia9FF4+pdJVjKMO2aTEdKohpZrnJaSIW + K2aYBcV1sysrXBjqBW/+O3PmzIQJE5o2bap01q1bt0uXLhMnTlRG+QDcNnXq1IEDB8Iscu+99yrDg4OD + e/bsOWrUqMLCQozzCbgWqoE+ffpAKnbnnXfCT4Cv8D30wKuC041xXjh69Oirr7762GOP3X///coLuP32 + 2x966CF4C8nJyZcuXYKY0tLS/2EoMSr16tVDQWb37t1QkbRt27Z9+/ZPPfXUMzLePA3Sk08++fjjj8Mi + DqNat26NAkdOTo7y80NDQ/EXM0wmkyIBKSkpOMCTOXPmREVFwUu67777lFEtWrTo1q1bUlLS559/jkEc + vvxn25pNo8B/ZrCgttGRZmu0YN+3CeMYriv/JOM706SWcrLIlmm5apGMmBYCU2PZST+ft6H/3nnnnXvu + uQePPXnhhReUz8+QjRs3tmzZEkO9MGPGDIz2AlR/ShnoDTjj8OFhNEfv3r0xzgtffCGlMeA/PPYHBON3 + GmDSkn+bB8ePH0eZMWjQINQ4YJLDIJ/AJYcDGHv37n300UdR9kJ6errhsuPVf25HCZkxhMY1IolmmghT + oBlmQbRgYhtICp3FRzGUUZK/2xojkBQLrtFSsqgtWcwwNdq3LMNoL/D+y87Oxu+80KpVKxzsCf+jvAHT + g+H8AWt9p06dMMgf4DMcpuHFF19E2TvK9FAj/6WmpuIB49lnn5V/oQcwJ6HM+O47r08qXZ//EhISUPBH + UFDQoUOHcBjDq/+cZ0+QuMY0IYQMN9PhZmui1NCIw5rSjP66nReoPOi8JBJf1yBZlL0oWTCxMZ0d43bY + cYwRvGmaNGmC33ln/vz5OJ4xd+5c1KpHREQEjtQQHx+PcvXIyMjAkTKzZs1CQQMsgrAmqokEcB3+u3Dh + Ah5oKC/Xp0NwXaEmA2cSBSOuw3+5ubnYWz0gE8CRDK/+K/n8IxIh0OEWMB80cKFsRBNNNJMowbZBvyHp + PFFEhsBiHapkikRKEzkjQtUy9r99VyHeJq2HH34Y6rK1a9dOnjwZuzTAx4njZY4dO4aChg4dOsyePRsW + CzjRkZGR2Kth1apVOF7mo48+QkFD//79MzMzs7Ky5s2b9/TTT2Ovhvz8fBxfVQW5AfbKNGzYMC8vDzV5 + clXyCtV/zzNwAAPyPxRklOE6bwHbtm1TJAVCCAoMeM2oGQHrjPLz4QrBAQzICBUJgHxOibfb7ZDCYgQD + 1qJp06bBqVuxYsXw4cOxV4Mu2zH2X6W7QlyWIUbfLiZI5vNsJjJIcHx7AEMZtvWZdKAgDvsvcdj9Ynwz + OU1EI9IkMxoxKZgk/738/BkcY4Sh/+BzQlnm4MGDkL+jxgBromyUckVHR6PGAA+hxqhfv35FRQXKVVVt + 2rRBgQHWR40xadIk1BhgC9SqqnQzN3gXBZ+IoogDGB07dkRNw/bt21FmDBkyBDUZuJxQYEBljZpPIN/F + AQywJmoawIgoM7p3767LxQ0nyJMnr+3EGfsPKgma2tkWFyzGW5RGE6DJU+CwIJL8uG7nxWW9RGbH04yB + dNogOj1K+joSqpZQzBfRi5BBBpOk1jX1n2FelZaWhjJj+vTpqFVVqXWuQp06dS5fvoyaBijWMIIBhaoi + wTnCLobhJpzD4YBKHCNk7rjjDtSqqho3boy9DMMqQQfvPyiTUfNE9zZhmkRB5uWXX0ZBBsyBgj94/61Z + swY1DRaLBWWGYXIJVx3KjF27dqHmzX+O7/8XJjNbfJgt3qI2yYXQomuJmeN0Oy+VLpe7RHSX2qTmdJQc + 2GmNFWhiiOo/bAktyegnfd8L4f0HNSxqGr766iuUGerVf+LECexijB07VpF0QNaIEYytW7cq0gcffIBd + DMPPAIDfixGMn3/+WZHatWuHXRrMZjOkiTCFKzE8vP+6deuGmicTJ07ECMaBA9fWJV3Nrl36fcP7b/36 + 9agxXC4Xaoy+ffui5gl/JrXJurH/7BuXixGwmIbZhl3zH7pwgFCydwvGGQHpHZnQiwz9K0k0Ke1a4Ty0 + MZ0RC5U1hhrB+48vmgAoV1FmqJMEeAi7GAsWLFAkHZs2bcIIBlQMigSzKXYxPv7Y+DFbMBNGMCD7UaSc + nBzsMgJe8Pvvv69EauH917NnT9Q84SPVDdHdu3djl4x2VvZLdfx3+PBh1BiwIqHmCXx8GMGAkhk1Q/9V + lNhoRrQ4+G/i0DBxqEUcJjU04rBQGlPXWfwjhnK4XeVi9uskEgsXWK+tsGSjEc3Sbva7+kJVB++/48eP + o6bh6tWrKDNgMVUkyH+xiwE+UyQdb7/9NkYw4uLiFAmuZuxi/Pij8btevnw5RjC0dve7PaGm8yq8q/gt + NxWwJgbJqE8q6DZo+MzVB4sWLcJhDN5/q1evRo3x5ptvouYJLMoYwejatStqhv5znj5OoupJzpP8p20W + MeavdEoELLUYylFycA+FiTPBouzaqE0pn6++IpQWeN0KV6im/77++muUGVFRUYrE3z7SlS8qmzdvxgjG + nDlzFCkxMRG7GLDiK5KO1157DSMYO3fuRE0Gfnvbtm1RM2LmzJkYKsP7DzI51Dj27duHQQwlhQ0ODsZj + mRrdseTv//L+g/eIGsObxQsKCjCCAecWNUP/lRzYQ/oKdGg4jQuDprUgHSDYN3rdQHaeO0VGPGqLC5Lr + FTM0MKI8EcqbOEObkzHPuax+blXx/jO8e7Nu3TqUGWr9wX8kYBFF0sFf6Gr+x6eGhmslwO8RqvmfFliU + 4QqpVasWBmmAWh6DZGrkP6BVq1YYJzN37tzCwkI8kNGW5NWB3/Dn/ccn2YMHD0bNE34by0/+Z3tvOe0n + 0CEWqcVhQ//FtKBzkm0bl9s2LLFvWGJbM7/sFF5Y0pOqC8aJkV6qloQwAgXNh8YpvBbef+rEpqVHjx4o + M9SHhM+cOYNdjE6dOimSDv7mxA8/4OO0/PUNPlMkHcojoiq+My2bzZaVldWoUSOMZmhvQ/P+822gN954 + A+NkevXqlZmZiQcyPu4NGsJv3OhmaAXdFljz5s1R8CQ5ORkjGDt27ECN95+087c4gwz4C421SE1xodxE + MCJMioObwSwotZcFkvCw6/I/lYH2vE3gWihZpGRR4z9ssc3JqKddl67n+ZdmzZqhxvjkk09Q03DkyBGU + q6ruvvtu7GVs2LABNQZfpsAoKOsUFeYw7NXw7rvvKqoKv/8HSy1qkElrdhO1bNmyBaMZe/fuRU0GTIwC + 4/ffvZ46t9uNQTL169d/7rnn8ECmtLQUQxlwdUGWDDb9/vvvsUsDX7Hy9y0A/jEFuBJQY8C6z0/52vWB + 81+5U5ydJkY0Qv+xJg4JE9GIuCjT/oJ9E+ZVZSePkti/iUNClGkSMkUbNKl8VuZCMwTDsq4E+4b3H9Cx + Y0coo0pKSqAI4Pc7AN1tdf6+JwC1oXK6T506xRcNAOQ9ynAFqEVQ0LB48WIlH4U0a+rUqdirYf/+/cpw + AA4nTJhQXFyMxwx4tUqwiup7Bd2cCsDsCxfYpUuXDHPZ2NhYjONQKyqVAQMGoCYDLkSBwVcMAJxSQgic + QHWfn0+BAHid8EnBJaE8MdSwYUMUGFOmTFGGK+j95y4vs81MsQ1sJMZYRLCdpwuxwVwYG0oiGziLpcW3 + wk7pP+JpZANxaDjzn6bBjDhAsGXP4h/WMsTQf3759ttvcTyjS5cuqHmiPD3FA8sWjmTA6X7wwQdR9uS2 + 227D7zxJT0/HwTLYK0+KMTExvXv3BufpKgNAWw8q6CYwHRikgd8NVdFtG4F7UGDUrl0bNQZ/406L9kRB + aoS91UO7OChw81+Fy5Y5xdavlm2wWWrgQmZErRfJwLvpm+lul7MScpotK2EtpjAjKsmih//CoRym/xjq + Iga3Hwzh/af7Ywgew2eK4CLmVzFv3HXXXceOHcORGvgNQh+0bt260vOf0KHgD1iOcQADsgXUjMAgTzp0 + 6ICyBphHUWbwW9aAetdHBYoJ1Di0dxEvXrzI3+PxgXZxUDB4M/bc5eJLgm2wBS3Iml3jRfKSUJovXViO + ogLptm+MSVqaWbHCXBgOEp0cUf57Df5AnfcfFJ78eqTi4+m906dPR0REYJx3oqOjz507h2M4YGrxNpVq + GTdunG4NBVDziVpx6+A3IFUwwpOVK1eirEF7T1Jh27ZtqDHg8kZNw/nz5709cKm72mGyHDFiBGregVnT + 8FFfgzdTeugAeUGgg8NFT/+xZrENai4mP19BrRX0Kh3fn77ygDovSk0tVvoKZFpcjcwH8P4rKiqC09G5 + c2c8ZoSFhal3GnwAs4vFYuGXXag2wsPDt2/fjnE+WbJkCb9uApDsP/PMM9988w3GeQLLqPowsI4mTZpA + amg46arw92AUUOaoV68eRjAMd4JGjx6NssyiRYtQ8ATG8rduAcPVBirC9u3b85aF4gPKlNWrV2Mch8Gb + cVkv05TudFArOjhMbeK16dAi9hbsG7MrqyptaxdKM2VsmIf/4DD676S3IC6d7rrqZ7evRjidTnifM2fO + hGqRUv3fffoFyo49e/ZA5QE/5Jdfrud/hkBaDQXdhx9+uGrVqoMHD164UK0/6oNpOD8/Hyae7Ozs9evX + 5+XlFRQUoOaPK1eugLlhOYaXnZub++mnn6JghM5/3u4aAzt27MjJyYEfy6+8Os6ePQunC145xG/evNnv + PjasJLDIQiUHb5MvvHiML6aSj7eTHtIUqLWg4kIxOpQMbOA8c8Jx5EvJfNGma1NjjIXCQgzTXmybkrwt + 0j/lDXCz4O/6+Jh1bh2M/QfWEZfNkCwYbda7sF8dMfNV57liMbWH7ZVmkiPlSdEW1UbsK20Kiotfc542 + mPYD/Puw2Wy63biWLVuidmvjNZmosIu21QvIiwLt+xcaFSqbTzZiv7tKPt1hy5lH+8gTZFQIHfgA5Isk + 4gFxwRRH4aFq7rME+L9QXl4OS7P6vW5LD3jrrbcU9RbHq/+AygqX48hX4htjyKAWpJcAXpTqkuTnbWsX + 0O6C0kOjgmnGMPsHa52njrkDzrtZKE/umEwmqH4Uw2lp0KCBw/HnSH58+U/BXV7m/OVU6Zf77VtW21bM + pesWiivfsq9ZZN+50VGQX/7rad/P8wX4d8A/OaZl3759GHfL499/Oior3bpd1gA3Hx/+4+9038rU2H8B + bgUMd5ufeOKJzz77DCP+JAT896eksLAwISGhh0xERERGRsa6detQ+1MR8F+AP5KA/wL8cVRV/Qv7Q99u + 7TDKKQAAAABJRU5ErkJggg== + + + + + iVBORw0KGgoAAAANSUhEUgAAAVMAAAAsCAIAAABXKsyDAAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAO + wwAADsMBx2+oZAAAFnBJREFUeF7tnQd8FEX7xxEQVLCgCIgooEH4QIAXgom0GJRiAUQFFP+KCqH9KVIE + CyKQckloIgiRHgFfAekEKaLUCNhiRFCitJgIQiDU273bveR9buaZY25m924TglL2+1nzuZvfzLm3N7+Z + eWZmlxIFNjY21x+2821srkds59vYXI/YzrexuR6xnW9jcz1S/M73eDznT2snst3Zv7uzfnPB3+PZ7nOn + NY/uwRw2Njb/NsXo/PyzJ90ZW5U105S5g9QPn3dNaOVKau6aEOWe8pxrzkB19VQV1NMn3JATS9jY2PxL + FIvz8/OOu7csck7tosZUc8dW1xz19MQmetIjelIzPamp97UjVI+rqcfer334rLp5kfPkMZft/2uGjIyM + Hzkw1ZyjR4/u379/rwmYyaaoaJoGl9eHoigo+HOpzs/P9+zdqSS/rowtpyWF6+Mi9fGPmh+RelKEHnOX + Nu3/lF/SFI9Hx0+xuWoZNmxYCY6lS5eiwJGbmztq1KjWrVs/9NBDZcuWxaxG3HDDDVjGpqgcOnQIrybh + scceQ8Gfi87Phz6Y/BfsuIjm1jd/5oyv43LU18dHST43O6L0hAZ6fB33pvlOl6LhZ9lchaxfvx7rF6Fv + 374oMLKzs6FpKF26NOYIhu38YmH06NF4QQmxsbEocFx0PozYN6U41892bZzDjrnca/L2i2RX1m8wUPfi + VrUNcy6MLa3BkL4QtqdHlD6uuT6mhLY22Tb/1YrH46lduzZWrhIlQkJCUOBo2rQpytawnV9ctGnTBq8p + 4auvvkKBcdH5znPajF7KqBJ67D16TBU9tor0t5r+TgktY6tKsnu2LnHG3use11JytfUj0jvy3/xfJd9j + T/tffQwcOBCrFWHjxo0oMKKjo1GzjO384uLIkSPly5fHy1qiBMRZKDD4OD9/6xIF7O3twA2PVvrYitqe + HV7n//qtM7a6C/ptb7rg58Ic8AmxNVx7djiFOMLmCufo0aNYpwjNmjVDgQGdDGr+dOvWLT4+/rPPPlu0 + aNGCBQswlWE7vxgRpmA++eQTFAh+M3yH96nxD7kFc148ovSY27Vfd7lgdDDr/xVHPSkDf/AtQoDWAWL+ + xvr0V5QzJ914EjZXAyNHjsQKRZg5cyYKjPHjx6PGsWnTJpQZKDBs5xcjmZmZeFkJQuvs53zvgD9aSWxi + 4tUoPbaqtm+n8v0GJeZODcbqYgbucDSEqEGLqaTFVNa9838BM8Onbf1cgQgCz6NIuN3uY8eO4RsTTp06 + pao0Wik00MvpevEsRrhcrr///hvfFJIiFyxGnE7nbbfdhhWqRAl4DRcfNcaLL76IMqN79+6ocaDGuBqd + n5WVha/+caAyB67zXbt2xStL+Prrr1EQnA9D7o0pzph7NDPnOxpoaSsvpAxRExqatg6J4Xrcg+65g5Qv + U5w7ViibFigpQ5X42m7TBuVRPeE/evLrap53k48p/fv3b+PPnj17IB1q4cSJE+vUqUO/W7ly5dq3b79i + xQpairJs2bIXXnjhzjvvpHkgM1wRCIRQNmf06NFQg8PCwnwV/cEHH3ziiScgxP3uu+8wk8TgwYPxFBk/ + /PADpB84cODtt9++77776EdVrVq1Xbt2K1eupKUC8NFHH8EguX79+iVLloSClStXfvzxxwcNGrRv3z7M + QUhLS4Ov1rBhw/Dw8JYtWz5G+PXXX1H2p3Xr1i1atHj44YchP5SS48AATJgwgX4FCpwJChzwySgzkpKS + UONAjSE7H672I/5Au4kaY8iQIagxZsyYgZo/0A02J0AHCDTlwJIMLGDCunXrevbsCdloLH3rrbfC6+jo + 6LVr12IOfwYMGEA+9SLffPMNagQ4MagMkZGRTZo0qVevXs2aNatUqVKtWjWUOXbt2jV27NguXbr46jxQ + qVKltm3bTp48GTMxYJCFOQhQmVGQnF+Q+aPL0cA9roVoTnqMa6nNH3Z+XJQmpONBhu6TO6oZW5zOs+78 + fOghoRv3OC9oe79Rpr6gmi7+Reqx1XEGwYznn38eT58BzocOEC4ivvfHV8969eqFSf7ccccdixcvpnlk + oO3gJ64NGTVqFOb256WXXsIcDHD+p59+yveTPNAcYEmJEydOCM22QEJCAmYl3HjjjSgwIKhGjQM6CpQZ + YDDULPDkk09iMcLq1atR4HjllVdQZrzzzjuocaDGkJ0P7R1qDNn5ffv2RY1h5vwtW7ZgjmBgASPeffdd + zGQE1LczZ85gVsbrr7+OMkNwPnQPKHDk5OSgTICPhUYWNRMwKwe/geLuu+/GVNn5Z3K1Gb1Ily6Ykx1J + TTWz7TqJD+tTuqiH98G43WC6LueAOu0lV2KYkfkhjrhfT/3IuCBFdv6GDRtCQ0PxjRFLliwJPL1cvXp1 + /HR/ZOuaAR3mH3/8gcUYcvF58+bhKxPWr1+PhTnAUffccw/mMAcaeyxQUPD+++9jKgP6ENQ4pk2bhjJj + 8+bNqAUDQp4yZcpgMQIMu1DjcDgcKDNatWqFGgdqjMvtfGh/MUcwsIA/2dnZMJjCHOZAD3z27FksQwjs + /ClTpmAqx/Lly1EmTJ8+/a677kLNHMzNAYM71AgwZKDpYtb8fE9qshJXQzJn0CMSBvna9xsDzNLnZ2xX + HA2NBhQQI4Tps/opqtM0kJadD77FVyaY9bE88tQUDK1Rs0aHDh2wJEN2PsQI+MoEaPKxMEPTNLlUhQoV + IiIi8A2Hb/ACrsAkjpMnT1LVBwQLqBFKly6NggWgwcViBLMtYjAco7EJDzSUQn+IAuNyO//DDz/EHMHA + Av5AzIgyA07YF0XyDBs2DMsQAjj/8OHDmMQxYsQIqlIgZEMhGFiAY8yYMagRfGNAg6x7dyrg4cBzcvIB + 4X3ya+qFM4FideW8Nm+I6mggloVjXHN9Yjs177hpcdn5QKlSpSAUh2Bm0qRJ8BpT/YHIPyYmZuPGjYaz + zcIoNysr6+abb0aNAfU1Li4OQrvk5ORatWphKgc0FlieYDZkGDp06BdffAGd4f33349JHPv378fyBGFc + B99i1qxZVIJG4bXXXkOBULduXSoB8rhx/vz5qDFQYMDwFQULQKXEYgT4OihIDB8+HDNxwIATggW4pGAG + CFYxlXG5nQ8RMuYg9O7de+HChQsWLKhatSomMbAAB1xG1BgQpvlOBhyFqQz+HoQAzn/66acxiQHRPpV8 + PPXUU6hxPPDAAxDSpqamwleAM6EdIRbgEEJ938hLzpqfd9w1qb3LuzNP8qfpEaXHheirJkOH7wm4Lp+/ + bpYSV1MqDkcktB3uY0fEH9WH7HwYc6anp6NcUACmQoEDBkj8FFdKSgoKjHr16qFGkGekO3fuLCwHwDAB + NQZE16dPn0bZxPn8eD43NxcMgAKD32Ul7IoFpk6dihoBBpPQFqBGgK9PJTmUffbZZ6lEWbZsGQqMv/76 + CzULCAE8VDsUjPj444/BzJjVApfb+c888wzmIPjMGdT5MG4SfjK4DqgxhJEUP69h5nw4T3zPgLAcWnZa + iiKHZsDs2bNR5oD+CV9xCGt7tWvXpukGjUS+x7M00Rlf22Q2zvDwLvjpG+ddMB/qI1sWsc1CwidE6o5G + rr8Omk7yyc6HLhQ1Ro0aNVBjQNyLGuOmm25CjQARAQqEKlWqoMAwXLOBhhNlxu7du1Ezcr4w9gPeeOMN + 1Bj8RgtBhZYFBY6OHTuiTJgwYQIKwerxq6++iqmE8PBwFKwBoyQsSZC37gnABYyNjcXcwbjczq9WrRrm + IGCqBefLzeXOnTtRY0ycOBE1ArQyKJg4Hxpc+Y4GviJR5Mpm6HAzoE/CYgSITWi6gfOB9K+VmIoma3uG + R5QeX0tfMdHb5+NHGONZM90Z96BUHEb70OdHuP7OKsRof9WqVagx5IEuv4BJka/j+fPnqSTsSwP69OlD + JQG5qeZ9Kztfnv2eO3cuagz+5xQmz0NDQ+mmNx7hi/To0QMLFxQkJiZiKoNfbapcuTKmEj7//HMUrBEW + FoYlCT/99BMK5hw8eDDwXKwPK86HSEFAnvoydH5OTg7KBDglFCw4X56wlH+RwYMHo0aAwBALmzgfxmL4 + hjF9+nQswCGMNXydtnWE3o5uSzF2/vE/3ZOeciVFiP4McEDmaS+p504HivPP5bln9FESGoll4YA4H/6P + p0+Y3r0jO1++l1vozQC5x5Yvt28aVpi7AgxvcgLASJiDwQ/tZOfTrQc88ph89OjRqBUUBJ0RlHnEfwka + Uxn9+vWj6Tt27MAkBk23jjBJETRSAEuYTcGEhITgK4YV51vB0PnQOqNMgNqCggXnCxMrFvHFibLzhU2Q + QHR0NM3MA5cXZYYQu1lB+Mmgh4NE4x/erepL4hXDzjnAEVdD25UaaG5/9zoIIlwGN/mQjQBzBigupRBz + +8I+FkB2fnZ2NmqMAM6XpwDnzJlDJQHoJzEHo0uXLqgZOV/uGLdv344a47333qMShHmYVBjg16XFKcIs + tG9PiFDhYJxM063j24lECbyH7M8//5Snvvv37+9bbsAkxmV1vrC+ZT0+Apo1a4ZCYfBdHNn58s4LYV89 + Re6NfPXEOsIqGN0mYNbk5+9aq8TeZzDDP66Z22w9H7r9D9q7MtMNl+XzD/ysTHpaSYww2gUU5b0R8IuP + odUohPPljlR2PtQ81BgBnC/P/0HkRiUBeTYRHIWakfPpHj4e2fn8fh4wAKZapnz58liY8O2336LAoHGp + MFaHbDS/dRo3boyFCRkZGSgYIUxGAOAB1AiYyrh8zv/ll19QY/z888+oWXB+ZGQkCoUhgPOFW+gpBw4c + oPl9rFy5EjVGz549UbOMsFxFt1qbOb8g54BrfCtXUlM/i45roS1859yEx93Ga35R3gdvjY9y70r13oFD + Hrnpgb9nT7m/26BMbONyNDaeO4BRQHwt975dgbbu/wPOh9ALkxjyJCIFxgKYgxE4zrfi/OHDh6NWUMBv + zARq1KgBVdmQmTNnzpo1a/bs2fLwBAJgLE+AvkJ4WovhHfVBadeuHZYnBJjhk1tS4Pfff0eZgKkMK86H + 1irdn86dO6PGgCuD5RlvvfUWagRh5Syo8+WdoPT6yxj+IoZx/nPPPYdvGNCqYgEGXC7UGE2bNkXNGmfO + nMGShAoVKtB0U+e7FC1lqNNvM1+U7qiv7Vx9Yf4I83243k1+emxN7eMe6uqpyqb5auo0ZUa0EveAlvSI + aRFHA31mb/V0rss8UrDkfHnHqOz8Dh06oMbwOT83NxeTGPIvQZEX/3xbo4CiOZ9vZTp16oSpBKE/t4iw + GgR1XWiwPvjgA8xaGF5++WUsTwiwqidv3Zdv2kGBYcX5RZjbh6APBcbcuXNRIwR1vjBvD2RmZqJmAUPn + w6hbHtwNGDAAyzDk55fJ8/8BENoO3w0aps4HE25d4oypzNkVxuT3avt2qumbIT3IVp+ERnrsfd6HfMAw + PuE/oiocMRWhQQmyLmDF+d26dUONITtfmDYHfM4HKlasiKkMeZOfsDWCkpeXh3JRnc/f9yJ0UIB8Glbg + t9mWLFlSuIZFu+1vyJAhWJ4QExODgj9r1qzBHBzyAAEFxmVyvpBBXiUN6vzU1FQUGL5JUysYOh/SDTeM + Cvt2GzVqhAID6jBq/hiuswgzBS1atKDpAZxfcOQ31VGXG9hHeW+n3btTVS645g1R4uuY9uGFOLz3/+kz + einn8gJ1+IAV58t7wmTnyyt/vPMNd3cOHjyYPlL2yJEj0FcIu9YBfq4IKJrzBw4ciJpRUAokJCScO3cO + czAmT55cqVIl+b53ivDYHL6HgREyZiokq1evxo8gPProoyj4I+9vhxAGNQ7UGMXu/KysLHmSrEePHhD4 + 8MjOR+HQIfo5QIMGDVBjwOUVdl4CEJmHhYX1798f3xPMnA8I+38oHu4pVUuWLMFUjlq1ao0YMYL+36EF + hwpA9/nRIjyjRo2iRSi+JaRAzr9wTpvVT/H22NTh4Py76B11+X9kKI76ZBbgUswf5Q0NHKGu374LuhHA + kvPlGF52vryezzsfkAcFFLPHSMIHYknGpTsfgL4UBY5bbrklPDy8Z8+e0MY1adLEt469detWLObP3r17 + aQYZoWOxzvnz5/EjGMIFBNLS0lDjMLxrEDVGsTsf318C9HMAw02iQGhoKER/EGlCd3rvvffSROHGxADO + 37dvHyZxREREUJUCvzgKEkI/hAU4hAoPFY+mB3I+OPyrhc6YO70zcN6luEh9bDl9z3av88Gou1KdcSGm + 9/NaOaBsbDV32qrgtgesOF+O4WXny32RUHGhHZW37psBNVV+wnyxOB8QpugCYOZ8QFjKovg2chUNYaJb + eBoCEBUVhRpHbm4uyhyoMa5k5wPWnywobB4N4HwgLi4OUznGjBmDMtms7WtTAoMFGDB24Hus22+/HYVg + zi/ITFcdjZXER1xJLdWkSNeYm9Q923HFnj5ye2w5t3fDT2F7ftLbjy3t3jT/gtutBR7nU6w4X+6uZefL + 9/PLXVZOTk737t1RNqdr167yMgxgxfmbN29GjSE7Py8vr3fv3igHJIDzDceK8m7iQiGsSIHxUCAY3lhm + tv8EZcYV7nxA3sxnSKGcDwirrZR07rYUqKV9+vRBwRzMzVi3bh0KBDARCkGd73Z5TuSox7PZ8afqPHdx + m53Ho+1c40xs6oqvWxjzQ2xfV4fWJG2FU9dMF/AFrDhfjuFl58MgGTWG7HwKBLQQ2gk7H4GyZcvCAA8c + hfkkrDj/yy+/RI0hO5+yfv36Ro0ayadB6dixY4Dni1CEzeqAfD6FQp4qp9vCKIaBq+EDCACUGVe+8wEY + FXbq1KlChQqYwx/oWqZOnXrq1CnMTQjqfHiLAkepUqVQZqxduxbqpLwLCIBKIu/nF0bB/FMYgjjfAhDz + q3MHKWNLawmNvAN40efcAWpCY+9jPGf1VX7/UQmwb0cG/CmAAgcKHChwoMCBgjmHDh3asGHD9OnTwa6H + Dx/GVHPwczlQ8Ac1RtAHBB48eJDeKbxo0SIw0u7du3m/BUAYKAr7fIvG0KFD8eMI8p1RVwh4fgT57ldD + hH3ymGrEsWPHtmzZAq3MwoULU1NT09LS/rF/HSwzM3PVqlUzZ85cvnz5tm3bDJ+5Bu07fgeCcEP6pTvf + y/mz2u51ztn9VEc9d2xVLb6Wd1UvMdz7T+slRnhfxz/kvZnPEeqeEa3uWus8e8ptZYRvc+kIm9WBKVOm + oHYJCN0+uCXf+w80XXHg+RGK3flXOMKsBHQbKBCK8YvlQyCw/3v1q4XKf99Xk19TJ3dwTWyrftDelfyq + +ul76qb5ym/fq+e9j+6wPf8PAW4UopuKFSsW1xOE33zzTfxQgtndTf8ueHKE68r56enp+AUI7dq1Q4Fx + Ob6YR3XqZ3K9/4T+31ku+Hs6V1MuaIUa29sUGd/+HLC9fIcZf0fgpSM8GizA84j/LfDMCNeV85s3b45f + gMxMyTsOr+LBjI3M4sWL4ZcOCQlp27at/Bi8MmXKHD9+HLMWB0Ikyd+RfoWAZ0a4fpwvLL74nuPGYzv/ + moI63wx54f3SmTRpEn46wexJ5P8WeFqE68T527Ztw1MnyE8No9jOv6YI4Pyi7fy/2oGBjw/rzscCBEy9 + 5rCdf02xdOlSNDpH48aNzZbTba5bbOdfUxw8eLBv375PErp06TJy5MiUlBTUbGw4bOfb2Fx/FBT8D/sB + dPDtkB/EAAAAAElFTkSuQmCC + + + + + iVBORw0KGgoAAAANSUhEUgAAAKsAAAA8CAIAAACW6d21AAAABGdBTUEAALGPC/xhBQAAAAlwSFlzAAAO + wwAADsMBx2+oZAAAD8NJREFUeF7tnAlUVmUax2lypsVzapqaVk/nlJaTZTpYjVEzx8zKhUYdqzGnzPKU + mmajdpqWmbTA3QGVUJY0EUTEFQFF3ElkERT8UBYFYxFFNj92EGz+8D5eXp57v++78C0y9f3Ofzpwn+e9 + zbnP/z7v+957yeUnq2m5ejX5Yr2voWZ2gtE9stx1c8WjoSW3hVzo4VN668rihwKLcHDWvuJFCSVIq2m6 + QsOcdA+67gDUclNO/cjoGhT7Rr9q1NuU4ANFPZcZ3Leehl0u1TXTiZxcV7rigNPlDbjdUXVZrOqKWPll + vRuZi65AJ3VyneicA1B73PSs9kKs8IrMOEAILcHpg+uIXgeg5+O+Fw3flFjthSw6QAj9wDkvXBd0OQD3 + qFjcddYBOssv1Nfv1I4cI/0rnTgKyw7Aqk3U3qIDIGscIIQtA/2LnTgEcw5A559wOE8uvxCrOoSDWB/A + K1GF1RdrO2z50NvFXhF9HjtDVm8m51zgeEw6AJW4OzxTLrwiufZYHKDALVev0jBLIHnWPu1+AJdQkhMH + ou0A3MTukeVwgKYJxE2P2nf5fsVAdHul9k+vzcAug2JOHIuGA5paWtD8Rfk1TYCGb5OCYb5A24fkWcOJ + g9FwAO7OAVvTIE0TOLhXl9aV009O7AN3AJZyT0dECQkfKFbAhtDBj27CcyL7BQ/Z9eMB+t2JHejgAGNj + 9Yjd4YoDmA8cWf6aptp/xs19aN1g6I8bX3Z2AvvRwQHL0yPhACHZBO5bT2POpiT7YyjLHLrtdVF+oZmH + /0MxJ7am3QFnLpeO27MSUkwgfIB/ZldWU5L9CczY8Oj6P8vlhx5e9+yxkjTKcGJT2h0wP2WtcADzwYGi + dMqwM+X1Fe/tnc1qr+i1XR9QnhObQg7Iqjj77v5FQrIPMC+IBHtz9ELK4PBXWdVloQ3g/yRlO7Ed5IBV + J4OmHfx8yoHPFR8IK2BtKBLsR8vVFq8T/r2D3FjJZWExuK/gBxrw/0lLS8vpS6f9UvwGBQ7acmoLHe0G + tDrA2FD1xZFPZh6aAwkfCCtE5O0RSfajuKbk77unsnozvbFrCtJogKMouFwQejJ0ReKKfx/498cxH399 + +GufJJ9QQ6ihxEAZliipLkG+d6L3xB0TH1v12A3f3ODi4SIUnRNNSd2AVgckF+/8LG6qkOIDbMbqrth3 + /R+bfxg3N6u3LHT+Jamrm6867l1RU0uTR5yHa4CrUi21ei7sOXzDcBqgAtaZd2ie21o3NkpWt3NAmGHW + wqPjIcUHUFhOhMiwB43NTd8keaPArOSyntk0Mr44mQY4BK8Er3v+ew+rlqYe9nmYxnQkOD34t0t+y5LV + 6l4OaGhu9EseJRwg+6Cg+jylaLHlTNTaU2GYwun3zpBnzB8Z8TarN9PE2JmOfAp0ueHya5tfY3Uyowe8 + H6CRElOiprA0TT3q++j+vP00phvgUmyMhwOEFBOsTJlBcROg/KjT6Kj3Tpfn0CF9wDqPh7wgF5upT9Bz + WJZe/Unv62brKast6+PTh9XJvO5aehcNvsZ3x79jObJeWP/CtOhpS+KXpBSn0IBug0tiYUhAshsk+2B7 + 9gqKm0A4QBRswbGVelYM8oNeU3p+85jUSydpgAls3hvGho9lBVOEbo8pf2bMzMk7Jw8LHobbVxy/bfFt + NLiNkxdP9vDsoYwSenDFg2EZYRX1FZTUXXGJy/MMTnWDZB/klMVQ3ASKA5TK7S88QjEtDGVZ7EGvWh/s + /xS7EhqgBZZpWD1glUq/24KFPyxklROatGNSaU0pJUlgRzdrz6ybF9xMv7fxUshLbPjKpJUU6/a4xGRP + Fw5QBB8UGS3seZgDhFCbi7WXKENC80GvLESDMjdTtgkKqs7/NXISkt13vkOHrKaqoUq9cLv7v3fj3qUM + HZTXlrMzjAodRTGrKa4qpp+sAzsU+kmFy+b0EcwBUN0VCw+CNB0ADQgdFpy5RZnFKxuMZh70CqE3WFxM + RObF9t/wosjHHoGOWs2XB75kxYPWpa2jsD6Qz86wN3cvxdq4UHWBftKHocQwfdf0IUFD7lp2F872a89f + D/Qf+Nb2t7DUoIyOBKYGognJ8k32xXHsopfGLx3gP+BXHr/Cee5ceueLwS/OiZ3DdtcurPZCFDSNKQcI + jYt+P6vibNKF4+Yf9EKz4+bVNtXRSbXAVuXLo4vlIWgYFLOavr59lbIJjd00lmK6UW8iKusqUcW/hf+t + 36p+4ur3XNjzSf8nseA4eO4gDTOB7zFf+VRM7hvdMy9lUuo1Vh9bzdK8E72PFBzp79efHRdyDXDFwoUG + 28kBEOpk/kFvv+Ah2BfQ6Uzz2q4P2ECIYtZxpvwMuzTQmbIzFNbN75b+Tj7DLQtuwSTym/m/kQ/K8ojz + oJEqxm8dz5I1lVSURAPaUDtg7uG593vfzw7KwjpGMYGGAzAviJgZdv94wPzzHPMaHvGPPGM+ncss6Pls + LEQx6/BL8WPX5Y4ld1CsM7CT3DT/JnZErQnbJtBgia8OfsXSoMFrBvda3osdHBnaYR5UO+DWhbeyI2pN + 3DFRDO9iDwAnLmWgkKw2evRV4rLG5iY6iyWU6V+RrWYB3IvsojwV+BTFdFNWW8ZOolPssSBua5aACuWW + 54poUFoQi2453f5uSe0AoaHrh3oneO85u2fuobn3e2m0hPSLre/9NVaCocefaW7R9Tko1hSrTgahn7Mi + mRLWiTE/WpgIZbAIYGeAbLUSxC6fXRE0YYrpJrs0m51EaObumTsyd2CvgUU4JoXbF9/OElwDXekUbTy3 + 9jk5OihwEAWuMWPXDDlh1Mb27YamAz6M/pDCbWDD8pd1f2E5U6OmItS+G0ThhbamuVrcDcoUVJ9/Z+8/ + WZ3UGhs12fyTZjVnL59jJ4FGRrxNYet4c+ub7IoojVE/CYUJ7CQQVnMUvsaR/CMsBzpacFREsfhgIcxQ + IqSA/YWc8NDKhyhgYhZAc6LwNcJPhbO0Vza8guOtT4Tk2gtdNHb6wxBs2DTnbAgrhkUpvl14xYdzslNB + H+z/lMLW8XHMx+yKYNKlmG5YYaCPdn9EsY5MipjEMpXdXVR2FAstPbp0o2EjmkeYgeST5MNyahqpT6sd + MDW69eZWc6PHjXLaI98+goMuZ0p8lcLvyiBlFM0RYzoFdv+fxS9kK8SnwkbEne+wdtXPN0ne8qmEvE74 + U9g6FvywQL4cEFb1FNONehaAsSjWkZCTISxzduxsEfJK8GIhPUouohenagcsjl8sQgx0Djmth2cPHGx9 + M6QUfk9Gf6HE3DFiTBc4VpL20vbxoloTYqZrPiXUySs7JiiFVxSbf5jC1qFeXkHZZdkU1kfDlQZ2hncj + 3qVYR7DsYpmvhLQ2YYBbloX0KCKLXt+rHfD9ie9FiPGE3xMss6WlxQWLPrn2reXP6Qs1NvInD/ppamny + SV8Lde31sQDbRVZ7CA0GnYYyrONcxTl2OaAuPBFinxSIyVVN6vlUOQ2avHOyCM3Y3WGVp1NdcAB7SkGz + AP6HO14pvKKKy8vbRl030O1Z+aHRUe9R2BbgEshXRAjtmsL6ePq7p+Xh/f36U6Aj6pajvD1Sz/GL4hf5 + p/qrFZAaEHg8EAuINSfWKGs9tQO+Pvy1CMlgb8nSxHOFVgdgKcDKb8jtnZM/UOee0B5gH4gFBCs/hL5C + GbYA22V2USAspL9P076HFGLPxtJPWk+FsbKjmIR66xH3Y5wIqZeT8nbfImoHaH7C5BnnydLEkqXVAc3N + pUrhFWWde/A6toHAjA2s9hCmgM7uJy2i2Qagd3a8k1eRR0nXaLzSuDxx+QPeD8AldEhrp+e+0R2ZFG5j + Z/ZOlgMZ62k6KzQWstCw4GEipAe1AyDFXgI0jN4+vVkO2hJCrQ4AWPzLtRdqbQPNGu/I7U11U43mF6QT + Y2dShu2IzI5k10XWTQtuGuA/YMymMYMCB8nz/Z1L76Txbai/MXENcN2eub2uqa7IWITWLd4PyZp7aC4N + buONLW+wBPQM5YGBQkJhwogNI570e5J+b0PTATcvuDnUEIrCV9ZV7jm7R/0RlPLQiRxQ35CsFD43v5ei + y5Vd2RZayadHPFnthQ4UxlOGTUEx2NWxqF7Le9HgNjQf+JjRQP+BNPIa6Ddssy7U59s+8B/WjEPXD1X2 + cs9//zwNa0PTARa1KWOTGE4OAKWXRsu1h0rO3wPV1XbicwnrQZk13znZ8MMQNeo50rzEKlpG/XzJjPbl + 7aNhEsuOLmNppoQ2QGPaUDvA4mePsofaHYA2IBe+XcWPWLMz7BTYAQ4IHcZqL3SoKIGS7AMWX+b/TEDW + Y6seo2ESenrJ8A3D0y6Y/BPYdWnr9Hyuzr5BUjvAO9H71bBX2UFFWOLQyDbaHQDQ81n5jSW/h6pK+zvA + BOX1FcqjJKb39tLjM3uDreDoTaPvWHIHu2qKXg55GTuIrNIsGtARzNxIYEOE+vr2XXN8DeWZpqqhalr0 + tPu87mPDhf6w6g8ecR5siarpAByfsG0C+371Xq9758fNF6MUOjgA6z7c8UrhZcEEdl0VGsqyTH1Q9HjI + CzbfAlgEd2psbmxwevDqlNXbMrfFF8SfLT9b21hLYbNU1FdgGbg+ff23yd9iF2DKLubBCg7rPnSFoPSg + iKyIuPw4+cMeGVMOEKQWp/qn+u/P23+pRvvhbAcHgPr63az2ispKnrFTJ8ipzNPc/QvZ9a+XfgaYd4BF + uAMA5gJWe0XoELAI5dmI6HP7nto4/JEg7S+OZsfNozwnJrC9A1quNlVVvMlqrwhzBCxikxmhssHomTTv + TxsHQ48Htz7wYeUfF/1+Q3OHRytO1NjeAQAFZoUXUlaIaAYVl5d3+bFx3ZXqvedCxu0c8fKWZ005AKtC + W70E+nljFwcAmAATvykHiH1jTv5A+KBTiwPs97Znr/hw719fj3gW5ZcdIE8E/YKHOP6/GfB/ir0cAGAC + eTpg5RcPEA25vVvfKeSOySiac9EYCTewxoBfi4yGnLIYFH7h0fFTYtyE4ABhArUDph38HDtDGu/EEnZ0 + AMCaQFkYqh0g3iOIt0ri2wLxrVHo8WeC2746xz8Dkt0W/fCs0L8OuEHMAcIEcADUO8jN64S/NV8V/AKx + rwMEdbVh4jmBUn7FAaL8wgG7MtrLr0j8QapFB0DPhY/s8vdkv2QCUgOGBQ+Tpf5U1Qy6HADEjGC+AVjj + gG+SvM3/4bATO6HXAYL6hmTxAkndAMQUwMpvxgGKCb448omhzEHvHZyo6ZwDBPAB+oGeBiDEHKCYwDNp + Xk7FKTqpk+tEVxwgwLxwpsQ3u3Cc0gDMOEAxwX8Oj1qZMiO5eKfFP1B34hi67gAF7PeKjfFwQ1yeZ0z2 + 9N2Zbyi1x3YAv+IgQomFIdgWYnNBw5x0B3766X+rKWAgsDMw+wAAAABJRU5ErkJggg== + + + \ No newline at end of file diff --git a/MinerSearch/WinTrust.cs b/MinerSearch/WinTrust.cs index a277847..c1f0c25 100644 --- a/MinerSearch/WinTrust.cs +++ b/MinerSearch/WinTrust.cs @@ -320,7 +320,7 @@ public WinVerifyTrustResult VerifyEmbeddedSignature(string filePath) } catch (Exception ex) { - new LocalizedLogger().LogErrorMessage("_ErrorVerifySignature", ex); + Program.LL.LogErrorMessage("_ErrorVerifySignature", ex); return WinVerifyTrustResult.Error; } } @@ -443,7 +443,7 @@ public static WinVerifyTrustResult VerifyByCatalog(string fileName) } catch (Exception ex) { - new LocalizedLogger().LogErrorMessage("_ErrorVerifySignature", ex); + Program.LL.LogErrorMessage("_ErrorVerifySignature", ex); return WinVerifyTrustResult.Error; } } diff --git a/MinerSearch/utils.cs b/MinerSearch/utils.cs index 4030b9f..d34a032 100644 --- a/MinerSearch/utils.cs +++ b/MinerSearch/utils.cs @@ -2,14 +2,17 @@ using DBase; using Microsoft.Win32; using Microsoft.Win32.TaskScheduler; +using netlib; using System; using System.Collections.Generic; using System.Diagnostics; using System.DirectoryServices.AccountManagement; using System.Drawing; +using System.Globalization; using System.IO; using System.Linq; using System.Management; +using System.Reflection; using System.Runtime.InteropServices; using System.Runtime.Serialization.Formatters.Binary; using System.Security.AccessControl; @@ -17,7 +20,9 @@ using System.Security.Principal; using System.ServiceProcess; using System.Text; +using System.Text.RegularExpressions; using System.Threading; +using System.Threading.Tasks; using System.Windows.Forms; namespace MSearch @@ -85,12 +90,23 @@ internal static List GetProcesses() List procs = new List(); foreach (Process p in Process.GetProcesses()) { + if (p.Id == 0 || p.Id == 4) continue; try { ProcessModule t = p.Modules[0]; } - catch (Exception) + catch (System.ComponentModel.Win32Exception w32e) { +#if DEBUG + Console.WriteLine($"[DBG] {p.ProcessName}: {w32e.Message}"); +#endif + continue; + } + catch (Exception e) + { +#if DEBUG + Console.WriteLine($"[DBG] {e.Message}"); +#endif continue; } @@ -274,7 +290,7 @@ internal void SuspendProcess(int pid) } catch (Exception ex) { - new LocalizedLogger().LogErrorMessage("_Error", ex); + Program.LL.LogErrorMessage("_Error", ex); } } @@ -289,7 +305,7 @@ internal string GetDownloadsPath() } catch (Exception ex) { - new LocalizedLogger().LogErrorMessage("_Error", ex); + Program.LL.LogErrorMessage("_Error", ex); return ""; } finally @@ -371,7 +387,7 @@ internal static string ResolveFilePathFromString(RegistryKey key, string keyName } catch (Exception ex) { - new LocalizedLogger().LogErrorMessage("_Error", ex); + Program.LL.LogErrorMessage("_Error", ex); return ""; } @@ -479,8 +495,6 @@ internal static bool CheckSignature(string filePath, List targetSequence int bytesToRead = Math.Min(bufferSize, fileBytes.Length - fileIndex); Array.Copy(fileBytes, fileIndex, buffer, 0, bytesToRead); - fileIndex += bytesToRead; - for (int i = 0; i <= bytesToRead - targetSequences[0].Length; i++) { for (int index = 0; index < targetSequences.Count; index++) @@ -498,15 +512,30 @@ internal static bool CheckSignature(string filePath, List targetSequence if (sequenceFound) { + int globalOffset = fileIndex + i; + found = true; - if (index == 4 && fileIndex > 4096) + if ((index == 0 && globalOffset > 544) || (index == 4 && globalOffset > 4096)) { found = false; } +#if DEBUG + if (found) + { + string tmp = ""; + foreach (var c in targetSequence) + { + tmp += (char)c; + } + Console.WriteLine("FOUND by: " + tmp); + } +#endif break; } + + } if (found) break; @@ -514,6 +543,8 @@ internal static bool CheckSignature(string filePath, List targetSequence if (found) break; + + fileIndex += bytesToRead; } return found; @@ -529,25 +560,44 @@ internal static List GetFiles(string path, string pattern, int currentDe { if (currentDepth <= maxDepth) { - files.AddRange(Directory.EnumerateFiles(GetLongPath(path), pattern, SearchOption.TopDirectoryOnly)); - - foreach (var directory in Directory.EnumerateDirectories(path)) + if (!Program.RunAsSystem) { + files.AddRange(Directory.EnumerateFiles(GetLongPath(path), pattern, SearchOption.TopDirectoryOnly)); - if (!IsReparsePoint(directory) && - !directory.Contains(":\\Windows\\WinSxS") && - !directory.Contains(":\\$") && - !directory.Contains(@":\programdata\microsoft\Windows\Containers\BaseImages") && - !directory.Contains(@"AppData\Local\Microsoft\WindowsApps")) + Regex guidRegex = new Regex(@"^:\\programData\\Microsoft\\Windows\\Containers\\Layers\\[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"); + foreach (var directory in Directory.EnumerateDirectories(path)) { - files.AddRange(GetFiles(directory, pattern, currentDepth + 1, maxDepth)); + if (!IsReparsePoint(directory) && + !directory.Contains(":\\Windows\\WinSxS") && + !directory.Contains(":\\$") && + !directory.Contains(@":\programdata\microsoft\Windows\Containers\BaseImages") && + !guidRegex.IsMatch(directory) && + !directory.Contains(@"AppData\Local\Microsoft\WindowsApps")) + { + files.AddRange(GetFiles(directory, pattern, currentDepth + 1, maxDepth)); + } + } + } + else + { + files.AddRange(Directory.EnumerateFiles(GetLongPath(path), pattern, SearchOption.TopDirectoryOnly)); + foreach (var directory in Directory.EnumerateDirectories(path)) + { + if (!IsReparsePoint(directory)) + { + files.AddRange(GetFiles(directory, pattern, currentDepth + 1, maxDepth)); + } } } } } catch (Exception ex) { +#if DEBUG + MessageBox.Show(ex.ToString()); +#else Program.LL.LogErrorMessage("_Error", ex); +#endif } return files; @@ -584,7 +634,7 @@ public static string GetWindowsVersion() catch (Exception ex) { // Handle the exception appropriately - new LocalizedLogger().LogErrorMessage("_Error", ex); + Program.LL.LogErrorMessage("_Error", ex); } return "N/A"; @@ -706,7 +756,6 @@ internal void CheckWMI() try { - GetProcessOwner(Process.GetProcessesByName("explorer")[0].Id); GetServiceImagePath("Dhcp"); } catch (ManagementException me) @@ -1142,13 +1191,13 @@ public static string GetDeviceId() return MachineId.ToString(); } - internal static bool IsTaskEmpty(Task task) + internal static bool IsTaskEmpty(Microsoft.Win32.TaskScheduler.Task task) { try { return (uint)task.LastTaskResult == 0x80070002; } - catch + catch (Exception) { return false; } @@ -1237,12 +1286,160 @@ internal void InitPrivileges() if (!Native.AdjustTokenPrivileges(hToken, false, ref tkpPrivileges, 0, IntPtr.Zero, IntPtr.Zero)) { - Program.LL.LogErrorMessage("_Error", new Exception("AdjustTokenPrivileges: Privileges are not available")); + int error = Marshal.GetLastWin32Error(); + Program.LL.LogErrorMessage("_Error", new Exception($"AdjustTokenPrivileges failed with error code: {error}")); + return; } Native.CloseHandle(hToken); } + + internal bool HasDebugPrivilege() + { + IntPtr hToken; + if (!Native.OpenProcessToken(Native.GetCurrentProcess(), Native.TOKEN_QUERY, out hToken)) + { + Program.LL.LogErrorMessage("_Error", new Exception("OpenProcessToken: Current process")); + return false; + } + + try + { + if (!Native.LookupPrivilegeValue(null, "SeDebugPrivilege", out Native.LUID luid)) + { + Program.LL.LogErrorMessage("_Error", new Exception("LookupPrivilegeValue: SeDebugPrivilege")); + return false; + } + + Native.PRIVILEGE_SET privilegeSet = new Native.PRIVILEGE_SET + { + PrivilegeCount = 1, + Control = 1, + Privilege = new Native.LUID_AND_ATTRIBUTES[1] + }; + privilegeSet.Privilege[0].Luid = luid; + privilegeSet.Privilege[0].Attributes = Native.SE_PRIVILEGE_ENABLED; + + if (!Native.PrivilegeCheck(hToken, ref privilegeSet, out bool hasPrivilege)) + { + Program.LL.LogErrorMessage("_Error", new Exception("PrivilegeCheck")); + return false; + } + + return hasPrivilege; + } + finally + { + Native.CloseHandle(hToken); + } + } + + internal bool GrantPrivilegeToGroup(string groupName, string privilege) + { + IntPtr policyHandle = IntPtr.Zero; + IntPtr sid = IntPtr.Zero; + try + { + Native.LSA_OBJECT_ATTRIBUTES objectAttributes = new Native.LSA_OBJECT_ATTRIBUTES(); + Native.LSA_UNICODE_STRING systemName = new Native.LSA_UNICODE_STRING(); + + int result = Native.LsaOpenPolicy(ref objectAttributes, ref systemName, Native.POLICY_ALL_ACCESS, out policyHandle); + if (result != 0) + { + throw new Exception("Cannot open security descriptor: " + Native.LsaNtStatusToWinError(result)); + } + + int sidSize = 0; + int domainNameLength = 0; + int use; + Native.LookupAccountName(null, groupName, sid, ref sidSize, null, ref domainNameLength, out use); + + sid = Marshal.AllocHGlobal(sidSize); + var domainName = new System.Text.StringBuilder(domainNameLength); + + if (!Native.LookupAccountName(null, groupName, sid, ref sidSize, domainName, ref domainNameLength, out use)) + { + throw new Exception("Error getting admin group SID"); + } + + Native.LSA_UNICODE_STRING[] userRights = new Native.LSA_UNICODE_STRING[1]; + userRights[0] = new Native.LSA_UNICODE_STRING + { + Buffer = Marshal.StringToHGlobalUni(privilege), + Length = (ushort)(privilege.Length * UnicodeEncoding.CharSize), + MaximumLength = (ushort)((privilege.Length + 1) * UnicodeEncoding.CharSize) + }; + + result = Native.LsaAddAccountRights(policyHandle, sid, userRights, userRights.Length); + if (result != 0) + { + throw new Exception("Error assign privilege:" + Native.LsaNtStatusToWinError(result)); + } + + return true; + } + catch (Exception) + { + return false; + } + finally + { + if (policyHandle != IntPtr.Zero) + { + Native.LsaClose(policyHandle); + } + + if (sid != IntPtr.Zero) + { + Marshal.FreeHGlobal(sid); + } + } + } + + + internal string ConvertWellKnowSIDToGroupName(string GroupSid) + { + IntPtr pSid; + if (!Native.ConvertStringSidToSid(GroupSid, out pSid)) + { + return null; + } + + string groupName = GetAccountNameFromSid(pSid); + if (groupName != null) + { + return groupName; + } + + Native.LocalFree(pSid); + return null; + + } + + public string GetAccountNameFromSid(IntPtr pSid) + { + StringBuilder name = new StringBuilder(); + StringBuilder domainName = new StringBuilder(); + int nameLen = 0; + int domainNameLen = 0; + int sidType; + + Native.LookupAccountSid(null, pSid, name, ref nameLen, domainName, ref domainNameLen, out sidType); + + name = new StringBuilder(nameLen); + domainName = new StringBuilder(domainNameLen); + + if (Native.LookupAccountSid(null, pSid, name, ref nameLen, domainName, ref domainNameLen, out sidType)) + { + return name.ToString(); + } + + return null; + } + + + internal static bool IsStartedFromArchive() { string currentPath = Process.GetCurrentProcess().MainModule.FileName; @@ -1458,73 +1655,73 @@ internal bool IsBatchFileBad(string filePath) } catch (Exception ex) { - new LocalizedLogger().LogErrorMessage("_ErrorAnalyzingFile", ex, filePath); + Program.LL.LogErrorMessage("_ErrorAnalyzingFile", ex, filePath); } return false; } - internal void ProccedFileFromArgs(string fullpath, string arguments) + internal void ProccedFileFromArgs(string[] checkDirs, string fullpath, string arguments) { - string[] checkDirs = - { - Environment.SystemDirectory, // System32 - $@"{Program.drive_letter}:\Wind?ows\Sys?WOW?64".Replace("?", ""), // SysWow64 - $@"{Program.drive_letter}:\W?in?dow?s\Sys?tem?32\wbem".Replace("?",""), // Wbem - msData.queries[9], - }; - if (fullpath.ToLower().Contains("rundll32")) { + int notFoundFailures = checkDirs.Length; string rundll32Args = ResolveFilePathFromString(arguments).Split(',')[0]; - string fullPathToFileFromArgs = ""; if (!rundll32Args.EndsWith("\"")) { - foreach (string checkDir in checkDirs) - { - fullPathToFileFromArgs = Path.Combine(checkDir, rundll32Args); - if (!fullPathToFileFromArgs.EndsWith(".dll")) - { - fullPathToFileFromArgs += ".dll"; - } - } + rundll32Args = rundll32Args.Replace("\"", ""); } - else + + if (rundll32Args.StartsWith("/")) { - fullPathToFileFromArgs = rundll32Args.Replace("\"", ""); + rundll32Args = rundll32Args.Split(' ')[1]; } - - try + foreach (string checkDir in checkDirs) { - if (File.Exists(fullPathToFileFromArgs)) + string fullPathToFileFromArgs = Path.Combine(checkDir, rundll32Args); + + if (!fullPathToFileFromArgs.EndsWith(".dll")) { - IntPtr ptr = IntPtr.Zero; + fullPathToFileFromArgs += ".dll"; + } - Program.LL.LogMessage("[.]", "_Just_File", fullPathToFileFromArgs, ConsoleColor.Gray); - var trustResult = winTrust.VerifyEmbeddedSignature(fullPathToFileFromArgs); - if (trustResult != WinVerifyTrustResult.Success) + try + { + if (File.Exists(fullPathToFileFromArgs)) { - Program.LL.LogWarnMediumMessage("_InvalidCertificateSignature", rundll32Args); - AddToQuarantine(fullPathToFileFromArgs, Path.Combine(MinerSearch.quarantineFolder, Path.GetFileName(fullPathToFileFromArgs) + $"_{Utils.CalculateMD5(fullPathToFileFromArgs)}.bak"), Encoding.UTF8.GetBytes(Application.ProductVersion.Replace(".", ""))); + IntPtr ptr = IntPtr.Zero; + + Program.LL.LogMessage("[.]", "_Just_File", fullPathToFileFromArgs, ConsoleColor.Gray); + var trustResult = winTrust.VerifyEmbeddedSignature(fullPathToFileFromArgs); + if (trustResult != WinVerifyTrustResult.Success) + { + Program.LL.LogWarnMediumMessage("_InvalidCertificateSignature", rundll32Args); + AddToQuarantine(fullPathToFileFromArgs, Path.Combine(MinerSearch.quarantineFolder, Path.GetFileName(fullPathToFileFromArgs) + $"_{Utils.CalculateMD5(fullPathToFileFromArgs)}.bak"), Encoding.UTF8.GetBytes(Application.ProductVersion.Replace(".", ""))); + return; + } + else if (trustResult == WinVerifyTrustResult.Success) + { + Logger.WriteLog($"\t[OK]", Logger.success, false); + } + //notFoundFailures = 0; return; + } - else if (trustResult == WinVerifyTrustResult.Success) - { - Logger.WriteLog($"\t[OK]", Logger.success, false); - } - return; + else notFoundFailures += 1; + } + catch (Exception ex) + { + Program.LL.LogErrorMessage("_Error", ex); + } + if (notFoundFailures == checkDirs.Length) + { + Program.LL.LogWarnMessage("_FileIsNotFound", fullPathToFileFromArgs); } - else Program.LL.LogWarnMessage("_FileIsNotFound", fullPathToFileFromArgs); } - catch (Exception ex) - { - Program.LL.LogErrorMessage("_Error", ex); - } - } @@ -1566,14 +1763,14 @@ internal void ProccedFileFromArgs(string fullpath, string arguments) { Program.LL.LogErrorMessage("_Error", ex); } - - } } } public static Mutex mutex = new Mutex(false, "9c5d03a2-b3e5-4b28-a1f6-eafd9b0ed091"); + public static Mutex rebootMtx = new Mutex(false, "dcd2f5a3-55f7-4903-b4ff-303879f87aab"); internal static bool IsOneAppCopy() => mutex.WaitOne(0, true); + internal static bool IsRebootMtx() => rebootMtx.WaitOne(0, true); internal static bool RegistryKeyExists(string path) { @@ -1598,7 +1795,7 @@ internal List GetSubkeys(string parentKeyPath) } catch (Exception ex) { - new LocalizedLogger().LogErrorMessage("_Error", ex, "GetSubkeys"); + Program.LL.LogErrorMessage("_Error", ex, "GetSubkeys"); } return subkeys; @@ -1708,20 +1905,40 @@ static bool IsMarkerPresent(byte[] source, byte[] marker) return true; } - public static string GetProcessOwner(int processId) + internal static WindowsIdentity GetCurrentProcessOwner() { - foreach (ManagementObject managementObject in new ManagementObjectSearcher(msData.queries[11] + processId.ToString()).Get()) + return WindowsIdentity.GetCurrent(); + } + + internal static bool IsSystemProcess(int processId) + { + + IntPtr tokenHandle; + try { - string[] args = new string[2] + using (Process process = Process.GetProcessById(processId)) { - string.Empty, - string.Empty - }; - if (Convert.ToInt32(managementObject.InvokeMethod("GetOwner", (object[])args)) == 0) - return args[1] + "\\" + args[0]; - } - return "N/A"; + if (Native.OpenProcessToken(process.Handle, Native.TOKEN_QUERY, out tokenHandle)) + { + WindowsIdentity identity = new WindowsIdentity(tokenHandle); +#if DEBUG + Console.WriteLine("\t[DBG] Process owner {0}: {1}", processId, identity.Name); +#endif + Native.CloseHandle(tokenHandle); + return identity.IsSystem; + } + else + { + throw new Exception("Unable open process token"); + } + } + } + catch (Exception ex) + { + Program.LL.LogErrorMessage("_Error", ex); + } + return false; } internal static bool IsDotNetInstalled() @@ -1732,7 +1949,7 @@ internal static bool IsDotNetInstalled() if (ndpKey != null && ndpKey.GetValue("Release") != null) { int releaseKey = (int)ndpKey.GetValue("Release"); - return releaseKey >= 378389; + return releaseKey >= 460798; } else { @@ -1911,7 +2128,7 @@ internal bool DetachInjectedProcess(ref Native.R77_PROCESS r77Process) { #if DEBUG Console.WriteLine($"\tDetach process pid: {r77Process.ProcessId}"); -#endif +#endif result = true; Native.CloseHandle(thread); } @@ -1995,7 +2212,7 @@ internal static int GetServiceId(string serviceName) return (int)(uint)serviceObject; } - public static List GetOpenFilesInDirectory(string directoryPath) + internal static List GetOpenFilesInDirectory(string directoryPath) { var openFiles = new List(); int handleInfoSize = 0x10000; @@ -2040,7 +2257,9 @@ public static List GetOpenFilesInDirectory(string directoryPath) openFiles.Add(filePath); } } - catch { } + catch (Exception) + { + } } } @@ -2054,5 +2273,67 @@ public static List GetOpenFilesInDirectory(string directoryPath) Marshal.FreeHGlobal(handleInfoPtr); return openFiles; } + + internal static bool IsWinPEEnv() + { + return + Path.GetPathRoot(Assembly.GetExecutingAssembly().Location).StartsWith("X:") && + GetCurrentProcessOwner().IsSystem && + Convert.ToInt64(Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows NT\CurrentVersion")?.GetValue("InstallDate") ?? -1) == 0; + } + + internal static void CheckLatestReleaseVersion() + { + if (Internet.IsOK()) + { + try + { + string latest = GithubAPI.GetLatestVersion("BlendLog/MinerSearch"); + string current = Program.CurrentVersion.Replace(".", ""); + + if (!IsLatestVersion(current, latest.StartsWith("v") ? latest.Substring(1).Replace(".", "") : latest.Replace(".", ""))) + { + var message = MessageBox.Show(Program.LL.GetLocalizedString("_MessageNewVersion").Replace("#LATEST#", latest), "", MessageBoxButtons.YesNo); + if (message == DialogResult.Yes) + { + Process.Start("explorer", "https://github.com/BlendLog/MinerSearch/releases/latest"); + Environment.Exit(0); + } + Logger.WriteLog(Program.LL.GetLocalizedString("_Version") + " " + Program.CurrentVersion + " " + Program.LL.GetLocalizedString("_PrefixNewVersionAvailable").Replace("#LATEST#", latest), Logger.warnMedium); + + } + } + catch (FileNotFoundException) + { + MessageBox.Show(Program.LL.GetLocalizedString("_ErrorNotFoundComponent"), "", MessageBoxButtons.OK, MessageBoxIcon.Warning); + } + catch (Exception ex) + { + Program.LL.LogErrorMessage("_Error", ex); + } + + } + else + { + Logger.WriteLog("\t\t[!] " + Program.LL.GetLocalizedString("_ErrorCannotCheckUpdates") + " | " + Program.LL.GetLocalizedString("_NoInternetConnection"), false, false, true); + } + } + + static bool IsLatestVersion(string currentVersion, string latestVersion) + { + if (currentVersion.Length > latestVersion.Length) + { + latestVersion += "0"; + } + else if (currentVersion.Length < latestVersion.Length) + { + currentVersion += "0"; + } + + double currentVersionAsDouble = double.Parse(currentVersion + "0", CultureInfo.InvariantCulture); + double latestVersionAsDouble = double.Parse(latestVersion + "0", CultureInfo.InvariantCulture); + + return currentVersionAsDouble >= latestVersionAsDouble; + } } } diff --git a/base/MSData.cs b/base/MSData.cs index 45a5ad0..84b8c60 100644 --- a/base/MSData.cs +++ b/base/MSData.cs @@ -218,256 +218,260 @@ public class MSData }; public List whitelistedWords = new List() { - Bfs.Create("wfk1+0lyyeCvp0X/bADGnA==","2Q31CydBVcl/QiJw2BZSYVxGXKcPx8VqvrONyl3yY1k=", "9DkFb4UAdZ1EexTvHLDhFA=="), - Bfs.Create("17unW4A74DjCIxM/stxEgA==","faoiUuJEp/PQUlPkJ5Y+7X/QU9+22nWk1XIcBIx03sE=", "m92HRqWamUgtvUREM2h82A=="), - Bfs.Create("OjvI2yVDcbL086lIkTkkhw==","6JhQzb/0azllC+U31l2Lu3CCa6Gpylqr3VA8XsavXVc=", "d8Py+9MVbExX/fDKiilYIQ=="), - Bfs.Create("x44kZiD6ZyFu25DBZG0kUA==","DK1kiusKaRw1HCkAqrTSw5WDjJf9DHvq7aoAuk4bTQU=", "uojGf0AYi8e0iW9llxg2zQ=="), - Bfs.Create("w5q2C4d4bzZ/9sZc2lO8dQ==","ebK1rXuj6sVd/DiUHdbFKgn2NgqGgZBFqjJ1nYn+XWg=", "t8CnQbNlXownK5NmtVrGMQ=="), - Bfs.Create("8TFU3fdlXPIcw2rByGZvPQ==","UB1lYoDgZTEdglCTQqCLkofF/KlnYibcEIj0psZxSjY=", "OkFGRtK3sxvhOJZlwXtRhw=="), - Bfs.Create("evvzfwb+Ns5We2kh6a8/sA==","YBkWNV1hOv6RYCGddsMHCigB5jqBku4SHPcFgaiwBec=", "Rj7D2uUWGnH/dWhJ8aFfog=="), - Bfs.Create("1oIX77H/Lva/5IeHEgjaNg==","11czmRwDJiScJWarZJxFgKEVRfGA4lxkJm8jTbrwKuE=", "/CZ7bJW+cmZLZd6ZAVtt7A=="), - Bfs.Create("rt7yJp1orh/TDpurP7qkqA==","/wFzqwe+QkWUtxadf5TNsGdZVzvEpryZ9B0B3UaF+WE=", "ouOf2JwSnscSs8JRMw+oZw=="), - Bfs.Create("iLj+199bruJDhLQMegufaw==","zCScncC2k653Dr8aeKujUP2YAfSSToJR/fkgNXkoJ5o=", "7FTFHmmpMXK6FbwdOz75tw=="), - Bfs.Create("etcv9hA8t7GVTFUYpQ+lRg==","JFp6MwvicrAIVYfar43LAq7dC/QsoRLE49JNu9AT7N0=", "dR/Ztt0UmQWRL0k1H6EAQg=="), - Bfs.Create("BOSAI+2zYbxTIRl7zavqMg==","ACRlGSl0iTZKRhl0eAH87ySEg/k4rbw3GfCLwL89l5k=", "amac1MuJF+uq8l/0ysopcA=="), - Bfs.Create("ECp/jANWvBWXfvF9vyCEwA==","fF+pRqEuay+Z0D3jnkf3Zh9tR/s/Yvk/iMgD1uZoQBk=", "ZT/HZKpRzeqJKOeU92i4yg=="), - Bfs.Create("Q2PvSTPs/jCxQgMt660mBQ==","SMjVhm0Yq+NX+wE6rJX+g4PznCfPnUXm09bdRMPCsZ0=", "Fi8Gx72kkpv0+FWZUhH1WQ=="), - Bfs.Create("wbqLgGwcQqkJm7kPEvm9ng==","0qtmT8WeGmT+mDwrWb+zAXlvnm3EK09HyaACI480mKo=", "aq4Re8AqoikEJXmmcPNvXg=="), - Bfs.Create("BGuQHSkG7UCkd+y1GaDYhQ==","LIozqdZm2N1x6DYxAW99/dvv3WkG0cuM0vujU3QTApk=", "lpeAHkG4EMZD7ej8i6xPww=="), - }; + Bfs.Create("yb2gWHe+9e9acFtlgiVcAQ==","svj2/rI6dHFjVQOmW/axA3GsiK8JsIJsyj13Lxb4Y4Y=", "bdM86vqp60Sum2e8a+HOCQ=="), + Bfs.Create("5QgUM5muil7HzxFj7cuS2Q==","6kI7thd4uwdAbbP7WBo2etS3nQnocILfG5KIX427QYg=", "wJOO7+JSQEjZEalXKpNtGA=="), + Bfs.Create("VAzKaq8IbusbB2/hgfix+w==","uCdRuBlNZ8B5s1rO4ll5OOOWPiAwjiIWfVuPbVnlrFE=", "N8Xo7pa3mvE1p+ZDP3BmFw=="), + Bfs.Create("pLQqICEi5/y2SqAoy8cqeA==","M1seSehgO/pKjrdYCCvVjbpfcBCJfJzzmdcJAUjUP+U=", "F2ZNu82tIUQc3tsS7OHkXA=="), + Bfs.Create("nmTq3++ZlT9cw+JWGkrwWQ==","EnVsoQeN8YrpJ3FhBJ6nZkkmz98TXbsGZJ4y+AzotN0=", "mUusA7EPvHY90tlU5VHyCw=="), + Bfs.Create("ynWxMhi5BYZf05+7a/w21Q==","8MZxJxwQ2R6xtraT8I6pTpsKW1mu2Xl6dB4ZxwP1vaE=", "83uFMv0Xxfds/tInahHFsQ=="), + Bfs.Create("bv27xjKpx3JIY23xh+IkFg==","E5T/dFJv9Xn2XbVvn0eZ1sWaM1pT8KVBcpdrwMsU+JQ=", "hCFOKC8aWKYV3uJArbbnKg=="), + Bfs.Create("f0RWk8orQa7mXiaWGKCmig==","FOs4H0j7YbZBBpgsPukDjl0Rz6BExqvV4gpolue9vks=", "mDXPFmBUQ9RmOcGNgg1eaQ=="), + Bfs.Create("xF+oIAUwPh5M+uG/jRdRPA==","yns6pxEncgRnztvFM9CzUM+itmAC08h+5G3V+D8Y2Ew=", "vp18I0ZEzjN5R8C/egPTPw=="), + Bfs.Create("Yl+IaWS4MPxuhstVcF7yMw==","rMXUiysQJckmixid9T28FAjILUtiQtG8UaNOfjIBix0=", "lLm25qJ/YqiwrG0E/SwftA=="), + Bfs.Create("DyEpUoGBdLFYb0jiurI7yQ==","17e4QhMepV/sE7RM7X+WdfcGagcyLBuIC13uMpEnkeY=", "dbCWZO3EdKdkfn6i22HndQ=="), + Bfs.Create("zt+bJDRldvtP1X5JE8aBIQ==","YzFGYQWDVffWMSv+/ZuLHvIv5/7/jhhKX81hsZnHb94=", "2ft/D4Ks1OsFwxpPBjThpA=="), + Bfs.Create("LpNcBkRr0h2vGC3X0aob2g==","g8w4Bjkq/vbcAdgOwlwOXBWEyVegf8/vxLvyRlgL/vE=", "OLBsi5IucWHnKjB41nW+Pw=="), + Bfs.Create("xXBetzKb06b8lCHQXQjvOQ==","DHfCfMk6ZAufhkbz1rnSXmee4ZkQmiqCTAxwGDlsnLk=", "yQP4NhD62vIvQx66cAuyuA=="), + Bfs.Create("7eqms+hoIcg4aevZm51cBw==","xMt+1/R8FwppXhQEstLTz+JS/Zo/pYIBGaSIBLpXBWY=", "jWkjAvGIxZgiR4LIWayeXQ=="), + Bfs.Create("FYK5fs1Fhlqvbrjtsv1prg==","qx9STUE1b6rh16je7/WHubp7ClAImtKSiR4P4pnEpnY=", "ffi3AH8KB2bL2Ut8uao3vA=="), + }; public List obfStr1 = new List() { - Drive.Letter + Bfs.Create("NP/BljSwGdxsVysoi2hrUcI7JyB0Wk5RYIUJkW+ceqo=","zP9GNFpvjlr7SF8Vl9sdSW601X620lb3ab7rv/bWmHw=", "+3F4Ko1vnzA+JqIUSRaM2A=="), //:\ProgramData\Install - Drive.Letter + Bfs.Create("/waUpzpwCfFg4TXuXoPYj13Z+9TAYJyNSOmOiKrA+gw=","pAUR30EQotwNQdetWDOKNozJCHD25jN9fjlCDqdd2zk=", "+UtW2x87l9N/S4TUYD6QrQ=="), //:\ProgramData\Microsoft\Check - Drive.Letter + Bfs.Create("LaXP2unDi7ro3rEr4rkHZQB1dOKmMIOIfCFwraanit8=","6oJLQCWeMAWGwlcukbISuLfT+1zaeE7FZcgE5WGZwno=", "AEuEtEx/5KBWM73doW3wyg=="), //:\ProgramData\Microsoft\Intel - Drive.Letter + Bfs.Create("eu04dRFzXeEQchdLny5U9mft+r/m/QADqyVFMgTmLieSq3TOR4n8+VzJRblCkMwpIf836YDeUQbWXfT+gPOC3w==","09MGhf+AjCE390cvpOvixzJ4MRI+vjvW+oY/zy26L60=", "Grx/D56OJOvBsp6wUvdGzw=="), //:\ProgramData\Microsoft\clr_optimization_v4.0.30318_64 - Drive.Letter + Bfs.Create("1tDYAZZI5GQbCNTvyBT2Rwkpt2zg1R/80Q6QyVAJ/tY=","p3nEDFSFstg7aEYNjPLNlZxJ25reQxXHHTdFbPl8Tl0=", "7MTtSHqH7CLXIyZaarUMtA=="), //:\ProgramData\Microsoft\temp - Drive.Letter + Bfs.Create("RkVVp/TNdUXsH2JNZ5OaVDAM3mGpyAEFt3SGuPDoKdA=","YaS2t1XkxHXtxD2ZUuYvAFjGiW66hG5ExOOS7Ap3nKk=", "XbWWZJPl9UBpLsmUr78icQ=="), //:\ProgramData\PuzzleMedia - Drive.Letter + Bfs.Create("qUwQKd30o6YqNoLfz0KhHl/AJ+T/50r6/kNQwhSDviU=","Gf/GFw8XIQ1QslGxGDWLk6bge4cWDzl51vFMBzRRWHU=", "MpZO2ZRY1cs5WkF2YpGErw=="), //:\ProgramData\RealtekHD - Drive.Letter + Bfs.Create("eHwikQ8pIKWXYeLPhp6+6+d9YWlEpSOaslxFuQtzZJQ=","xD5nK31II4os0mbrn9G1yqwlr5rBKq2WmCZF/Af4Zm0=", "uGCHE2eMXjA02g/5V0C9Rg=="), //:\ProgramData\ReaItekHD - Drive.Letter + Bfs.Create("+6Mg/dIhcmBvNS2QGPXIauccB6uSTfimigBd2Kh485g=","7RmdmLkHYoWptcuA3w2GWagDB6fFcvDziZAGIXHqaSQ=", "Ndez6t7bgrqF/pW4Zqtmtg=="), //:\ProgramData\RobotDemo - Drive.Letter + Bfs.Create("2Uezd70ZphkAsRnwx/jz6yqRc/6XbvVAhAtlgOMUQs0=","DWW3BK57VGzfE2iMqdcLlnQ5h/dvPMUL508MIcnVp6Y=", "GUC6hBkoTDPSU9igcFrHhw=="), //:\ProgramData\RunDLL - Drive.Letter + Bfs.Create("SmymPzMe/BbEQWNGkO+jPvmFv16Gfy/wSQsaWeikVWA=","SBDScFVIb3gpa4BmO1+ymeaSGqT70XOlqpkxveufiQM=", "j0XRZMFiLo+5XLkSym/cUA=="), //:\ProgramData\Setup - Drive.Letter + Bfs.Create("csgVNS88EXoSuHBoUAX2h2tteTvuKtLx7dcMnaZRnuw=","uhIEcrQcEtPrvvO5TS7kO9IEjnmpMNxrJ9EurD/lXEA=", "CaG/41NBX0aKs/cJ0NoXpw=="), //:\ProgramData\System32 - Drive.Letter + Bfs.Create("KbwEpmBtoUQl2iNcBZz91yjXQpT91us5uKDqzuCD5U8=","lWAfDnU3lkRxZgICI//Ui0QStkSyfV/i8zb9rXcekeg=", "c3NVwdPk0sw+BT8NgcIJ+g=="), //:\ProgramData\WavePad - Drive.Letter + Bfs.Create("uDWko555Kps3DoYA7oMV4zG0/FoPoCXUmH3tVphYaf2AF/ftY2aOjhPQl8mhtLyD","43NuKogyYxPO377QiF+vY8N8EtKb/rgr+FfNkqfbNV8=", "26/Gk2I9Hx/j37Ka29qqwQ=="), //:\ProgramData\Windows Tasks Service - Drive.Letter + Bfs.Create("Ysg/bXJNG5UgVa5VmVW0ZBRMk0opfICe/9DsgQOOvGI=","aZwMe65i+7+fUNN96YJ1Q570MTJK/Z7mnH1Ldfi1+GE=", "HknItf+j8zcOEewmpQmL0g=="), //:\ProgramData\WindowsTask - Drive.Letter + Bfs.Create("2D3sXLjPH5DZnK4QR+DxtVeUy44+fD0ms8ivVoorqcY=","zluvH8RJl8Ky3Z6rGgnGoypJhcby7H2OjrSgdgtE0KM=", "78nifUDfIuRjkcLTEgrxzw=="), //:\ProgramData\Google\Chrome - Drive.Letter + Bfs.Create("4U0WHv+rYccMCeW2qC7NoWyruePxdA3QJwo1Q0VyqQU=","53KSX6wwSannnOnqXAFD4QL5bHlt3AGpBeAjp71mhVk=", "NZdweyB1JzI/jTrMThLquQ=="), //:\Program Files\Transmission - Drive.Letter + Bfs.Create("GnFjPBIeSpcEGvazN0wOwyUOTBv+/pjURAq+ZM6Di/0=","CT9MYb4ADiNWG+jUhCNVzbCB4QZBtjnAxy+x2zHEQaA=", "5ZXyI3neYsrFfx/gGsR1/g=="), //:\Program Files\Google\Libs - Drive.Letter + Bfs.Create("09tsAWg1CLajfYIugV5dWtYHj6+iFSYnUbFJ95Hksj0PJNDRedh2HaD2FL4i1iBX","Sug6S4TewnPEybZvzpI3vQI9J9fxgEAiP31xv6Ljpmg=", "ePiVOft5hktSC47NH7MZ8Q=="), //:\Program Files (x86)\Transmission - Drive.Letter + Bfs.Create("1+LYmKk6GXI5jP9Ur4XlwUx2yHY8rBeQKlmR43w/ICQ=","UZKPVEtBi9aF8ydVTxzuETIwLADSqcLZyWdn0dSAzVE=", "CUHIBY63Bc//8ppywK5iUQ=="), //:\Windows\Fonts\Mysql - Drive.Letter + Bfs.Create("jssuq89DpM4BxgWPMnU8aJ0H5oZLDp/SpzmE/ycA7CooL/mfpCWo4tJkizHv3Nqn","+fVudyudvr7kl6K4PXlTM4UTCuvueeEhqEXDln8/yEs=", "c0pk/MSKxZaSKnrGZsJ89g=="), //:\Program Files\Internet Explorer\bin - Drive.Letter + Bfs.Create("zIIDg+EwQ0PiMe7GbkgcXTIDNHf8cMegkEDoXb/f1XI=","4AlrQO/zPkPnTyA32SF3n8h4az9j7WzHv+NCMwy423M=", "3QIzFOw9bLYCQGiVHNsdJQ=="), //:\ProgramData\princeton-produce - Drive.Letter + Bfs.Create("i6JwECYS9JnY0hDoqQoZ1qWd0hGTL7JASpJgEHN4vsE=","MXDMDVJH+FqKYdT2J1Xj8mC8ce6AmwP5smQF2vTTA5Q=", "Di5EL0ASlLrv5D2S+nzw5Q=="), //:\ProgramData\Timeupper - Drive.Letter + Bfs.Create("J/fd8hB9j2aGe1BadCCFSW2hI6mFc02+eMVy+87Pubg=","gYkL0XghQKZZreRuYldx66Nei/WhLLVOkGO5BBPaQME=", "GMn36WNDQAROf24CbFQeGg=="), //:\Program Files\RDP Wrapper - @"\\?\" + Drive.Letter + Bfs.Create("dlNhw5J5IuiAtTTI3R8FLdomROpK1+8b/9PG1YDNvpM=","frkHXotWhzz4M3jwj1g+00+bcyVUrOGLPO1fMG0YqgE=", "a6qo7etlSc8UWzZUVGa2ng=="), //:\ProgramData\AUX.. - @"\\?\" + Drive.Letter + Bfs.Create("VBl696ZhnyfPlwpy1TKrxNA01MfO7NOFLkDjXxAz/dY=","h6LPCQ3OzEqHSTvIaRJLU7UEZQuaDiafeTACy5H3ZxA=", "Vx58FSz2wC088MO90xY0WQ=="), //:\ProgramData\NUL.. - Drive.Letter + Bfs.Create("u+vcRwJBIUPaL/vbi150UoqYc8lG/6dvZOWz6tGnQJ8=","Ax+YvaqHeADPKxlWYCyIm1eSTaElaLDdRUgWTzjM2O4=", "B+jWyVBTFqZxPmIh28eXJQ=="), //:\ProgramData\Jedist - Drive.Letter + Bfs.Create("JBQsd2ldRybWk4te5v+PmqhXHDsSktenuVDqAcSGUcMN5d10dbzscWRFaG4KGEenjGEsz7bLqiqQXpmA27L5fQ==","HwKl+EhXJB+Dkw4l5bc8geGscLKKXNVP+tvTbUMpBQY=", "gOigRjOyClkk757+A1YeuQ=="), //:\ProgramData\Classic.{BB06C0E4-D293-4f75-8A90-CB05B6477EEE} - Drive.Letter + Bfs.Create("P1fNEgm2Wtp0kO/ZADQYi0fA5lepe8mQziOmoTdnO0nLRmFLW/syrsHNWEzE8JtLL23B/rr+jDyirtXss6IN3Q==","LYS5o/fXYdnj3mBybrOPh07ujfWFz6uQvsn1GiopM9I=", "uQlN7UKRNyymEQdOFvnZqQ=="), //:\ProgramData\Classic.{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} - Drive.Letter + Bfs.Create("ClzQUOsTiBKjr8xuK0/t5bMHpRW1KtCVIOLxjPBmJUM=","CKViQS4OXVy0m7bRM1RTudm4C8ZMZBntlvBeUBNepls=", "tHVcsED3jF/jp+6E+5aYhQ=="), //:\ProgramData\Gedist + Drive.Letter + Bfs.Create("UXlnroScElRioqo4fdEtnyERAF4iErAZA/vi8eDtHUo=","bM9VSUP6H2PsLpzh8+2emHh+Xt1vz1JIT6IbHX6qWqo=", "2gvo8zolGMQDmqMwZCIleQ=="), //:\ProgramData\Install + Drive.Letter + Bfs.Create("2b9TvUfRjemxQ1MAiIN6OAZ+LKBi09I/ujl84hXY7LA=","SknANTrvSBakDaRJ0p7V6+JmCMV/ZYmKl6Qk2UydpHY=", "QRKIIxLt28zw4P+mydj/LA=="), //:\ProgramData\Microsoft\Check + Drive.Letter + Bfs.Create("uJmbqXCXB5hUpgNjPeh8Ha9Jax6i/w/QtkcJseSIibA=","5MSC2y4kOYux4Bv1cYQweXJCCTTnnAj4amAvQHUJ9Bg=", "cCfV2/iHBi6EoGOj5Z/7kQ=="), //:\ProgramData\Microsoft\Intel + Drive.Letter + Bfs.Create("k5VjuYMq5IkivNgcUTT24BK0kI9gONscUq9UQaJfb8AavQje/j9dO1OBuyhJTAnUUsKZqRUa2gV8/7l9RW/Bqw==","/dh6iq52ORsztLEdrySAZwJeX9NUqwFCBes6Hh3EvqU=", "z0/UAfNAjcoabTe7yY4drw=="), //:\ProgramData\Microsoft\clr_optimization_v4.0.30318_64 + Drive.Letter + Bfs.Create("TtuSbwT3FYKnIOoUinxN/cW4nWOx24Ng4sdtA9TKc8g=","6zYZbr2RnfR3LKOQknpW/gxoLE/DxFcubi/FcJFhPMY=", "mxAC0uAX/+sfUAlczsBzXg=="), //:\ProgramData\Microsoft\temp + Drive.Letter + Bfs.Create("39H5OqFNNCNwcIsnVoSTCeKMqAPG2KR4eelxL3+CfYo=","Xji/h1LPQHhy4HFAxCQ3Z+Tp7AwdrtpDQG+eaNlDrH8=", "ueSOgccQdHzAnfRszfmuwg=="), //:\ProgramData\PuzzleMedia + Drive.Letter + Bfs.Create("Jw0dtF1DJ3VU/elu10IAlKikuzkCl7WOHX/ioou3bZw=","cI2YaXKufK/oF/YTNHsCqF4We3MMKSJKz6J1rvRr7ZU=", "TJu3TYbprJdjeahYDRFEvQ=="), //:\ProgramData\RealtekHD + Drive.Letter + Bfs.Create("vfFGWRmIbef0R8alYDocxs9tECP5f5dIkTfdorGwVy8=","NQgzCVmZi2eFtBdk5bjT6izff7xuG1X/PrsIan654lg=", "9T36RJcfpZB16caeLWFSRw=="), //:\ProgramData\ReaItekHD + Drive.Letter + Bfs.Create("zZfDtlD89HfXUsnsVLoSCQfKYRGHDbxs3Dl8mP7myq4=","qK4fKlPi4i43N93u502PHEnoORhuZYxS5V5rEfB3yzM=", "oeHb1zfHju+nwHbZgAs1tg=="), //:\ProgramData\RobotDemo + Drive.Letter + Bfs.Create("sMPWLOtJypiAnZ/w4cjgx7xdZYA3rCTbbpgo0cOX0x4=","U/50gt4j2Amrql4ClwYWpOSmbKgAzYrjq9Ol42fJK1A=", "CojUbihbG4Aen2imzkrjIw=="), //:\ProgramData\RunDLL + Drive.Letter + Bfs.Create("vfsWUvgNvdTxhKipCTwsa+S0SM0p9zKpRsHJXDTLNY4=","CbZXndQlW16ZQp1YZQrGqx+pG+gR4QmjxPhi9aBnDpI=", "Ovv3fBtfErLOdXQmb2LjcQ=="), //:\ProgramData\Setup + Drive.Letter + Bfs.Create("aFjU51MHk85cObg9Cd3QE2lEbqfZrpXabCGJt1qdsk4=","X/gGhqBObwkjp0SQYiBP/omn2j87JtDNxNVNq8W1HA8=", "H+ogVTnlTeuxOzSXdqcV1g=="), //:\ProgramData\System32 + Drive.Letter + Bfs.Create("xlpULTff5NOLrQ8FVfwDhZOavzflmX4qLcn3Zfh/Hfw=","pzbmWbFimvlHfOpBzyP0D7JEbbHbXus+Hdjg7YeHmlQ=", "Bp+erLaWgjiNXfm4FYawkg=="), //:\ProgramData\WavePad + Drive.Letter + Bfs.Create("zZp2qwJNwNG+CzhsnIj7rvZbwmkfUif7u5FzBbdUfuUXkK5aQrrkw1vEOyYpibOk","KnnY+aiOqEzPOjyk3H1KkTH/MFpcMRcNczK/ixsTAVY=", "dHKv1cjp0065D3/5+6o4jQ=="), //:\ProgramData\Windows Tasks Service + Drive.Letter + Bfs.Create("gmmYSVivGAWZCVfzBugIjfsNgunXRBLwmPyUahLqt+o=","F/NlR4b2YiYf8hidjK/wW7923EVcNfzkE1cwISmmaAs=", "jzWfZUM4yPVjgEWkHV7PjQ=="), //:\ProgramData\WindowsTask + Drive.Letter + Bfs.Create("GcY1X7Az5LDQOmXBA9UMQTcgZ0ohOOGk5BQnkwdYW8I=","fOOZToUKvAYyoF6TsrcARUXHrKP686lYZdBW5nbJ3zA=", "rQM9ZcYq4/V2K/g8tYma/w=="), //:\ProgramData\Google\Chrome + Drive.Letter + Bfs.Create("vZPZtZtLdGYDGTXAe/SjSvHFIb35qM1VRfOhQIcCiAk=","sILnQlTB9mdGoEuLdGs57My/QssuIE2w4tTq5kAn/dg=", "+6UAzYOiR0nJnakUtFYnFA=="), //:\Program Files\Transmission + Drive.Letter + Bfs.Create("o6PqGUYEmok6Z09EwKfu/IQmGva7tJoPsg9Mlrdh1J4=","R9PkObwUg/RiklHAgK2LQciyoCEd6totMSayi62zjsQ=", "1NqAiuop4AZSd93r7cLTSQ=="), //:\Program Files\Google\Libs + Drive.Letter + Bfs.Create("shutUaJ6okfUuGc3aJG6Gq1uyY3XUCAxa5FJjV5s9EACBsV1LWYIx2ACKHtd2IR1","mpdpTcn3K2u1ti7bpQsspeIjfGdnVqJsMPDPtqJ8tm0=", "V6Uf9efoqTB0g/LRFJE4yg=="), //:\Program Files (x86)\Transmission + Drive.Letter + Bfs.Create("HfkEp8AynXBRsqeNplPs0vcdD2crZXv3zR4xhB1zxck=","ZQSA6mhjw5+Dzb/joUruKueZx7IbHZQHwazpint+h54=", "tRGMMvLhq0Y7enr7pSflYQ=="), //:\Windows\Fonts\Mysql + Drive.Letter + Bfs.Create("3joX7EOWGieBHaMYQrzdmxWKR4aqdPF31Uoq9EFKBrfsPBeVtNfPBDc/Kddi0Zco","A8T8uYI42ybB5hNRAm9if3X/7oKMVQ45ntBZ19pAeyc=", "zY+89oeFghj9MFyhCyaM3Q=="), //:\Program Files\Internet Explorer\bin + Drive.Letter + Bfs.Create("XAmUfNxMqjQsWUx+SAsBaitzTMd9ymLp1NERIOEoh08=","K0RYDAB1Ic5ZAG8ecQcWC9nxfZziEc7lnJI6hRbZLx0=", "IJfolp+s06+jQHbK1qOC9Q=="), //:\ProgramData\princeton-produce + Drive.Letter + Bfs.Create("RfECwXoEHl+dNhRFhYXF7N8GBN//L1JzTmhsiWsgXuQ=","3YcAhmty8EmLWV3HN/5dYeUClHfQCIfCBRA7dHCr1sU=", "nvBOoJhenYMaUw0bYAVPRg=="), //:\ProgramData\Timeupper + Drive.Letter + Bfs.Create("AG6kRrkzQrLeqeiPqo8NGrgSDD3aRiXQ/EGacf3cL48=","XNd0sNt+PvzlxwHJRsyk2W24CLIY8SrN4ZEAOOB4kuw=", "Nfemw+tjO3nPe9SG/hknkw=="), //:\Program Files\RDP Wrapper + @"\\?\" + Drive.Letter + Bfs.Create("d3K94y4chbbKtYqoDgNfNyKmqpWh3cVmo0yOaJZSNh4=","6GgbiGgH7BmZmIDQqN69eGaVkkp1JNWmBxe0XB81SIo=", "NVUs7TlYESrXbxw8yYr4ow=="), //:\ProgramData\AUX.. + @"\\?\" + Drive.Letter + Bfs.Create("guTFGYzrxqo6Gxh+R+znfOWKQbaK0gCJq73RrbcqgjQ=","pwbDQBTv2vsb9ySf5IDf6c7OtagtjUvMK9gFyEw6n/4=", "Sw5cCLjLQla4LYKrer/vrw=="), //:\ProgramData\NUL.. + Drive.Letter + Bfs.Create("XreJOgvRt5/Hs55GH4MOJ5eBuS850xE+lqtZlG+woS0=","urq+8q3eH6GV8RG5IfCtznw3x0+/H61G6eXs5hj/ms8=", "B8HVYVga5zVhm3cTIXlLEw=="), //:\ProgramData\Jedist + Drive.Letter + Bfs.Create("fk/x2LqtlVL63H5K0ZWvNoqOCSf96zxGtGH3qxPKIiNgSZsVl4R/egYxYoenDXGDRHrEd1dRMqQuUFPT7KUYcg==","jvVfahyerIYAFfC/mj8CG9MTwgsFww6ZnlKE0WOC2C8=", "jq5VxbOKNWYjYJPOQcJt+A=="), //:\ProgramData\Classic.{BB06C0E4-D293-4f75-8A90-CB05B6477EEE} + Drive.Letter + Bfs.Create("QaxLSd/3uuv37qfuDgzu0/35nZfMORA/qdjhYSJ+W857xBG8u2P48hQ18Ycj2Vtzf8R9PqyzMXJjvYw6nuPNbA==","wZMbhzGOFieQTx4kOySrQwVttJk1to13LNjnICdlwLM=", "BQ8ow/TTSWpdVV9/jIXcFA=="), //:\ProgramData\Classic.{BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6} + Drive.Letter + Bfs.Create("EwXU7ExFiPu9Tg1e4IXTEn8bDjY72XLlmo8R7TntPlQ=","92imKrAeQgd5LT0xMgL7wo+aXOyRHHkse/jjWfPQ7fg=", "AlCtFWkp9imhZkW9mqa5oA=="), //:\ProgramData\Gedist }; public List obfStr2 = new List() { - Drive.Letter + Bfs.Create("bosd/47g+9GBB6tD0FDcqzI1KgNNb5UAk4BPTmVyRJ4=","5YpG2/S9U9WlPaEbWzbQCcqym571HIQGRWH5aBn7NXc=", "UiQAMarvB5QFkVJY8OBHdQ=="), //:\ProgramData\Microsoft\win.exe - Drive.Letter + Bfs.Create("c8T/v3/3lAGix0yOioJoozG7VnBaICm2tb2e5CfDO9y1x3IkVsCKJZf0yNapP7J5","DdB5Xy1UT/RKbfA/PAZ631JirHCVFd5bSnue1JKZ/7k=", "xyg6r1ituyPIHYaoxtE03Q=="), //:\Program Files\Google\Chrome\updater.exe - Drive.Letter + Bfs.Create("XQjYh3XHysSUAIctIkffCWQdIaMkIF8I3uxl/FiuufMtYpL2+Wj7wJCCfec+WmZm","CBZgw301bGz3z6/iv5dYuWzFQc7U4YHORrNQkjEOPeI=", "LpmBzW9ByQX2Uo4tnFLvpg=="), //:\ProgramData\Google\Chrome\updater.exe - Drive.Letter + Bfs.Create("1C5zvCqPlIAGrBv1Uy8J2lmpddhu4IpyZm05opg9qWQ=","zT5PJbNjwy7BqHVRX6rEG+E2YlWMheWz5AO8jrH7MuQ=", "hpxsIsnH0+s2g7QvkN+VRQ=="), //:\ProgramData\RDPWinst.exe - Drive.Letter + Bfs.Create("oAHqy2vBx/xRO97ZlOSWuS5pQfZ0KvVz5eEuzYIHWImx98CuxedoBJDuHCtXchi0","81aMONX+g751Hxn0H4YXYt7MVmUt3+iL3KxASmjXva4=", "iIzWYon2ABdTBfG9k+AwPQ=="), //:\ProgramData\ReaItekHD\taskhost.exe - Drive.Letter + Bfs.Create("U/lerGMp1rAkMihHOQyAZghnA2jhrqca/n35CNc/EfovGKN8Tw3SxlwuF+o9kCGU","/iDAZf28If374ucQS+tNRQ3/EEmqpZkMRHctWoMOn4M=", "N97zPZP1pI+hEjtQbcANKQ=="), //:\ProgramData\ReaItekHD\taskhostw.exe - Drive.Letter + Bfs.Create("OoJ5dLsfZdPz9KuoKr7zibrB6CdOTAZxCKR/4LKhbID2zgdwTO2dTCOkmTYDEdKP","V5jCsju7u57GM8e31fJCkzbxBpOCD6La2SAQxXI7Fhw=", "zVTTih17Wj7eU7ntGbH+gA=="), //:\ProgramData\RealtekHD\taskhost.exe - Drive.Letter + Bfs.Create("WCpl+LqfFMdadcgpGaaRRyME4cY78ArGqbBx4iUjM6WBirPmCf1PvQpIguUbuiNZ","xBLPlOlOCjlp8GN6Hjeg85PJ3H3pN42LFo8An2xbdpI=", "thwvJFhaNMa61JzwkxURWw=="), //:\ProgramData\RealtekHD\taskhostw.exe - Drive.Letter + Bfs.Create("10OeSbxlclDeZBm4FpaHXOnihoSuSksYzhFeK7C8+N+M0MPGA27WyVgnY0bswDgq","mZ9YNstS5MmneV5dDbhl6ihBhPSsXB37bP6o59ss1oY=", "M6xdHNecX/unSPRWwep+5A=="), //:\ProgramData\Windows Tasks Service\winserv.exe - Drive.Letter + Bfs.Create("dhxCYphwqlGuej4D5LD9NasmvTvR43qJ3B2Or1AREbr5MWNYBwhXayH9mr+CRYBP","2FoXO93nuJl+AyJHwwTmv17/qB+rOXswy+EOsZgqTlA=", "adaV2b7wB56wG5BEpLzzsw=="), //:\ProgramData\WindowsTask\AMD.exe - Drive.Letter + Bfs.Create("JJFQapCdarxqarYAGmLfyBS7Fyg9WcuIu5j7XzaIiam/Cy7rSE29XHjfyMH7dNyG","37u/b1zc1qpDl2atFPp0GFPQsoWEWFQ8oa1jEaCDyrQ=", "FtM41VFClmF3POsu3Wp/8w=="), //:\ProgramData\WindowsTask\AppModule.exe - Drive.Letter + Bfs.Create("n6JZ2LU8hoP7T/ZJhrtCgMCMzotQKngtiWMrMQ0izLm9vvyCwhUA1ZJEb24ycLuu","U3kp2lEM1ZXfCzhY8ozBuT1ielSkAQQASXBpcEYvbnI=", "hvYqLXnZ+XqRuJuuyGTLWg=="), //:\ProgramData\WindowsTask\AppHost.exe - Drive.Letter + Bfs.Create("4UjZsd850IRaf8b7HRpmk649p+uUu5hchxBCtKykHIky/Ek6o5hFY3X3kSAxH6l4","AVnBPVucRBvLzU8CBVeAaOIje3AAEISCiXnvuk7r1NY=", "EW5743Su7XJ3SCcSW2JGHA=="), //:\ProgramData\WindowsTask\audiodg.exe - Drive.Letter + Bfs.Create("VDKGrik18NpHf9+bLnOCMu0IKIrW1Bll2OySTDMCPXU1pjLmz+Mb6nR1DUZYsV54","3SduvrwWLE0M0MeaEbbTWVnvoHRN31d6Rg72s68ZGvs=", "biMhLuX0GRwbf08FTUa3pw=="), //:\ProgramData\WindowsTask\MicrosoftHost.exe - Drive.Letter + Bfs.Create("+wEgkf6goB6x+mq/h8CgM7Gw8bMUFsD5Jzvvfmfp5xc=","KcQmDv7005DWzWkZJ9prmVLSdWh6lUy39XYg+uoB0RA=", "ojtwILnKsZ/ikYoea4pL3A=="), //:\Windows\SysWOW64\unsecapp.exe - Drive.Letter + Bfs.Create("Z/EtdXuk/93ZjWiNbkeOmGWJDvstyZ60P/jYTpUijM0=","7bGyhmiXt4WmpghIET8zdpXUsE4gSDWUV//wMTFpfSQ=", "+ZuKy75qwRZ4Z3cmGFs6og=="), //:\Windows\SysWOW64\mobsync.dll - Drive.Letter + Bfs.Create("IfV6nrzHSVWupSdVhX8qQ/6Xjw4MTxiR54iGZCUaizE=","KX+NyaizlBcWLoJS8UvYejDi9jJiWsOHWYdpkm09eGA=", "LLNiszKki9mUb92ssWOLBA=="), //:\Windows\SysWOW64\evntagnt.dll - Drive.Letter + Bfs.Create("X0Dsfle0qY4VBRkEyh6GQmlQJY1fa8t2qGD5PrZpnj0=","LBzuhajv1KVKjCIjt8lOJULDEwcquvHczkprRf1Yiek=", "kFvnR/K1GXKrP6bjNwCU+g=="), //:\Windows\SysWOW64\wizchain.dll - Drive.Letter + Bfs.Create("VdpZv0HCBkBYQWMKNVvgTIWWLtHWBh6RBmorc1mAtFg=","Xcmxw29apv6VnI5d3uKmtdAoHKi6iKYt321R3cGEnNI=", "oTj6dozfjKkWAsFRIAYxLA=="), //:\Windows\System32\wizchain.dll - Drive.Letter + Bfs.Create("BDrn4lQyW3BRRqj/+rhlTkhFpWZnCTLpYJyHnxwNJdwj6KoHn9BxXAOO9G8SgxpJ","PxEiVDDv6XAN34JEg6AYwGxmWL3Z5xcosztcBxYD8Zc=", "r8DjW6G6kUS+uBtpJmsJRw=="), //:\ProgramData\Timeupper\HVPIO.exe + Drive.Letter + Bfs.Create("EZCLLYBx6iGO4d1mijg43uRGkRr/ZW6g/yWoD72X4Fk=","J2es7Pu2ZAikjD4lkdOyqy/G80aVNGGD4dfoY6h+WoY=", "oZEvLYpvKvqw+qbx3cxtBw=="), //:\ProgramData\Microsoft\win.exe + Drive.Letter + Bfs.Create("oFxVS+zEBox3Uj9h6VrvsIqHLU+e0pMmwa/tTq7JXXjAO96oljnCdx27/rN+iXbj","BP6ArQv9fnRZb4u2zmWC9Swwqq4GLeRn3/BNs+IbfZw=", "hv+BI9Ywwo2GDRBeOaVdWQ=="), //:\Program Files\Google\Chrome\updater.exe + Drive.Letter + Bfs.Create("VITSR2W3y2a9D7QFTFvQA3lSb9ZFc5IfmN1M2JRfL7iF1C6wvz7g4qn2tPbgdO2/","dNxw8+6Pj/gftSkzUULqINl3Yjf3xkxnPhoC0Rabbvs=", "raa67Toryk5G161BSDDcEQ=="), //:\ProgramData\Google\Chrome\updater.exe + Drive.Letter + Bfs.Create("W9jBAxQDzA50SATPpeC3iZs7/53VfJqR1xJnr78dKRM=","bqzVdwum1VdqawaFehLzuCFHIMDPasLBcRm2EnoBwf4=", "mC57+YHyAJAW7wRUji3g0g=="), //:\ProgramData\RDPWinst.exe + Drive.Letter + Bfs.Create("r82MCzP1dcFm7dC5UEu7hzBoq5nFIFxWc9IKYd24DUDMU2IxGALwEBMwFqthCgwX","WDpQQgCwIXVfKA+TmqBwfVTgfkQAPv/MCpQmCnPbGVE=", "V9UHWjYIWyBLYMz8vZpXjA=="), //:\ProgramData\ReaItekHD\taskhost.exe + Drive.Letter + Bfs.Create("y6qNmAjeMtWSPJ+FMMHFYixJtq9DsNyheLS4IGGooX5oFMSJ0bttzbGTyfKtML3F","8bxZD17dk210cQBaDUdOMtoegafOqHbkEJ8l43S6B68=", "BQ5isMbH4v1xrNOvD9e6tA=="), //:\ProgramData\ReaItekHD\taskhostw.exe + Drive.Letter + Bfs.Create("q89kGMnGCN2toa0M5xH6jW78Je+D0fly341OTtnnCSJGeLEJVizli3PxkKLzqury","9JdQewNZqSVrc3yeuF9bwQ5g/71pRtmhhGRrzCHSPBA=", "G3nUJCIU0CN5I5vhOQgsbg=="), //:\ProgramData\RealtekHD\taskhost.exe + Drive.Letter + Bfs.Create("CUd0rVjtM+kv++Gyu8A0ZjE9r6Dk3u/p7sS6lEVwJeBGBplQUUl+XgHJIjGaNSjM","0OPXRxtB9p7oKeoI/EfRL9dw3mVcQHdOdGhaX3pB3kc=", "abYFPVmjK7CQLNeJwBXJwg=="), //:\ProgramData\RealtekHD\taskhostw.exe + Drive.Letter + Bfs.Create("wyuB9/FNlnxfxGCgResYL75P0w5kEm0Sav1EIU3PJS0i4C5v3Rn1qol0X2OhLMXK","ByQRZPd4zOu1MIzfXg+aOiXYKBMdTOVnT/521shKn/Y=", "RO/oo631KR0vfTEWSRYLag=="), //:\ProgramData\Windows Tasks Service\winserv.exe + Drive.Letter + Bfs.Create("dyfudRYNliPZYdmSl6S7f0M/9AzGUJ8/CVbZxiUSMGYGxS4TU9y5mh0EN/Afj2WW","wq1HglisF25ZVtfZoJkcrd8msMhr55dqQM3CJDWr/Hc=", "LXDsXiPUDCUbc7/vqdDxMw=="), //:\ProgramData\WindowsTask\AMD.exe + Drive.Letter + Bfs.Create("XyhakhgXI/uESBK5vHBsFFlHCjENoZEZXYSYf2LpKDB+tqG68jdni8SW9z6ne7wA","wPBViytdqzXhOBmYEA9kI3H04iFkIwrvuqexcgaJHCY=", "msd+WkzZirDSiaUKA55geA=="), //:\ProgramData\WindowsTask\AppModule.exe + Drive.Letter + Bfs.Create("FjDynesl+pj8lnpaoDTb7dcAlu/jBadHLYa2woABGe4INumFuM/aWVWzDRxT9SJ4","eGidsneWcgHWDxTekmCyhlzW+IY/3ggIGm6DSrDKdeA=", "DRcoz6GynUw7I7970nJmlw=="), //:\ProgramData\WindowsTask\AppHost.exe + Drive.Letter + Bfs.Create("3ye7Af7A7diKbiHEU8plkui649veIPHRQrTAVkvekRNjsSsNZMvk65tzoSFhWdL5","xivkZd0hZXPJgoqd6oduPukd5/3bD/qKczjgj7VJ/YY=", "AAoPz57T8qEExTV5+INj9g=="), //:\ProgramData\WindowsTask\audiodg.exe + Drive.Letter + Bfs.Create("jW0b7v/KRiu5t17sn4NaeqTiomEYbtvldOESd2/KLESDEHZUTYYF7/OadezuCo40","U/7JUzQPgRyN/Qd+EvemXIeUiPVWDSXccaZhzadAdsk=", "fuQJBHaTjZfrr09zxDD5TA=="), //:\ProgramData\WindowsTask\MicrosoftHost.exe + Drive.Letter + Bfs.Create("vAHLvtrvyyAwFC4mNEWlOAt7wH36JFTo6aFD1V+Q2As=","yegbSGQcxAXiOg1CxS+71U7HvE8D52XsC9eJHGEoDY8=", "GEzW3Juh1uCKy9TuqOkocw=="), //:\ProgramData\RuntimeBroker.exe + Drive.Letter + Bfs.Create("KFIf/ttgItJYkdhrphOcm3YLSYSvGb4gt2X2Zv1RdGc=","l/r4aW8HeFkeoZLA2r/87tqjGZ1zOR1FKqDMqthDeN4=", "eDZvI6zErgEXvVoLCsF+Vg=="), //:\Windows\SysWOW64\unsecapp.exe + Drive.Letter + Bfs.Create("5cX/zbY+HdyFQq1tP0d+3ktvSU3PDFTsH1RmjFnL+Jw=","Gz7atXxIJc4lMZebzwbjs/i+DQ6tGW+WAWgVPHVMruQ=", "o1yhjwKTQ8k+CQ2jTgSa/Q=="), //:\Windows\SysWOW64\mobsync.dll + Drive.Letter + Bfs.Create("J+H9KxSJwHHr+DP2/omaBNsjlB7eGCPU8uRpQNaEaOo=","aioy4JegarOynr5lF8V7VkPx0PI8c6Z6/28Wvik0Ewk=", "INfYm/OI5jyFYby2zYSRug=="), //:\Windows\SysWOW64\evntagnt.dll + Drive.Letter + Bfs.Create("wVpq7U7rNxnmDNAf5ONqTwLZD4dMV4ZLcNlpMv/bvN4=","3Oi985Y8qds5hr3nuvoC2m+kbZtR94xw0cnucxLro8k=", "oXAPV32v0PW8ivyfHyPdjg=="), //:\Windows\SysWOW64\wizchain.dll + Drive.Letter + Bfs.Create("Ip602jyBZjQ2cTMGqFLxaI3qqqKUlXyzdjJDgdGo+PQ=","1+UAFeFUDNAOjqc+kZ7/15YN4BOV5lvk0u9kNSrPj9g=", "hFMMNKsT02tc6ChLG4uyTg=="), //:\Windows\System32\wizchain.dll + Drive.Letter + Bfs.Create("iqaBXUAzhaNJCQyPwW9etEmblsVakvqYckLstCF8ASTHCdDerLTbLunecZqIROqj","8+VArQDDNGHh036IxMJnmMVBKJG9IaNs8+Gp5pnDyOM=", "F50m3ZqyClIrCmTbswbqbg=="), //:\ProgramData\Timeupper\HVPIO.exe }; public List obfStr3 = new List() { - Drive.Letter + Bfs.Create("FaU5UbdJ/w3EpGNytMH9xn2VjZO+s/4sL/rffUM7xMw=","PysafIPZKtMHjTIV1chFKHFz1hY5Ex9o4mUcuUuBTSQ=", "wecfTBCDD8ObTWvJmh1ZRw=="), //:\Program Files\RDP Wrapper - Drive.Letter + Bfs.Create("ksCIfPD5sieuDc3v90Honw==","3N9HuMU4U3D358IH7kAH29Nnblp6RMshAe+dIGT6RDg=", "nFDxok31Zw6h7yo6IP3ejA=="), //:\ProgramData - Drive.Letter + Bfs.Create("tqtWBeqh7FFLrt9h81dISJzhOZXBJ3d7dJAi4GGhofxTGtsku+mQN3eunhHdywK7","9eN94I7+dsGeM+AbkVjy08NCGnJotoUnJpCCcSCgaMs=", "YuVoRu2vt0ykk5gmSCcVmg=="), //:\ProgramData\ReaItekHD\taskhost.exe - Drive.Letter + Bfs.Create("hjW01Ak5agr1QVBFaJjm5uE3uKEwKScFdx4dM6sPxcCg6JQnoY2HLwi5j4YS9X9j","MV6yjv8sin6OUDBw/I0NT5Aka5W5KyrsW2BzHmVj4Gw=", "sX9rgkk6fPNlIt4+rMjNJA=="), //:\ProgramData\ReaItekHD\taskhostw.exe - Drive.Letter + Bfs.Create("x3q7wuBg0TZKKfDpmGMRnyFaMzQt/3fRDMJY/x74qHEjylwloTVwepR161IwypPx","OZpuJBG9p+EzDsa9tFcr/hpV5t5fUZVNgPmKiZ8+zRQ=", "7dGydODemZSNrkch42mntQ=="), //:\ProgramData\RealtekHD\taskhost.exe - Drive.Letter + Bfs.Create("enN/PUaU1fcdNcdjIqPL9fx64i8smHFXAhL843tqgfXMZtieWNROVTL4ikxkiw/t","4nHiOyRrM1eHCaEMGA+EISszDaFkCbnZPWMKZVwQ7x4=", "s6FhrnaOwcqOxTEH2VX2lg=="), //:\ProgramData\ReaItekHD\taskhostw.exe - Drive.Letter + Bfs.Create("v0ZkxA9TLOrghrI5X2mw/dz+kbC1WESv86UR1wlCoK7qARnwebKPMM7IVXwfOaFW","UjOiKZP1bWIX73Ju7IU1DFhJ3SOvnjyLWilKwgqfwPQ=", "TjpPNLZXSg6/TjR/VazBJA=="), //:\ProgramData\Windows Tasks Service\winserv.exe - Drive.Letter + Bfs.Create("Y2avUCAtaNJ5jBNDPCwN5KU4cJ8QR0QUpYPc9OkQmVa9BlhHgvXnSRINlGE3CNSn","daMEJpSlGpSiHUE+eWE8hKJEQkLIFdCRl/DZ2WfOAEM=", "3JwzvjLfJdTiUYGc4Q0vZg=="), //:\ProgramData\WindowsTask\AMD.exe - Drive.Letter + Bfs.Create("MzkftewqetAvJQ650rTnJLyyWvjcSEHBmReyWIl65LFGdrSqi8pOZpwDbyt4M/ZM","zuFoqe1LUCIBsozDXjQsAIw3N0m0WQyfz8ilt9jVVSI=", "qaWoJbiZjQebHhc53voIoQ=="), //:\ProgramData\WindowsTask\AppModule.exe - Drive.Letter + Bfs.Create("n5puC1FEXlSQIjKOhiJruqUZ11KvJE6wugAZUBm8POlsaFWHaktQFKhbp4nNzYma","H9AyxmG+qkHcBAliI7kbpCK3ty0J0VjI2YP/IV4qurc=", "syZeDdWQb0D6Kwsi0fVojw=="), //:\ProgramData\WindowsTask\AppHost.exe - Drive.Letter + Bfs.Create("lhcd01HEchitU3N7rLdYCbTY7wl8/Q0VYVB3oWCA4Vpu09/nYWq8sTCEbgE43hz6","Wqmzb2vpX8bqaeaJJpxmsVGTwyNQseTTuK1hT2l5jiI=", "4x9L7i6bqxvnKzehhgaaag=="), //:\ProgramData\WindowsTask\audiodg.exe - Drive.Letter + Bfs.Create("f8Ks2UIq+lOKT0l6DwndXxlKIahXmA8MlKcp31cYJeFv2Bs7A0KBgx8fTRLGsTtq","fVnRhCw/vnd+awWo1lqR9Ia2Gq8OBEOWhWJheEQFKkA=", "T4L0fYObQuZExCHDP9hdpQ=="), //:\ProgramData\WindowsTask\MicrosoftHost.exe - Drive.Letter + Bfs.Create("ZbOwhX7e4J15R2GeQ7oThArnuG5p9XGaeSZz12nfYDA=","DUjiGYfsMrR90jbfsmH7UdDbN+/h4SnxWuVTFZv931Y=", "gD8uQGCdk6aPB2gppahhRg=="), //:\Windows\System32 - Drive.Letter + Bfs.Create("9zGKsR/jVCDifPLt4l7bpBKURIvh948MCbpnryPnCKE=","Ym0ZXs56JrpVQA8Oxk58gn+mv5hvmegwAwnq977FQq4=", "coLDApyp7hnykMTxry64eQ=="), //:\Windows\SysWOW64\unsecapp.exe + Drive.Letter + Bfs.Create("/j3ZAkdP3fFm9x4QYnZeC1q8UMyO9iwaJ1j30gxX98Q=","6Jukp/6U9qbBbTfLN7n08/CUXJmDl4WGcakGP28Q7+E=", "m/lULUSvzbPItxoHJ5l1dg=="), //:\Program Files\RDP Wrapper + Drive.Letter + Bfs.Create("EN0ABAztOjW1/3HxD3aLUg==","9Quq6Nlf3Yu0PIBezCNq2jr8Bjq6W3at3GaydRtmu+8=", "9BtHeJIiZw2w+HRZRbLBpA=="), //:\ProgramData + Drive.Letter + Bfs.Create("AIfG1Bu4lb3x30jYmb46kWyGkh7eBF8eV0sBThFjEIpZ8gSoNrLHL8O7IAbQbQt+","bVGpRVMYdYB0PKwXOvUSBCq2NqPhUIR7oPLiQHqpJBs=", "CkqfVpbXHJniLtqoa0HRZg=="), //:\ProgramData\ReaItekHD\taskhost.exe + Drive.Letter + Bfs.Create("wfwL0lzX2CE50DuNjFmyHz5+OH5ZHekRQ6J+LVePADyXYmh58MDDV9lhLxJRiXnp","7W45KWUxttZeVTxSPrKz9a8W/8xG6LnD99klcMZXVIk=", "LlJe0kLCd3iqJVrOGvFTiQ=="), //:\ProgramData\ReaItekHD\taskhostw.exe + Drive.Letter + Bfs.Create("pqt9o5hVVTkDLXRw6daA12mX2wxU/rMYx1H1vA0C3C6wzNl1qgJBmSSztcz4wVeW","FhKJILEN5PcbhfgPlOipX0Z4c2GR9pZFLcK1Q2L4WXU=", "phd42tyFPp5YhYdzjLbqpA=="), //:\ProgramData\RealtekHD\taskhost.exe + Drive.Letter + Bfs.Create("qHseL5c28aEc4oBpdJNyq0eyNhak9eG90BkKXVwjN5oQI7XtN9zbQi+kOd570Q62","vMMhz3AHmoH6CtTACu+GzfEC3yUY9D4mJWrlg9+rHpk=", "UIzSW+6+T+wmfXRufVOKWw=="), //:\ProgramData\ReaItekHD\taskhostw.exe + Drive.Letter + Bfs.Create("O+xIrFT+vckSNjgw++XhfTrlkpJF9d+7+olu5aI9IlRq5+tRJZk4VM4k9pIOVrMt","op2iSMAo6X0XECsWpysk7R4OujwcT559Z35Th2fmDvs=", "dDHB2E9gEFGIQrOaIe4jzA=="), //:\ProgramData\Windows Tasks Service\winserv.exe + Drive.Letter + Bfs.Create("pkrZs+gVTd6JaS5rLPk5jfMPDlaOK2pxsr72DOLqSigBYJinoSmcnanVbt1leexT","e3CXd8PkPtPcRcFQhg4BB15szpZFt4xgqcRqxeloTTc=", "ThsJaedQy7FxXvEDJIsRqw=="), //:\ProgramData\WindowsTask\AMD.exe + Drive.Letter + Bfs.Create("deSLFvoZkIKm9S48y4jo8SlI3gX+9SVP3Pk3R+/K26f5w4L2h0miiVKvkTubhjSv","bU7LQjOmGdykP7YEbpRWnbJAme5u6HDFSwNKquAP/H4=", "2Q57G73jEKXPtYz8smihZA=="), //:\ProgramData\WindowsTask\AppModule.exe + Drive.Letter + Bfs.Create("7Z7Iir3AhLI4vvJn979Z/t4dMpIFD5f9FtQC7ZE1kNVlIg8yrxzHppZQdAVG0aNH","b3LRnAJbfWjigGzE1A3ja16/GZ0ynbPnZtUS6Xd/c3k=", "NZoqnM8gp7EG9rHaUsJpng=="), //:\ProgramData\WindowsTask\AppHost.exe + Drive.Letter + Bfs.Create("KwD5rRthvx5l4CwKZysH5gcBzRhXCTJANpvqKv24DrrBawwKHsItfmTsblbXiBr5","HXCB8nbn84rYqalK1B+k2y6yeIjznFe7nZc1Po0nkAQ=", "ZVQ4WMrtgkky3XzYenOsPQ=="), //:\ProgramData\WindowsTask\audiodg.exe + Drive.Letter + Bfs.Create("bqcd3nQp/R0m2Ah+Umi8uy4Mm5v6k+x5uebF3xMaXchZVVr0XVX+0LmDtxCO/3t5","WBWGEJJXRn2GjlY8LOBIalk+QA4cbrEKjXcAqauYa0I=", "KlLK4vloSNQsoGwvbAP+ug=="), //:\ProgramData\WindowsTask\MicrosoftHost.exe + Drive.Letter + Bfs.Create("qso9QR3C6cJwXpscL/WOHKyLVkmPuoEHORBfiuDdvZg=","uMfJvkNykdviDtF0EnLovco5sVxbcEIASn/YWt+fPEA=", "+1G5DixFO8mACpO+0i4RTg=="), //:\Windows\System32 + Drive.Letter + Bfs.Create("mHNXLP2Z8dyiTEiQ2HRmCOOnf6GSpXnY0vLK51WDrVk=","q8N5R37egJyEUAQfDZmg9Di6sRL08cobDGVWAnrozZ8=", "YCcgZgzqrzKDGVIjKeDmBQ=="), //:\Windows\SysWOW64\unsecapp.exe }; public List obfStr4 = new List() { - Drive.Letter + Bfs.Create("2rsukaeXsDZyVR9F00piiLg0NPoaA/3ADfzrDVI5xCs=","siNnURNhHsiPV03abD5XAUkUJldYHKVd5a/uG2MIQms=", "W7/ivcMXchVNr7W6Goheyg=="), //:\ProgramData\RDPWinst.exe - Drive.Letter + Bfs.Create("fhdzJfUsVzctD0asb3fwDzz6B/VGIuJY7tH2xymMHn4cooBnPHMCqVYRwbIdxVCc","NZmVGbzJEq7+OMi4HENBWWqzGYCpFm9KJXIpH+T838s=", "mHzQLG91cFJQ/CIzXk8IVg=="), //:\ProgramData\ReaItekHD\taskhost.exe - Drive.Letter + Bfs.Create("sJdQbtuNwri5UqfYtq48LZfrNncsIv6hwDm0VSxEqcRFSXHffiAdyM24dv8Qwz6f","CrP6+NuZaew6+s02wNbzS/cS1A1WIlSKMrmoFC9sl48=", "h4pxQU+Gjqaw8Q+2JZ1MVg=="), //:\ProgramData\ReaItekHD\taskhostw.exe - Drive.Letter + Bfs.Create("EaxZ0kdJ6RUY61fqeVBbP97X9x8chtcPZXJQsOkAlclO79vmwniu3MkKxooHcOL6","bJXWWglJoN7cNd5tY2uHr6OL7Jevb55+AHQ9ZH7TB7E=", "uveLw+gTv1/NWVUCmq8wmQ=="), //:\ProgramData\RealtekHD\taskhost.exe - Drive.Letter + Bfs.Create("g3kjHOFHq0BHL9LOOJCPdXmGVRSc6sQqdrW2rseDzfdubZTcxX22kZ9CaCp4CDoi","oeBzBLx0FGTtkH0hudFuwlWVZUf8CQYZY13eBSoFS2I=", "HF6qbVsZM8C0kQ+zFtv/HA=="), //:\ProgramData\RealtekHD\taskhostw.exe - Drive.Letter + Bfs.Create("tg/PQZd+Vb23uCvQFssPH6vnzHofi2+/fPTnLtqfyJP88l46fAmmqxpKfeVo2NRn","jYAMN+l2frwro+j8m5vFhjvZsruqOiYLddLF/6TK+5Q=", "CFo9L0A1hZgQ2BXHfZEdGg=="), //:\ProgramData\Windows Tasks Service\winserv.exe - Drive.Letter + Bfs.Create("nL0iv6TKzbzMTqhaofisLQp/hoFbWL/tVEHJVHG+cXh3V3EZ7ynDVJPcReA0EiYq","270Pz29ANaLuLmPWg1xQOKgALciQG/wbGAGdwQcuBSw=", "fb1pY+sAcByOgPu7GLUzzw=="), //:\ProgramData\WindowsTask\AMD.exe - Drive.Letter + Bfs.Create("c2MAC4I4/e17QWZaY9kmxVrjP0QpRVHQrvREHG802V1CA7jSsr3rAQ1b6kLjHiJn","KEDIV/n6O5Vf09dQu5uZyq4g3mMsCPp6u4oIb6jHQVI=", "x7Zs8n5FGaf1l0GvMqB+kQ=="), //:\ProgramData\WindowsTask\AppModule.exe - Drive.Letter + Bfs.Create("hd8dhHPWc4TxPK3qdR3WS1zi8dds+oqy5XMYaneHBCHvfqlDEKwjX9oLp3O5SyuX","UqVoI64hwJNEUEOgnsUMClXHpVckoNRM9f9emP0xJhk=", "WRHItVzr4DTFest5JCoXOQ=="), //:\ProgramData\WindowsTask\AppHost.exe - Drive.Letter + Bfs.Create("zPfgZTbAOsHh0sySsAIptOwXR2fFRNVc96fK7JCI9FSTD4NTR9Y7Iz42F1CmJIRU","wEOZCyvgjBQkR3l9yg/dXl9/swteyC0jJvQUPPChyxI=", "Sdn003lkcGqJcv31A4FiyQ=="), //:\ProgramData\WindowsTask\audiodg.exe - Drive.Letter + Bfs.Create("VOMnToHTvk7alRr1gqP2yRllDsoTuR6WhXTCcsq4zOfrlcUp//DtNUJcZBp6amS4","3gLivAXb5gjQktr49F5cccBdTzccVCnQGpvWNHEfr6w=", "sYa/ZXC72JcgXBPacJieVA=="), //:\ProgramData\WindowsTask\MicrosoftHost.exe - Drive.Letter + Bfs.Create("aLAfgJfVqMt4Jslf0RRfb1Fta0g592fLdCaebWAaSsA=","q3VNxyGLoPf2Lponbs1ISWNfHto5O+LN79Smm9v2hA4=", "5RUL/I41sgwdja8joFmg+A=="), //:\Windows\SysWOW64\unsecapp.exe + Drive.Letter + Bfs.Create("/A0WLc/6u1T9/98t4pkzQnNQpxaRub1bY1I3jtlktGU=","49HP5hwhHo4488ziWqHeEzsskXPAFnRMf4mVSqPVsZg=", "1H19GM/q9OalIXtSvgC1HQ=="), //:\ProgramData\RDPWinst.exe + Drive.Letter + Bfs.Create("fPO07JnxfeCS5HzQJbHI1jWRYzADpBDRl22xKLbvxTxgiSB1A4fCew6APw1W3F5U","j3iBN2L+BS6ZtycEKsxHBoBhMOp8wATe2h9lTm4TBRs=", "bC/N/1OquartzjcmbSIEog=="), //:\ProgramData\ReaItekHD\taskhost.exe + Drive.Letter + Bfs.Create("ZvkH099Q1nUlIw2Y2arTouqz9s/l83sKBzlHYkTdawT7+KV33pyVq1+nwLGW2CXd","sOQRlozrmqTC+naptv3Pjg53zkto/52iEneloJgyL9Q=", "glkuN2NId+PQ1K270aqrjg=="), //:\ProgramData\ReaItekHD\taskhostw.exe + Drive.Letter + Bfs.Create("xnV9uIiW92FUv7/jgkKcrpDIpEqbsZIOaSXx/qGwF/L630swh3ycYFv/QV70cV4T","5TC4s+IYdMCNt3NyIMrVzMO+T5rONyMlkwgS3A6DcUU=", "fHb8Erwk9T+ymciJVbfhlg=="), //:\ProgramData\RealtekHD\taskhost.exe + Drive.Letter + Bfs.Create("Cpq+co2iIFE4bTN0NH/16DkRinOYVrXQ8oLjgFokKz1xjXn++olKlLUGsq4IBWyu","TkHlj9455SYeaJpNNZ5OFhik1bJfOXtKngPpGm47Gd4=", "s+ih/lRqXrxvI9Na/LsxXA=="), //:\ProgramData\RealtekHD\taskhostw.exe + Drive.Letter + Bfs.Create("vtsntWhdJKfenaMTlG6kD4+ctdYLwMfb1QL2X2RzWSRuPB9Cah12D/b8sh02BWh5","jsOnHGBvBM8+6lUAUriSpOlWhG5jN6xbsZ6SOOcjVW8=", "8RC6QhhRjHWI4jGYRnWFhA=="), //:\ProgramData\Windows Tasks Service\winserv.exe + Drive.Letter + Bfs.Create("8mRxYBzhcSfaGsIBTM+wWEo2WA4xV/Ykkdp9ZrGEJHKExx2G7nfuj18kW7wjzWXf","xJSw3djYrgMdloAqbigKVwF0wObjwGGvMRQ6WSKq7vI=", "zNpRbgIdkpDnT9PMw7i5zQ=="), //:\ProgramData\WindowsTask\AMD.exe + Drive.Letter + Bfs.Create("L0CWzL6MdXCo0M0KfmbBVmtYROlCKiHXBLx7ToqiBtLx7RPWImbs1AttpZDIeAHW","Xgt1SgBXPBY6yhhm/BqXHxSSFp7l1wCdzoCyJwwJNwE=", "M/3XHL09KrA3SstyTEEWfw=="), //:\ProgramData\WindowsTask\AppModule.exe + Drive.Letter + Bfs.Create("Goj5+G4Ofb4itT3uR447ctYatEzj8+oHO6RZYbZwCBWLIsRtkJvs2spZDYhW4rU4","wlp36a2aTx5LeRJQrwMHqZjT3Q28NAeq+ydfqJYjfKk=", "rQo0kHDLOSvxAPRzMsgihw=="), //:\ProgramData\WindowsTask\AppHost.exe + Drive.Letter + Bfs.Create("nwxToSadSf9I8Y73KGAweAcsjY6mvXAU2byNXXFVorXNzxay6qt2xme0SdwSYxbE","bLBvRr0RCjnS6BWbPMSIzm/Ek/I20PTTvUk2+iURykc=", "pB39KvBBPDtEJf4PdxM21A=="), //:\ProgramData\WindowsTask\audiodg.exe + Drive.Letter + Bfs.Create("cfWFy/OcfoyYFhu5Ya/qlA3IKOJX+VqgTnAxPTRGhKKdWd1PPxxqtn5tdEZDIFBX","cw3cMj/10CTHMo0CZi1PnDP7lttlorxb4UjZwWcmBQ8=", "4P7uczq8UU2CXu9X5PPi8w=="), //:\ProgramData\WindowsTask\MicrosoftHost.exe + Drive.Letter + Bfs.Create("bNFIAfE4kWRrCkQNH6pPbsNzKy1lInFFomkJy3yc+Ow=","dKAUXJXI9NJOpGEBQ5ZFyBej6TFVeTMITqf0+jrIbGE=", "wE3HTGZPQMqd1zAdZ76+HQ=="), //:\Windows\SysWOW64\unsecapp.exe }; public List obfStr5 = new List() { - Drive.Letter + Bfs.Create("/7QOM3Gqt4/xEAeWaWu5TJJtKEdOSY4ApS6Tpp5fzG8=","lLdLA2yf2qE8bPURFbOJxDI56L0IUYzyOK5ef6lrV18=", "DHgq4YvcwsDBpSupPDKNZQ=="), //:\ProgramData\360safe - Drive.Letter + Bfs.Create("U+bkj2nQOxmFQozNUlM3HaVMadod2cO2i+RZb1qDmLY=","3r+XRW3kuiAS63EZ6VABHi88iwA7Ia0xRLkvtVzX5wo=", "Xtr5aTeiYgRhazOzblxu6A=="), //:\ProgramData\AVAST Software - Drive.Letter + Bfs.Create("nt9rkMSYFivSS/IU7X0Uhf76d0b7MelParRX86k38/I=","52+zVcnxOOZt8aCM8k8xzqqUtRNPh98RQlQAJ8iRA7A=", "yPLFEKBqCot5n7FiZ3svRw=="), //:\ProgramData\Avira - Drive.Letter + Bfs.Create("jvFHza55pNSxaWJRQ2wXDVlhGj/Ma+SCyKxJHrPgrgE=","6gYdQRgeXL5QDznKlCg1IC0R/j17MKW/eGUdVjk/Q3w=", "8NTD7lisgysvKwz1lQjNIw=="), //:\ProgramData\BookManager - Drive.Letter + Bfs.Create("17XIqUnyYgvmoMT7LhMRI4t3g1tr6top1NY2/418SCw=","r4iY2QFK4DH54yGl4hYKI4xaOFsl5Hrn6yZgsA30Id4=", "/y/77Auc86XouPjY17kQNQ=="), //:\ProgramData\Doctor Web - Drive.Letter + Bfs.Create("S5HwwNP3LiMm3Zy/WHKi2sdtgtNAii46c21/TL7Jfa8=","ZMBEfvYReJXouG5Uw5OJzQqA3mHIA/ns60ioarZFMRk=", "n6srDNlmq/cxq2KD6Ay2sw=="), //:\ProgramData\ESET - Drive.Letter + Bfs.Create("OOcUvUhUey2Owz4JaRJAVgjguQLCvW1Kq69VUhZBwV0=","mYhfRsi1MhNd6pb3Euri9GfHUyI9vqJtRh5xbKCWXa4=", "1of+wVSpWt+qTWyP6uBYBQ=="), //:\ProgramData\Evernote - Drive.Letter + Bfs.Create("U8tUL1VmZSYCyX6iL/Sz7cme5OHmAq8PiS9bxROhMvk=","+rbYklPXCgUH3RjwQe5qLnA9Ksw4qaxgwgrfgQjnlyc=", "Xzn6osKc0QE9+89r7+MKcA=="), //:\ProgramData\FingerPrint - Drive.Letter + Bfs.Create("4X2Ea6oNqtEKDbonQRH91KutW25hl+AsjrLhn20OtKU=","JPujyZJojdn1FfdfKDoyAy4mllV7bxpml3VQbEE0B7U=", "eX1Umeq944JLRriuF/oytw=="), //:\ProgramData\Kaspersky