Sample details: da92d531fd643d8040b4b89f98ce6b38 --

Hashes
MD5: da92d531fd643d8040b4b89f98ce6b38
SHA1: d035677e15e53feeb112f8c14cf0217ba20da569
SHA256: c1b6c900be03db7570324d970f4a34377ba2c0da8f09313f4fe2e470c202002c
SSDEEP: 12288:qpS6Xq0xClvLC8rLAvFvwBkl0tu1FJ8fGp08IgS9+g:27ZQlvWyANhecjLpvdS9+
Details
File Type: PE32
Yara Hits
YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section | YRP/UPX | YRP/contentis_base64 | YRP/domain | YRP/IP | YRP/UPXProtectorv10x2 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/win_mutex | YRP/CRC32b_poly_Constant | YRP/RijnDael_AES_CHAR | YRP/RijnDael_AES_LONG |
Source
http://45.77.62.98/files/trickkk.exe
http://45.77.62.98/files/trickkk.exe
Strings
		!This program cannot be run in DOS mode.
`.rsrc
@.reloc
q1X+a 
>	ZX_ *
XStX+; 
+4 6	@
	Z rdF
+7			 
 ~ &QX
 n'2HX
NDX+- 
 <I`W 
cX+- \
,\f`_ 
 (09UX
 cv,{X+X
Z g'1K`_
ZXf m!
 53/}+
 a_}dX+o~	
&ZXe @
m=X+L 
X+	 _v
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADPX
!This program cannot be run in DOS mode.
`L  sFO
CuG2^?4
(_tML4
-OEJjF
`Ub}=xdVhZ
Ov)GvoH
tz1-_Y
sH{Wbn!
hp7j7r%
\kLV;k 
/tb;:P
K8/x8S
@*L_jM
i}T1qn
^Q;=DT?
0>i(k[tC
(,`04O
<4dh8l
<@ptDmE=OxHL
4OLKTDSC<O
4LKTDS
CLKTDO
SCLKTD
qOdf4d
$((,,L
4M00448
iWQWQW
WQWQWQi
iWQWQWhh
	::a 8
vw^[MKU}
T'pL&X
p?r!S2D
i5	;Z	
HRGX8X
>"O[}4
:hJMH1>E
xY(|,|6
l:$D~+m
h;[p3lWt3p
2;cH73r
(TT?	a
] `eaN
z+/Vp#
(d!A54$
J3Q/((
#;e,5h
ix4\\B
h*nL-#>,B
vTnl#K
f}y^s!`4Dx
~x	-=@
S@s@G|$
e],~E4
tCdnnn
0hp##(K
IGGGGG
TX''''\`dh''''lptx
GGGGG,
}]_c><
O'f67D
:Ngci<
Q: :N yP
yMk|vHLh(
K;w(wF
dW\D13
3'L:p!
OSP3.-$
_W;60h
sH|kLg
ssXRMc
*Uoa5h
_'p5h#
[C|9/C
<CW#UH
$} \|$WX6
-2cw?`k
4$d(h,
NrnWH9 
UXQ\m#
P:u<=O
5x)ddd
ptptyF.
pxhhO,d
h`D$K,AL$
mV0o^4
z}CgGy~
lX{h@H
4tXdt\
`Qbt8ln
lpl aq
+0kl4,o
kpLFb%
riXdd\`
!X\0H1
gdltTh
IG:8HP
P#uy6>
a])V:6
822|\x
cYvqadl
l@k@'F
R!puDd	f
k,}d@$
F#\mF7rbE
P#a}G`
<-ltdh`
EIFfXC
M jl4Y
8zO"6nM@
@LIMPBTM[!
< $`d,`
BW'p	a
5M\`dz
X^"kpQ
~8a*l(
5kO,zxO
[E-Ei9
S)U^_x
[Y+qKZ	
uHYLu4O
%[Xx%cL
sy^\<4,` 0m
"lR<pP
h$(l,\F
@.,0pFHs
X\|".b
SSt,&b
\tHLh\2
pSta%B
VrhDyr 
(|,hl[
WpRtD@[jb
JA(8|s
:`pd8x
iqpp!EPe
84<@D 
qpOt_{
`Olx|RX
d``_;`8'
+=hNl`d
ra!4+\99
~OXDtp
<wMtOpt
%^NR4D
`xd^|<u
I&@D"}|<
5Ht|:ppZ
J3hhll
|Fthl.
fDxH|a%m
Zu}T5#J
222lhl#
tls ##
<hpt&/r`UM
xF'(C>t
JM%p%h
5mz"U{
w`'6i;
@)a1L$/U
HS2Q2LHL
,|kPS#T#
sl8R*C
giF-#X
5-?a$%h
)n5@^s
3&047GUHt]F
p\"W-irr
]01P<zP
"}zu0*  
G{1~r+
<R(7U[
::7+J+
[$b8<1
VUBIqAF|/
 !b0bq
h=l5pt
4O$Abx|1
Wu*Lk>
6(}S"2
s9I34E
sD>>>NNNN>>>>
cg2@+Xp
p3CFfi
Z{7]t7
uwleK@
`np6,X
3G(3_{O
8N3wkh
tl&>?.
