Hacked By AnonymousFox

Current Path : C:/Windows/System32/
Upload File :
Current File : C:/Windows/System32/RdpSaUacHelper.exe

MZ@	!L!This program cannot be run in DOS mode.

$u~&~&~&&~&Ė{'~&Ė}'~&Ėz'~&Ė'~&&<~&Ėw'~&Ė&~&Ė|'~&Rich~&PEL#~
@NGP@


\@ 	@PT .text<>@ `.data@,PD@.idata>F@@.rsrc	
V@@.reloc@`@B`P@P@LN@LN@LN @4P@@@@@ux@(@@@@@S@r@
n@@D@p @D@I@p !@@DDGGIIJ MPMMext-ms-win-ntuser-windowstation-l1-1-0ext-ms-win-ntuser-windowstation-l1-1-1ext-ms-win-ntuser-windowstation-l1-1-2	ckǁB%4K$h4Ny NULLCRdpSaComUtils::s_GetKnownFolderFilePath failed!EnumProcess failed!FindRdpSessionAgentProxyProcess failed!NotifyInitializationComplete failed!spProxy->GetSessionAgentProcessHandle failed!Global\RdpSaEventReady-%sGlobal\RdpSaEventFail-%sm_InvitationManager.Initialize failed!%8.8xCRdpSaComUtils::s_CoCreateInSession failed!CoCreateInSession failed!FindInteractiveUserProcess failed!GenCryptoSecureKey failed!WaitForMultipleObjects failed!SignalNamedEvent failed!CoInitializeSecurity failed!CoInitializeEx failed!InitSecurity failed!HandleInteractiveUserProcess failed!XJ	hSSoftware\Microsoft\Terminal Services\SessionAgent\HandlesAdvapi32.dllEventActivityIdControlRdpSaProxy.exe^!Hj&l.x7bQ+201ef99a-7fa0-444c-9399-19ba84f12a1aAppInfoncalrpcH82 XHH H$H(A,6P!0p4H2<FA6pH2HHpH2DpH2DHpH2DHpH82lHHHH
N $(,H0p4H\2<HH $(H,H0H48ZH<
D`
HdHLAT6pXH2h!hpH(2$rxHhP! p$H2HpH<2l$
HHHH
N $(,H0P!4p8HL20$HHHH $(,0H48~<H@P!DpHH,2 $	HHHH P!$p(D LD*]+H`%\%\
\[06>L[%\\[\[L[<\<<<@)4K\HI%\[\[)4K\HI%\[\[wN]ND.QSHGetKnownFolderPathPathCchCombine|$>U.UcCreateBindCtxStringFromCLSIDSession:%d!clsid:%sStringCchPrintfMkParseDisplayNamepMoniker->BindToObjectpClassFactory->CreateInstanceOIɔ7=y~JF#~+#~
P#~ M/
"JkރbTerminal-Services-TestCodeRSDSmq~:;;bIRdpSaUacHelper.pdbGCTL .rdata$brc .CRT$XCA$.CRT$XCAA(.CRT$XCU,.CRT$XCZ0.CRT$XIA4.CRT$XIAA8.CRT$XIY<.CRT$XIZ@8.gfidsx.giats0.rdata.rdata$sxdata0.rdata$zETW2.rdata$zzzdbgp .text$di -.text$mnM .text$ydM.xdata$xP0.data$brc0P.data@P,.bss.idata$5.00cfg.idata$2.idata$3.idata$4	.idata$6.rsrc$01`.rsrc$02hM@'Y̋ËUjjEPjEPQh@j+uu@(]USVuWtOGu+Gj_u@jjEPWVjEPSRj+uu@0_^[]̋UQES3VuEWttjWXHÊ#u@WS@WSE@UFt	Nt^~VF3_^[]U44P@3ʼnEESVW3ۋEhSP+PPSS@u[@P@=P@t(@t"xrVQYPP@ppj