Lab - Drive.Letter + Bfs.Create("Im1c0Hpl2TUm6jRqanD4a0Xcfm0OJcl+p3lQ3lDUWhTK+xeJn51x0JudPFwiV50T","254WhGIyBNb0cypjwQ3HkcC0b+wtBDf/S4wsy2DpH/w=", "RRd6gDGhqRP0aVUjLEAjyw=="), //:\ProgramData\Kaspersky Lab Setup Files - Drive.Letter + Bfs.Create("OK3f2PvRjmVcQ/cgdcZDlvh/sOkcwcXW18nYV58d2XM=","ixfmdMWUt4gos0U7E4/Pdtfd5rCfARyBoR7nwFLSreQ=", "AqUhomdGm/mAhi/WfOqa0w=="), //:\ProgramData\MB3Install - Drive.Letter + Bfs.Create("Lh8EDSf6YDyK9bwIOjO1GyhXDxXUqJRNydeyx04zNVs=","AVlvNoIOmzWmMf+oST2EF6sm8ZT+NHiwCJzOuGJrM1M=", "G1ZmQBT+1EE54vJw3HBMag=="), //:\ProgramData\Malwarebytes - Drive.Letter + Bfs.Create("6wmYnFAnM3hmw2bZ1gzLaiXejXevwNO/i/dgBA6UMnM=","Ql+Zm2S1LEjBfE9ajn80cMj3IK5WrH7s7/P+TOVTh3M=", "kqKtmFwduV2VdWW0O6s9Rw=="), //:\ProgramData\McAfee - Drive.Letter + Bfs.Create("VcmNH0LoTvtvs2QqQx4j+kTavdweIERlSB+lI71CiF8=","0v+Vu9lN+ykhU4nMasBrxLN1+7CSeIbVvRNHU4P6BIs=", "dKAXHq59lxhgOng/Ghsh+w=="), //:\ProgramData\Norton - Drive.Letter + Bfs.Create("qLwoXBNsJUlINIjqqBY+GjgWxTPI4gv4IwUFkdJeHr4=","tBjX+FoZ7dRBpRiYiCL9bfgB8lNan6nO33ws72ORRTw=", "atfJ1f/7C0fz8iJ/jIpjFQ=="), //:\ProgramData\grizzly - Drive.Letter + Bfs.Create("rhAlfwQxp6q4fefEPyT3Z8MxwDb2fOIO7vy0cg1mVm8ANEQD91u7nAfnEG0xECJN","5DmPQOzblRfThZHfPTHoQ351zctXszZBz4Elu4e4F6I=", "xhdxyy0icSwjV37cpZM1Vw=="), //:\Program Files (x86)\Microsoft JDX - Drive.Letter + Bfs.Create("zsejVOkwyT6JT8kFdA6IztFgTr+y/0KN3Da7/Jm6BSk=","qQdD1PngKyBqBC6ZBizSNIJXq/H4fnAXIQUw97WDREc=", "A1mtcIXVL0sydOipTd0XGg=="), //:\Program Files (x86)\360 - Drive.Letter + Bfs.Create("ZQFyS5uZ+Up7IAf2cSzcnPmEz9kQZKnX/G9oeEYIxCA=","HlVAShLLQVheUDtWEaocyIlMJi7WXCXsKB23eafJ1mM=", "BYpkUwHVCMKhdZhwciCUzg=="), //:\Program Files (x86)\SpyHunter - Drive.Letter + Bfs.Create("DUe/hxWEIMqi1Djjg0YEk4phJi3llS+CGHFJwXXiGgp1K4h1WwiJPIVogci0GU47","3c1ZZdMIPbBCzbg0msTJW+oQ8mZzxkyW9LM9I/Colow=", "MEDwxA9F+Dd/gxcpTtYP2Q=="), //:\Program Files (x86)\AVAST Software - Drive.Letter + Bfs.Create("0ZViFHSXICp5nyBhnuy2lOKzSV8beeeCicZIY0z6laM=","nVS3rpE8jdocBy5HKsUsP/IIHl5DKhnJsIDYgnLSrbs=", "v6HJVWjgCwMmX4eUCssggg=="), //:\Program Files (x86)\AVG - Drive.Letter + Bfs.Create("Fcb9WlIsqfkILo83EgYEbUkrX/R1mA1xC1HqwKNxanjQJACpoYcekkTQoXz91Lq6","L9+nSYKBotwO9rI00+jvgmpTQ4T2rgPfqz/jBqXfy24=", "u4Zfimg8RoKjIkXxrAJKdQ=="), //:\Program Files (x86)\Kaspersky Lab - Drive.Letter + Bfs.Create("ehioLioXW1xUQJbkYC13e+W7RYXiEy65ig+Kkd6KE00=","zYbEFWg6YXjVCcgbWa86UjdSKZHxj/yGW3uhHlhuTeo=", "NVtk3FmpWWirf0jAzax30w=="), //:\Program Files (x86)\Cezurity - Drive.Letter + Bfs.Create("VMgRjSYDct2SUCMvxZHTO+HT7T3QNeIX0v6cBZ/k8JfWOuBpCA3Ad9k6VDa9TZKM","llYZ6qx0DO72C3vqKjRJj2Cq43Aedr2WcGlxJ//itL4=", "jbzjzFbj9y24fTc2UrmlwQ=="), //:\Program Files (x86)\GRIZZLY Antivirus - Drive.Letter + Bfs.Create("/GzzQRLYS1usMoTeHZddkyMnrHTHlc3+tUYod/WOXfTgFD4ftZjzEHCgqd/WjEXx","DFmbVzt0CTLP0AhsrBGG6XCW2HVowxb4zzG7kzsPlJA=", "BEozmLWWx2I9zZJ4eb3jqw=="), //:\Program Files (x86)\Panda Security - Drive.Letter + Bfs.Create("83NO7/X8YjcefDP1wvpktnP3b8Lu3JH8BEAD9ha35sV0T72S++MJSJD8AO2jNs/2","xV00DyU6OtpAltlbyNEorDgFQwWRN6/7pTyVMjNoh4o=", "Z0AsxleVKqiRnw0KNlLn0A=="), //:\Program Files (x86)\IObit\Advanced SystemCare - Drive.Letter + Bfs.Create("jeZywYahy8eIKbtzv8OF+sfV8WK2zgqLXUo7zHfvEM93miI0FN0ZRB1gtvtc3gbnYlS63UjAg6Bjbi9oCxVL6Q==","ESTa0JY8rUhsDwco9WJpGAQ910+OCqWsPthHWlCGayI=", "Xa5QevBxlea8j5lrGhkA0Q=="), //:\Program Files (x86)\IObit\IObit Malware Fighter - Drive.Letter + Bfs.Create("wcmv8NeJD1LopUTo0WB8QkvO7AWFDgRRq2VipBoj9VY=","/98fRoNXdCxlIdGFmoMSdyKwCPLuTzxJaGKnL+g6C5o=", "UrHqaoxBDrdavDwqzVKWug=="), //:\Program Files (x86)\IObit - Drive.Letter + Bfs.Create("91DBI6CS3k0IXO+oex/iBfoPzi2ZhxgM+pJ09zi7X0o=","2lblL552g6wgJ2+YvXCs5jJ52DhhUKWsxzzXJ6epy9c=", "+MFGcj7ZNTUp3uWMu47Cog=="), //:\Program Files (x86)\Moo0 - Drive.Letter + Bfs.Create("mKh0RSzGQCXBwT/Wmi7HQ+wG9zWkvgZa/Qoc+PaCJpGD7iC20bPvr2z3FNztNK/N","IHjrR5xhfo2lheiNTGhk5TjKd3VCYOy7Iuf0cQUhEfM=", "vO5/lElOvMdsBJ4+CDIcow=="), //:\Program Files (x86)\MSI\MSI Center - Drive.Letter + Bfs.Create("713zLMPe+/HNedfaKLsyzkliGIf+HItpRMKiWeelsWw=","PFfPt1Z9dWStTeBSts7/gE/9aCknPj0KjVDq7efPM4s=", "XU8eg99jgcvBZZT1+YZGcg=="), //:\Program Files (x86)\SpeedFan - Drive.Letter + Bfs.Create("9B0bbiqS2hQwsCocfxD9W67xzaPQr0mN9VLi++crfMY=","bX/7eidYJFJeG7i/btu9x+vo0XHehEjzAktWemdS1Oo=", "YiJ0oFsEVUYlmym+kpvdPQ=="), //:\Program Files (x86)\GPU Temp - Drive.Letter + Bfs.Create("Mjp2y4UecczBUVW0fVfs4fAO7dM7rrDGKbx+tXm4K8c=","emd92dfHH32zCA2Qif9AZ3rAktNIKmhJ6bZ/EGaAGmY=", "5g4fDJx6xvGNgdqDQjM3DA=="), //:\Program Files (x86)\Wise - Drive.Letter + Bfs.Create("fNtcUkHXjNbobCLuj8m56Ga0/hdXfxzIH4z5bnuPV90=","TNUjYaKRrKPBzZsZ32Plqeh8n7XRp08wDbKRjTbkxUM=", "bSQX/Bcn3jYrTxbOghoK1g=="), //:\Program Files\AVAST Software - Drive.Letter + Bfs.Create("sLz5G/4UJG0bpCgDYJMxsLwbjTsoMRYRNEV0oDbsop0=","6I5NNpmn4cQ0AyrxN8NtFteCx9TjRysybDP2/wnKyzM=", "bOukNnPSmYZ8D1qzFsQjIg=="), //:\Program Files\CPUID\HWMonitor - Drive.Letter + Bfs.Create("y+RYJH2+NDsOHoAOHNS0phrS6gg8eOdhYHxxwOpNN0s=","PN6f/TxeRn6QRmM1cdJWyC5yF/sfaVEEGooKjJs2uPo=", "DNseqlIUliS1TK5EwtfltQ=="), //:\Program Files\AVG - Drive.Letter + Bfs.Create("l1pRet3Rz5XXMNoObULuEQKln2CfOHJtAJMGfnEuorUshQJ/AVI2xXiX8fmf8E8L","TLYerWkJwUnXSB7fdHsBINQPXSWZ0hf4HTRvqEb54H4=", "KdUmG3l0nFJwXGe/0IZfGw=="), //:\Program Files\Bitdefender Agent - Drive.Letter + Bfs.Create("qNJSH0lXmpXvH76zRKBk5fhkg1YwvQXxlqpA3aJ3Gp0=","VinKpYAfCBrbS6vO+dD2UvafV3JC68A7Ogtz7SAv+mg=", "Xh/tcj5f1/X0k8ArlXuLqA=="), //:\Program Files\ByteFence - Drive.Letter + Bfs.Create("00N7Q+cOptcJIpJ9YHZKu1IzrM+HrLk7da5RUAhE0sM=","N8lsGP1EiCC3no8x9hRqg9EFCZznBtkM3Nk5bbnymz8=", "2JEEKPMsHHg4D/ug0iZGsQ=="), //:\Program Files\COMODO - Drive.Letter + Bfs.Create("zNTTNg+A3TQT9KRF9FgHNHhem7fucs4aJlj2NKHqIDc=","vhedIeo4CD0urpBqOyPg/WfUl0w/3PvbTi2/L6+0vJI=", "lJ5WCH81xVsiZ8G6OnTH/Q=="), //:\Program Files\Cezurity - Drive.Letter + Bfs.Create("yZTFmZlc1+tpx+MjX9fyULn4s9RL8r5KXmEC1fQlXIU=","qt0XOxYnydpm1sxWpDw76ZEKK1zsYhYuMvI+a0eLGV4=", "h+S8mJ0JLyd3MQVNUbcbdQ=="), //:\Program Files\Common Files\AV - Drive.Letter + Bfs.Create("8r61/hx/G1ZkG9KEIxBQK5VS+GUxAJpQ1IUqHA+W8PbWbOq1Odmb4UrnjWR5R3OF","wtLUFZRgKzaafpaR5H312srxZsk4EimQaxkbqGTictM=", "zb0wmOR8W82qgI+zNgws4Q=="), //:\Program Files\Common Files\Doctor Web - Drive.Letter + Bfs.Create("dgP48W75HXyCc02+Dcm2FzgNS5CpD5jbI/i+ahvtxmLW6tWR2aUJTUe5/aPtDWjm","eNngrB1NnGTUMyHGU49H7720kOrPcbsI1HHAdHK0YBA=", "4vUGwN4WWYB13hkWm8/ctA=="), //:\Program Files\Common Files\McAfee - Drive.Letter + Bfs.Create("pX2Uxo8ipoQadXzc8F92E9R4wo+Xl3FvTedu5RHfA+U=","zDiS30lSws85uz5H2NjhOk/NtyjyOKPPiQDX3ucKKHc=", "XvkA25KwaKZdo1TLiqP7uw=="), //:\Program Files\DrWeb - Drive.Letter + Bfs.Create("W02Hg7ahahhEKtQ/ip5fvqaSRHNuGC/RM22N5culXZc=","s+mFe2yMGhl7o2r3RH3/RgDQUkja8QshzH8w0iOZnSs=", "kmjN/8NDkRDYoYfVeWKRWA=="), //:\Program Files\ESET - Drive.Letter + Bfs.Create("eBcyZe6UBLEZtUB8ilEoAxUIQcJZDiIadKq+vXAhjACYlhumrkFYsGhRRtiO29vs","UZBZToprhT3PiULDMtf8eAqW8o4Lsl3JNQwFmitzOrI=", "eJFEgL4TwrOYWmL2vB+CUg=="), //:\Program Files\Enigma Software Group - Drive.Letter + Bfs.Create("zRVAg7QwkH1/k9sgRh1+4mBhYryN5Jc/n5wDfUj+zyo=","TextN8HtyUBNYAWFa6z4C+OAPH0neXwUpcI/5cile7A=", "XQEqyHbm15fjHYaUbYhAQQ=="), //:\Program Files\EnigmaSoft - Drive.Letter + Bfs.Create("uFIjNUWw8LXgdbAuOv84oIAOKyWvP67+xm5NAlPxwXM=","rQ4ic8YiWg9atSLHYZLb62kUavaoCaGqxQHlMZAlEWM=", "dIl1h5MGwFX8qkDqu7nB+g=="), //:\Program Files\Kaspersky Lab - Drive.Letter + Bfs.Create("j93Q0x6VquFQPi2rm0FAkPJCGvWT5wHcafBLLwnl6/i1DEFbRJnHyVUCT9kvhON3","Wwcp6GsabQbR7JOKqZEIfjh/+CDYE7HZQCYevdOaY68=", "qxjQybm77+rJXHHW0oi+fA=="), //:\Program Files\Loaris Trojan Remover - Drive.Letter + Bfs.Create("haJp1edxxPuDXyCheCFr8wgS50ucMuijTIwZ12yrLKI=","yIwHq+rrP5SbRG0YY4/+QBrtiZkP3uB2JLoT4syDjF4=", "Hy6zY/tbnk/vUYDkpFbfMA=="), //:\Program Files\Malwarebytes - Drive.Letter + Bfs.Create("hPcAApG3EGS78NoY2ZMRaSflQdVKUblK1xkQe0/gwqE=","EIHmwXSKWPl5WCCqwPSCywQt3Mf4LVaK9VuUXQZcejc=", "ztDco3ZyCTeEl5oyDCTX3A=="), //:\Program Files\Process Lasso - Drive.Letter + Bfs.Create("CC609W5jbuZkg4sFZ1ZYafJzX6v2Y3J62C2uBOlfZ+k=","He6EJjLa+G8zcwVr4SO2MuOJVCN5KWFeP8bRsB95/1E=", "KAbt6NKvY3P9fkRh2VR15g=="), //:\Program Files\Rainmeter - Drive.Letter + Bfs.Create("CcwHOoRenPwIy88Ii68ckm6BAcq/62Vu/cDcRgnUZ6M=","LC07tlMDyPtjzXsSvIp4Gk6J/Nu/LLjZpIWljBFWUN0=", "up1aEG/ZXwz/jkRhWv7meg=="), //:\Program Files\Ravantivirus - Drive.Letter + Bfs.Create("BNYL61/yJ1mkN+knN4yGUHtvqoXClGMJ+rZKAYv8NoA=","m9luNSE4Lma/t9+zgaqOu/CQNgMBL5Qi4bWz9rVCzqA=", "3AZeTUeYXSQ5/WJrMcnIEw=="), //:\Program Files\SpyHunter - Drive.Letter + Bfs.Create("J+nmd1wW8XbEYMF4RaYAtDOXoauf4tf2kYaQKCr31qKVYKXUj2Z1Rt+i1DP8alsO","AKgBx0SpCyHu7DUpF2dbgUC3Uhs4tXUwStHiMCIK/o0=", "sPxNoTK+vSCqWOdoZ6EEJA=="), //:\Program Files\Process Hacker 2 - Drive.Letter + Bfs.Create("44F3XIoTYT1v660flT1yIdf8CzbqCU8LjxY2xHJqE24=","Y6lDFlXwYOBIV67BXpSX+xpepblbrg8AS1DxIkpKekg=", "+WgYga43Esff1GkZMlSAiA=="), //:\Program Files\RogueKiller - Drive.Letter + Bfs.Create("QPP3p+phH4CdnJUEH23oV7CCd1Rvt2faVeVpg9W92AHEfPLVwC2ayq0Cyly8Imas","pjr6XcvoHuQAH2mVi5cvDamzHryUTHZvFi+uTWYpWa0=", "TsZZIufcEpB/Dy00WkNiZA=="), //:\Program Files\SUPERAntiSpyware - Drive.Letter + Bfs.Create("WpsEp0F/ScidCNp4Y3e0zyyMgfVcztDiyg3tkVHRGvg=","g/F+p052+oFu7W5dKsdjJwWcQ24kfZYV12QlAAZn0G4=", "RcFa4APd3FRPchzosGmpSg=="), //:\Program Files\HitmanPro - Drive.Letter + Bfs.Create("I3I8JSrgUTL9Mqxgqo/8Fly/qe/qWJQ0YEjPpb4nsqY=","mw2K8uHJA/REOcIFo263GItkkNVmiphKqK+ntnq6LKM=", "DAYAY0OOj2KVY4djjyIH7A=="), //:\Program Files\RDP Wrapper - Drive.Letter + Bfs.Create("Rf5PAVaES1gZR77W3jhQtqrG4owVoZ1B2O6/VfX+dAs=","SU9oScSXwrLT1e1UyUATJzIIUzSmlK7SfJfOKM+Rhv0=", "TbfjzJVli/PS+czBeQEiMw=="), //:\Program Files\QuickCPU - Drive.Letter + Bfs.Create("iznfizH1ob4o/oEU4e+sd78NzuGFNPh0eK69qVRY7fc=","4eKELGWwalQTSDjd5hdj57jm4ORdzC+CZjeOC6cmgPQ=", "oy5OskyjJf3MUiQAsKNClQ=="), //:\Program Files\NETGATE - Drive.Letter + Bfs.Create("ejavehHsSgJosg6fsK66HzjyLS93oYOtKMLscA3OgWg=","X673+2ImOQM+kfMmBAgDP+qaXXhpLXeHCa4h3Y2plS0=", "uM9UP7LYeMuHdr+/RXSAlA=="), //:\Program Files\Google\Chrome - Drive.Letter + Bfs.Create("JUB+PoLds0vKQhZsF+WBRj4p83RvRN7vm2PhtS7Pca4=","hTKCtWLR04aP8nZmvAmWfYtwCTEcJAi6Z1cW2xg7Beg=", "ZlNNYynIhjRme+QU9Vy+Tw=="), //:\Program Files\ReasonLabs - Drive.Letter + Bfs.Create("ZM/ytIi/DvRzn5/+uESdaQ==","EdXrQrcL5Am+ljbL9uYGn/JycF1L4M7tmhSkcYfphv4=", "k1LRXI0WGSXp5ndenZgcVw=="), //:\AdwCleaner - Drive.Letter + Bfs.Create("8PGsqpobyxsrvAHygwGg8g==","FNEYjfKTOu6gDai06d+YOFO4lWRoZ5LBWSE00nh5aqM=", "IZFGx+Xg6ObW9VKjnrU3Bw=="), //:\KVRT_Data - Drive.Letter + Bfs.Create("s6dkiYHieCIPZuaaobj1kQ==","xdygKcaeKBI0wrzhH/lA2x7wUEoW6K5LqCvsiLpkyLM=", "ZFvln/YvJwocfRGvC/XOqw=="), //:\KVRT2020_Data - Drive.Letter + Bfs.Create("93FIlX1s7+pW6WPU1EGq3Q==","Y2axRjZyHAaJG+VXCltGTrFHzknf6/x6mgCO9c3hKnA=", "ZcqvmIq0U/lIRrf73XXR3A=="), //:\FRST + Drive.Letter + Bfs.Create("TghjxAgL5x0Tp+yJ+3xIvbfKf6pNX7jygsm2p4gDk3U=","BI98yBS5PLQBk5r+QeTmbM1BG96BG5exJEZ2pg2bhOU=", "AX4fbuiaZP2fCJvLPJaAZQ=="), //:\ProgramData\360safe + Drive.Letter + Bfs.Create("86cz5TmDLMaysGmMM5y25wYKdVzXvbawTpnFrwAN92Y=","vMSC1Jfl0LjJif+EEOsBjxPEmrcniy0zcd2YusESb2w=", "GdtZIvCC4oOHUwdOdZDRYg=="), //:\ProgramData\AVAST Software + Drive.Letter + Bfs.Create("VkSDGHxaeRqWtsbGmHRcVFQRPkmPQUSLNhxn4L6iUqo=","oRfuxl3hMQ54rlStj9pYcsoKEGsYGTXJRads8rhExXw=", "WZP7/XKWWPSjaD5v3r8y3A=="), //:\ProgramData\Avira + Drive.Letter + Bfs.Create("yaqK0BCf9f7uZEztxAPqIDJmuEMINhoXbK2IjgUZriY=","/V9DX+AjDiWy95uTWR2avpYC4rvwtEtqK7famRLjGoA=", "snKA4BElVURTBmPD1WMLlQ=="), //:\ProgramData\BookManager + Drive.Letter + Bfs.Create("0XmQbt2Q/lNOC2aT3Ijwr4F9sUdq6hqqiAZButGK5oI=","eqQEWLFMv3LJkJTeYOfrlBCWWzAG8Kh8ZwI8vxP/WS8=", "XDW9HERaE4eCwZAjb+NSww=="), //:\ProgramData\Doctor Web + Drive.Letter + Bfs.Create("MYOIClOnudWnTirzI5ZXVjtSlDhFl72rkG0xm0kx/Hg=","+0GWhOKNx3ql2TuQXxQ+DdNu8Sr0q2Z82b2ax9wFBKw=", "phw/Bzxfm6qkd4yZsDyRzQ=="), //:\ProgramData\ESET + Drive.Letter + Bfs.Create("JKBqOQJs3SHXPkkr5xUig+wjdO5XYNswULnQMi1TXag=","rx3EmRERUxruxau+GqQeJisXBw9oXKDbOyJyZm4yCTs=", "Afgb2mSPLeRP4DWclxgL3A=="), //:\ProgramData\Evernote + Drive.Letter + Bfs.Create("xjU9ka7k2VflIa98RCLsqSx86xcDkPqSSPWhyIHuoxo=","p6jkkZ9cSl/gzhSzZkRY2K2yEjYMm6uVRIpzi9StlIk=", "VKH6h+6ZMnG/E/3kQ3h1HA=="), //:\ProgramData\FingerPrint + Drive.Letter + Bfs.Create("3ZiOpN8+uMFj9tmSKcYtTeAuJMMUrDdkbwrD5aBis7k=","3bSw40tEJQHZ3GgeD/5TRvj0IRItBUbi/uuYYF4gaTU=", "XGWnrQaeDewK24xQs/1Hjg=="), //:\ProgramData\Kaspersky Lab + Drive.Letter + Bfs.Create("Z2oeG+4LkDj3hz4f8OzuyA25R06SfT/IBEazacxsnr5Ge2rWicFcX1aZB4gF/Sj8","nda16pRW4u8ShFaJd9cOPYq/CMKlFOZV4O46DR4u3Og=", "EyHMXH+LwHEcoucxXY+d5Q=="), //:\ProgramData\Kaspersky Lab Setup Files + Drive.Letter + Bfs.Create("RHlKvkqfV8gvx8JSfSvRB4YEO7U/tUemXCvF5ceTkVE=","GwPnBwdTKN7yujhGAsNEZhJ+weSfzSrEkyo3N3DveNk=", "ca8H370JU1m4BZ4wKvYk8A=="), //:\ProgramData\MB3Install + Drive.Letter + Bfs.Create("SL0j5kQ1Oi8CGHK2wY4yamCsMrI4ErN4b9L2p+M7TfA=","u7HmKY9b9IgX5wNNDvciqJqtwuZfeq15MuleoIRpX08=", "A5L5EAcRWppl7obknQWPgg=="), //:\ProgramData\Malwarebytes + Drive.Letter + Bfs.Create("cWxTrpwMtmQiKCr5K3EZUGvvMAdIY3TDL+PoFswwtF0=","yUz85Oa+Af8A4faCNWSgpxz6vGZif1zquwwkckREb+g=", "s1ay/X9QCQSpu7XCz5U6Mg=="), //:\ProgramData\McAfee + Drive.Letter + Bfs.Create("nngwDH+mJDTa2pILhIXJYpa+OYccitup0FJBU0K7pNk=","Yky9AOVzRKqza2cUoraBT0MxGQTD7GoEAut36bAcNsY=", "vblHq0y7JYR9ikoj1lJomw=="), //:\ProgramData\Norton + Drive.Letter + Bfs.Create("/c5dkygfM9PWncoIDJ6iT0z1376dpYMPuNmA4/5b3g8=","qPtiJRbtbxvon2mgxWAKxGqiNCPZ/yq2eDdmM4EUgJ0=", "CRFda+DQCN1GyDFjLRF6vA=="), //:\ProgramData\grizzly + Drive.Letter + Bfs.Create("ivGxrADyn3yrQLCukBXsWiNjj2GC+mXnJEMYoc4Iaqes7rZsPYzhYzYJ7Ffcuw2l","HDLDg7E04zr+anabzDNX8DHOPBQ5UCju7asKO8U8hCo=", "1k3/HFvbvvUvRlIuU4LM+A=="), //:\Program Files (x86)\Microsoft JDX + Drive.Letter + Bfs.Create("ZwQrg0PXCP0Nus1pANud+4HjByMsSo62FwKAPVK9f/E=","0YKJKVD9ge+T+CY61WkyYyDe0wMHH9V8Rt9rPqzD0wA=", "xW3zjuNKcoOVmTC25P9AXg=="), //:\Program Files (x86)\360 + Drive.Letter + Bfs.Create("yHUbG+huM+lFg7/pWMrzws1wVCMHEFkNmuifQ8o5vK0=","KtcGFCRpp/7Vg69whpwaMRZwVa1RXhH3z4ITxc832Dk=", "zXa3/VbON7ipfw5X2SDARA=="), //:\Program Files (x86)\SpyHunter + Drive.Letter + Bfs.Create("UgopDXW8u5g5ZcbH5W3fHwLo9x/acYVQIf04vKXMJV0z/mE+bNu0EPo1YEVwlhgd","iloEa4vQgjNziQR30stwY2lvqh/AXpsOkskFZl8yC5E=", "el8GaEmnCeLC6rNmzS+EPw=="), //:\Program Files (x86)\AVAST Software + Drive.Letter + Bfs.Create("tQfKBLhZsMNsGU3+IUi6qG929+IgHqjWtirW6xG5U/g=","zeDZk7eukwmOiP25i8mBLeTqJNTEBRTLCnM5lW5pksM=", "2QG/wVMvw2NK1EPAo0DY6A=="), //:\Program Files (x86)\AVG + Drive.Letter + Bfs.Create("/RMHX5O7zk/Ld9tA1y2ji/8PNen1aSTRlIRfQC15BZ+3DOFj8oBBNlw2re1+wk9I","Uw2HHdsDBsW03dUFHDkOTN3PulFJqbXP3D9Hhlp1XTk=", "JN7te8LYnxpRWoGhgxoEIw=="), //:\Program Files (x86)\Kaspersky Lab + Drive.Letter + Bfs.Create("y1lJSbjGSu+o1I15/41NC7LhbRKTTnpi521vjKMzl08=","FIvHTo6mzryHI5IbDRHieACjuWRyPXFZcvrhOSwFwqs=", "j9CzUzMTJSGg0TMCVchj4A=="), //:\Program Files (x86)\Cezurity + Drive.Letter + Bfs.Create("8I8QqREQDH8Ik1Imqn8YNgJOOd46i8fwlP5G1ywcQyoKP3+T8LgTfmpyc7RehlZz","rHvq3FjcS7Hxtq0Ecum1z55DIXj4pBFzsPwRpj8ql/I=", "DimH++aUW7n70XzS2IeoyA=="), //:\Program