HLkI9^$s
!Q\+)t
tldFFFF\TLD
 q03rDh
"|ptg\$<
iaYQIA
@-S@_H@I
!`84069
=5{Pb3
H!25u$
 [>"DC#
UMQ	Bs~
</t&<\t"<"u/
24T{&K="uE
P)~=+U
Zm:LMd#
(aEcu&
$`WIHr
z(tFvy*c`
P(f5.H
,8( Z>
@zJZZ[_
hKTK\	ah
aQ4VJ0
=FtQ|c=G
6U7i7VVVV
8$8h8VVVVu8
*>4,@u
uF /kz
J`,<NQE
p8Aj(4
W?UGdD
#J/<LF|
n(C_r=
twgo(`
&Y_uFi
_B[Lu?
^UVVu!
A|~5gX
0Hn *V3BE
1C,^B,*S
\Gt8]"RG1
$_jct|
Sf)P*!
8]#V^^
%}YP4p
@ta;^4R4u
(BIsU8L&
`	SoC-
s!31%8EG
oJY`a5
v=G/$ZF
	!iPz"
0Jdy#ZJ	
Ef8PPV
F49C0sG
 J/JdBf
.i6 $^
i4tNGt
O@uY)QuN
ML\B;~Cd
.InOx&
A&6LKZ
@`elAmJ
D`VW+)
9}{NpA
JC],d)
RX'Pew}
;Z8`]i53
r@9<z8
.Bf^@vD
YenCCXP
!Cr<<8
E"Cr4I4
Gb@6lO
k!e~2G<
PHx@sQ
8EOB03!
scYWt\
2;x0Cf6KrP0F4
W0!l@u
BJJAA\
RiZ7qNVVA}p
M:f*i!n
V$9\{Xr
w.NTTZs
Q+E/oL%
Z-`urx
BoV-vE@
(l*^0	wmL u1
O;mZUw
Mis&=Au
}7Q\@f\
\\c(99
|&dB&ibPB&dBI6dB&d/
7nt8	_I
5Ga5?Y
`ZG	 !
A8Ut^I
oi[c)k
O6.Zc 
p2^X^E
phbEh]
(|AS%<
Ga\H(0
F{~Jf0C
w-2\3t
I/aTI|
x(HX+)
r.@7\u
6stM`k
vkigjnBpqU
p4JfX`
L{t&*tU
x}oh4G
Mp	bc?@Q
}$<tu?
,@e<AO
	sddDA@
{t|T;P
b\<8=Xu8
;_HaC`S
 C8F#r4oz
"vLuQ8j
=2()]}
&Qct^/
Nu%V7aL
j*atRxH
_<Vt@<KtX<Dut
q_t#<n
uV8tR>S
Y9-(a2h
Y(2.\P
:tgos|tIZW
hfdWKF{X,
t,<mt(
B?lIwy
tf<LtR~
2+hiiW
tkm |0
oJU&VF
qK(9It)p
cuS<vuO
2.V+,U
1?.=FBqf
<l&Qt;cl)O$1
GPqP,n
3dDw!]
?t`^Nr
;luh['
 m{^5N
He"KSR
"!Z<2X
>F>"Pm
@Bm,(H
W&!&8C
|m&OI%D
<1<|<t
:D?F\,'u
pCc$nDr8
( 3BDK
0?zso'F
D(Hg-@
x@nCQP!
p< t5v
AGv9"_
ZYdddd[^_]F
deFFFFfgha*H
"Pq{l[
h_Ls00
u[;:M =M
'Ec,$U
_Yp%)S
sLj%` 
hfc#2qlvq-
;2tZL3
2P'D8T
br,uJ=
:; Z,$F=
+qs@gP
%K_t74
DhS=a`E
	cIyP S
i$Z%(|
FEJ q_
vCd.`E
YjXFlg
x3!ZIYf4
l4v@mZ'
I,@Y/+
_qOnp!