YD~@
P@9m3ft
W@
P@3׋;CP;CDhT@s<@YYsD3Sh@l@uJ
P@P@Ay@PQ%YPP@ppjYKyDžPPSW@u8
P@P@tMAtGyrA@PQYPP@ppjP@YY
P@@;3۾P@t(At"yrVQEYPP@ppj
YktW@tS@M_^3[R#]8븋U4P@3ʼnESVW3hWP(T@؍PSX@u[@P@=P@t(@t"xrVQfYPP@ppjY~@PQyJP@=P@@xVh@PP@@ppjY@~PPyDP@=P@t0@t*xr$Vh<@PP@@ppjYtW@M_^3[!]ËUS3UىEVMEE:yMP@=P@n@dxZVhP@PP@ppj@Y=1Sp@֋y?P@=P@@xVhx@PP@ppj뛋MQSp@֋yBP@=P@@xVh@1PP@ppj?jjh@EPuuu\@uT@P@=P@t(@t"xrVQYPP@ppjY~x@EMe}t	u@}t	u@^[]U4P@3ʼnESVWh3xWPi%I@S4@xj@PyMP@=P@U@KxAVh8@PP@@ppjY4xPWj`@u[@P@=P@t(@t"xrVQYPP@ppjY~@Wd@@P@=P@t(@t"xrVQYPP@ppjYE~x@@9P@W=P@t(@t"xrVQYPP@ppjYtW@M_^3[]ËUQSVWh@3ۍEjSSP]@u8@P@=P@tp@tjxrdVQKYPP@ppjFWj@u@uR@P@=P@t(@t"xrVQYPP@ppjY)~x@9]t
Su @_^[]ËU\4P@3ʼnESVWM}jU33YUЋډỦUUUUĉUT@EPVX@u[@P@=P@t(@t"xrWQDYPP@ppjYj~	@	V3Vh@l@؉]ԅu:@
P@P@tAtyrWQYPP@ppjučEh`@jPDyMP@=P@@xWh8@sPP@ppj@YZEPh@h$@t^tYP@=P@t5@t/xr)PQYPP@ppjY+]EPQQMyBP@=P@@xWhl@PP@ppj"VVjVVjju@yBP@=P@c@YxOWh@?PP@ppj EЋPQMyMP@=P@@xWh@PP@@ppj!Y8VjHVjVjh@Eu[@P@=P@t(@t"xrWQYPP@ppj"Y~Y@OjHVVjP@Eȅu[@P@=P@t(@t"xrWQYPP@ppj#YD~@pEyMP@=P@@xWh@PP@@ppj$Yij@V@؅uJP@=P@E@;x1WQNYPP@ppj%YtESPq@֋yMP@=P@H@>x4Wh@
PP@@ppj&Y;S@e]u3+jjjjp@3)jjjVuPu\@Grut@uԍE3SSjPuЉ]uV\@jEPjEPh@h(@tXP@=P@t5@t/xr)PQ
YPP@ppj)Y'h0uSEPjx@tt@@~3yMP@=P@t@jx`Wh@kPP@ppj*@Y7M؅teQp@֋uԍEPh@h$@tQtLP@=P@@
xPQYPP@ppj+}uW1tLP@=P@@xPQ{YPP@ppj,uM3yBP@=P@1@'xWh@(PP@ppj-EPj(V,@uN@P@=P@t(@t"xrWQ
YPP@ppj.Y3VVVVju0@u8@P@=P@t@txrWQz
YPP@ppj/u@juЉu|@uG@P@=P@m@cxYWQ
YPP@ppj08P@=P@t(@t"xrWQ	YPP@ppj1Y]S@@P@=P@t`@tZxrTWQ	YPP@ppj(6@P@=P@t(@t"xrWQO	YPP@ppj'Yu~x@EȅtPt@u@]ԃ}t	u@}t	u@3DtP@FrtS@yM3BEM؅teQp@֋M_^3[]ËU,SVW3}ث3juމuuEP4@u[@P@=P@t(@t"xrVQ2YPP@ppj2YX~@EPj@P,@u8@P@=P@t@txrVQYPP@ppj3댍EPVVju8@@zuj@@؅uJP@=P@@xVQFYPP@ppj5YluVSEEPuSju8@u[@P@=P@t(@t"xrVQYPP@ppj6Y~4@*EPVVju8@@zuj@@uF
P@P@AyVQBYPP@ppj8uVWGEPuWju8@uG@P@=P@&@xVQYPP@ppj9V3EP<@uG@P@=P@@xVQYPP@ppj:V7EP@@uG@P@=P@v@lxbVQ'YPP@ppj;AjjEPD@uG@P@=P@@x	VQYPP@ppj<VEPjEPH@uG@P@=P@@xVQrYPP@ppj=Vh VjjVVjEP@P@=P@@xVh0@PP@@ppj>Y\nP@=P@t]@tWxrQVQYPP@ppj73P@=P@t(@t"xrVQYPP@ppj4YtS@tW@}t	u@_^[]ËUSV3WC3҈S@3S@S@S@S@S@fS@S@S@@5P@FPRRD$L$PSQVT$0h!@N @6jZu΋