Files (x86)\GRIZZLY Antivirus + Drive.Letter + Bfs.Create("bVsd5RJ3tuiY5N1GayofWnsn4WD4wIP1qPOREg4yyEEERzZSzhSX7HJGdtx7iPAI","yqg6CTimb7wQ/W4tUxRK6nhhV/hqOPixdluNlyvQyK4=", "NN7QCQK93SxtueIFRRzK3g=="), //:\Program Files (x86)\Panda Security + Drive.Letter + Bfs.Create("oaDxRgLFkPVhRBI8HnnZMlz9L36y/4rDX4id4tnrmFb7nMpuw5kUAFmXpi26T4RZ","2F8Kv8Q51MX44FhA4oAQX5oukc9exBzhQAOWxXd5u7A=", "AooaC6zrO3YJXbPqRzh6Pg=="), //:\Program Files (x86)\IObit\Advanced SystemCare + Drive.Letter + Bfs.Create("xUZcFmzLerh3CxJRdeeo1OKhTtIvynrTSLBqcx51092C9rx2twErUuQ13BmmCj+jIMITEvbcVnPdSiiXXfVA/Q==","ZchE5fE6/cHlLdwVVY+H66rSGGixdzEA4wgswvOwICc=", "vfQMyP/niI5i8voeR7eQvA=="), //:\Program Files (x86)\IObit\IObit Malware Fighter + Drive.Letter + Bfs.Create("AYdo6B4W/34qP4tnaLqlRT3y9fveoQ61Fc1dV2knIR8=","hy8OTdR0JLknbox1/ULN2bhXJgb1/Z9O0Ix8WGJreYc=", "uHznVk54JVsONkJCpkv0Jw=="), //:\Program Files (x86)\IObit + Drive.Letter + Bfs.Create("7KKgcc6OPNZgaDbQE9QND5hyr8MxNlR/7gtyWIQYdic=","C42tbkuJXml0ldDdiTf88JqUskwjp0K0MH+39o2+hVg=", "4tt8kcDSI6NPP5p7KFUQdQ=="), //:\Program Files (x86)\Moo0 + Drive.Letter + Bfs.Create("NXBNZNiiOLm0s5WCsoaPRSqOmUHaUe+58e1avVZRaMMmxwKk9imP+X0PqSlAKCie","OQyS4JipK1evcEYW9r08bLROUx6Xjsmadg9VwML7bKk=", "fmuQAejGxvoGePuTwwTjvg=="), //:\Program Files (x86)\MSI\MSI Center + Drive.Letter + Bfs.Create("SSrgWb5YZgZUYuIwt7neAL8l8vo9LsFJwpMOZgagVUc=","wy70PYfQagPwenJdgP9iS5gPqwtxxdlvvmi2dRrfKYA=", "YrY+4vouHQIe1eVzISnLjw=="), //:\Program Files (x86)\SpeedFan + Drive.Letter + Bfs.Create("cW6WlUzCkdzXmwQ5YJb7Z7SngpflM3kwGJP94MHJFGc=","dFaB716RcPjIhx707/TQYI5reVZXqQmMhHX7SRlWCEk=", "a05xzfL0klw7KfO+t4Q+mQ=="), //:\Program Files (x86)\GPU Temp + Drive.Letter + Bfs.Create("qdCH8ziKuMdis4RTX1XFH2vsgkcVRadHhUKUQR25HXw=","ky2prajkOaWR762BGbuJ5Vd1ElEGZw7Izs4Ntrm8DII=", "f8xAeA+NOCRw1tcKpWBSmQ=="), //:\Program Files (x86)\Wise + Drive.Letter + Bfs.Create("y7TKN4rIXMPHJzgOxZ9knjbWmKRN274wAQBpDB1iv7I=","w3fzVqzfgzRRo95hTwWOrSjwWlYr65r6PfSvPfxy8FU=", "LYgjz2CWvVKATXoQa6TmJw=="), //:\Program Files\AVAST Software + Drive.Letter + Bfs.Create("MJ1OJFqAgIl84LiWZVpMGefK0fTLMYJ9zpJlnf/Liss=","mkjb353O+cVtQORU11a84DP92+yMYLk7afw6LeQMlYM=", "rSvgKtnl19i+KHAyNJzwJw=="), //:\Program Files\CPUID\HWMonitor + Drive.Letter + Bfs.Create("wFthwXmtQSZNOGkUjYSGPKxZ+/J2kgnd0KL1+BtfaCk=","oAe6Dgm2QJ/iGPHoU9q2/s2PT48rLnhQII9QOL/5WTs=", "fd03dgkze/hg4CnoNke8/A=="), //:\Program Files\AVG + Drive.Letter + Bfs.Create("VKF9tk1LBvE4bu82ABf4FsRaSEsDZYBKyweN5byH7wTYmZ5i0GWRQ1fpSwqF0dw+","Tts9mkQiTGoZ+EKwNDNGCTLBBsCMPnpyB7hkSA0DgYo=", "YOYwjWS5LxdkBoIkuN5eAw=="), //:\Program Files\Bitdefender Agent + Drive.Letter + Bfs.Create("/P+lnYp2kF6xgybz5U/BO4ZPuP98+EMv77nWRlj24o0=","lub3yxB6SPYenkMGvB/uHqTTIpUKvxCLFvAvwxWGTdM=", "nDGHI+ZYpdDNmnBa4+Kc0Q=="), //:\Program Files\ByteFence + Drive.Letter + Bfs.Create("pd2zPFX0x+tO9JligTyWaNpixNSzNuTy+QSsaN/H/OU=","QAOLUCIwiezrFSQ8p2I7fyKFUdir8lrakphSCUo113w=", "551IOKD2wiu3R0XxA4ac9w=="), //:\Program Files\COMODO + Drive.Letter + Bfs.Create("kmaVYXBBuEN2+0jioQmfRI9NqB5xsuq8MN6uy48nvZo=","XqNhduHU910/YMUYIVUUt2gVA9MH6fOnlmCy7MJF9Lc=", "bvWnCrggGDR5e4fPvRSNrg=="), //:\Program Files\Cezurity + Drive.Letter + Bfs.Create("i6+YcBZmybyLcMYkvquXWjaksQudZViR6HPGZ4jFxu8=","L7UZumVqMj1bS8mTy4xNMZpiHHVff4oCuR2MHJ0NZGs=", "N4oYbXiwfM0aymW7nt4SAQ=="), //:\Program Files\Common Files\AV + Drive.Letter + Bfs.Create("FCpsZKluCGqnJoLuJaCywP4wc91E05GoMl5QggUo7nwOH8EFcUveKX8Woj6REbUR","uFAy+WaLniEiCZUyt4amMYZRe1R5SjW9a83CbCxcK/c=", "RELxsD8I30L8HACQhglDIQ=="), //:\Program Files\Common Files\Doctor Web + Drive.Letter + Bfs.Create("wh4USNTb+8d92MBSRaBDp4nzvvj3nkk0UTJyB6zwzviTv3tCaFMU/DAKl6F+u9sy","2xH+4eKSrou5iqIfPfTYmCloNA8Z3qNzVimvGxTEru0=", "ugRfWoeVAV+cV3tKSW0hKg=="), //:\Program Files\Common Files\McAfee + Drive.Letter + Bfs.Create("AESoqKPoskalAk/8agZSFm74MRsME755xw/aOsM69CE=","riIug9Y3EwdK+AZZ+UJg3HyylvBdNV83K3PzKbYpanE=", "S2AXGeHOeNt/KE3Sx1hgQA=="), //:\Program Files\DrWeb + Drive.Letter + Bfs.Create("HVBZXyey/MMSQubwMMVxevID7byefvNJBKYzNFUFpiA=","Crh2oeCbiJFW+Jp6n6PfnmeLtSpgqW2DSY5vwJp2MU0=", "oEbfK6tTeWYpGJxlq64haQ=="), //:\Program Files\ESET + Drive.Letter + Bfs.Create("4fSdlcfe4gLRBAtHjAex/RtktZdunmaoq6RSjKjakzY/FpE8xQZF2tN0YYXfrwW9","PxyGvXq2VGIi22kwPtmKm5FJ3CpU0llPU5wZ4oe3qyA=", "TWEg9zm787TBbPjyV0dKOw=="), //:\Program Files\Enigma Software Group + Drive.Letter + Bfs.Create("O3jfPcWF1grzGtC8f1QNs4+FvcKP7o5J6YDfseEGsUk=","KR6PhnSjOELw8ekFmfsBqmHltO7uJ8tL/gKz3OYtxNc=", "lc4ts/LVhaJiixp3jxd0gg=="), //:\Program Files\EnigmaSoft + Drive.Letter + Bfs.Create("f96Va77J0YS/APrxCsLEncBV4n8pGpBduQv0NVLd0xU=","vn6a25Z28EFBjLYS5IsnOyKi+XiQK5F2/FLf82YYyrU=", "b+4uHDs+kXBtMcJw02hP2w=="), //:\Program Files\Kaspersky Lab + Drive.Letter + Bfs.Create("Apzv2Ox5Qz5kmTEdgIG1NpWvIkXPhRGJOP0zEHe9HYwfVqT6UoId8ejYlzXXMHzY","mJrsKCo4/AZowSIsYxjdP7sUPw7ftMYqR1N9eH7Hr2s=", "9ABkD/rhWTjVSfD0UMAt/Q=="), //:\Program Files\Loaris Trojan Remover + Drive.Letter + Bfs.Create("R4Ikj8UstZYDmxBIXxua1+W0C4GXkAfkV7yuuShFlXI=","Zt4iKSF3lta2TVywNfrxzCh9CbAUCrTmME/5xXeVhkI=", "+zAYYtoLSWfFyDPKLb+E1Q=="), //:\Program Files\Malwarebytes + Drive.Letter + Bfs.Create("+eRvEqB142u9s7pMoBW7zL7E0z/mXJjzxRf758Mtuag=","cfnXsDrhzlnlGdYZhZdmCjlZnwwTPTD+5BRcFPkrjVc=", "WGj+cBS60L4kdxaGrebTug=="), //:\Program Files\Process Lasso + Drive.Letter + Bfs.Create("e1QZdhcYhvb0gd0t/r7HyhV9s6BB2goIuUpGWlhLEjA=","6lpd12gd7dEuSCCI/imzIaG39J/H2lOvyZC6ltxR/fw=", "A4HmZuiZMLJNWgDPAtyEow=="), //:\Program Files\Rainmeter + Drive.Letter + Bfs.Create("ZwWRnc/5AcfRR0ZduDVq7vW5gmgWnslzFCQtKD75maI=","AjBfRpnEukNiY3NKgfqRg0+25r9eNZtghEJKHciay1E=", "iSvOWVjUyvQY6W23KEYm8w=="), //:\Program Files\Ravantivirus + Drive.Letter + Bfs.Create("nclzu+U0RMBEnbaJxjcHj4N+4CAJJgX6/gjb02TUjBc=","KOcuJTAl8ZFH1v+BmEiGHs704/HmDEDFZz7dVa5tjO8=", "DQUAuRiLVJ9No8T90zcnTw=="), //:\Program Files\SpyHunter + Drive.Letter + Bfs.Create("jauaM4w3FQIl29vPnxqAiLoAz4yDnDv9BQjmE3z3pxtl01FzRykjeEPuqNzsdCWo","dd12ZpnN8Bf/66+qeohLV2gsuB0s4i1K2mJeJbZuum0=", "OM+e8TyYOowp//xpTfvv4g=="), //:\Program Files\Process Hacker 2 + Drive.Letter + Bfs.Create("zqMnCSvnu70Q2m6RGBIg9CjsBedHqZX0lUfwU8fBmfM=","sKbclI/o2en7p9jOZZ5mNNTu7PY9EY1Oxz/2PFOI8VA=", "ZiiQ1P1El+DTJbLO0QnHqA=="), //:\Program Files\RogueKiller + Drive.Letter + Bfs.Create("4ichkX5Vg5JasWup6PI3m69+8LjmtnPM8C5b2nwBstyQEvf0mT+lvgZ7VJeVYfN8","0Mlxu7ZlAb+Kar1NayLZ2itf51YEvECibhzv2tOHCLA=", "UFVKhLGvk+afUNeD51xi+Q=="), //:\Program Files\SUPERAntiSpyware + Drive.Letter + Bfs.Create("kQ0BSTQdPukE+x6cCgMd/8DsTEIlW3x3VFpMlNakJao=","/ePLTWKdkDH9xxttAOPGQC8WRMvHPT2FqyH2Ay8m6yI=", "x4ZXqv2vDcjgCZ4/naLT4A=="), //:\Program Files\HitmanPro + Drive.Letter + Bfs.Create("PkwDfeK07idWHOHSKs4GNV9b08RVbQPTs7tMk73yw0w=","HekbVWZ9ejqYWBfO6Vnb9HkDQLk+csq0CVnJ5XvUCk4=", "i+QgmlqIAEKJrefRHHbr6Q=="), //:\Program Files\RDP Wrapper + Drive.Letter + Bfs.Create("oTGsCAJPpV7KU2AiElETfr0kN+yJur37GW2R8DAbIag=","vxuhWu7GzdTbxr6M1mEVfraEA1ZWpkh2ZEwAA2n1MYs=", "5mlCpbGfqa0oHVE5X/O2Hg=="), //:\Program Files\QuickCPU + Drive.Letter + Bfs.Create("fI15SnIP3n6BUre90STJ2r0ATal70u3a8IhRJWij3ac=","aWmXFVnmyECZ2uvP0pr76d7R8qSR8aT5lzqUdmepZic=", "80KVzCZB6NyRmnSqU4TnNg=="), //:\Program Files\NETGATE + Drive.Letter + Bfs.Create("iGNTRW02VI3mTVSN3uLjAZvb8++9TDj9iSLrU7vOILE=","dc2bEY0xPsVaLaj0Q3EJnkntkLNqJOrQI/BPeP+FEYc=", "uvW3cSyu+PNI9IOa3+/xtA=="), //:\Program Files\Google\Chrome + Drive.Letter + Bfs.Create("kPS7lCxrn2QNYkQZPiDQGPx+ahy87JVxehU4VUN1bos=","f/2ssXcuTJu0x0fMDZcCVZTuXAu5kKLOyiD1cGIfQAE=", "uaZMNdL4p6p2aZgJzEVerA=="), //:\Program Files\ReasonLabs + Drive.Letter + Bfs.Create("zq78xOtri4dQUN3KK1WVBA==","MlXxagHkPVOD9LB8uOpPAzDBUGsvT1WQy8GC8W70sFY=", "xyCn4RZopvKsvVX7+Ujehg=="), //:\AdwCleaner + Drive.Letter + Bfs.Create("MD7vdJ7eBV4QaLEJYCOyFw==","mwl/MqXc1bb3mywZUJ9ihuaEVLg9z1SjZXRQ7lkpT7Q=", "qnvBSkYP2eyc4QmGmBHndA=="), //:\KVRT_Data + Drive.Letter + Bfs.Create("5MHWgBP/NvelftoK7hHk1w==","kafihXpmK9BqyoKtt0qOdzId8hzPJ+HoyBfYiI4BneM=", "z6EzJMpgQDhsBKlmzhrIwQ=="), //:\KVRT2020_Data + Drive.Letter + Bfs.Create("NCiUDXHZBJGiP/A+hNzppg==","6CGDcCWeysGe9+OCbP2QPzkfT1xC/qnOgsXCuaxHpRg=", "AwdIWL5OCC25r34MkdA4Ug=="), //:\FRST }; public List obfStr6 = new List() { - Drive.Letter + Bfs.Create("FwdLzkw8pYAb8kSKMHcGCA==","Qdn/1fQGzHfcLVo0TLIvv7vTD8vwMPRtxtIPcNicTFU=", "95CHkuas7t833CPYUFjizw=="), //:\ProgramData - Drive.Letter + Bfs.Create("XRF07EZ/mEYvMpdk2YQidA==","uajjgdK5lkNBQqg9okbVuxd79ABy+2uAZyLkKrriXME=", "ed9/i78O/CJMz8Aay9HQFw=="), //:\Program Files - Drive.Letter + Bfs.Create("2U7PpG3ZmbedFHO3+P1za3BPYW8i2l/RrcuIqytIXG4=","Lfrb8KRTviCeo38kx0fkK9yQ9OOXvSx8VxhGrhwlY/Q=", "KC9tUiZdIQoAeZxRZAQ9cQ=="), //:\Program Files (x86) - Drive.Letter + Bfs.Create("4mfKgj33QTKDbRfJeMhSiA==","hOqJxHHJ3f4+X95d2le9Y5BnKxhO0tF5V+RJaKcxUNM=", "XFmC4A4CWdTOQG6jRE1HEg=="), //:\Windows + Drive.Letter + Bfs.Create("XxI+dGu3xDxg11ZzSLaK0g==","bwRg4lo9VCpnCkmGxu6vH+hlMxqGMlpFQS8RwHJwpaE=", "37z0nHvrCth0T3bfUDUy8A=="), //:\ProgramData + Drive.Letter + Bfs.Create("0UntaNBA0dZnISdQYOYn9w==","3v1iMm9wcMTGV/4hEjKjI/sJnvE7NgyyROxScRH+L0g=", "bF+KnqmPVyNPkS9K1Hoi2A=="), //:\Program Files + Drive.Letter + Bfs.Create("WG6fGFzPEhWPak8rhn5J7uMr1u7W/Neu1xGOW2KoTUA=","/TP4Qmw1ekgvzpYfr/DhY0H/SEv9rveYivf3TQg8J84=", "RUihxGlAsf7lRwuTkuEPpg=="), //:\Program Files (x86) + Drive.Letter + Bfs.Create("wVsshrFgAW+5umTzH0ka2w==","tdnGMHjAm8lNYbPkd6CFYWkyUfvFXjUEsXpui6YVmws=", "ymrXCyss50Uf4xMAcTk8wQ=="), //:\Windows }; public string[] queries = new string[] { - Bfs.Create("7pYQo/fzpPb1z5wSIg0Fe34xWDtcuN7l8nBYt+cEoEXStY1U1yI/L7CDdJjbc4+ofF+L7NmJy1vjpwzcg8KRYg==","HGLIUkf2Dx2o7M3ad7XPJ8PpMvloM0HaQMSlEVEAhsY=", "DVpcd83B1gJmn0D/NcEhGw=="), //SYSTEM\CurrentControlSet\Services\Tcpip\Parameters - Bfs.Create("QLxa0I0PdLka8E2xEBMiUx55UkGhS3zX09j1LFK3x+w/hbU+bStxFha4z+2l3MrGzcKLR85irtSVHOToNa2B2A==","N1Oooc8iWN+sKGCEi9AONqufmt6TOsjxXldo1/i1Pqs=", "98xWE8djv/tXwZHpsXvPbw=="), //Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - Bfs.Create("/70W1nvhsD4GSHSo8F2xeg0ImzjO0h+eJy0t+3+L4D5CdupOp+iTXiePZecgJ2dgids8Yv9wmpwgWdWbs2sIBoq79Nmv48+3OZJXOjGJsRk=","AwZ7WUDjyD+MHEJrqMCMgmiLe1WWbxeYWqwlRE/npTE=", "gK3oVpDllxjuczcJben6FQ=="), //Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun - Bfs.Create("y2VjoVn7y6AOyLnOC6JeZuD9g+boDK7+uU7O0Y0M/1Z2Bh7o/4gny9S3REa1QqUBC+pc4sB1OIXETZy8XeIY4g==","mxqs/10mjAc4kcU0qlkSx5XRog7QMiRsgJyhpANmXnY=", "FYUB0KGeQTeZAatn9p7uTg=="), //SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows - Bfs.Create("VX718nTCqIaPP+ivlLCRf0jQV5YwPp5ycsRAUlW3u00K42U+LmqmKN+76id7hQll","yCTjnIr4Wp5rck+/dr1n2d00rKG1Zr18L6wPVhbkSUM=", "T+KggM/a0ul5teaaiZmTIw=="), //Software\Microsoft\Windows\CurrentVersion\Run - Bfs.Create("U8L4UkIILhSYajrU9xL0CiD33xA0K5hZtufcdaii6Cf+s56TGZGgq9wOk8DpHxcGDWnj0GFD3Olj4NLWyrUWJA==","2kebvIomJ3aK3V1SGu/iVR6+Q/UWk3OkEQuxZvSy8uA=", "E5NHGbTx4iD6Cxmgnnl1hg=="), //Software\Policies\Microsoft\Windows Defender\Exclusions - Bfs.Create("KUOVVgOkHW/X5HyEow6+XAqJi3GQidmS9bUdJlz5srbkdDhBHZ5JoEmH3hbpBE55Fxj01suCtI+QMkAvr5edYQ==","qkJYF3d+w0SSTSty8aMejSBIw2l4mnXvxTZ54RMJjc4=", "p+2zIHhDljI/tWBdS0zi6g=="), //Software\Policies\Microsoft\Windows Defender\Exclusions\Paths - Bfs.Create("EsHdNTWYtlc7+6iWv28E3wNOw+YKNI4lkQQ+JY7sc7WKcq4M2J43n4u2WPDBhmGP3DRf8nfD0ZCR54TjLluxCInuhv8bm7O2riSFsE0uQZE=","kBn2bFvaxKzlrllsCOUB6bqyrzSyPRcAcHmxIVy98dQ=", "QRoONBrQ7OM4sRYFRGi4EA=="), //Software\Policies\Microsoft\Windows Defender\Exclusions\Processes - Bfs.Create("TAcJkg5Js3aeaiQxVbnrJU9edlJOPuJ0TK1es6RVoJS0t2RnMzo1Oyb3A4kLx30Zf1AOf4VKSTjMKYSQWUbv7Q==","EKdQ8gSYvQvvDMKXsR9+p6+UrFKYXGlcwa1aPZTbets=", "NsGba0RZd3Nzo7hVfxWF+w=="), //SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run - Drive.Letter + Bfs.Create("6CtzkRvroL2bnqkY7uDOSpECoqiMEZNtThJqeX7+7TmC/9G6ITwd18ilRo/eB/2a","vgjIP2NH9AzPUQwJFEfMdrpxlpYkuAIFLIDpOi/OfbY=", "dUtyIHfTfdCPtupwBZIc/w=="), //:\Windows\System32\WindowsPowerShell\v1.0 - Bfs.Create("k5Akb664DU7X/O9ayuJHfvFpjPAuTy7naxtdQyL47fboRY3IbRW9dB1KGQIQwW9UdBz6UgHXkfgY440iwa7I7g==","vtnDHKHW3GOt23morVjFOe5JVTiqjy7usE6LW36H49Y=", "lFuK6ySdCZg3eJ5M7kUY6A=="), //SELECT CommandLine FROM Win32_Process WHERE ProcessId = - Bfs.Create("IHggNtH+KmzdqLdMAnQs7fSaa2sbHQZ09UJKu5JoN4sZM6DMJYbQ1dpyfA/2OAC3","B8lHrpCw5JAeZkNCqxQmv65mh7q3JlmBenknraoJTMc=", "HB+RQyRiZJ8wYeKuhJxOMQ=="), //SELECT * FROM Win32_Process WHERE ProcessId = - Bfs.Create("ev87GtOHGmJwwakFAxLJnNTcWHxeBR1VVums4Ve9Bok=","iio3UzHXCeeZ7O862hu6Nrd0QExATsEotD3QsboTots=", "dPW+1swO0hU06bTPuCtAbg=="), //Add-MpPreference -ExclusionPath - Bfs.Create("ODWKbAShvvGH/4gunI6xf0WK6u9AjAm6tTmqbEaj4I8Quyvwuq4bdrkEbnAPgXfWVkoMk17RRxmuZe2sRyNP0A==","IsFMq6ro9sI2U30d8LVGlxoDWZ8ywIfBT6Wbf9dVFtU=", "q99WkX3Jxyo4/jx2IBNSKQ=="), //SYSTEM\CurrentControlSet\Services\TermService\Parameters - Bfs.Create("t9wjVPWTPvUfvlh5IPuhaAFVuaNLHfkLLlF0EcCyWtASMCENrwM6Qiab9dhW39kw","TWwzLPx6Bu7C7LCoR71zR3nquHGUavUkl3yh/8uIQcA=", "Fj7i1UfDxv4rptP8Db0bQA=="), //%SystemRoot%\System32\termsrv.dll - Bfs.Create("pH/HrB+1nIEBrLz2In2piP0c0TU1+6C5LYZLeBdJSaD7Gk8SN6Xq5NbuZbVAWC0wNoe0kGZ9y/N38FcYfWvTI/j5Za+yTXQo5CfCHa4imiG/cqzRBexFbDvAP9lTG6k7","/bqfUN8JnbyKGlZU2b6r978VKOt3Dk/GFP1hxhdBE/U=", "xFEKX+bJRC7g/vGVTGdSww=="), //SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options - Bfs.Create("i0e2CRqEj8nEUHXQnCtt8oSzequj8kfim2kXlkyjMuJ6cQzA2j84N54w57dTlNSoqSABFpeNMJOSj8OE68rjS3SRs2nCgg3VFwRkr6VCnaI=","vQwCLhuS1OnH78p10R7FIYzD7eZ7gRiGfiyEvUPcqHc=", "roWidMOVv2Y0J/4EARxYGQ=="), //SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options - Bfs.Create("TySXDk2anrMXfC+Tjqpi2AdvU+vl/VURrxczPdk3HhLq4CMsgvRFNllSaW9dur9AJt1whelF7YGZzMS6SdUvww==","1umGv7sCaUHQ42S8eV/JVaso+j8drvocd0fz8nMvAE8=", "vdaUug9KInEZXe4UgHuZXQ=="), //SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit + Bfs.Create("MndgCLVScgIDccX2/x/hNEf6T4/WYnxSC2kUsBgRaclzR0x5voTGUb9hzbvZc+LSfOjFaWrRgVqx1XXrkCIzCw==","DK9RiCkk9ceS9XyULw/f8FhjLfn5J2VhQJp5kOnAmg4=", "fb92CyrwglKEL7wMr19vtA=="), //SYSTEM\CurrentControlSet\Services\Tcpip\Parameters + Bfs.Create("aM+HgAQuqRe2SjVknwwXIMnE6O99FXGvQJgLAfnX1Px0JhrCY2YMgqa1B42IN7b5z9gmeUF7k72umrUzCOwlXA==","HNeoxGtsf1sC7VUF9LR7ZJM8VhN0rthjNtUeATr1NTM=", "eyObAmjJhje8YAWp7eZeSw=="), //Software\Microsoft\Windows\CurrentVersion\Policies\Explorer + Bfs.Create("9HQ/cuo/Or9gg9ChaTjPcykGmNDLI9NpGR3Z37uK8bD/TcEEcrt44/eGEvhkMYzrD1UKOa2Bua+NLEkidoCXtxu75sNhHMGqqAJ2ka5J7tE=","2VuG/Ene/c3gqEszJkwiKDwYKIrvZc/EKQjVHlq8dYI=", "0MS5LWNWq9VfzadOPiNm+w=="), //Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun + Bfs.Create("T2The8b3iyb6lBP3+907dDHnyHSisA/zCKvI02eV/cofNrsj9+61stoa5lk/Z3QNI91/kz4WwCbGkpKQ/W0hXQ==","kL/v0Q94Cm64Bi/fIKC0k6LeoupSVH5c20tpcEieKTE=", "WMl0dh2jVlC42E43CBShhw=="), //SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows + Bfs.Create("yaVF2eTcVQjDfvf+8yVlb00z1VdvL8wJG+MdNFEAp6svBSBPOi8y+6lqyae0w+OV","ix69z61VNOYP8V/TsLZhRfC7c2e5ewoHOwGbys6frTk=", "UPxbQ3g6s/d/dozY52z0XA=="), //Software\Microsoft\Windows\CurrentVersion\Run + Bfs.Create("SZLkzIAI0r6TwzCtGZFL2v5RpfD2xuvKMBL4z1GJTRxed6PhQRu12a/GUdoyzhL7VqBa3CurHBAjYH2mCGeAWg==","Sh9fRL94zcJGoHTtOOJcxUXG7TsClPZAAM6ob3ZQy74=", "1i9IIrzcINhuUpaUS2k8Dw=="), //Software\Policies\Microsoft\Windows Defender\Exclusions + Bfs.Create("ee8n9KGu5bhPIyWm3tSKsMOSl5dMxOngRBEVQmTiRkpzT2NOiYRDb2M4Vt0DhpT9Vxf16jhFoPXbxEewxEZIHg==","a2Xbx2Q6Uz3LCXo3Ro4jKl4YhtubRnhAqKGgAWyDSwg=", "7AmWqp5PF6th1pVPGGQqgQ=="), //Software\Policies\Microsoft\Windows Defender\Exclusions\Paths + Bfs.Create("Qcr2sTEKsi4q0FglUwSn1+9T9vbBFfImyV+HeaauCN+kDUTfXBh7RIKuR8YTMl7ZVNLHJ1sJT0DjqKMT02diL6va5GpsPQHfjedCVnEgMr8=","5siwncCTBZNwHgJDMNiOOzroVcpygmj1r7ZP8GQYUMo=", "uJJ19A3wB4fcSUtETzKlTQ=="), //Software\Policies\Microsoft\Windows Defender\Exclusions\Processes + Bfs.Create("aGJREbjyPAKFXOVsx2y7o0ZpkCEuRsdR0PknYPVjHOKVizBKYzPP8GNTrrFLdtkIGjMy6Jt9GB+FxBlVTovcTA==","Q4l7j/PytiDvULgAOFsM0W7MTGB5lxgt+T9Lj1vBKCY=", "wz2/QiADCvBFCj9Pkui7kg=="), //SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run + Drive.Letter + Bfs.Create("eetaLSANwx+KNYuzrgoU/kTB22Pd5sbB1JSzqrIlHxeoiRgozj1DWVoIR2YugtqD","WJwwLlZOjZrZcUUkTcsGylBfJ/jAAiNJqjr9nnDMxmY=", "Jw57SYzwQAyxCdMV4FiMnw=="), //:\Windows\System32\WindowsPowerShell\v1.0 + Bfs.Create("nqJ1rCre+K/z2bAim/sax3IGJUK6d5ypFXFLtAtHZXtHBV86EXXdwzEHnazDa9K5+au8jKvX0f9DZmzl/X9klQ==","Rjx3SGoeR2yM9AQoyY1uBg9cghsSpa07xpeCL7DAHkY=", "iejdEid27dC5WF2dE0PXRg=="), //SELECT CommandLine FROM Win32_Process WHERE ProcessId = + Bfs.Create("FA3OiBIE/0ZqpMoUWnssmeTGsZ38dHbRHTDMK+q9icdz1/RMFgQI2HrIzxbhTJWO","VrYUtOJw3/vNN/zJq/bwE3kKlRmXZVtdgQ5LwAtmUOE=", "y7fyIxhs8hYx7LdJZk4PyA=="), //SELECT * FROM Win32_Process WHERE ProcessId = + Bfs.Create("qYZMiazA/27L6wCD06Tx5WcAgokrXFblEqfKB1qu19E=","+bAmAsBCHMnV4uiuwZPok3AmM4M6mjHCcuwAAFL1vHU=", "dWXa9slH/Uj4FZOKFkz/7w=="), //Add-MpPreference -ExclusionPath + Bfs.Create("qCIGXAunQ84lfw9pBUSEDcY22Qg00Th2ovElHo/1MC2OKX3SSXhDzMOSqrpX50As2aGsGsX5hE/jzYmNVwhPjw==","IJItq5hSTAG+WVeWkZKkv9X1HtKVmnPqkVA8E10ordU=", "CYHVdm96Q2K3aZcfrsX+tg=="), //SYSTEM\CurrentControlSet\Services\TermService\Parameters + Bfs.Create("XrnGzlMwgX9TyfKJgTlzXiVEiJGAdYTiUfmnbde39gP8YCn02kaFPCOz7O6Ed9AD","pP9lyD7U2+0G05kNkawo9GL2+V74msPxs7WUEfNNi2o=", "SIk8hIstaeXxPJ+395QMwA=="), //%SystemRoot%\System32\termsrv.dll + Bfs.Create("tRJHnKynbxCvsu8ApoNGpm7kg5ADZ1RphHzRuuyV3irUqI568v4RzvM+sHy20neSRe1J0yJ6FaHPSZuVaIKUGUqDJJNIfBrgRmgfwAYHQe7AEwxMEOyI0XazQBFseHSS","9SZkq22CjAOY3C+xqpb/p1hph+J016/fnqqX5/aLVG8=", "tbv7UagyAk4UoPdwim2JcQ=="), //SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options + Bfs.Create("RUqc3xDOmuzeiB7kPCEmsrHVwK5WCMzbsMQqmu2R3KK3V5EH5YTeOszUasNGJjquafRGdbFGcnp6Ezgdid7m4q0liNlk4P/piGfe0s7Jkfo=","z82EV0fn9H4/3GYIDjRIZgf3L0NvoidQFDeus3JUCy8=", "8PjZPce/oLERWYDITsEz5g=="), //SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options + Bfs.Create("Ly5mWZX9eyxBuUGIUIf0tCPZtoTINYqhJAZvdPHuSklFEzy0gRxXOc3q/vC6xIAFFUHokILcZHFTXoPGFITRuw==","kltVY3FObAOhI522JujUtWb2KPw/e6e5iGBPaeN85dE=", "a81v/5B9A5qQvCoen5+dlw=="), //SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit }; public string[] SysFileName = new string[] { - Bfs.Create("UfG5moMrfFmg3UGKugc6iw==","B5A1JCfhgZweJkZeb02psW2lWD8pk3T13bV0fZZ3cck=", "aUV/7XqoStSw2Ms3cLgdiw=="), //audiodg - Bfs.Create("TUNEOdRO16ZkEgHB8qLXgQ==","V17HeHELUm7u6ddgYdoLtmpJJj+pt6iGOv727xZMhOc=", "PV0HGDW36r+HjfORxkxRbQ=="), //taskhostw - Bfs.Create("WUVC+UXeF8kYvOkkqxbPmA==","+G257A/JEjhJvUoWMc3tT1o+yfP2oNkh3OxrgWSPjMY=", "LmKZXO5ZOjvlnPnAxqQ7eg=="), //taskhost - Bfs.Create("dsVPKz7Bat559XekFKaZZw==","u0+M4iTcPtNG2FU8I/sa8p4TKc2M2Rmyk4bdlLuEDC8=", "Ex3VkeCmcIjWfivAcSVzRg=="), //conhost - Bfs.Create("A3cF0aeqQZCK9hP+ft7OMg==","W9eObf2kNAgJR954eFY4f/BF0wSbSl2gnXsI1GGCRE4=", "inmtyuoJLW2fvESsBOEZhw=="), //svchost - Bfs.Create("emXNTQZgB6Itb4fCbq6qoA==","+WuaeeJy3av55w3uFfsLqMa3y1aOVcaYwc9aTqMPvrc=", "3TaLv6CPBAVHRtkfB6UObA=="), //dwm - Bfs.Create("URmwot/U4tj+H0acP5bDAg==","VfS23xbnFQmYGOUrOBDC0dfeZ81P3rH/M+el4+Je6+w=", "hPoR7MVOwuLyR+6ZxSbY8g=="), //rundll32 - Bfs.Create("N7qfB+1wuHc+iE7xLzlkQQ==","nYHqJV007yXCqI1s2kX5EbTPXyQC4uJSk13qEd8DNqA=", "C6TGz2llYxmubYlhditaZg=="), //winlogon - Bfs.Create("FG2KYPoOhpCmP/EucGgNBw==","hY4TgM9OaGz9TM7tCehXEDZbf9XYmX7Uz2H5Q1AuIYw=", "/Td1S5n5q/nV5Gm7SXwzHQ=="), //csrss - Bfs.Create("15VplMnN9ygbhnY4ZUvk1w==","nI+Z+dPVcznUX0KILcx7bh3lELomE5cUKlJ1V01MLVU=", "qLgOuUsqpb3/mhHUDMBaJQ=="), //services - Bfs.Create("Z3i+mqfKvHFepeA2AexxyQ==","X3my2gOAJnW93w7O4/TD7DySEZ7VLIdyaPMF04wGKLk=", "EfD6CruCihkTWTQpiwexBw=="), //lsass - Bfs.Create("opqboqg4k5ag5SqucEkWvQ==","qwAkK4OJffjB/b6QPmEMyrcZF7Yg/LR83juQ6rt9IZ0=", "khQhzn1INMUgStbR+atNTg=="), //dllhost - Bfs.Create("xvMyRJKXjWTDcs6a8pD6Dw==","r2hNHd0WGmyI5KmLNt2OUI+GQPJP9ipFUTmQatKfwcQ=", "kYGDUxtRFkX6ZjnsggGYHw=="), //smss - Bfs.Create("t43AuhC/pO7bC9Yr7HPKLQ==","FNlsD8lQT1X9k2ZM6oRvHuqRCOi2whgwzRf6ou9MfGs=", "DyRqxlHgsHyjhHGru92uzQ=="), //wininit - Bfs.Create("kSB/paE/YrNk+nkkw49jJQ==","XcOz5kX7xUEAOiCEmc7i1cDOnI7e0eiBh5GmHKqCvg4=", "rAWvV+83Sz1kXIUuvVk9+w=="), //vbc - Bfs.Create("DzfRlahk0CQdB93HAWABAg==","lA4D5r3tm49a17OkVKbKDBlISFaPIaB4pZsMnKvVNS8=", "WA+SniPx0YJc2EVcwXKUgw=="), //unsecapp - Bfs.Create("XX+Nr9daaCFedAGhLaT3GQ==","A0mT5/TyvHFJyQhI96bvQE9gLA3vVxGSNqPS22Ejt8w=", "aJ1u5OqosILSXfwE0RnBbw=="), //ngen - Bfs.Create("KsDwoF1qJ6PXKqyIryvx1A==","1g3vRbybtIy5S8OY65d+OL2LLSzx3ahSvsEcIdULlYg=", "YJaLqjYF2kIzI/cdqbtwyA=="), //dialer - Bfs.Create("AuMwRF+TBkKjTobWoaLkLQ==","1pe2QasrjJ5hnrdxCu3jmQp8YtmQF9TPdjPaRjqZ+/U=", "XJdclg7u8U9gu+X+LL3/yA=="), //tcpsvcs - Bfs.Create("KHDX4+htuUWhdsbeImQBsQ==","cyrKy2Wlh0vCCEV/u9/oEC6n/70fDYvT2709tANPGwM=", "l6V7BdTGlSsalq/oFnTY7g=="), //print - Bfs.Create("RmfM0fmg9okY/bqnSX0DLA==","lwsg7ic3V6Q62X2uKUVOOL0YFFk1+JicbyqI+iWqF6A=", "BBK01FHvdybaXitO4UqnQA=="), //find - Bfs.Create("qc/1d3Cr2M0iSfE0DOsLNQ==","/w6VPR8zg1/JmjiAm/bSHnwRHNpRriQOIzh+61XsQIA=", "YWUUjt8Wg30YypCtqEebdQ=="), //winver - Bfs.Create("Won9vSkRiUUU3N6m9Qb/bQ==","2wLMx8H9zTeefgtrBc4xeSktUhjjvct+UYyhR1L/Oxo=", "MEz/g8yHoqGPEsr1fYCFTg=="), //ping - Bfs.Create("4Cchkg6p/YcE10gJ02Qw7w==","//A5lmFPJ26+fUmXy9qFTbqIh5sSkSTwGhXBGZNdaMI=", "wTWREB/kCiy/5mHhQCU+qg=="), //fc - Bfs.Create("4/jaTnEaiYwrExMX4FIsmw==","i01OnAQkryBCPmgeiBbFGPspOhPhgqZAwMAQ4pLrRtA=", "4mM4xMwQ/fCYBh1xNC9d5A=="), //help - Bfs.Create("hvLplplfK00knV09ZbDn/g==","zqWzefBD2WOWzKeaH3KEJI48XPZyr81mqrjrFJBZxYw=", "ZYRR9nKneeialFCPXHqDPQ=="), //sort - Bfs.Create("ikr7MWHgEqYtT2pGK1oXZw==","Fk2CpOOJ+iqwm9FEBUzHAeghdVV2DxHzdPa5Ga/nJmE=", "SfqvNRYPcEX+q79mTHcnPw=="), //label + Bfs.Create("NCQoXB99amHmkLrKDYsKUg==","Z/6rB47v0EiWhOTrjeqzOC1AArx/nv1zlsp30Ty0avs=", "xHM0SJoduPgy7AZhOxJ7ww=="), //audiodg + Bfs.Create("gZ73Z5TV7izf2RBDLYSjKw==","knRosDCFllWAL2DHO+ya47wwM7//BhCbm5RqIbxBbcY=", "g+EuxiaXY9QsLcOBEHQ5pw=="), //taskhostw + Bfs.Create("P7fapyYqyciJ0c0R3v+jbA==","BsF6As/kch9A4uxgi560KgT85C4kqokfH9DvDjLNzQU=", "YDzj4rLG3jOhD6l/tQV70A=="), //taskhost + Bfs.Create("co4wbn3LX6fDiMWhvhpwyA==","EoZNGXobi2POY5vcSvhhRVRfJgytrlDl4+fiqxkzUAc=", "HEx+hauYrwDMohJk2lWM9g=="), //conhost + Bfs.Create("M3TrZDhznQwXlyhKeuKuWg==","3SBUNGkZKD8LlFGKeQFan/BfVxbTt2nTUF1k1e9c0BE=", "nLb70vooXEJpRJlQ4giOLA=="), //svchost + Bfs.Create("KZsw+PX2dZd4AjJNifDEZQ==","wtubOzmfpHsHsQpOR8Ft6XnsG7gG5YQFG5H5LqGbu8c=", "OIjqWhw+wUZjQW6ZIzAkSw=="), //dwm + Bfs.Create("db8TGnySSBFPv5N/CWothg==","qSAKw24NjJiLMgPht4y4UqGYEVGRBc7UFCESdaKELhY=", "7MJg3Pwm3FdS5WFg5KXDaQ=="), //rundll32 + Bfs.Create("Oo5SFEr5paul3EqxR1UwTA==","7sL5Nl2KD42Xi4OkSp3fdjVxYjSt+i+yLMADpms0Atk=", "WYE4hNmffYLsyWqJY/lWXg=="), //winlogon + Bfs.Create("qtTUDSU4xTfgptlATMzhfA==","nCFIPSxJn1kKlBo/H9kdbygzkCWK5nGo98WXo8igRds=", "0G+ISKru2BzwP6h1zFw7iA=="), //csrss + Bfs.Create("XtV/FOI0G1mhctnNZdshyQ==","iEwgVKaIvdDwYN2Axn6b73pZDBz7e6IkJEZKPwgBT94=", "PBewz40TZ7ABcEKbK8cZgA=="), //services + Bfs.Create("+udZ7jsw2uSy7LxKIwpTNA==","/8sBUdynarZVVygiAEKBRBvSxS/KoV19io/KBBIvOjU=", "/pyYEWSChEPWtJI+tO4cJA=="), //lsass + Bfs.Create("my1XNrP/hLA7zZ+NHo/eiw==","zj+Xt0FkMbhkLAQQqlyKlUNM520jQPwuoQ19RabuOgA=", "ZcQr82flKtjRrY2SOhBiZQ=="), //dllhost + Bfs.Create("Dl8RGh0szr/8P5QaX9WvfQ==","AMHLFjEnJuADlJVGMwn15hGXStBFfzlgJTBjuiTnkH4=", "zhflMncSauRAqz3lYxwcpQ=="), //smss + Bfs.Create("IUWMZxiqzjk1AxHylQgDZw==","QXQwHCpi3Y+5InNzQUlGIOpzi+GOy0hNinaSlyusF0I=", "4cPpZGndxsmJydixC3yFXQ=="), //wininit + Bfs.Create("e9XEWgQODyW5rFRvwc5wHQ==","jGq9G1MeZJAd33Lioxvjt0rh+yy4+MVptfVdl+Q3nAI=", "1Q+QOIbni+uY4IiVxqJFMA=="), //vbc + Bfs.Create("yoI7rjFAxcmzBkFzeFn4/Q==","ujEIqtcCnzNDHFYLe+QAzL1dqbpgUUbmzykDHsnB09o=", "r+mZLl3Aro1eLSgkPu8C6w=="), //unsecapp + Bfs.Create("K3ZZCLAfaGGJX08QJM/QrQ==","P1xtmAdQUGYwas1/aMM+GbSL2gpBKEobgCYe4pvzobw=", "HMmkN5ru4zlmdyo/QuwVBQ=="), //ngen + Bfs.Create("MuZ7NTU0bI0MI2QufpO0KQ==","WiwimdlYizno+pFmjfyrk4TluFa7fHvziuwpeEALq+s=", "VK/pX6erhqAHt1if0z1brQ=="), //dialer + Bfs.Create("bojBT6CtsNvKvgbZyu28nw==","ABZCqqFX2VpfPOmSeyLyz2hTP6jLMNg+/VPkxTW3seQ=", "8KZxxZ5AySOKtPlb3O60Mg=="), //tcpsvcs + Bfs.Create("ATBy6jWg2Q5kFCk/LQG/ag==","sJi2WN+fOnMugcwuzM8HlQCAlrFxnBBJ9QCx8ekEdBg=", "1pJIhyoaMaFJ/86S9gTXOw=="), //print + Bfs.Create("pNM5v7kBNeJPvKZBlsvLEw==","dQMETl1ZsQvQQc3McWXcTcLxCtH90PiqVK1xKcfKeTE=", "acm7acsgpES+kWDHjjkp4A=="), //find + Bfs.Create("ujEUQOL9v8xkeWbAODI0Pw==","X31pcVQyKZZ2ximIROCugDCRRlu5/Qszc+/ToffM3O4=", "AyIF5zcsXv3/+0PYn+FvPQ=="), //winver + Bfs.Create("9Oh4881XhqFqOSdRkRU80A==","1FaXl4O5inzdtws4AOF2H2yW33wlDw5iCd5YkkUtqiA=", "2b93EjcNNfqv4xh6XQ8lqw=="), //ping + Bfs.Create("TX86qnbbkaUYyCF4AGTPzw==","zI4VJFb/ciitQS6MpLVGGBj5cwKQZWUw+bbmxVu7SKY=", "Lml5vtU2TJkpUU5Iodnsrg=="), //fc + Bfs.Create("lvLne+SS1IaV1ZZiq/rqbA==","HqDXFCUB/0GNHLaVsoJ5RNfErqAqxtx77kQGhmcSqjY=", "QACx5e7Mq7uT2Bl5vbegTA=="), //help + Bfs.Create("hdSW/ipE3/Hc+UavrN03Ow==","G2kFTCKLth3lPJzOK0aVZr8/UeAF/pTYbg2TT0qxNoA=", "1enYBgTEH7bz4DPIURSaOA=="), //sort + Bfs.Create("ek41IxBZFyzouVYrsJvkIA==","hDuYGvT+ZLbIHx50JFDfyO6jGfK3y1CLcon893UHqOc=", "kgRq2I/6Rnj2YVY5kOv4vw=="), //label + Bfs.Create("RdLvlgutHlTDhHfo33Hpqw==","9GqyMjMRfET3ao28Q6ydiCdd+73gI+IxHd/UjQbWDJg=", "+/kxHR9G/rdxT8/dPiPz1w=="), //runtimebroker + Bfs.Create("crrIbheR0FZKyRzAOdG8LA==","MqlXmiMthTGmR/ItIG4Q9/173eAl6jOh1YpgIe5Fr/E=", "kCmQXu+6RnTIxdqAlQF6Lg=="), //compattelrunner }; + public List signatures = new List { - new byte[] {0x65,0x31,0x71,0x70,0x70,0x6D,}, - new byte[] {0x31,0x6C,0x6A,0x6F,0x66,0x73,0x74,}, - new byte[] {0x6D,0x68,0x64,0x66,0x69,0x62,0x74,0x69,}, - new byte[] {0x73,0x64,0x6C,0x75,0x70,0x6F,0x6A,0x75,}, - new byte[] {0x2D,0x73,0x69,0x66,0x6E,0x6A,0x65,0x62,}, - new byte[] {0x72,0x73,0x73,0x62,0x75,0x76,0x6E,0x2C,}, - new byte[] {0x5E,0x71,0x62,0x6F,0x65,0x70,0x6E,0x79,0x60,}, - new byte[] {0x44,0x73,0x66,0x73,0x6F,0x62,0x6D,0x63,0x6D,0x76,0x66,}, - new byte[] {0x65,0x6B,0x7A,0x71,0x70,0x70,0x6D,0x2F,0x70,0x73,0x68,}, - new byte[] {0x6D,0x60,0x6F,0x70,0x71,0x70,0x70,0x6D,0x2F,0x70,0x73,0x68,}, - new byte[] {0x52,0x67,0x66,0x6D,0x6D,0x64,0x70,0x65,0x66,0x47,0x6A,0x6D,0x66,}, - new byte[] {0x40,0x6B,0x68,0x70,0x73,0x6A,0x75,0x69,0x6E,0x41,0x79,0x6E,0x73,0x6A,0x68,}, - new byte[] {0x43,0x6E,0x76,0x63,0x6D,0x66,0x51,0x76,0x6D,0x74,0x62,0x73,0x51,0x73,0x66,0x74,0x66,0x6F,0x75,}, - }; + new byte[] {0x2D,0x2F,0x31,0x64,0x67,0x68}, + new byte[] {0x31,0x6C,0x6A,0x6F,0x66,0x73,0x74,}, + new byte[] {0x6D,0x68,0x64,0x66,0x69,0x62,0x74,0x69,}, + new byte[] {0x73,0x64,0x6C,0x75,0x70,0x6F,0x6A,0x75,}, + new byte[] {0x2D,0x73,0x69,0x66,0x6E,0x6A,0x65,0x62,}, + new byte[] {0x72,0x73,0x73,0x62,0x75,0x76,0x6E,0x2C,}, + new byte[] {0x5E,0x71,0x62,0x6F,0x65,0x70,0x6E,0x79,0x60,}, + new byte[] {0x44,0x73,0x66,0x73,0x6F,0x62,0x6D,0x63,0x6D,0x76,0x66,}, + new byte[] {0x65,0x6B,0x7A,0x71,0x70,0x70,0x6D,0x2F,0x70,0x73,0x68,}, + new byte[] {0x6D,0x60,0x6F,0x70,0x71,0x70,0x70,0x6D,0x2F,0x70,0x73,0x68,}, + new byte[] {0x52,0x67,0x66,0x6D,0x6D,0x64,0x70,0x65,0x66,0x47,0x6A,0x6D,0x66,}, + new byte[] {0x40,0x6B,0x68,0x70,0x73,0x6A,0x75,0x69,0x6E,0x41,0x79,0x6E,0x73,0x6A,0x68,}, + new byte[] {0x43,0x6E,0x76,0x63,0x6D,0x66,0x51,0x76,0x6D,0x74,0x62,0x73,0x51,0x73,0x66,0x74,0x66,0x6F,0x75,}, + }; } } diff --git a/base/Properties/AssemblyInfo.cs b/base/Properties/AssemblyInfo.cs index 920f719..83331cd 100644 --- a/base/Properties/AssemblyInfo.cs +++ b/base/Properties/AssemblyInfo.cs @@ -13,5 +13,5 @@ [assembly: AssemblyCulture("")] [assembly: ComVisible(false)] [assembly: Guid("b623bf11-5fdd-4d88-856f-233f94c8647d")] -[assembly: AssemblyVersion("1.0.0.2")] -[assembly: AssemblyFileVersion("1.0.0.2")] +[assembly: AssemblyVersion("1.0.0.3")] +[assembly: AssemblyFileVersion("1.0.0.3")] diff --git a/base/dbase.csproj b/base/dbase.csproj index 9cbd491..9123495 100644 --- a/base/dbase.csproj +++ b/base/dbase.csproj @@ -9,7 +9,7 @@ Properties DBase dbase - v4.5.2 + v4.7.1 512 true diff --git a/netlib/GithubAPI.cs b/netlib/GithubAPI.cs new file mode 100644 index 0000000..d7d32c0 --- /dev/null +++ b/netlib/GithubAPI.cs @@ -0,0 +1,39 @@ +using Newtonsoft.Json.Linq; +using System; +using System.Net.Http; +using System.Windows.Forms; + +namespace netlib +{ + public class GithubAPI + { + public static string GetLatestVersion(string repo) + { + using (HttpClient client = new HttpClient()) + { + // GitHub требует User-Agent для всех запросов + try + { + client.DefaultRequestHeaders.UserAgent.ParseAdd("request"); + + // Используем GetStringAsync и блокируем поток + var responseBody = client.GetStringAsync($"https://api.github.com/repos/{repo}/releases/latest").Result; + + // Парсим ответ + JObject json = JObject.Parse(responseBody); + + // Извлекаем значение tag_name + string latestVersion = json["tag_name"]?.ToString(); + + return latestVersion; + } + catch (Exception ex) + { + return ex.Message; + } + } + + + } + } +} diff --git a/netlib/Internet.cs b/netlib/Internet.cs new file mode 100644 index 0000000..8858935 --- /dev/null +++ b/netlib/Internet.cs @@ -0,0 +1,25 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Net; +using System.Text; +using System.Threading.Tasks; + +namespace netlib +{ + public static class Internet + { + public static bool IsOK() + { + try + { + Dns.GetHostEntry("github.com"); + return true; + } + catch + { + return false; + } + } + } +} diff --git a/netlib/Properties/AssemblyInfo.cs b/netlib/Properties/AssemblyInfo.cs index 8ac3912..b3a38ea 100644 --- a/netlib/Properties/AssemblyInfo.cs +++ b/netlib/Properties/AssemblyInfo.cs @@ -32,5 +32,5 @@ // Можно задать все значения или принять номера сборки и редакции по умолчанию // используя "*", как показано ниже: // [assembly: AssemblyVersion("1.0.*")] -[assembly: AssemblyVersion("1.0.0.0")] -[assembly: AssemblyFileVersion("1.0.0.0")] +[assembly: AssemblyVersion("1.0.0.1")] +[assembly: AssemblyFileVersion("1.0.0.1")] diff --git a/netlib/netlib.csproj b/netlib/netlib.csproj index 80949a8..b6ff870 100644 --- a/netlib/netlib.csproj +++ b/netlib/netlib.csproj @@ -9,7 +9,7 @@ Properties netlib netlib - v4.5.2 + v4.7.1 512 true @@ -32,12 +32,16 @@ 4 - + False ..\MinerSearch\bin\Release\dbase.dll + + ..\packages\Newtonsoft.Json.13.0.3\lib\net45\Newtonsoft.Json.dll + + @@ -46,8 +50,13 @@ + + + + + \ No newline at end of file