=|$<Ge
g49J$~
~.v`aA-'
1GrJv+Z
CLsDE^
L66XB"
h	7i:2`
R}"+30~6
;&tm#N
43h-9t
B'.%|h
(J3M$8
# \nFa
hkw./Xh
 ^0sj<
'uKQV)
j9Ri6)
rrrr|xtprrrrlh`\rrrrXPLHrrrrD@<0rrrr,($ rrrr
x9999hd`T9999L<8(
M(# F[
*	2I2j
p`|EH}
^Rl"<W
A |kuz#
^+I't?
u^|5T<
<	))='
D=lskLl
#wcLf-K
pOz;,P
\a5:8;5
B{;;@7
<CXA+|
MQ_@*)
1~GhCC
pH.~ tt
;W(Zm[__G?
H.X,C3[
nJ,H<p
PdShRi
,9k_f$
?07)qB
sHs|4&
u@h,M#
<ue;\\
aBQKZD
A_fgxUv q
_*aaC$
&XWZ]6
vX?HL|d
CUNGrf
0]m#=[8=
7HD}ZN
[OVss+
fgvT^W
libgcc_s_dw2-1.dll
__register_fr/
ame_infode/
jt6wJv_RKClasses
IGHUP zceived, eO
xitxg1TERM3INT
j1"%s" h
 failF.
d-%02	 :]~t
addrM}
~rror: }?DNS
ho:"keep
@ (2^4
JSON *3'M0
RE FOU!(
5&r4g,
 r(um+tcp
ryptx.ht
XMRL 10
386 AES
=` 'H'
0	(r	{
:c:khB
Px:tR:.
_Dt:T:o:u:O:v:Vb:
 [OPTIONS]
G=ALGO 
uxSERNAME
ASSWORDd
{SXJm va
R:uk)u+
mdk~x3
ocm=FILE#
s'[,DW
`mJs#>r
-:[ <tN
2AeA -
93"%EZ'K
THREADS:
6m%d?, 
POOL #1%
HUG,PA
o L2/L3{[
1H/skh
23456789;
tlGetV!3}r
$-y^7y7
*kA?AT?*
0Hx(x`(07
$~Z6ZH6$
tX4Fr.rh.46Aw-wl-6
cB pP0P@0 
&y_5_L5&
.eK9K\9.
2O}+}d+2
k(lD<DP
>]c!c|!
:Si'it':'
U3UD3"
-<Zf"fx"<
m,bN:NX:,
	L#'Q&
)l\^'-
>$rgHba~
L&&jl66Z~??A
Oh44\Q
sb11S*
uB!!c 
"fT**~;
;d22Vt::N
J%%o\..r8
ch>2ra(
:.6>;'\u%04
=0r!8XiBig
flows@V
Hru0f0n4
<_ALLOW_NU
n[!'[''{`
>/.*gE
T@NHF5<
yh_Vaa
C Acqui
xasGI+:
NOTAVAIL
UPPORT
G&NI_IFAMk
PRFOCO
EXIS&x^
HO$UZA
TIJ,0h
]spNekm
oL\X-`1
& UV_HANDLE_CLO
nWR)FI)KM
-@|ASYNC
>#~WAKE
;^sOi$th_
RzL2NH
1N3v54n
,@VO&Z
]'(2ds-1
:bWLhEN
C&teEn
ysizeof(
 'RAW_
Xwd.a_
C(rio.
Q[1Bo*
o,3D- *2
opyjE8i `m
&DWc(e"
	|BA|_ARGUMT%!*
5LRgF~S>,Zd
d7J7\j
'=+;zO
2R{R/bl
0Q/HZQ
IPV6)ST
!UWAIT_OBJ@_
].$@/33U.
33113|
w30/0w3
\.8117
w2[E-5.
%53551	e##
311A1YV
^	322n
MAX_EN
ToDosEeL
tC'IoC
C^Ntry
6Vtp91
CS1SRWTj
1ABCDE
-,Bfdx
7.X.L.
Mp_BYTj
TMx8eJ
FSGHI$
) [im][357
ELXW]7
d56X{#
um(R~M
FN ]z]
tq]Mob 
NNN$%&
~TIU(IR*
!5DU)u
W:FDAd
vf8[HT-
:(lbrf
= mZ <h
n[abi:\{
H];TLSJI
exhidx@
YGi;a}
l9A=<XO
k	 ;~9{
*X__v`
[<XtOu
o,~<~ws'#nd
_2\Bl>
uQ8>"g
}"" 0s
]'>*,/
7/O?	X{
  (Xf=
@,IN)=3	e
doesn'
i$*qk#
s2FS',
 Bh%d@
&z(*-/
TF_EXE
?C)PQ:
sV=%0X H
bHes Kp
HLIFFWL
$v115_w
\Rev2LB,
Dp!P'F
n->O(Ct|7,o
Ft,`$W!
wU/@v*M
.jo?QC
A2`Ya8
%o`&tT
<jB`y/
wTn:'/
>B&/o@.
p>_=w[2PGq
[kEy:G`!WTRM
o+8 SD
Wu4T7H#
v'wnYW
7$Sc`vU?