|@|@tRQȁ@%|@%|@@{@h|@3VVh{@́@u|@VV@{@@SV{@{@@{@p@|@|@@|@@|@@|@@u:P@=P@t.@t(xr"@PQYPP@ppj?YjV؁@yO5P@P@F~WhP@PP@@ppj@Yy7P@=P@@txryWhh@SPP@ppjAS@tf81uދMgy<P@=P@t0@t*xr$Wh@PP@ppjB@YN܁@5P@P@t.FFtvv@ff6uP@P@=(|@t(5$P@5 P@L@3 P@$P@P@(|@_^[]UEV3t=vWx7S]3WxEPuWS@x;wu
z3f{_[tM3f^]ËU4P@3ʼnEVW3E}𫫫EPh,@j@t-h<@u@tEPj@u@ME3_^	]jhM@ee= |@u+EPquUM |@
tEPȀ@ee5 |@/EEP̀@ËeE܉EEt5=t=t=t=u}wEu뙸%ËU$4P@3ʼnESV3jVVuT@؅u
@Wjh@SX@u
@nVVWP@u@ uJEPWd@t.}t$}th4@E@E܃
vu3@W\@S\@_M^3[M]ËU(SVWjY3}3E]PSSSh@h@]؀@EPuԀ@EP@uqjDXPj@E@uj^WEPWSjH@u
@;jXE؉EEPSSj
jSuE]}Ā@uEM]W@9]t
EPȀ@_^[]UQEP3@i
@Ph@Ѐ@EE]̋Uuj@@]%@UQV3ɍEPQQh<@M@y3P@=P@t@tyxrsVhL@\PP@ppj
MhT@uhu@y<P@=P@t0@t*xr$Vhd@
PP@ppjt@Y]u@^]U 4P@3ʼnES]VW3hWPPWԁ@yBP@=P@&@xWh@MPP@ppj
Pht@@yBP@=P@@xWh@PP@ppjVh@hP\yBP@=P@d@ZxPWh@PP@ppj'PPP@yBP@=P@@xWh@"PP@ppj
Qh8@j0PN @V y;P@=P@@xrzWh@PP@ppjTSh@j0PN@Vy<P@=P@t0@t*xr$Wh@_PP@ppj(@YtQp@֋tQp@֋tQp@փt@M_^3[,]jXP@P@
4|@
8|@YYx@
S@@
|S@=0P@uhJ@t@Y3̡S@h\P@5S@\P@hPP@hLP@hHP@@TP@jXhM@3ۉ]EP@]dp,|@3
t;u3Fh4@3F950|@u
jY:90|@u,50|@h<@h0@MYYtE05DP@950|@uh,@h @YY0|@u	3,|@=<|@t#h<|@	YtSjS5<|@@֡l@tMj ^Uf;wOftuFftf;wMEtEj
XPQSh@}@P@=XP@uOP@"u3ЉUM됋MEQPIYYËeEܣ@P@=XP@uP@=DP@u|@@P@E
ËUVu3;usWu>t
@׃;ur_^]øMZf9@uU
<@@PEuC@f;tf;u(@v39@Ãt@v
39@3p;
4P@ujhM@e8|@Euu5@@YTjiYe8|@E4|@EEPEPuPu܋M
8|@M
4|@EËujYËUuZYH]ËUj@u@h	@P$@]ËU$`Q@
\Q@XQ@TQ@5PQ@=LQ@fxQ@f
lQ@fHQ@fDQ@f%@Q@f-<Q@pQ@EdQ@EhQ@EtQ@P@hQ@lP@`P@	dP@pP@jXkǀtP@jX
4P@tP@jX
8P@tP@jXk
4P@LjX
8P@Lh@]̋UE8csmu+xu%@= t=!t="t=@u@3]hI@@3%@jhN@3ɋEtKtFMMZf9u2P<x+s#‰EPE#	3@Ëe3ɉMEUj@t PtH\jXf;t
u3@]ËE]%@3̋UE3SVWH<AYt}p;r	H;r
B(;r3_^[]̋Ujh N@h M@dPSVW4P@1E3PEdeEh@ztTE-@Ph@Pt:@$ЃEMd
Y_^[]ËE3Ɂ8ËeE3Md
Y_^[]̋UMMZf9uA<8PEuf9Hu]3]ËUee4P@VWN@;tudEP<@E3EET@1E @1E@@3EM3EEP,@E3E3E;t54P@uO@ȉ
4P@_8P@^]hh@YY%p@h M@d5D$l$l$+SVW4P@1E3PeuEEEEdËMd
Y__^[]Q̋UuuuuhG@h4P@%]%@%@%@%@%@̀=|@t5|@5|@ȁ@>@+>@F@F@=H@QJ@UJ@K@K@P@@N@Dƅ܅
"4J`rԆ ؎ʇ
$JZlʈzhZJ::L^ʊ|*؋&ƋT:jʌ܌zrjΉF8(܉4ĉXZlB.PM@<Tll~ԁ`ȁLXp̄<4^Ą܍,Ԅ<$PNHrdx(ƅ܅
"4J`rԆ ؎ʇ