`nhOX&
H@7V5MD
wjXV#:
^ yFQ(
:NLL(wP~
\Fst=:7bD
xMB=m&
iCQ?(#2 
lxIWDA
-]1' '
?,/&>F
5 SI,_j
MQ7h>?
vCC>,'
Ny~o0i
^o{0`W
G@hZ[5|MpIh
<SsnM/
,!W`W8
T2^0dy
@H.3oW
#z;CYN
/~;XTK
X[ Liy?
dG&X<?I+6
y.y.0|y.y
B$0>L^
Fr4FJF
B)-6I#
x;	\pwV
`7oC^FC
@-\3_c
(6N^ry
<O$@Rf|
:DT^hpy
<0:DN\
$,8BLVy
32Sn4s64G
1Curl!
[u#FP8 q!
IsDBCSL
apSa|U
_J$Unh
 msg_1b
c/c;X[
oq[Yf./fm
i64/\Dy
,s<trdl
2)e!I8
V!	nbisw
.8xfSKH
XPTPSW
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      <!--The ID below indicates application support for Windows Vista -->
      <supportedOS Id="{f93c153f-5069-4d6e-a655-02f5c1875897}"/>
      <!--The ID below indicates application support for Windows 7 -->
      <supportedOS Id="{f00c7727-8dcb-4e2d-b339-341e2c0a3ece}"/>
      <!--The ID below indicates application support for Windows 8 -->
      <supportedOS Id="{cb181a37-9e85-4060-b55a-bc0d7010efb1}"/>
      <!--The ID below indicates application support for Windows 8.1 -->
      <supportedOS Id="{64019d39-6999-43f2-bcfc-35240f7ce523}"/> 
      <!--The ID below indicates application support for Windows 10 -->
      <supportedOS Id="{34062d27-3631-4802-baec-511c0e7748ba}"/> 
    </application>
  </compatibility>
</assembly>
ADVAPI32.dll
IPHLPAPI.DLL
KERNEL32.DLL
msvcrt.dll
PSAPI.DLL
USER32.dll
USERENV.dll
WS2_32.dll
LsaClose
GetAdaptersAddresses
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
GetProcessMemoryInfo
ShowWindow
GetUserProfileDirectoryW
!This program cannot be run in DOS mode.
AUATUW
[^_]A\A]
L>9eIJ
pZ"x2	,{HI
Z`}{l/,
0LRpLx
b&34'!
ShjT%n
K	S~#,U
)SHpDK 
d%^!1}Z
rrrr"*2:
^&d,\_,
FyF####FFFF
yKa/^*
wau;Pde
 9999(08@
\$3r.}
jc67e@
g?<QAu
C%bACQ
s1drxu
WgE \Y1
N rK x
4%a:d:
/?Dh9Bt
INv(08
So<h^ 
6hctb@
t&S[@@[
enU_Sc_=
Y)fK)!;0
O8O[50
:xl;Tr\
0W _(V ^(
:$zfrE
gza8:A
K0uvX(
S.i0p_
}DyqyQvSF
3?)!Q9
liKV65Y
xu{w[u6
uhvfv///O
Y8QHb`
M<VL}l`
gs@vH@
KLK@ 1
IU.PbXj
 (0kC\	0
H@^PXP
j`hbp(
l>	w/!
7lpeY!
8P_1.6
UaR	^H>U
wkq>/0
I9Vg52
JW~<E|
H_Wio?
7>(H\h
'XxA)w
38? xh
@qa/(F+
Q4F<1q
!:J@jT
nA(oC 
~:Hc#FC
>Oq$B$
t\W,Md
I6Q sJ
@BXM`a8
l$*R+<
tg????
j-)_d\
gEV(M0Kl{
CfCF>y*OSVcf
4OknKn
X{aaym&
gZ[(08
<*C.;S
f4;`<d5
2HM*\Ps
7JP.K(
i(=Krn
=9o[X8
T*NLLV=M
ph]sjU
u>Du)n
?w^r*i_
i&ddy&y
nllFDB
3vtt^\
WDr"~!vK
67>h-T
WExIlJ
0nxcNp
T>Gr9<
~||4''
hbcpx8
noGHL#
{> a?N(G0
eTeKRf*
2_shbE
wX?N(G0
0X-O|T
B.?`IM
HcLF!7
L00apC
fr 8:!
& |e`,
>M8:$0[H
&8tHn`[+#lXV
Gc-v:1
@eGvn&
W|Vo=H
\.zpG1
yP^~/5z
5 =!J*=~r"
K(k0D8
2"VaD=
R8v0oJ!h	
K@Nk8\
,,N0X~
Eby!KS*
vk3#<-VaH)
fCM0)X\dD
M`'HhPLHeBpXx`
aI8}Ze
{Z(K)j[A
TF`8N$<
XskY3<
?3E#2xk
SHA3~.
Fb`%Dm
z,Luv5
0]/|("
;1~;$5.
08C@''''HPX`'
j+ (oQ
6Y0.y8^@
4-!MjpHC
?}<D&v
"##\L`qFF
EFF\L`
nB5e$&BNlU@
T v?jsaI8
cgh{.fH2
((rrrr((((
%J`&)-
ee}I.@
>Mt`"F,
#EAD`j"%A
20/EAnG
w`NQH{
<8 2<xG
}i&YnO
("w"&|
uuH#V$
$8nbMw
;:I.;k)b
ap 9Ly`
Av*L>{
J8UvI0(
FK&P)8
!{sd3;`{
.bfyNu*6+
t6L9K u2
@DnC(hF
Dg}G1<~
rB^@|!~OB.v!
>3G7r:
t8E BH
f_nPx%
MT.<f`
zyA.#o
ZH$<]?L
.r`&l6 3
Ymng?&
UBxh/M
?:	,	yB
 A4JH2
 x'-V?
CC ;^5
!`I%I/,
urP,FT
`tVuA*/
UX7Y4t
n'N:y?
ggxqn_
ajBjit
=J&B0,
Pn'd8Y{Z
l[tu\US
 "P9dRt
eNFi!=
8V8 G2r
B.77Jt+y
d:T:B.
*::&B*
 N)z	?
Q	LElr!
\HDE|r
H@@Mg?4
v@H:<J
lH~IH~
N'*3Mg
Te_?ErQ
BaU8!RM!
5 %'@V
?[\$?_
\FGBFj
+\2WAj
"M/GDD
?pd=<tA
"eY02q@
Uvkg{g
u85O\<x
xPEM]@&
&&N6(.
ma,>~npZ{
T<*_uMV
~tkFwN
Q!CI	,
}RM\.>x
N>,a7a
h	gSzD
B"3FFW
ac%D|M)l
JxHk{5
xT,7H%l
]! 8=m6
TtI_Vt
y@n7s:
:o<:Hv
2\+AsK
vpNZL^
VJ$rJ_wS
 SMeg0
lhEdyQ
li?zI}
iWK0.9
'H@i;A
a-,(b(
%#	b0nY
!LZa	*
F`Stb!
I>{{"7-
5|1"<"`
Kj=I_Ze
tC:o&rA"Kp
=+n0b<XU
h.MFVEE"
5xKY>	/
?D`98I8
jhrVk0
KB:px^
y.6},`h`K
`_h_\tT
2cxb@.
II\fO 
XCD[tAx
8p& 5<k
fBI`Pi
lF sKX
E+a.	IHg
N`XK;C "
0/AIn[e@f0B
R/ 1(6
%x08vC
ghiIkOB
ek2qj+
K62_NN
 Crx|	
AHK=giq-
JPAF^E
 "U'?,
G]-B/cA
X?&4Y#
sH/0\Cp_
VJA	Y	
Bl|9/[:
A:XK:t
}TTl-(
g*?9)"
%sX\x*[
.Ww[[|U
5TiCY&#k
3SxMs	'0
=>GC^F
A]i2D^
~3=sQ>
~F=8@to=
\;3,g9'
ibFGB53
!BOD0m
|Hp$t1
6,~%A9
!8^3Z(
vD;PIv
"z\ogb
x+:[z"
q<x.;`
rOjeONac
~nNNNN^N>.!XNN
Fc%Dm*
Lp 'rI&
?@~c|j
z(}	zqpk
~gR @^4[uC
~n^rrrrN6&
~NNNNn^N>ONNN.
''''~n^N''''>&
v''''^N>.