$JZlʈzhZJ::L^ʊ|*؋&ƋT:jʌ܌zrjΉF8(܉4ĉXZlB.(TraceMessagesGetTraceLoggerHandlerGetTraceEnableLevelqGetTraceEnableFlagsRegisterTraceGuidsW5UnregisterTraceGuidsCryptAcquireContextWCryptGenRandomCryptReleaseContextnRegDeleteKeyValueWRegSetKeyValueWOpenProcessTokenAdjustTokenPrivilegesInitializeSecurityDescriptorpGetTokenInformationSetSecurityDescriptorOwnerSetSecurityDescriptorGroupInitializeAclSetSecurityDescriptorDaclADVAPI32.dllaGetLastErrorFreeLibraryGetProcAddressvGetModuleHandleExACloseHandle
OpenProcessGQueryFullProcessImageNameWGetCurrentProcessId/ProcessIdToSessionId+DuplicateHandleOpenEventWSetEventCreateFileMappingWMapViewOfFileCreateEventWUnmapViewOfFileWaitForMultipleObjectsWaitForSingleObjectGetCurrentProcessLocalAllocLocalFreeMHeapSetInformationGetCommandLineWKERNEL32.dll
_wcsicmp_vsnwprintfo_XcptFilter__p__commode_amsg_exit__wgetmainargs__set_app_typeexits_exit$_cexit__p__fmode__setusermatherr_initterm_wcmdln`_lock_unlock__dllonexit	_onexitmsvcrt.dll5?terminate@@YAXXZ7_controlfpj_except_handler4_commonCoSetProxyBlanket_CoInitializeSecurity^CoInitializeExCoUninitializeole32.dll=EtwEventUnregister;EtwEventRegisterntdll.dllOLEAUT32.dlloRpcBindingFromStringBindingW	RpcStringBindingComposeW0I_RpcExceptionFilter~RpcBindingSetAuthInfoExW
RpcStringFreeWmRpcBindingFreeNdrClientCall2RPCRT4.dll4WinStationGetAllProcesses-WinStationFreeGAPMemoryWINSTA.dll-Sleep GetStartupInfoWUnhandledExceptionFilterSetUnhandledExceptionFilterMTerminateProcessGetModuleHandleWQueryPerformanceCounterGetCurrentThreadIdGetSystemTimeAsFileTimeGetTickCountOpenServiceWStartServiceW#CreateWellKnownSidOpenSCManagerWCloseServiceHandle
QueryServiceStatus	PathCchCombineACoTaskMemFreeQStringFromCLSIDapi-ms-win-core-synch-l1-2-0.dllapi-ms-win-core-processthreads-l1-1-0.dllapi-ms-win-core-errorhandling-l1-1-0.dllapi-ms-win-core-libraryloader-l1-2-0.dllapi-ms-win-core-profile-l1-1-0.dllapi-ms-win-core-sysinfo-l1-1-0.dllapi-ms-win-service-management-l1-1-0.dllapi-ms-win-security-base-l1-1-0.dllapi-ms-win-service-winsvc-l1-1-0.dllapi-ms-win-core-path-l1-1-0.dllapi-ms-win-core-com-l1-1-0.dll#EventUnregisterCreateBindCtx
MkParseDisplayNameaSHGetKnownFolderPathSHELL32.dll
memset 8Ph		8<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
<assemblyIdentity
    version="5.1.0.0"
    processorArchitecture="x86"
    name="Microsoft.Windows.TerminalServices.RdpSa"
    type="win32"
/>
<description>RDP Uac Helper Session Agent</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
        <requestedPrivileges>
            <requestedExecutionLevel
                level="asInvoker"
                uiAccess="false"
            />
        </requestedPrivileges>
    </security>
</trustInfo>
<application xmlns="urn:schemas-microsoft-com:asm.v3">
    <windowsSettings>
       <disableWindowFiltering xmlns="http://schemas.microsoft.com/SMI/2011/WindowsSettings">true</disableWindowFiltering>
    </windowsSettings>
</application>
<asmv3:application>
    <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
        <dpiAware>true</dpiAware>
    </asmv3:windowsSettings>
</asmv3:application>
</assembly>

4VS_VERSION_INFO
cE
cE?StringFileInfo040904B0LCompanyNameMicrosoft CorporationbFileDescriptionRDP Session Agent UAC Helperh$FileVersion10.0.17763.1 (WinBuild.160101.0800)FInternalNameRdpSaUacHelper.exe.LegalCopyright Microsoft Corporation. All rights reserved.NOriginalFilenameRdpSaUacHelper.exej%ProductNameMicrosoft Windows Operating System>
ProductVersion10.0.17763.1DVarFileInfo$Translation	400000\0`0h0p000000011$1(14181 dq00000B1N1Y111222-2`222222223&3V3`3f3z3333344;4l4444444*5/5O5Z5_5555555-626R6]6j66666666677B7L7S7X7t7777868;8[8f8k8888888999,9W9a9}999999:: :':,:H:{:::::::;C;R;Z;`;|;;;;;;;;<<<F<<<<<<<<==2=7=W=b=g=======>>>->o>t>>>>>>>>"?/?4?T?_?d?~?????0000!0J0|000000011)191>1s1111112"2<2F2M2R2n2222222223	313K3U3q3333333333.474I4X4i4z4444445R5Y5c5j5o5555555686B6I6N6j666666	767@7G7L7t7777777777$8?8I8P8U8}88888889939>9C9X9b9~9999999::::!:&:,:2:8:<:B:b:k:z:::::::::::::::::::::;	;
;;;;#;,;1;E;S;j;v;|;;;;;;;;<(<-<A<L<Y<e<k<q<<<<<<<<<<<<=Q=p=x========>>&>>>>>>>>>>?0?9?@?y?~???????@0(070Z0`0f000000000011121=1J1Y1r11111122'2,2L2W2v222222223(3G3[3i3n3333333333404J4a444444444444444555555&5:5M5o5z555555555555566!6m6w6}666666667-757;7H7b7m7w7777777778%8i8r8}888888888888888888	9999'919A9Q9W9b9h9t999999::w::;;/;M;a;g;<4<C<L<U<j<<<<<<<<2=7=U=[=a=g=m==========>>4>8>P001

Hacked By AnonymousFox1.0, Coded By AnonymousFox