D;Q,};@
`QbM|aS
K2iNpi
_GLOlL_L9	u3I
qaSu^L
,u4.F;
ht6vudZ
lp/|L_0L_
n1PG_,j
<stf<W
&<c]%c
A(<mtc. /
tj<Lt9~z
8`Eu'M
R:|E=e
<Dc#LF
hI$<|IYy
fTm\m7p
)A`y)F
% I.X_#
4I"Ej0
-t)<Rj
}oguBr='3
l'9,<t
"bE 0v
Ct2<Dw9
><IaWlH
e}gUuqLt	
xLt7@N
]<3s/Y
FDX_ZD/
"3_:x@;
j	#C  
X3fY|EQ
,}E?#r}
!c	#`C
@&L@W 
 uJlUh
Z{<|QV
*7'PFA~()
'\$?fY
]:Z@b1
t#az`"l
D.u4A;
I&PX`-L&
5yBx$%
madIXD018
}soLaU
 _n-bP
'xn5BH
%P53n+
B' <M,
R@	"-/;w
FG0	KJ
-]FJ=f
)lMyPz
Mmo|pG
_810HLw
K[?q6(\
A}DLE)
//5.@O
%7l2t d
+x~+DI
/:*\4Z
AV~;E&
QCp!xP
?u	'" 
ju0$9C
|^U4p%
t+,&>~v
1hk!,@
`*`@hC
OoTE+a
ukErE06
8>_Jz#
C sD(t
%u`X;X0
K	| TL)
>4X	;j
:1aZri
~+A;PIF
ZtWCZ|
7L78r=D
V+X/=\
Qb-@*P
2^?C_4
BQ&R;F
>/i/[R"
6DD	2C
 U%|A.
:'^E+!\
|>G?*4
t3Xz.H|
@GFGFJ
uL<`Ht
NNNNvfVFNNNN6&
''''vfV>''''.
~n^rrrrF6
	l2V"K
-@\#C:
Fwr(5`
 ,{hM"
|Za57{,cHPqG
_@0?#P
GJLaaCT-
,Eb0?c
s}e?%n
<\H6,j
uo2<+@ Oi4
j@ D.%
LR^GWy
?~9D !
rK=K%F
@Zhp`{
=p$T&J
y{VZBf{
rrrrvfVF
p< tCv1<
34_ w,
J%	xej
h9)g`i
i[BaHo
eKN\Kp
pt7GP`
Pb]bpoh
mI#F"|
#[N;jTp
++CCUNG
\pipe}>[OR
SIGHUP received, exiting
RM3INT1"%s" nJ
hash self-tes^
13mO[%;
d-%02	 :]
job_id
rgetos
u]  addr
{"j"Bll
"jsonrpc
"keepal)*
Lusubm
JSON *
u$ \ol !6m
/	)`iff 
Dl3xz?
kuxs)Oac\{`
8|tum+tcp
TcurFy_
7 wNh GCC
x86_64 AES
NoIURL k
@Xu-af
V#a:c:
khBp:Px:r:R:\t:T:o:u:O:v:Vy&
2.5s/60
1H/sk{
623456789;G>
,A{# '
6tlGetV
 R%lu.
kA?AT?*
0Hx(x`(07
$~Z6ZH6$
X4Fr.rh.46Aw-wl-6
cB pP0P@
&y_5_L5&
.eK9K\9.
2O}+}d+2
k(lD<DP<(
Tl$lp$8W_
>]c!c|!
:Si'it':'
+"wU3*
-<Zf"fx"<
m,bN:NX@
~	L#'Q&
)l\^'-
>$rgHba~
L&&jl66Z~??A
Oh44\Q
sb11S*
uB!!c 
D""fT**
;d22Vt::N
J%%o\..r8
end of n_
ginputbexp
f<scab
-:.6>;'`#
\u%04X
@rtbig
flowHru
+0f0:4
_ALLOW_NUL2
hn[!'['
u,y'{')
aNj5q5
Acqu<eC
1,E2BIG
SUPPORT
i&NI_IFAMBY
PRFOCO
CHARpT
EXIS&x8
HO$UZA
XgMLI(
<ourcJ
NAoD0&
BbCZppj}
i/i(rH
tqt	br
bl4 15
mHrhA-
src/uv
 == 0!]q
->o& UV_HA
NDLE_CLO"
fNQ)SUI
dCo_ySt
-z|ASYNCf+{1'~WAKEZ
3Ex+5u0
t7d/TD
DWORP2
ew$z -N
?L_WOF
V(PbC$\E
LAPP')
[XWc;t
k\%F%uw
[0].W1
sizeof(
PC_TCP_
 'RAW_i
|wdBa_
o1%arByN
CYX- d
pyzE8i
$Wc(e5
BAT_ARGUMP
ToE8t\
6%=+K#D
2R{R/b
{_7b/cW
m`um"Ou
V9?=a;
WAIT_OBJ
`.co$ 
@/3333
\.113w3}
o0/0w319~\.
w2[E-58
rC355B
%53fodd551	312
Z@I$/1h
G ARRAL
ToDosE
vryo-6
k* l32
fy?ABCDEF
#~I'\#
Mn_BYTm
8!&	'M
CyrixJ
ZWNex|DI:
foSiS 
ACB_Dw
(R) [im][357(W
ELXW]7
PEum(R
DuT Bi07
_jJ_	V
6!5DU3
F.::b.
_cxx*_
OunS4'
b <hV():
nt`4rn
;TLSn`
L7hidxKj
x:ima}
NFoi/g
0|n~!|fJ[X
D;d?c/)`
s2FS',|_g
FWFRwt
!.#Z#M
F_EXTN
UpJN<~
?V=%0X H
Hrw^.c
L,v115_6cl
a4c24Eh\
Rev2, B
) 6.3f_
yAhPVp
{Oi^[v\
d_.|Ap
0Po8py
L@JTP4
y4`d8p
<5(@K,
PU0`i<
fS.f{`
i>3e(@
<JA8/&B
_bXPb!W
w')K^U
KD liK
4RH2^R
q!E%w'
7rn 1 W
"rrrr:P\l
0rrrrHZl
*B9999Tr
.@ZNNNNl
(<N''''^x
rrrr&>Xhrrrr
9999"4HT9999^lz
 NNNN,6FNNNNNZdv~NNNN
$0'''':DNX''''bjr|''''
.8BLvr
CqW#H@
OV32Sn4s6
#%+{ }#
%Id)`K
.	h*gi
^k//PS7"2;5SzP
IsDBCSL
M3K\J.
VtFNskx
msg_	u
m/+hX%Lm
[!I8tl
K;F>mS
Hs0xh; 
X]_^[H
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      <!--The ID below indicates application support for Windows Vista -->
      <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
      <!--The ID below indicates application support for Windows 7 -->
      <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
      <!--The ID below indicates application support for Windows 8 -->
      <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
      <!--The ID below indicates application support for Windows 8.1 -->
      <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/> 
      <!--The ID below indicates application support for Windows 10 -->
      <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/> 
    </application>
  </compatibility>
</assembly>
ADVAPI32.dll
IPHLPAPI.DLL
KERNEL32.DLL
msvcrt.dll
PSAPI.DLL
USER32.dll
USERENV.dll
WS2_32.dll
LsaClose
GetAdaptersAddresses
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
GetProcessMemoryInfo
ShowWindow
GetUserProfileDirectoryW
!@CLeIg6
Rx')n^A
Uv'St[
(ToD5\	
'jPNeov
17,&...
	TTRTU	
\7M|1$
5J.DED?1
c!n>!!"`#' +6#<`-!#tzzzznc;n
eh5e=eh.eh1eg
q1]>p{j>
}}qkpjm>1xql}{rqyqxx$pq	
XBJ`H'=(
%:V5{pa5tvvz`{af5:xtmebtrp/`{y|x|apq$twc
/C powercfg /x /standby-timeout-ac 0
4X;i~|;z
;9SP^BDXNII^UODNH^IGXtuoitw;Kzu~wG_~hpotk9;4m;Hxi~~uHzm~Orv~Tno;4o;I^\DHA;4
;-++++++++;4}
TE[W[mk}za|qWKmf|mzT
 .s|01&63&
v= =FV$
8YqE/R
]zo|z4.
ccg-88vg~9~g~qn9xep8pY
!gIh\V
JnduhthasQnbpbu)b
hfwv`ws`w+`}`
hfwv`ws`w+`}`'%'
97&'1&"1&z1,16R
S|UH=v
mJ_LJKN
Mgmj{s>\kmj
qzDCIBZ^q~T^YH@
JGO}himqqu
fW@DQ@jGO@FQ
}himqqu
 540,,(V7
XZ?=,ZTXZAOC
& +,c,!)
&-'c}}c3, m5!0cecAT
YnKMFA
ALDoja}Z\KOC
m\KOZKaLDKMZ
}Z\KOC
z>jOIBE
EH@kney^XOKG
yK\O~ElCFO
Uzpup%%!"%jr
#&jsttuj~v"uj~!w"utwv&u~p$&$q"%&uj&!&qjs
?=hMK@G
GJB{@MDD
6'?*)'"h#>#ao}
4)%#55fc
6'?*)'"h#>#}
Zfo}~h{lUD`j{fzfo}U^`gmf~zUJ|{{lg}_l{z`fgU[|g
.88>(({:??>?{:
nWpOd2$
<;1:"&u
06 '<!,u
0'#0'do
()35(++"5
 Cl`hx
$Hvq,-@]~lz]p~m{L
&yt,}R
pg}vYU]E
Win32_BaseBoard
#Zl{`heG|dkl{
xcNTLcUNQB
Xcxm`Dimh
\Hvq,-@]VPL
QO@KMQ@KMQTgpqkml
tz*1i_HS[VtOWX_H
&10*,-:
ejHUY_IIUH
Uy0&oKR
naC^RTBB^C:{
wH"Zdc>?R]
bnh~~b
2=&520'&!6!:
 =17!!= xE]
9.fewa
o($&E[[E
[S	b1)E
iWz=QG
E/K4i?
8LNS_YDL
`s`kqsrw+`}`
08$'!<h;=++-;;h.':h3x5
q|6uk| 
[@_E_YXSD
v2.0.50727
#Strings
trickkk.exe
trickkk
mscorlib
System
System.Windows.Forms
System.Management
kernel32.dll
advapi32.dll
____.resources
resource
<Module>
______
_______
________
_________
__________
___________
____________
_____________
______________
_______________
________________
Assembly
System.Reflection
get_FullName
String
op_Equality
ResourceManager
System.Resources
Encoding
System.Text
get_UTF8
GetBytes
Stream
System.IO
GetExecutingAssembly
GetManifestResourceStream
SeekOrigin
BitConverter
ToInt32
GetString
Object
EmptyTypes
UInt32
Single
.cctor
Concat
Console
WriteLine
Thread
System.Threading
ReadLine
_________________
__________________
___________________
____________________
_____________________
______________________
Double
ToString
Contains
Directory
GetCurrentDirectory
Application
get_ExecutablePath
IsNullOrEmpty
UInt16
Format
Environment
GetFolderPath
SpecialFolder
CultureInfo
System.Globalization
GetTypeFromHandle
RuntimeTypeHandle
get_Assembly
GetObject
EditorBrowsableAttribute
System.ComponentModel
EditorBrowsableState
GetModuleHandle
IntPtr
Process
System.Diagnostics
get_StartInfo
ProcessStartInfo
set_FileName
set_Arguments
set_WindowStyle
ProcessWindowStyle
UInt64
GetKernelObjectSecurity
SetKernelObjectSecurity
GetCurrentProcess
RawSecurityDescriptor
System.Security.AccessControl
GenericSecurityDescriptor
get_BinaryLength
GetBinaryForm
get_Handle
CommonAce
SecurityIdentifier
System.Security.Principal
WellKnownSidType
AceFlags
AceQualifier
get_DiscretionaryAcl
RawAcl
InsertAce
GenericAce
WebClient
System.Net
DownloadString
Exists
GetProcessesByName
Delete
Replace
Exception
Boolean
DownloadData
WriteAllBytes
ReadAllBytes
CreateMutex
CloseHandle
SuppressUnmanagedCodeSecurityAttribute
System.Security
ReliabilityContractAttribute
System.Runtime.ConstrainedExecution
Consistency
GetLastError
RegistryKey
Microsoft.Win32
Registry
LocalMachine
CreateSubKey
SetValue
CurrentUser
OpenSubKey
value__
WindowsIdentity
GetCurrent
WindowsPrincipal
IsInRole
WindowsBuiltInRole
get_Size
op_Inequality
ManagementBaseObject
ManagementObjectCollection
ManagementObjectEnumerator
ManagementClass
GetInstances
GetEnumerator
get_Current
get_Item
MoveNext
IDisposable
Dispose
System.Security.Cryptography
MD5CryptoServiceProvider
get_ASCII
HashAlgorithm
ComputeHash
IList`1
System.Collections.Generic
get_InvariantCulture
IFormatProvider
ICollection`1
get_Count
get_ProcessorCount
ThreadStart
_______________________
WaitForExit
DeleteSubKey
________________________
_________________________
CompilationRelaxationsAttribute
System.Runtime.CompilerServices
RuntimeCompatibilityAttribute
DebuggableAttribute
DebuggingModes
AssemblyTitleAttribute
AssemblyDescriptionAttribute
AssemblyConfigurationAttribute
AssemblyCompanyAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyTrademarkAttribute
ComVisibleAttribute
System.Runtime.InteropServices
GuidAttribute
AssemblyFileVersionAttribute
WrapNonExceptionThrows
	Microsoft
$00cc9dc1-fadf-46d1-918b-b6dee92479d4
	9.0.2.774
_CorExeMain
mscoree.dll